webguync

I think the confusion is with the script I have, the username and passwords are stored in the DB ahead of time not entered into the DB via a form. I manually enter the info into the database, so in the past I would enter username:myemail@aol.com password:google. But with the MD5 hash, I don't know what that is unless I echo out the Query or use another hash script.

I am using JQuery (along with PHP/MySQL) to create a login script which looks for a username/password in the database and either displays a success message or failure message and then if successful redirects to secure page. At least that is what I want, but nothing happens, the login screen just stays there. Also the messages don't get displayed. Here is the JQuery code. <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function() { $(".loading").hide(); $(".message_fail").hide(); $(".message_success").hide(); $("#login_form").submit(function() { $(".login-form").hide(); $(".loading").fadeIn(200); $.post("login.php",{ username:$('#username').val(),password:$('#password').val()} ,function(data) { $(".loading").hide(); if(data == '1') { $('.message_success').html('<p>Success - Redirecting...</p>'); window.location.replace("SecurePage.php"); } else { $('.message_fail').html('<p>Login Failed - Please Try Again</p>'); $(".login-form").fadeIn("slow"); } $(".message_fail").fadeIn("slow").delay(1000).fadeOut(1000); }); return false; }); }); </script> <style type="text/css"> <!-- .login { background-color: #9CF; border-right-width: medium; border-bottom-width: medium; border-left-width: medium; border-right-style: solid; border-bottom-style: solid; border-left-style: solid; border-right-color: #333; border-bottom-color: #333; border-left-color: #333; text-align: center; font-size: 14px; font-family: Arial, Helvetica, sans-serif; color: #333; padding: 10px; margin-top: 100px; margin-right: auto; margin-left: auto; border-top-width: medium; border-top-style: solid; border-top-color: #333; width: 270px; } .message_fail { color: #333; background-color: #F60; border: 1px solid #F00; padding: 2px; font-family: Arial, Helvetica, sans-serif; } .message_success { color: #333; background-color:#096; border: 1px solid #F00; padding: 2px; font-family: Arial, Helvetica, sans-serif; } input { border: 1px solid #333; padding: 2px; } .top { font-family: Arial, Helvetica, sans-serif; color: #333; background-color: #CCC; position: absolute; left: 5px; top: 5px; width: 746px; } --> </style>

what is the alternative method of determining what the MD5 hash is? Say for example the password is google. I don't want to put google into the database, I want to put the MD5 hash equivalent, right?

actually no registration necessary. I will just be entering the info manually.

ok, so I need to echo out my query in order to get the hash and then enter that into MySQL?

yea, but how is the MD5 hash determined? That's done with the php right?

I have code which scrambles password info using MD5. The scipt authenticates the username and password against the database info and proceeds to a secure page if the info is correct. $password = mysql_real_escape_string(md5($_POST['pwid'])); my question is how do I know which scrambled code to put into the database?

yes, that is what I would like to do.

I am looking for a good tutorial/script that will give me a login authenticating against a MySQL table with username and password and also use JQuery or another JS library to add a checkmark or x beside the input field indicating if the user info is correct or incorrect. Kind of like on Mint.com or a lot of other sites with login pages these days. I did a google search, but didn't see exactly what I am looking for. Anyone know of a good tutorial with script info for this type of functionality?

this appears to be working as intended now. Thanks, I will mark as solved.

oh, don't have one query per page, have about 6 of em, and they are all performing something different, that is what makes it confusing

Yea, and it an get confusing with all of the Queries up and down the page. Thought it might be easier to debug with functions, but all of the queries are unique to one page.

I have a page which uses several different Queries and 1 it's hard to follow and two the Queries might be interfering with one another. Is it best to use functions or includes to clean up the code? Here is an example. $query = "SELECT username,pwid,name,user_id FROM test_roster_April2010 WHERE pwid = '$pwid' AND username='$username'"; $result = mysql_query($query) or die(mysql_error()); if(mysql_num_rows($result) == 0) { // Gives an error if the username/pw given does not exist. // or if something else is wrong. echo "<h2 class='fail'>You have entered a username or password that does not match our database records. please try again.<br><br>You will be redirected back to the login screen in five seconds.</h2> " . mysql_error(); echo "<meta http-equiv='refresh' content='5; url=StudentLogin.php'>"; exit(); } else { $row = mysql_fetch_object($result); $_SESSION['name'] = $row->name; $_SESSION['user_id'] = $row->user_id; $_SESSION['username'] = $username; $_SESSION['sid'] = session_id(); $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; $user_id = $_SESSION['user_id']; print_r($_SESSION); could I put all of that into a function?

Seems to be working, but I wanted to add another column to display for this line, but doing it this way must be wrong, since causes an error. Please advise. { echo "{$record['Question']['Section']}<br />\n"; }

thanks, I will give it a try. This line is throwing an error, must be syntax related, not sure what it is though. echo "Incorrect_resp: $record['incorrect_resp']<br />\n";

I am probably a bit off on how to echo out the results with this. Here is what I have. I am not getting any SQL errors at least, but no results. <?php $query1 ="SELECT `incorrect_resp` FROM `results_April2010` WHERE `user_id` = '$user_id'"; $result1 = mysql_query($query1) or trigger_error('Query failed: ' .mysql_error()); $record = mysql_fetch_assoc($result1); $query2 = "SELECT * FROM `Questions` WHERE q.Q_ID in ({$record['incorrect_resp']})"; $result2 = mysql_query($query2) or trigger_error('Query failed: ' .mysql_error()); echo $result1,$result2; ?>

yea, I did fix that line before I tried it. I caught that :-) What is supposed to be in Records =?

Ill try that b/c yes in my incorrect_resp field I am going to set p the table for Questions so that the array for $incorr (1,4,7,9) will = tables q_id of 1,4,7,9. I will post my results.

no, it's there, and then not there. I have been checking before and after I login to execute the script.

the result of the echo $debugoutput is... 131: $_SESSION['user_id'] = 1 : Records = I guess something is supposed to be output for Records...

actually I don't think I will need all those tables, basicly just need to match up a field in these two. CREATE TABLE `results_April2010` ( `results_id` int(11) NOT NULL auto_increment, `user_id` int(11) default NULL, `log_id` int(11) default NULL, `section` int(11) default NULL, `sect_start` int(11) default NULL, `total_questions` int(11) default NULL, `responses` text, `incorrect_resp` text, `num_correct` int(11) default NULL, `date` int(11) default NULL, PRIMARY KEY (`results_id`) ) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ; and CREATE TABLE `Questions` ( `Question` text NOT NULL, `Section` text NOT NULL, `Q_ID` int(11) NOT NULL auto_increment, PRIMARY KEY (`Q_ID`) ) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ; and then really I just need to match the results in incorrect_resp (2,5,10 etc.) with Q_ID in order to determine which Question/Section the numbers in incorrect_resp correspond to in my Questions table. Also I guess each table needs to have a field in common huh? Right now I don't see a way to be able to create a field that the two would be able to have in common.

No the last two echo statements are not being displayed. I am sure it is probably something I am overlooking, anyway here is all of the code on the page. To briefly describe what is happening is this is the secured area of a login form stored in a user table which authenticates the info and displays the results of an exam application. The exam application is a flash based app which creates a log file in MySQL. This log file is already created when they take the exam and is totally independent of this login, however I want the delete to occur if the <79 condition is met, which is happening, but as we have discussed is also happening when the score is > 79. <?php //ini_set("display_errors","1"); //ERROR_REPORTING(E_ALL); session_start(); $con = mysql_connect("localhost","nestle","nutrition") or die('Could not connect: ' . mysql_error()); mysql_select_db("nestle_exam") or die(mysql_error()); // Same checking stuff all over again. if(isset($_POST['submit'])) { if(empty($_POST['username']) || empty($_POST['pwid']) ) { echo "<h2 class='fail'>Please fill in both your username and password to access your exam results.<br /><br >You will be redirected back to the login screen in five seconds.</h2>"; echo "<meta http-equiv='refresh' content='5; url=StudentLogin.php'>"; exit; } // Create the variables again. $username = mysql_real_escape_string($_POST['username']); $pwid = $_POST['pwid']; // Encrypt the password again with the md5 hash. // This way the password is now the same as the password inside the database. //$pwid = md5($pwid); // Store the SQL query inside a variable. // ONLY the username you have filled in is retrieved from the database. $query = "SELECT username,pwid,name,user_id FROM test_roster_April2010 WHERE pwid = '$pwid' AND username='$username'"; $result = mysql_query($query) or die(mysql_error()); if(mysql_num_rows($result) == 0) { // Gives an error if the username/pw given does not exist. // or if something else is wrong. echo "<h2 class='fail'>You have entered a username or password that does not match our database records. please try again.<br><br>You will be redirected back to the login screen in five seconds.</h2> " . mysql_error(); echo "<meta http-equiv='refresh' content='5; url=StudentLogin.php'>"; exit(); } else { $row = mysql_fetch_object($result); // By storing data inside the $_SESSION superglobal, // you stay logged in until you close your browser. $_SESSION['name'] = $row->name; $_SESSION['user_id'] = $row->user_id; $_SESSION['username'] = $username; $_SESSION['sid'] = session_id(); // Make it more secure by storing the user's IP address. $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; // Now give the success message. $user_id = $_SESSION['user_id']; // print_r($_SESSION); $dat = time() + 3600; $query = "UPDATE test_roster_April2010 SET login_timestamp = DATE_ADD(NOW(), INTERVAL 3 HOUR) WHERE username = '$username' AND pwid = '$pwid' "; //echo $query; //for debugging test $result = mysql_query($query) or die(mysql_error()); //Check if query ran successfully } } // Start a session. If not logged in will be redirected back to login screen. if(!isset($_SESSION['username'])){ header("Location:StudentLogin.php"); exit; } echo "<table id='header'><tr><td><img src='Caris-Life-Sciences-Logo_small.png' /></td><td align='middle'><div id='welcome'><h3>Welcome! You are now logged in " . $_SESSION['name'] . "</h3></td></tr>"; echo "<tr><td><a class='logout' href='LogoutStudent.php'>Logout</a></td></tr></table>"; ?> <?php require_once('../protected/databaseClass.php'); $db = new Database('localhost','nestle','nutrition','nestle_exam',0); $sql = "SELECT test_roster_April2010.name, test_results_April2010.total_questions, test_results_April2010.responses,test_results_April2010.incorrect_resp, test_results_April2010.num_correct,test_results_April2010.WorkonAreas,test_results_April2010.date FROM test_roster_April2010 LEFT JOIN test_results_April2010 USING (user_id) WHERE test_results_April2010.user_id = test_results_April2010.user_id AND test_roster_April2010.username='$username' ORDER BY name, date"; $report = $db->query($sql); if ($report->get_rows()) { //loop to create arrays for each column while ($row = $report->fetch_assoc()) { if($row['num_correct']) { $name[] = $row['name']; $responses[] = $row['responses']; $numCorr[] = $row['num_correct']; $pcnt[] = ($row['num_correct'])/($row['total_questions']); $incorr[] = $row['incorrect_resp']; $date[] = $row['date']; $workon[] = $row['WorkonAreas']; } } } ?> <body class="results"> <div> <h1>Caris Validation Exam #2 - April 2010</h1> <table id="resultlist"> <tr> <th scope="col">Employee Name</th> <th scope="col">Number Correct</th> <th scope="col">Score</th> <th scope="col">Question Number Answered Incorrectly</th> <th scope="col">Date Completed</th> <th scope="col">Pass/Fail</th> <th scope="col">Material to review in specific Primer(Chapter,Section) or Articulate Program</th> </tr> <?php if (!isset($name)) { ?> <tr><td colspan="7">There are no scores to display</td></tr> <?php } else { for ($i=0; $i<count($name); $i++) { ?> <tr class="<?php echo $i%2 ? 'hilite' : 'nohilite'; ?>"> <td ><?php echo $name[$i];?></td> <td><?php echo $numCorr[$i];?></td> <td><?php echo (ROUND(($pcnt[$i]*100),0).'%'); ?></td> <td><?php echo $incorr[$i];?></td> <td><?php echo (date('F j, Y g:i A',($date[$i])));?></td> <td><?php if(($pcnt[$i]*100) > 79) { echo "<div class='passed'>" .Passed."</div>"; } else { echo "<div class='failed'>" .Failed. "</div>"; } ?></td> <td><?php //echo '$pcnt[$i] = ' . $pcnt[$i] . '<br />'; //echo '(($pcnt[$i]*100) > 79) = ' . ((($pcnt[$i]*100) > 79) ? 'True' : 'False'); if(($pcnt[$i]*100) > 79) { echo "I am not supposed to delete"; } else { $query_delete = "DELETE FROM test_log_April2010 USING test_log_April2010 INNER JOIN test_roster_April2010 WHERE test_log_April2010.user_id = test_roster_April2010.user_id AND test_roster_April2010.user_id = '{$_SESSION['user_id']}'"; //echo $query_delete; //for debugging test $result_delete = mysql_query($query_delete) or trigger_error('Query failed: ' .mysql_error()); $num = mysql_affected_rows($con); //echo "Affected rows: $num.\r\n"; if ($result_delete) { echo "exam ready for retake"; }// end if else { echo "No record of taking exam"; } //end else } ?></td> <td class="wo"><?php echo $workon[$i];?></td> <td></td> </tr> <?php } } ?> </table> </div> <?php if (!isset($name)) { ?> <tr><td><p><strong>We don't have a record of you taking this exam</strong></p></td></tr> <?php } else { ?> <?php } ?>

well in this block <?php //echo '$pcnt[$i] = ' . $pcnt[$i] . '<br />'; //echo '(($pcnt[$i]*100) > 79) = ' . ((($pcnt[$i]*100) > 79) ? 'True' : 'False'); if(($pcnt[$i]*100) > 79) { echo "I AM NOT SUPPOSED TO BE DELETING!"; } else { $query_delete = "DELETE FROM test_log_April2010 USING test_log_April2010 INNER JOIN test_roster_April2010 WHERE test_log_April2010.user_id = test_roster_April2010.user_id AND test_roster_April2010.user_id = '{$_SESSION['user_id']}'"; //echo $query_delete; //for debugging test $result_delete = mysql_query($query_delete) or trigger_error('Query failed: ' .mysql_error()); $num = mysql_affected_rows($con); //echo "Affected rows: $num.\r\n"; if ($result_delete) { echo "exam ready for retake"; }// end if else { echo "No record of taking exam"; } //end else } ?> just tried again and the score is greater than 79 which displays 'I AM NOT SUPPOSED TO BE DELETING", with the code above but I can look at the database log and see that it is fact deleting so my code is lying or I am doing something wrong ;-)

debugging when a score is greater than 79 produces $pcnt[$i] = 1 (($pcnt[$i]*100) > 79) = True so, it seems the conditional is working but the else query_delete is still executing? No queries are running further down the page. also, I don't see where this line is missing a ), maybe I misunderstood that part. if(($pcnt[$i]*100) > 79)

I have a SQL query that deletes a record in a log table based upon the login criteria. This part works good, but I have the query set up in a conditional if statement and the delete is occurring if the condition is met and if it not met. I have the conditional set up to display other info based upon whether or not it is met, so the conditional other than triggering the delete seems to work ok. Here is the code involved. <?php if(($pcnt[$i]*100) > 79) { echo "congrats, you passed!"; } else { $query_delete = "DELETE FROM test_log_April2010 USING test_log_April2010 INNER JOIN test_roster_April2010 WHERE test_log_April2010.user_id = test_roster_April2010.user_id AND test_roster_April2010.user_id = '{$_SESSION['user_id']}'"; //echo $query_delete; //for debugging test $result_delete = mysql_query($query_delete) or trigger_error('Query failed: ' .mysql_error()); $num = mysql_affected_rows($con); //echo "Affected rows: $num.\r\n"; if ($result_delete) { echo "Delete Successful"; }// end if else { echo "No record of taking exam"; } //end else } ?> if I need to post the entire code on the page let me know. It's quite a bit of code though.