[SOLVED] Is This Right?

[Akenatehm]

Hey Guys,

 

Well I have tried on my own to produce this script that validates inputted text with a login database on my server. Could you please look over it and tell me what I need to change/fix?

 

<?PHP

include "connect.php"; 

$username=$_POST['user'];
$password=$_POST['pass'];

$usernamecheck = mysql_query"SELECT from `users` where 'username' = $username";
if $username=='username'{
	$correct_user;
}
else {
	print "Username/Password is Incorrect";
}

$usernamecheck = mysql_query"SELECT from `users` where 'password' = $password";
if $password=='password'{
	$correct_pass;
}
else {
	print "Username/Password is Incorrect";
}
// SET THE CORRECT USERNAME AND PASSWORD
$correct_user = "($usernamecheck)";
$correct_pass = "($passwordcheck)";
// Checkif the username is correct
if ($user==$correct_user){
//IF the username is correct, check the password
if ($pass==$correct_pass){
//If the password is correct, return "ok"
$response="Password Correct. Logging In....";
} else {
//Else the password is wrong
$response="Wrong Username/Password";
}
//Return the response to Flash
print "&response=".$response."&";

?>

[trq]

Your over complicating things. A simple example.

 

<?php

include "connect.php"; 

if (isset($_POST['submit'])) {

  $username = mysql_real_escape_string($_POST['user']);
  $password = md5(mysql_real_escape_string($_POST['pass']));

  if ($result = mysql_query("SELECT username FROM users WHERE username = '$username' && userpass = '$password'")) {
    if (mysql_num_rows($result)) {
      echo "User is valid";
    } else {
      echo "User not valid";
    }
  }
}

?>

[Akenatehm]

I am adjusting from a tutorial. We are using it to validate a login in Flash. The script was originally just storing a username and password and checking it off with the one that the user inputted but I changed it to validate it from a database. Do I still need the extra script. Oh, and will my version still work? If not, and if its required could you please tell me what needs fixing.

 

Thanks

Akenatehm

[trq]

No your script won't work. A few reasons, mainly errors.

 

Firstly, mysql_query is a function, therefore its arguments need to be surrouned by quotes.

Secondly, your sql query itself is malformed.

Thirdly, though this will still work, there is absolutelly no need to execute two seperate queries to validate against both username and password.

[trq]

Actually, looking at your code again there are more, in fact numerous errors. It needs a complete rewrite.

 

Id suggest you look over my example.

[Akenatehm]

Hmm ok. Is there a way to alter this script to get data from a mysql table:

 

// SET THE CORRECT USERNAME AND PASSWORD
$correct_user = "flash";
$correct_pass = "vista";

// Checkif the username is correct
if ($user==$correct_user){
//IF the username is correct, check the password
if ($pass==$correct_pass){
//If the password is correct, return "ok"
$response="ok";
} else {
//Else the password is wrong
$response="Wrong password";
}
} else {
//If the username is wrong
$response="Wrong username";
}

//Return the response to Flash
print "&response=".$response."&";

 

There also needs to be validation and anti-sql injection

[Prismatic]

<?php
$sql = mysql_query("SELECT * FROM users WHERE username = '". mysql_real_escape_string($username) ."' AND password = '". mysql_real_escape_string($password) ."'");
if(mysql_fetch_row($sql))
{
    $response = "ok";
}
else
{
    $response = "invalid details";
}

print "&response=".$response."&";
?>

 

This is assuming you have a users table with a username and password field

[Akenatehm]

Yes I do. Can you please explain what is happening at each stage of the script? and why there is a lot less than there is in the other script?

[Prismatic]

<?php
/**
* Run the MySQL query selecting only the rows with $usernamd and $password
* mysql_real_escape_string escapes special characters to prevent SQL injection
*/ 
$sql = mysql_query("SELECT * FROM users WHERE username = '". mysql_real_escape_string($username) ."' AND password = '". mysql_real_escape_string($password) ."'");

/**
* mysql_fetch_row will return the row as an array or FALSE if no row is
* found in the query we ran above
*/ 
if(mysql_fetch_row($sql))
{
    // A row was returned so the user data is valid
    $response = "ok";
}
else
{
    // No row was returned so the user data was NOT valid
    $response = "invalid details";
}

print "&response=".$response."&";
?>

 

In the code above you can swap out mysql_fetch_row with mysql_num_rows as they perform the same function in these circumstances.

 

It's not generally the best idea to tell someone either the username or password was incorrect. You should simply tell the user the information they provided was incorrect. Reason being a potential attacker trying to brute force their way in wouldn't know if they had a valid username or not if you just returned incorrect information.

[Akenatehm]

Ok cool that made it alot easier for me. Could you please explain the last line

print "&response=".$response."&";

 

I have no idea what that means.

[ShiloVir]

print and echo are same things. But Print is a function. So it can be used in things like"

 

<?php
if(file_exists("require/blablabla.php")){ include("require/blablabla.php") or print ("Zomg00sh. I Screwed up. The file isnt here!"); }
?>

 

while on the other hand. Echo wouldnt work because it isnt a function. The following code will not work:

<?php
if(file_exists("require/blablabla.php")){ include("require/blablabla.php") or echo "Zomg00sh. I Screwed up. The file isnt here!"; }
?>

[Akenatehm]

Yeah i understand that but I dont understand what all the other characters are in the print fuction.

[trq]

Those other chars are there because flash expects a string simular to that found in urls. eg;

 

foo=a&bar=b

 

This would set the variables foo and bar within flash to equal a and b respectively.

[Akenatehm]

Oh sweet, thanks heaps thorpe and everyone else for your help on this topic.

[Akenatehm]

I still need this script to validate against data that is inputted in a form in Flash, which works the same way as HTML forms I believe.

[Akenatehm]

Dont worry.