php4u

Through some help of a friend, the solution was two fold; 1) I had a syntax and white-space errror; (corrected syntax)$sql = "SELECT * FROM $table_name WHERE id = '$_POST[id]' AND password = MD5('$_POST[password]')"; 2) I was using "password" instead of "md5" on the user_add.php page. I updated the passwords to md5 from the mysql command line, and reloaded the page; walllah! Hope this helps someone else. Mchl, thanks again!

Here is the current table titled test_new; mysql> select * from test_new; +---------+--------+-------+----------------------+----------+----------------------+----------------------+-------+------------+----------+ | l_name | f_name | id | password | username | location | misc | other | date | position | +---------+--------+-------+----------------------+----------+----------------------+----------------------+-------+------------+----------+ | montana | joe | 11111 | joemontana | NULL | Marsh Creek Detentio | this is a test | NULL | 0000-00-00 | | | Brown | Sue | 99999 | suebrown | NULL | West County Dtention | this is a test for d | NULL | 0000-00-00 | | | Brown | Ralph | 65063 | abc123 | NULL | Marsh Creek Detentio | This is a test of da | NULL | 0000-00-00 | | | Brown | Debbie | 33333 | *52C630F4A7AC817A0AF | NULL | NULL | NULL | NULL | 0000-00-00 | | | Taber | Guyle | 44444 | *89C155504AC5DEBF309 | NULL | NULL | NULL | NULL | 0000-00-00 | | | Ordona | Daniel | 88888 | *3C06A471CB6048FCCCF | NULL | NULL | NULL | NULL | 0000-00-00 | | | Ordona | Joseph | 77777 | *98DCB82E2D44BE7ED3F | NULL | NULL | NULL | NULL | 0000-00-00 | | | Chalk | Tom | 55555 | *71FF744436C7EA1B954 | NULL | NULL | NULL | NULL | 0000-00-00 | | | NULL | NULL | 0 | d41d8cd98f00b204e980 | NULL | NULL | NULL | NULL | 0000-00-00 | | | NULL | NULL | 1 | d41d8cd98f00b204e980 | NULL | NULL | NULL | NULL | 0000-00-00 | | | NULL | NULL | 2 | NULL | NULL | NULL | NULL | NULL | 0000-00-00 | | +---------+--------+-------+----------------------+----------+----------------------+----------------------+-------+------------+----------+ 11 rows in set (0.00 sec) .....here is the new table with MD5 included from the start; mysql> select * from emp; +-------+---------+--------+------------------------------------+-------+ | id | l_name | f_name | password | other | +-------+---------+--------+------------------------------------+-------+ | | | | d41d8cd98f00b204e9800998ecf8427e | | | 65063 | Brown | Ralph | *A49FE3532B2DCB43D448992D8488B2733 | | | 11111 | Brown | Linda | *D026C843F8E4D7DDD754AE837037611CB | | | 22222 | Montana | Joe | *72A77A3C2F6B154CFFBA8E63B84EB7563 | | +-------+---------+--------+------------------------------------+-------+ 4 rows in set (0.00 sec)

update - seems I need to add the MD5 attribute to the password column. If I can't figure out how to add it to the existing column, I will rebuild the user table from scratch. I'll provide an update. Thanks again! Ralph

Thank you Mchl, for your prompt response! Your suggestions are getting me closer. Now, at least I receive an error; " Parse error: syntax error, unexpected '}', expecting ']' in /Library/WebServer/Documents/test/do_authuser.php on line 19" As for the short quotes and caps in HTML - yes. Should I be using the full "<?php " tag? Thank you very much! Ralph

I am using the "PHP 6 fast & easy web development" book and have all of the scripts working correctly, but one; the log-in and authenticate scripts. They are listed below. Whether I fill in the blanks or not, the page does not change; will not forward to the correct page, nor display an error message. The two variables are "id" and "password" along with several others. I can add, modify and delete users, as well as perform sort/selects against the MySQL DB. This project is being developed on a MacBook, with PHP5 and MySQL 5 with Apache2. Any help greatly appreciated! Thanks in advance, Ralph ------------------ show_login.html - <HTML> <HEAD> <TITLE>Login</TITLE> </HEAD> <BODY> <H1>Login to Secret Area</H1> <FORM METHOD="POST" ACTION="do_authuser.php"> <P><STRONG>Employee ID #:</STRONG><BR> <INPUT TYPE="text" NAME="id" SIZE=25 MAXLENGTH=25></p> <P><STRONG>Password:</STRONG><BR> <INPUT TYPE="password" NAME="password" SIZE=25 MAXLENGTH=25></p> <P><INPUT TYPE="SUBMIT" NAME="submit" VALUE="Login"></P> </FORM> </BODY> </HTML> ---------------------- do_authuser.php - <? //check for required fields if ((!$_POST[id]) || (!$_POST[password])) { header("Location: show_login.html"); exit; } //setup names of database and table to use $db_name = "fto"; $table_name = "test_new"; //connect to server and select database $connection = @mysql_connect("127.0.0.1", "user", "xxxxxx") or die(mysql_error()); $db = @mysql_select_db($db_name, $connection) or die(mysql_error()); //build and issue query $sql = "SELECT * FROM $table_name WHERE id = '$_POST[id]' AND password = password('$_POST[password]')"; $result = @mysql_query($sql) or die (mysql_error()); //get the number of rows in the result set $num = mysql_numrows($result); //print a message and set a cookie if authorized, //or redirect elsewhere if unauthorized if ($num != 0) { $cookie_name = "auth"; $cookie_value = "ok"; $cookie_expire = "0"; $cookie_domain = "127.0.0.1"; setcookie($cookie_name, $cookie_value, $cookie_expire, "/" , $cookie_domain, 0); $display_block = " <p><strong>Secret Menu:</strong></p> <ul> <li><a href=\"secretA.php\">secret page A</a> <li><a href=\"secretB.php\">secret page B</a> </ul>"; } else { header("Location: show_login.html"); exit; } ?> <HTML> <HEAD> <TITLE>Secret Area</TITLE> </HEAD> <BODY> <? echo "$display_block"; ?> </BODY> </HTML>