9three Posted January 5, 2009 Share Posted January 5, 2009 I'm getting this error: Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Users\admin\index.php on line 42 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Users\admin\index.php on line 42 I have a login system: index.php elseif(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5($_POST['password']); $connection = new mysql(); $connection->connect('localhost', 'root', ''); $connection->select('cms'); $query = "SELECT Username, Password FROM admin WHERE Username = '".mysql_real_escape_string($username)."' AND Password = '".md5($password)."'"; $connection->query($query); $connection->verifyuser(); } Line 42 is where $username = mysql_real_escape_string is. The error is telling me it's not able to establish a link. I have set up to throw an exception if I can't connect but it's not throwing me that exception so it can't be my initial connection. Here is my verifyuser method public function verifyuser() { $this->user = mysql_num_rows($this->query); if ($this->user == 1) { $username = $_SESSION['username']; $_SESSION['user_agent'] = 1; echo '<meta http-equiv="refresh" content="0;index.php" />'; } I'm not really able to decipher the error :-\ Quote Link to comment Share on other sites More sharing options...
revraz Posted January 5, 2009 Share Posted January 5, 2009 The error is clear Access denied for user 'ODBC'@'localhost' (using password: NO) Quote Link to comment Share on other sites More sharing options...
castis Posted January 5, 2009 Share Posted January 5, 2009 move the connection piece above where you get your username and password from $_POST edit: when using mysql_real_escape_string, the mysql extension automatically checks for an open connection, since procedural code goes top to bottom, you're trying to use the function and THEN connect. You need to be connected and THEN use the function. elseif(isset($_POST['submit'])) { $connection = new mysql(); $connection->connect('localhost', 'root', ''); $connection->select('cms'); $username = mysql_real_escape_string($_POST['username']); $password = md5($_POST['password']); $query = "SELECT Username, Password FROM admin WHERE Username = '".mysql_real_escape_string($username)."' AND Password = '".md5($password)."'"; $connection->query($query); $connection->verifyuser(); } Quote Link to comment Share on other sites More sharing options...
rhodesa Posted January 5, 2009 Share Posted January 5, 2009 you can't use mysql_real_escape_string() until AFTER the connection is established....just move that line of code to after the connection Quote Link to comment Share on other sites More sharing options...
9three Posted January 5, 2009 Author Share Posted January 5, 2009 *sigh* that was rather easy. Does it matter if I use mysql_real_escape defined in the variable or in the SQL statement? Or should I just stick with either one? Quote Link to comment Share on other sites More sharing options...
castis Posted January 5, 2009 Share Posted January 5, 2009 doesnt matter. Quote Link to comment Share on other sites More sharing options...
9three Posted January 5, 2009 Author Share Posted January 5, 2009 alrighty thanks Quote Link to comment Share on other sites More sharing options...
rhodesa Posted January 5, 2009 Share Posted January 5, 2009 doesn't matter...but just don't double escape it (which is what you are doing in your code) Quote Link to comment Share on other sites More sharing options...
9three Posted January 5, 2009 Author Share Posted January 5, 2009 Argh, problem just popped up... The code seems to be running through just fine. What's happening though is that my method verifryuser is checking for the result, and if it finds one, it defines the sessions and refreshes the page. When the page refreshes and the browser starts to read the code, and it finds the sessions it shows the hidden content. But for some reason, the sessions are not setting. I can tell because the page refreshes but I stay in the log in form. public function verifyuser() { $this->user = mysql_num_rows($this->query); if ($this->user == 1) { $username = $_SESSION['username']; $_SESSION['user_agent'] = 1; echo '<meta http-equiv="refresh" content="0;index.php" />'; } else { display_denied_login(); } } The login doesn't fail because it doesn't redirect me to the display_denied_login() function, which displays "Access denied". In procedural ways, this code works fine, but since I'm trying to get used to OOP it might not work the same. Quote Link to comment Share on other sites More sharing options...
9three Posted January 5, 2009 Author Share Posted January 5, 2009 If I change the echo from refresh to echo 'Logged in' it displays it but if I refresh it doesn't set the session so it throws me back to the log in form. Are sessions handled a little different? Quote Link to comment Share on other sites More sharing options...
9three Posted January 6, 2009 Author Share Posted January 6, 2009 Anyone got a clue? Quote Link to comment Share on other sites More sharing options...
castis Posted January 6, 2009 Share Posted January 6, 2009 what are the contents of your index.php file? also, users dont really like the waiting periods. if you use the header relocation, they're automatically sent to where you want them to go. public function verifyuser() { $this->user = mysql_num_rows($this->query); if ($this->user == 1) { $username = $_SESSION['username']; $_SESSION['user_agent'] = 1; header('location:index.php'); } else { display_denied_login(); } } Quote Link to comment Share on other sites More sharing options...
9three Posted January 6, 2009 Author Share Posted January 6, 2009 Well if the session is set authenticate(); if(!empty($_SESSION['user_agent']) && !empty($_SESSION['username'])) { $username = $_SESSION['username']; echo <<<__HTML <div id="wrapper"> __HTML; include_once ('includes/navigation/navigation.php'); display_content_top(); } authenticate function has /** * Start a session, regenerate session ID on every page * Authenticate user on every page if it fails, destroy session */ function authenticate() { session_start(); session_regenerate_id(); $_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT']; if ($_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT']) { $_SESSION = array(); session_unset(); session_destroy(); header('error/unathorized.php'); } } if sessions are not set then elseif(isset($_POST['submit'])) { $connection = new mysql(); $connection->connect('localhost', 'root', ''); $connection->select('cms'); $username = escape($_POST['username']); $password = secure($_POST['password']); $query = "SELECT Username, Password FROM admin WHERE Username = '$username' AND Password = '$password'"; $connection->query($query); $connection->verifyuser(); } else { display_login(); } include_once('includes/footer/footer.php'); ?> All of this is in my index.php Quote Link to comment Share on other sites More sharing options...
9three Posted January 7, 2009 Author Share Posted January 7, 2009 anyone ? Quote Link to comment Share on other sites More sharing options...
Sesquipedalian Posted January 7, 2009 Share Posted January 7, 2009 Can you post all of your code? It'd probably make it easier to be able to understand whats going wrong. Quote Link to comment Share on other sites More sharing options...
9three Posted January 7, 2009 Author Share Posted January 7, 2009 okay here it is: <?php include_once('includes/includes.php'); authenticate(); check_login(); include_once('includes/header/header.php'); if(!empty($_SESSION['user_agent']) && !empty($_SESSION['username'])) { $username = $_SESSION['username']; echo <<<__HTML <div id="wrapper"> __HTML; include_once ('includes/navigation/navigation.php'); display_content_top(); echo <<<__HTML <table class="contenttable" width="100%" border="0" cellspacing="0" cellpadding="1"> <tr> <td class="contentinside" background="images/content_bg.jpg"> Welcome to the admin panel $username </td> </tr> <tr> <td> <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Quisque ligula urna, congue id, ultrices non, placerat eget, elit. Nulla lacinia nulla ultricies ligula. Proin velit. Pellentesque imperdiet, velit vel ultricies rhoncus, sem neque vulputate est, sit amet ultricies eros est vitae justo. Vivamus hendrerit, lacus vitae hendrerit tristique, nisi mauris ultrices justo, quis ornare tellus lacus porta eros. Nulla sagittis. Mauris tempor, sem vitae imperdiet euismod, diam massa imperdiet felis, ut luctus mauris eros eget lacus. Donec consequat. Aenean consectetur erat eu erat. Pellentesque porttitor placerat nisl. Vivamus dictum lacus feugiat urna. Ut posuere nisl nec dui cursus aliquet. Praesent a diam. Sed auctor elementum ipsum. Aliquam aliquet facilisis neque. </p> </td> </tr> </table> <br /> __HTML; display_content_bottom(); ?> </div> <?php include_once('includes/footer/footer.php'); } elseif(isset($_POST['submit'])) { $connection = new mysql(); $connection->connect('localhost', 'root', ''); $connection->select('cms'); $username = escape($_POST['username']); $password = secure($_POST['password']); $query = "SELECT Username, Password FROM admin WHERE Username = '$username' AND Password = '$password'"; $connection->query($query); $connection->verifyuser(); } else { display_login(); } include_once('includes/footer/footer.php'); ?> Quote Link to comment Share on other sites More sharing options...
9three Posted January 7, 2009 Author Share Posted January 7, 2009 Bump Quote Link to comment Share on other sites More sharing options...
jonsjava Posted January 7, 2009 Share Posted January 7, 2009 where is your session_start() ? It needs to be at the top of all pages that will be using session data (unless it is being called by a page that contains it). Quote Link to comment Share on other sites More sharing options...
9three Posted January 8, 2009 Author Share Posted January 8, 2009 my function authenticate() has it stored Quote Link to comment Share on other sites More sharing options...
9three Posted January 8, 2009 Author Share Posted January 8, 2009 I fixed it. The problem was the following: $username = $_SESSION['username']; its suppose to be $_SESSION['username'] = $username; Anyone know why? Looks the same to me Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.