0

Deprecated: Function mysql() is deprecated in /home/u624273934/public_html/ecommerce/admin_area/login.php on line 39

Warning: mysql() expects parameter 1 to be string, object given in /home/u624273934/public_html/ecommerce/admin_area/login.php on line 39

Warning: mysql_result() expects at least 2 parameters, 1 given in /home/u624273934/public_html/ecommerce/admin_area/login.php on line 41

the code is this:

 <?php 
 session_start();

 ?>
 <!DOCTYPE>
 <html>
    <head>
        <title>Login Form</title>
 <link rel="stylesheet" href="styles/login_style.css" media="all" /> 

    </head>
 <body>
 <div class="login">
 <h2 style="color:white; text-align:center;"><?php echo @$_GET['not_admin']; ?></h2>

 <h2 style="color:white; text-align:center;"><?php echo @$_GET['logged_out']; ?></h2>

    <h1>Admin Login</h1>
     <form method="post" action="login.php">
        <input type="text" name="user_email" placeholder="Email" required="required" />
         <input type="password" name="user_pass" placeholder="Password" required="required" />
         <button type="submit" class="btn btn-primary btn-block btn-large" name="login">Login</button>
     </form>
 </div>


 </body>
 </html>
 <?php 

 if(isset($_POST['login'])){

        $user_email = $_POST['user_email'];
        $user_pass = $_POST['user_pass'];

        $sel_c = "select * from admins where user_pass='$user_pass' AND user_email='$user_email'";

        $run_c = mysql($con, $sel_c);

        $check_customer = mysql_result($run_c); 

        if($check_customer==0){

        echo "<script>alert('Password or email is incorrect, plz try again!')</script>";
        exit();
        }
        $ip = getIp(); 

        $sel_cart = "select * from cart where ip_add='$ip'";

        $run_cart = mysqli_query($con, $sel_cart); 

        $check_cart = mysqli_num_rows($run_cart); 

        if($check_customer>0 AND $check_cart==0){

        $_SESSION['user_email']=$user_email; 

        echo "<script>alert('You logged in successfully, Thanks!')</script>";
        echo "<script>window.open('customer/my_account.php','_self')</script>";

        }
        else {
        $_SESSION['user_email']=$user_email; 

        echo "<script>alert('You logged in successfully, Thanks!')</script>";
        echo "<script>window.open('checkout.php','_self')</script>";
        }
    }
 ?>
Cœur
  • 37,241
  • 25
  • 195
  • 267
Praz Vignes
  • 1
  • 1
  • 1
    you're mismatching mysql and mysqli functions. – mister martin Nov 22 '16 at 16:13
  • Also http://stackoverflow.com/q/12859942 – Qirel Nov 22 '16 at 16:14
  • **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Nov 22 '16 at 16:21
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! ***SQL Injection!*** *It's not just for breakfast any more!* – Jay Blanchard Nov 22 '16 at 16:21
  • I've never heard of any built-in function called `mysql()` but, apparently, it existed until [PHP/4.4.9](https://3v4l.org/SfHX5) and PHP/5 was released in 2004. How old is your server? In any case, you have a terrible mess of assorted database functions which, nope, cannot be combined freely. – Álvaro González Nov 22 '16 at 16:44

1 Answers1

0

You are using Deprecated methods. use of mySql_ methods is discouraged in favour of mysqli_ methods. (notice the i)

Replace

$run_c = mysql($con, $sel_c);
$check_customer = mysql_result($run_c);

With

$run_cart = mysqli_query($con, $sel_c); 
$rows = array();
while ($row = mysqli_fetch_assoc($run_cart)) {
    $rows[] = $row;
}

you have used mysqli later in your script

$run_cart = mysqli_query($con, $sel_cart); 
$check_cart = mysqli_num_rows($run_cart);
Lonergan6275
  • 1,938
  • 6
  • 32
  • 63
  • still its showing me error. Warning: mysql_query() expects parameter 1 to be string, object given in /home/u624273934/public_html/ecommerce/admin_area/login.php on line 39 Warning: mysql_result() expects at least 2 parameters, 1 given in /home/u624273934/public_html/ecommerce/admin_area/login.php on line 41 – Praz Vignes Nov 22 '16 at 17:06
  • My php is rusty. There is a missing parameter as the error suggests. I will have a look when I am in front of a computer and get back to you. – Lonergan6275 Nov 22 '16 at 17:11
  • @PrazVignes Seriously, forget about `mysql_result()` and all other `mysql_...` functions. It's like struggling to get your driving license with a Ford T. – Álvaro González Nov 22 '16 at 17:53
  • @PrazVignestry see edit – Lonergan6275 Nov 22 '16 at 19:44