php4u Posted December 7, 2008 Share Posted December 7, 2008 I am using the "PHP 6 fast & easy web development" book and have all of the scripts working correctly, but one; the log-in and authenticate scripts. They are listed below. Whether I fill in the blanks or not, the page does not change; will not forward to the correct page, nor display an error message. The two variables are "id" and "password" along with several others. I can add, modify and delete users, as well as perform sort/selects against the MySQL DB. This project is being developed on a MacBook, with PHP5 and MySQL 5 with Apache2. Any help greatly appreciated! Thanks in advance, Ralph ------------------ show_login.html - <HTML> <HEAD> <TITLE>Login</TITLE> </HEAD> <BODY> <H1>Login to Secret Area</H1> <FORM METHOD="POST" ACTION="do_authuser.php"> <P><STRONG>Employee ID #:</STRONG><BR> <INPUT TYPE="text" NAME="id" SIZE=25 MAXLENGTH=25></p> <P><STRONG>Password:</STRONG><BR> <INPUT TYPE="password" NAME="password" SIZE=25 MAXLENGTH=25></p> <P><INPUT TYPE="SUBMIT" NAME="submit" VALUE="Login"></P> </FORM> </BODY> </HTML> ---------------------- do_authuser.php - <? //check for required fields if ((!$_POST[id]) || (!$_POST[password])) { header("Location: show_login.html"); exit; } //setup names of database and table to use $db_name = "fto"; $table_name = "test_new"; //connect to server and select database $connection = @mysql_connect("127.0.0.1", "user", "xxxxxx") or die(mysql_error()); $db = @mysql_select_db($db_name, $connection) or die(mysql_error()); //build and issue query $sql = "SELECT * FROM $table_name WHERE id = '$_POST[id]' AND password = password('$_POST[password]')"; $result = @mysql_query($sql) or die (mysql_error()); //get the number of rows in the result set $num = mysql_numrows($result); //print a message and set a cookie if authorized, //or redirect elsewhere if unauthorized if ($num != 0) { $cookie_name = "auth"; $cookie_value = "ok"; $cookie_expire = "0"; $cookie_domain = "127.0.0.1"; setcookie($cookie_name, $cookie_value, $cookie_expire, "/" , $cookie_domain, 0); $display_block = " <p><strong>Secret Menu:</strong></p> <ul> <li><a href=\"secretA.php\">secret page A</a> <li><a href=\"secretB.php\">secret page B</a> </ul>"; } else { header("Location: show_login.html"); exit; } ?> <HTML> <HEAD> <TITLE>Secret Area</TITLE> </HEAD> <BODY> <? echo "$display_block"; ?> </BODY> </HTML> Quote Link to comment Share on other sites More sharing options...
Mchl Posted December 7, 2008 Share Posted December 7, 2008 Change if ((!$_POST[id]) || (!$_POST[password])) { To if ((!$_POST['id']) || (!$_POST['password'])) { Change this $sql = "SELECT * FROM $table_name WHERE id = '$_POST[id]' AND password = password('$_POST[password]')"; to this $sql = "SELECT * FROM $table_name WHERE id = '{$_POST['id']}' AND password = MD5({$_POST['password']})"; MySQL Manyal says: The PASSWORD() function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, consider MD5() or SHA1() instead. Does this book tell you to use short php quotes ( <? ?> ) and all CAPS HTML? If so, throw it out of the window. Quote Link to comment Share on other sites More sharing options...
php4u Posted December 7, 2008 Author Share Posted December 7, 2008 Thank you Mchl, for your prompt response! Your suggestions are getting me closer. Now, at least I receive an error; " Parse error: syntax error, unexpected '}', expecting ']' in /Library/WebServer/Documents/test/do_authuser.php on line 19" As for the short quotes and caps in HTML - yes. Should I be using the full "<?php " tag? Thank you very much! Ralph Quote Link to comment Share on other sites More sharing options...
php4u Posted December 7, 2008 Author Share Posted December 7, 2008 Thank you Mchl, for your prompt response! Your suggestions are getting me closer. Now, at least I receive an error; "FUNCTION fto.md5 does not exist" - where "fto" is the DB. If I leave "password" in place, I receive the error; "Unknown column 'abc123' in 'where clause'" - where "abc123" is the users password. As for the short quotes and caps in HTML - yes. Should I be using the full "<?php " tag? Thank you very much! Ralph Quote Link to comment Share on other sites More sharing options...
php4u Posted December 7, 2008 Author Share Posted December 7, 2008 update - seems I need to add the MD5 attribute to the password column. If I can't figure out how to add it to the existing column, I will rebuild the user table from scratch. I'll provide an update. Thanks again! Ralph Quote Link to comment Share on other sites More sharing options...
Mchl Posted December 7, 2008 Share Posted December 7, 2008 Show us your database structire as it is now. We might be able to help you. Sorry for not replying often enough. I'm kind of busy today Quote Link to comment Share on other sites More sharing options...
php4u Posted December 7, 2008 Author Share Posted December 7, 2008 update - seems I need to add the MD5 attribute to the password column. If I can't figure out how to add it to the existing column, I will rebuild the user table from scratch. I'll provide an update. .....update 1) I created a new table titled "emp" and added within the DB titled "fto." I added data and made sure MD5 was included in the password column, however the error message complains of "fto.MD5" which seems like it is complaining about the DB not having the MD5? I am using phpMyAdmin to do my DB work. Thoughts? Thanks again! Ralph Quote Link to comment Share on other sites More sharing options...
php4u Posted December 7, 2008 Author Share Posted December 7, 2008 Here is the current table titled test_new; mysql> select * from test_new; +---------+--------+-------+----------------------+----------+----------------------+----------------------+-------+------------+----------+ | l_name | f_name | id | password | username | location | misc | other | date | position | +---------+--------+-------+----------------------+----------+----------------------+----------------------+-------+------------+----------+ | montana | joe | 11111 | joemontana | NULL | Marsh Creek Detentio | this is a test | NULL | 0000-00-00 | | | Brown | Sue | 99999 | suebrown | NULL | West County Dtention | this is a test for d | NULL | 0000-00-00 | | | Brown | Ralph | 65063 | abc123 | NULL | Marsh Creek Detentio | This is a test of da | NULL | 0000-00-00 | | | Brown | Debbie | 33333 | *52C630F4A7AC817A0AF | NULL | NULL | NULL | NULL | 0000-00-00 | | | Taber | Guyle | 44444 | *89C155504AC5DEBF309 | NULL | NULL | NULL | NULL | 0000-00-00 | | | Ordona | Daniel | 88888 | *3C06A471CB6048FCCCF | NULL | NULL | NULL | NULL | 0000-00-00 | | | Ordona | Joseph | 77777 | *98DCB82E2D44BE7ED3F | NULL | NULL | NULL | NULL | 0000-00-00 | | | Chalk | Tom | 55555 | *71FF744436C7EA1B954 | NULL | NULL | NULL | NULL | 0000-00-00 | | | NULL | NULL | 0 | d41d8cd98f00b204e980 | NULL | NULL | NULL | NULL | 0000-00-00 | | | NULL | NULL | 1 | d41d8cd98f00b204e980 | NULL | NULL | NULL | NULL | 0000-00-00 | | | NULL | NULL | 2 | NULL | NULL | NULL | NULL | NULL | 0000-00-00 | | +---------+--------+-------+----------------------+----------+----------------------+----------------------+-------+------------+----------+ 11 rows in set (0.00 sec) .....here is the new table with MD5 included from the start; mysql> select * from emp; +-------+---------+--------+------------------------------------+-------+ | id | l_name | f_name | password | other | +-------+---------+--------+------------------------------------+-------+ | | | | d41d8cd98f00b204e9800998ecf8427e | | | 65063 | Brown | Ralph | *A49FE3532B2DCB43D448992D8488B2733 | | | 11111 | Brown | Linda | *D026C843F8E4D7DDD754AE837037611CB | | | 22222 | Montana | Joe | *72A77A3C2F6B154CFFBA8E63B84EB7563 | | +-------+---------+--------+------------------------------------+-------+ 4 rows in set (0.00 sec) Quote Link to comment Share on other sites More sharing options...
php4u Posted December 8, 2008 Author Share Posted December 8, 2008 Through some help of a friend, the solution was two fold; 1) I had a syntax and white-space errror; (corrected syntax)$sql = "SELECT * FROM $table_name WHERE id = '$_POST[id]' AND password = MD5('$_POST[password]')"; 2) I was using "password" instead of "md5" on the user_add.php page. I updated the passwords to md5 from the mysql command line, and reloaded the page; walllah! Hope this helps someone else. Mchl, thanks again! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.