Login error in the project library management system

Question

0.00/5 (No votes)

See more:

i have downloaded and installed Library Management System from the link mentioned below
https://download.code-projects.org/media/2020/02/LIBRARY_SYSTEM_IN_PHP_WITH_SOURCE_CODE.zip

After installing as per the video tutorials, i get a error mentioned below

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in C:\xampp\htdocs\Lms\Source\librarian\index.php on line 59

Since i am a BCA student, i am new to php and mysql. So i request you to guide me how to solve this problem

What I have tried:

<?php
    session_start();
    include 'inc/connection.php';
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Library Management System</title>
    <link rel="stylesheet" href="inc/css/bootstrap.min.css">
    <link rel="stylesheet" href="inc/css/fontawesome-all.min.css">
    <link rel="stylesheet" href="inc/css/pro1.css">
    <link href="https://fonts.googleapis.com/css?family=Montserrat:400,500,600" rel="stylesheet">
    <style>
        .login{
            background-image: url(inc/img/3.jpg);
            margin-bottom: 30px;
            padding: 50px;
            padding-bottom: 70px;
        }
        .reg-header h2{
            color: #DDDDDD;
            z-index: 999999;
        }
        .login-body h4{
            margin-bottom: 20px;
        }
    </style>
</head>
<body>
    <div class="login registration">
        <div class="wrapper">
            <div class="reg-header text-center">
                <h2>Library management system</h2>
                <div class="gap-30"></div>
                <div class="gap-30"></div>
            </div>
            <div class="gap-30"></div>
            <div class="login-content">
                <div class="login-body">
                    <h4>Librarian Login Form</h4>
                    <form action="" method="post">
                        <div class="mb-20">
                            <input type="text" name="username" class="form-control" placeholder="Username" required=""/>
                        </div>
                        <div class="mb-20">
                            <input type="password" name="password" class="form-control" placeholder="Password" required=""/>
                        </div>
                        <div class="mb-20">
                            <input class="btn btn-info submit" type="submit" name="login" value="Login">
                            
                        </div>
                    </form>
                </div>
                <?php
                if (isset($_POST["login"])) {
                    $count=0;
                    $res= mysqli_query($link, "select * from lib_registration where username='$_POST[username]' && password= '$_POST[password]' ");
                    $count = mysqli_num_rows($res);
                    if ($count==0) {
                        ?>
                        <div class="alert alert-warning">
                            "color: rgba(51, 51, 51, 1)">Invalid! <span style="color: red;font-weight: bold; ">Username Or Password.</span>
                        </div>
                    <?php
                    }
                    else{
                    $_SESSION["username"] = $_POST["username"];
                    ?>
                        <script type="text/javascript">
                            window.location="dashboard.php";
                        </script>
                        <?php
                    }
                }
                ?>
            </div>
        </div>
    </div>
    <div class="footer text-center">
        <p>© All rights reserved utter pompously</p>
    </div>

<script src="inc/js/jquery-2.2.4.min.js"></script>
<script src="inc/js/bootstrap.min.js"></script>
<script src="inc/js/custom.js"></script>
</body>
</html>

Posted 2-Mar-20 21:01pm

Member 14761407

Updated 3-Mar-20 2:32am

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Answer 1 · 2020-03-03T02:33:00

Quote:

PHP

$res= mysqli_query($link, "select * from lib_registration where username='$_POST[username]' && password= '$_POST[password]' ");

Wherever you got that code from, you should delete it, block the site, and forget everything you read there.

That code is vulnerable to SQL Injection[^]. Within five minutes of making your site accessible to the public, your database will be stolen or vandalized.

PHP: SQL Injection - Manual[^]
PHP: Prepared statements and stored procedures - Manual[^]

The code is also storing users' passwords in the database in plain text, which is absolutely the wrong thing to do. That's particularly heinous, since PHP provides built-in functions to help you do the right thing with passwords.

Secure Password Authentication Explained Simply[^]
PHP: password_hash[^]
PHP: password_verify[^]

And, as you've discovered, the code doesn't even handle basic database error checking correctly.

Given the severe security vulnerabilities in this small sample of the code, anything you've learned from that site is likely to be dangerously wrong.

Richard MacCutchan · Answer 2 · 2020-03-02T21:27:00

You did not indicate which is line 59 above, but I assume it is the second of these two:

PHP

$res= mysqli_query($link, "select * from lib_registration where username='$_POST[username]' && password= '$_POST[password]' ");
$count = mysqli_num_rows($res);

The message means that the mysqli_query call failed and returned the boolean value false. You should always test the returned values first to see whether the calls succeeded.

Login error in the project library management system

2 solutions

Solution 2

Solution 1

Add your solution here

Preview 0