The code below is my login validation script - check_login.php. I
have
been testing with a non-existent user and end up with a blank page.
Can someone please tell me what I'm doing wrong?

http://projects.missioninternet.com/dynamixsi/login.php

Thank you!
Tim


<?php
session_start();
require_once("Connections/usersDB.php");


// username and password sent from signup form
$userID=$_POST['userID'];
$password=$_POST['password'];
$userType=$_POST['clientType'];


// encrypt password
$encrypted_password=md5($password);
$_SESSION["password"] = $encrypted_password;


// if password encryption is not used
//$sql="SELECT * FROM $table_name WHERE userName='$userID' and
password='$password'";
//$result=mysql_query($sql);


// if password encryption is used
$sql="SELECT * FROM $table_name WHERE userName = '$userID'
and
userPassword = '$encrypted_password'";
$result=mysql_query($sql)or die($sql.' failed because
'.mysql_error());
if (!$result) {
$_SESSION['msg'] = "mysql query failed";
}
else {
$rows = mysql_num_rows($result) or
die(mysql_error());
if($rows > 0) {
$_SESSION['msg'] = "Success Rows: ".$rows;
}
else {
// Return to login page with error message
$_SESSION['msg'] = "Your email address or
password is incorrect. If
this is the first time you are using our system, enter your email
address, desired password and indicate your user status then click
'Register' instead of 'Login'.";
}
}


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://
www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Error</title>
</head>


<body>
<br /><br />
<div align="center" style="border:5px; border-color:#3366FF; width:
410px;">
<table width="400" border="0" cellspacing="0" cellpadding="3">
<tr>
<td><?php echo $_SESSION['msg']; unset($_SESSION['msg']); ?></td>
</tr>
<tr>
<td>&nbsp;</td>
</tr>
<tr>
<td><a href="login.php">Click here to continue.</a></td>
</tr>
</table>
</div>
<br />
</body>
</html>

On Fri, 09 Nov 2007 18:25:36 +0100, Big Moxy <bigmoxy@gmail.com> wrote:
> $rows = mysql_num_rows($result) or die(mysql_error());

How do you think this well act if the result of mysql_num_rows() is 0?
--
Rik Wasmus

On Nov 9, 9:38 am, "Rik Wasmus" <luiheidsgoe...@hotmail.com> wrote:
> On Fri, 09 Nov 2007 18:25:36 +0100, Big Moxy <bigm...@gmail.com> wrote:
> > $rows = mysql_num_rows($result) or die(mysql_error());
>
> How do you think this well act if the result of mysql_num_rows() is 0?
> --
> Rik Wasmus

I want mysql_num_rows() = 0 to be treated as a not found condition.
Isn't that already handled?

Tim

On Fri, 09 Nov 2007 18:52:30 +0100, Big Moxy <bigmoxy@gmail.com> wrote:

> On Nov 9, 9:38 am, "Rik Wasmus" <luiheidsgoe...@hotmail.com> wrote:
>> On Fri, 09 Nov 2007 18:25:36 +0100, Big Moxy <bigm...@gmail.com> wrote:
>> > $rows = mysql_num_rows($result) or die(mysql_error());
>>
>> How do you think this well act if the result of mysql_num_rows() is 0?
>
> I want mysql_num_rows() = 0 to be treated as a not found condition.
> Isn't that already handled?

0 converted to boolean is false, so your code die()'s. There is no actual
mysql error, so the die(mysql_error()) will die without any message.
Remove the 'or die' clause, you already handle a 0 result in your if
statement further on, and a faulty result with your 'or die' following the
mysql_query().
--
Rik Wasmus

Big Moxy wrote:
> On Nov 9, 9:38 am, "Rik Wasmus" <luiheidsgoe...@hotmail.com> wrote:
>> On Fri, 09 Nov 2007 18:25:36 +0100, Big Moxy <bigm...@gmail.com> wrote:
>>> $rows = mysql_num_rows($result) or die(mysql_error());
>> How do you think this well act if the result of mysql_num_rows() is 0?
>> --
>> Rik Wasmus
>
> I want mysql_num_rows() = 0 to be treated as a not found condition.
> Isn't that already handled?
>
> Tim
>
>

Rik is correct.

Figure out what this statement does:

$rows = mysql_num_rows($result) or die(mysql_error());

Then figure out why it isn't good to use die() *anywhere* in production
code.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

On Nov 9, 10:11 am, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> Big Moxy wrote:
> > On Nov 9, 9:38 am, "Rik Wasmus" <luiheidsgoe...@hotmail.com> wrote:
> >> On Fri, 09 Nov 2007 18:25:36 +0100, Big Moxy <bigm...@gmail.com> wrote:
> >>> $rows = mysql_num_rows($result) or die(mysql_error());
> >> How do you think this well act if the result of mysql_num_rows() is 0?
> >> --
> >> Rik Wasmus
>
> > I want mysql_num_rows() = 0 to be treated as a not found condition.
> > Isn't that already handled?
>
> > Tim
>
> Rik is correct.
>
> Figure out what this statement does:
>
> $rows = mysql_num_rows($result) or die(mysql_error());
>
> Then figure out why it isn't good to use die() *anywhere* in production
> code.
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstuck...@attglobal.net
> ==================

How do I differtiate 0 from some other error? I want true errors to be
handled differently than the basic not found condition.

Tim

On Fri, 09 Nov 2007 19:57:49 +0100, Big Moxy <bigmoxy@gmail.com> wrote:

> On Nov 9, 10:11 am, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>> Big Moxy wrote:
>> > On Nov 9, 9:38 am, "Rik Wasmus" <luiheidsgoe...@hotmail.com> wrote:
>> >> On Fri, 09 Nov 2007 18:25:36 +0100, Big Moxy <bigm...@gmail.com>
>> wrote:
>> >>> $rows = mysql_num_rows($result) or die(mysql_error());
>> >> How do you think this well act if the result of mysql_num_rows() is
>> 0?
>> > I want mysql_num_rows() = 0 to be treated as a not found condition.
>> > Isn't that already handled?
>>
>>
>> Rik is correct.
>>
>> Figure out what this statement does:
>>
>> $rows = mysql_num_rows($result) or die(mysql_error());
>>
>> Then figure out why it isn't good to use die() *anywhere* in production
>> code.
>
> How do I differtiate 0 from some other error?

A variable is never an error.

> I want true errors to be
> handled differently than the basic not found condition.

if($var) echo '$var cast to boolean is true';
else echo '$var cast to boolean is false';
if($var===true){
echo '$var is a boolean and is true';
} else if($var===false){
echo '$var is a boolean and is false';
} else {
echo '$var is not actually a boolean';
}

In this particular case you don't need strict comparison though. Just
remove the or die() after mysql_num_rows() and your code will work as
intended as far is I can see glancing over it quickly.
--
Rik Wasmus

On Nov 9, 11:07 am, "Rik Wasmus" <luiheidsgoe...@hotmail.com> wrote:
> On Fri, 09 Nov 2007 19:57:49 +0100, Big Moxy <bigm...@gmail.com> wrote:
> > On Nov 9, 10:11 am, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> >> Big Moxy wrote:
> >> > On Nov 9, 9:38 am, "Rik Wasmus" <luiheidsgoe...@hotmail.com> wrote:
> >> >> On Fri, 09 Nov 2007 18:25:36 +0100, Big Moxy <bigm...@gmail.com>
> >> wrote:
> >> >>> $rows = mysql_num_rows($result) or die(mysql_error());
> >> >> How do you think this well act if the result of mysql_num_rows() is
> >> 0?
> >> > I want mysql_num_rows() = 0 to be treated as a not found condition.
> >> > Isn't that already handled?
>
> >> Rik is correct.
>
> >> Figure out what this statement does:
>
> >> $rows = mysql_num_rows($result) or die(mysql_error());
>
> >> Then figure out why it isn't good to use die() *anywhere* in production
> >> code.
>
> > How do I differtiate 0 from some other error?
>
> A variable is never an error.
>
> > I want true errors to be
> > handled differently than the basic not found condition.
>
> if($var) echo '$var cast to boolean is true';
> else echo '$var cast to boolean is false';
> if($var===true){
> echo '$var is a boolean and is true';} else if($var===false){
>
> echo '$var is a boolean and is false';} else {
>
> echo '$var is not actually a boolean';
>
> }
>
> In this particular case you don't need strict comparison though. Just
> remove the or die() after mysql_num_rows() and your code will work as
> intended as far is I can see glancing over it quickly.
> --
> Rik Wasmus- Hide quoted text -
>
> - Show quoted text -

Thank you Rik and Jerry!!
Tim