Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Page 1 of 3 1 2 3 LastLast
Results 1 to 10 of 21
  1. #1
    Senior Member splufdaddy's Avatar
    Join Date
    Feb 2003
    Location
    Boston, MA
    Posts
    4,488
    Member #
    735
    I'm learning php, so this is probably an easy question, but I've been looking at it too long and I'm stumped. I have a simple log in page that connects to a database. Here's the code:
    PHP Code:
    if ($un && $pw) {
            require_once(
    './dbconnect.php');
            
    $query "SELECT id FROM user WHERE username='$un' AND password=PASSWORD('$pw')";
            
    $result mysql_query ($query) or die('Error: ' mysql_error());
            
    $row mysql_fetch_array ($resultMYSQL_NUM);
                
                
    //if record returned
            
    if ($row) {
                
    setcookie('id'$row[0]);
                
    header("Location: [url]http://[/url]" $_SERVER['HTTP_HOST'] .
     
    dirname($_SERVER['PHP_SELF']) . "loggedin.php");
                exit();
            } else {     
    //if no record returned
                
    $message "Wrong username/password.";
            }            
    //end if record returned
            
    mysql_close();
        }

    The problem is that $row never comes back true. I already created a sign up page that sucessfully enters usernames and passwords, and i'm entering the same information into the login page, and it always spits back "wrong username/password". Any ideas?

  2.  

  3. #2
    Senior Member rosland's Avatar
    Join Date
    Jul 2003
    Location
    Norway
    Posts
    1,944
    Member #
    2096
    If you want real values of variables, you can't use single quotes. I'll examplify:
    $foo="some text";
    echo ' This is $var ';

    Outputs: This is $var

    echo "This is $var";
    Outputs: This is some text

    echo ' This is '.$var;
    Outputs: This is some text

    Alter your query to this first, and see if it works:
    PHP Code:
    $query "SELECT id FROM user WHERE username=\"$un\"AND password=PASSWORD(\"$pw\")";

    /*The above uses MySQL's built in MD5 encryption. I assume
    the passwords are stored MD5 encrypted as well? */ 
    EDIT:
    As Brak points out next, I was too quick here.
    The above is not correct if the whole statement is enclosed in double quotes. Then the quotemarks will be printed out together with the variable value:

    $foo="some text";
    echo " This is '$var' ";

    Outputs: This is 'some text'
    S. Rosland

  4. #3
    Senior Member Brak's Avatar
    Join Date
    Apr 2003
    Location
    San Francisco, CA
    Posts
    3,413
    Member #
    1217
    Liked
    2 times
    ummm... his code looks fine to me rosland, since the single quotes are inside double quotes (allowing variables) so the single quotes are interpreted as text, but the variables their values instead of thier names.

    I think the issue you might be have is finding $row, change if($row) to if(mysql_num_rows($result)) see if that changes anything.
    Kyle Neath: Rockstar extraordinare
    The blog | The poetry site | The Spore site

  5. #4
    Senior Member splufdaddy's Avatar
    Join Date
    Feb 2003
    Location
    Boston, MA
    Posts
    4,488
    Member #
    735
    Thanks for the reply rosland. I changed my query to the above, and still no luck. The signup page uses the same PASSWORD() function to encrypt the passwords. I can see the usernames and encrypted passwords in the database, but I can't get the login script to work. The signup page even works and bounces out a registration if the username already exists.

    When I echo $query, it spits out:
    SELECT id FROM user WHERE username="wer"AND password=PASSWORD("wer")

    Not that that probably helps any. Thanks again ros.

  6. #5
    Senior Member Brak's Avatar
    Join Date
    Apr 2003
    Location
    San Francisco, CA
    Posts
    3,413
    Member #
    1217
    Liked
    2 times
    Have you tried running that query in phpMyAdmin? See if it returns a row or not...
    Kyle Neath: Rockstar extraordinare
    The blog | The poetry site | The Spore site

  7. #6
    Senior Member splufdaddy's Avatar
    Join Date
    Feb 2003
    Location
    Boston, MA
    Posts
    4,488
    Member #
    735
    Just tried your solution Brak, no dice...

  8. #7
    Senior Member rosland's Avatar
    Join Date
    Jul 2003
    Location
    Norway
    Posts
    1,944
    Member #
    2096
    Originally posted by Brak
    ummm... his code looks fine to me rosland, since the single quotes are inside double quotes (
    You are of course right Brak, (it's early in the morning here. :dead: )
    S. Rosland

  9. #8
    Senior Member splufdaddy's Avatar
    Join Date
    Feb 2003
    Location
    Boston, MA
    Posts
    4,488
    Member #
    735
    Hmm, it looks like the password is screwing things up. Running this in phpmyadmin returns nothing.
    Code:
    SELECT id FROM user WHERE username="wer" AND thepassword=PASSWORD("wer");
    wer and wer are my top secret account names and passwords. I've tried longer names too and it doesn't work. I can see in my database though the username "wer" and the hashed equivelent for "wer" in the password column.

    EDIT: I changed the column name to "thepassword" to see if that was fouling things up. Obviously it's not.

  10. #9
    Senior Member rosland's Avatar
    Join Date
    Jul 2003
    Location
    Norway
    Posts
    1,944
    Member #
    2096
    Try to simplify the query just to see if it retrieves anything:
    PHP Code:
    $query "SELECT username, password FROM user WHERE username='$un' ";
            
    $result mysql_query ($query) or die('Error: ' mysql_error());
           
    /* Skipping the argument "MYSQL_NUM" next, makes it default to MYSQL_BOTH, meaning
    it gives you both numerical and associative keys, and enables you to
    extract it either as a numeric or associative key */
            
    $row mysql_fetch_array ($result);
    extract($row);
    echo 
    "$username<br />$password"
    (Maybe you've already tried that)

    If it retrieves anything, check to see if your encrypted password produces the same result as the one stored in the table. Or in other words, make a new entry in your table with a plain (unencrypted) password and try to retrieve it with the same query (minus the password encryption part). If that works then you probably have different encryption algorithms for inserting and retrieving password.

    If you use PHP's MD5() encryption when inserting, and MySQL's password() when retrieving, they will produce different results. If you use the same both places but have a different password stored than the one you're trying to extract, then double check the code you use to insert new passwords.
    S. Rosland

  11. #10
    Senior Member rosland's Avatar
    Join Date
    Jul 2003
    Location
    Norway
    Posts
    1,944
    Member #
    2096
    BTW, an other mistake I made in my first post.
    password() is not the same as the MD5() encryption. It's MySQL's own one-way encryption algorithm. You can however use the MD5 encryption if you like
    Code:
    INSERT INTO tablename (column1, column2) VALUES ("JohnSmith", md5("pass"));
    My host have for some reason disabled the password() function of MySQL, so the first time I tried accessing data from an uploaded table, I couldn't get any data out.
    S. Rosland


Page 1 of 3 1 2 3 LastLast

Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 03:01 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com