[SOLVED] godaddy and mysql 3.23.32

jpslcut · July 30, 2009

I have what should be a simple script. I am using MySQL 3.23.32. Basically the user comes to my website (myexam.info) and registers. Then a confirmation email is sent. He opens it and clicks on link to activate his account. That link takes him to a login page here he types his email and password. Then the error message:

An error occurred in script '/home/content/l/a/s/lastinghearts/html/login.php' on line 33: Object of class mysqli_result could not be converted to string

Here is the offending code:

// Query the database:

$q = "SELECT user_id, first_name, user_level FROM users WHERE (email='$e' AND pass=SHA1('$p')) AND active IS NULL";

$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

echo '<p class="error">Before r</p>';

echo "$r"; // I added this line

echo '<p class="error">After r</p>';

echo '<p class="error">Query worked</p>'; // I added this line

if (@mysqli_num_rows($r) == 1) { // A match was made.

// Register the values & redirect:

$_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC);

mysqli_free_result($r);

mysqli_close($dbc);

$url = BASE_URL . 'index.php'; // Define the URL:

ob_end_clean(); // Delete the buffer.

header("Location: $url");

echo '<p class="error">A match was made</p>';

exit(); // Quit the script.

} else { // No match was made.

echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>';

}

} else { // If everything wasn't OK.

echo '<p class="error">Please try again.</p>';

}

mysqli_close($dbc);

} // End of SUBMIT conditional.

?>

My server is godaddy.com. I think their default settings have something to do with this problem. Any help would be greatly appreciated. I promise that after I am more proficient I will contribute what I can to this forum.

Thanks

joseph

kickstart · July 30, 2009

Hi

Which is line 33?

Only thing I can spot from a brief look is that you appear to close the connection twice in some circumstances.

All the best

Keith

jpslcut · July 30, 2009

I feel like an idiot, but I posted the code from a file I was experimenting with and I cannot see a way to modify my first post. So please ignore the code in the first post and use this code instead.

The offending code results in line 38 being printed to the screen and the users account not being activated. I think godaddy's default settings are returning the password in a format that cannot be read by my script. Or that I am not comparing the input password with the one in the database correctly.

Thank you so much for your patience with me.

joseph

1 <?php # Script 16.8 - login.php

2 // This is the login page for the site.

3 require_once ('includes/config.inc.php');

4 $page_title = 'Login';

5 include ('includes/header.html');

6 if (isset($_POST['submitted'])) {

7 require_once (MYSQL);

8 // Validate the email address:

9 if (!empty($_POST['email'])) {

10 $e = mysqli_real_escape_string ($dbc, $_POST['email']);

11 } else {

12 $e = FALSE;

13 echo '<p class="error">You forgot to enter your email address!</p>';

14 }

15 // Validate the password:

16 if (!empty($_POST['pass'])) {

17 $p = mysqli_real_escape_string ($dbc, $_POST['pass']);

18 } else {

19 $p = FALSE;

20 echo '<p class="error">You forgot to enter your password!</p>';

21 }

22 if ($e && $p) { // If everything's OK.

23 // Query the database:

24 $q = "SELECT user_id, first_name, user_level FROM users WHERE (email='$e' AND pass=SHA1('$p')) AND active IS NULL";

25 $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

26 if (@mysqli_num_rows($r) == 1) { // A match was made.

27 // Register the values & redirect:

28 $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC);

29 mysqli_free_result($r);

30 mysqli_close($dbc);

31

32 $url = BASE_URL . 'index.php'; // Define the URL:

33 ob_end_clean(); // Delete the buffer.

34 header("Location: $url");

35 exit(); // Quit the script.

36

37 } else { // No match was made.

38 echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>';

39 }

40 } else { // If everything wasn't OK.

41 echo '<p class="error">Please try again.</p>';

42 }

43

44 mysqli_close($dbc);

45

46 } // End of SUBMIT conditional.

47 ?>

<h1>Login</h1>

<p>Your browser must allow cookies in order to log in.</p>

<p><b>Email Address:</b> <input type="text" name="email" size="20" maxlength="40" /></p>

<p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p>

</fieldset>

</form>

<?php // Include the HTML footer.

include ('includes/footer.html');

?>

kickstart · July 30, 2009

Hi

First thing I would try is to echo out $q (ie the query) and see what it has generated. And then try that in phpmyadmin.

One possibility would be that you have duplicate rows (hence the count comes back as 2 or more).

All the best

Keith

jpslcut · July 30, 2009

I printed out the value of '$q' and it showed the correct username and password. I then went to phpadmin and executed the same line of code that is included in the error message below.

Error

SQL query:

$q = "SELECT user_id, first_name, user_level FROM users WHERE (email='$e' AND pass=SHA1('$p')) AND active IS NULL"

MySQL said:

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '$q = "SELECT user_id, first_name, user_level FROM users WHERE (email='$e' AND pa' at line 1

Also I can see that none of the data in the 'active' column is set to NULL, and when I did change that setting it still made no difference.

thanks again

joseph

kickstart · July 30, 2009

Hi

I meant use the SQL echoed out (with the email address and password) in phpmyadmin. See if it brings anything back.

Possible that the "active" field is set to space instead of null or something like that.

All the best

Keith

jpslcut · July 30, 2009

After working at it for several hours I have to admit I haven't been able to accomplish the task you gave me. I don't know how to "use the SQL echoed out (with the email address and password) in phpadmin.

But from all the querys I have been able to do, it does seem to be returning the correct information. All of the active fields are set to NULL.

Its a script I got from easykiss123.com from a tutorial to set up username and password registration before granting access to password protected pages on my site. I wrote to them several times this last week and got no answer except they did remove the links to the tutorial. Thats why I turned to this website to see if I can get it to work. One of the main reasons behind me doing this myself is the learning process. I hope you will bear with me Keith, I'm not the sharpest tool in the shed.

J.Daniels · July 30, 2009

I think the problem is in this line:

26      if (@mysqli_num_rows($r) == 1) { // A match was made.

To check the number of rows returned when using mysqli:

26      if ($r->num_rows == 1) { // A match was made.

Also, that probably didn't throw an error because error suppression was on (The @ before the function call)

EDIT:

After looking through your code more, it appears all the SQL function calls may be through a custom interface. I would take off the error suppression to see if any errors come up:

26      if (mysqli_num_rows($r) == 1) { // A match was made.

kickstart · July 30, 2009

Hi

After line 24 put echo $q;.

When you run the script you should then get output the SQL on screen, and it should have the entered email address instead of $e and the entered password instead of $p (ie, something like SELECT user_id, first_name, user_level FROM users WHERE (email='test@test.com' AND pass=SHA1('mypassword')) AND active IS NULL).

When you have this, go into phpmyadmin, to an SQL input panel and paste this in and run it. See what it comes back with.

J.Daniels - he is using the procedural calls for mysqli rather than the object orientated ones.

All the best

Keith

jpslcut · August 1, 2009

After line 24 I echoed out the value of $q. It echoed correctly as follows:

SELECT user_id, first_name, user_level FROM users WHERE (email='josephopratt@gmail.com' AND pass=SHA1('abcdefg')) AND active IS NULL

But I have noticed something else that seems amiss. On the code that is emailed on which the user must click to activate his account is as follows:

http://www.myexam.info/login/activate.php?x=josephopratt%40gmail.com&y=13f42d8cb5afcc24cd63ce84e7e28d1a

And when I click on that it does indeed take me to some page. But I do not have a "login" directory on my server. Yet the page appears. And when I remove the "login" and point to the file I know exists, which is "activate.php" in my root directory, I get the error message contained inside the file "activate.php"

Your account could not be activated. Please re-check the link or contact the system administrator.

How can a page that does not exist be displayed through a link that points to nothing?

Thanks again for your help. I appreciate the time you spend doing things like this and I intend to do the same as I am able.

joseph

kickstart · August 1, 2009

Hi

That the SQL is generated as you expected shows that there isn't an issue with the password field being posted to the script. Try that SQL in phpmyadmin and see if it brings back a row (and if not try deleting each part of the WHERE clause to see which is hiding it).

As to the issue with the login area, possible that they do something with .htaccess to redirect things.

All the best

Keith

jpslcut · August 4, 2009

I solved the redirection issue by correcting an address in a file.

In phpmyadmin, every time in I run:

SELECT user_id, first_name, user_level FROM users WHERE (email='josephopratt@gmail.com' AND pass=SHA1('abcdefg')) AND active IS NULL

I get

MySQL returned an empty result set (i.e. zero rows). (Query took 0.0004 sec)

The other values seem to be echoing as:

[dbc] => mysqli Object // which is $dbc and I don't know what it is or how to determine its value

(

)

[e] => josephopratt@gmail.com // which is $e

[p] => abcdefg // which would be my password in text form

[q] => SELECT user_id, first_name, user_level FROM users WHERE (email='josephopratt@gmail.com' AND pass=SHA1('abcdefg')) AND active IS NULL

// which is of course what I used to query

[r] => mysqli_result Object // Which would be $r and I don't know what this is or how to tell its value

(

)

Thank you so very much for your time and effort. It's very much appreciated

joseph

kickstart · August 4, 2009

Hi

That suggests that there is no matching data

Try these in phpmyadmin and see which bring anything back

SELECT user_id, first_name, user_level FROM users WHERE (email='josephopratt@gmail.com') AND active IS NULL

SELECT user_id, first_name, user_level FROM users WHERE (pass=SHA1('abcdefg')) AND active IS NULL

SELECT user_id, first_name, user_level FROM users WHERE (email='josephopratt@gmail.com' AND pass=SHA1('abcdefg'))

My personal guess would be that when you inserted a record the password was encoded differently (ie, different function).

All the best

Keith

jpslcut · August 4, 2009

SELECT user_id, first_name, user_level FROM users WHERE (email='josephopratt@gmail.com') AND active IS NULL

returns: Showing rows 0 - 0 (1 total, Query took 0.0004 sec)

SELECT user_id, first_name, user_level FROM users WHERE (pass=SHA1('abcdefg')) AND active IS NULL

returns: MySQL returned an empty result set (i.e. zero rows). (Query took 0.0003 sec)

SELECT user_id, first_name, user_level FROM users WHERE (email='josephopratt@gmail.com' AND pass=SHA1('abcdefg'))

returns: MySQL returned an empty result set (i.e. zero rows). (Query took 0.0004 sec)

But the record is there as follows:

user_id first_name last_name email pass

6 joseph Pratt josephopratt@gmail.com 2fb5e13419fc89

user_level active registration_date

0 NULL 2009-08-04 09:13:21

I so appreciate your help.

joseph

kickstart · August 4, 2009

Hi

Suggests that SHA1 of the password isn't 2fb5e13419fc89

Try:-

SELECT SHA1('abcdefg')

This should give you 2fb5e13419fc89246865e7a324f476ec624e8740, the start of which is what you have.

SHA1 will return a 40 character string. How long is the pass field on your users table?

All the best

Keith

jpslcut · August 5, 2009

Keith

the result of phpmyadmin, I entered:

SELECT SHA1('abcdefg')

It returned:

Showing rows 0 - 0 (1 total, Query took 0.0003 sec)

I so appreciate the solution I know is coming next for I already suspected version mismatch or some strange setting or other thing godaddy does differently than everyone else in mysql. But I have played with every different combination of settings with no results already and probably just need to change something in the script.

The call in the script that mentions SHA1 is as follows:

In register.php:

// Add the user to the database:

$q = "INSERT INTO users (email, pass, first_name, last_name, active, registration_date) VALUES ('$e', SHA1('$p'), '$fn', '$ln', '$a', NOW() )";

$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

And in Login.php:

// Query the database:

$q = "SELECT user_id, first_name, user_level FROM users WHERE (email='$e' AND pass=SHA1('$p')) AND active IS NULL";

$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

These are the only two places in my script that mention SHA1

Thank you so much for your hard work here fixing everyones problems. I hope that soon I can contribute likewise as I am able to learn.

joseph

kickstart · August 5, 2009

Hi

What does it return when you do SELECT SHA1('abcdefg')? It has returned a row but what is the value?

Can you post the declaration of the users table? Export the structure from phpmyadmin.

All the best

Keith

jpslcut · August 5, 2009

SHA1('abcdefg')

2fb5e13419fc89246865e7a324f476ec624e8740

is the returned value however godaddy only allows passwords of 14 characters long so I edited that field to 14

The value of "pass" in the database when I display it is only 2fb5e13419fc89 which is many characters short of the value the database returned.

But even before I changed that it still didn't work.

Thank you so much for your help.

joseph

jpslcut · August 5, 2009

Thanks Keith and everyone. The problem was that I specified a certain length string for a password in my script and then in mysql database I never specified enough characters for the password and so it always returned a truncated value which of course never matched because of the length.

And all of this because I somebody told me godaddy never allows passwords of greater than 14 characters.

Thanks again

problem solved

Sign In

[SOLVED] godaddy and mysql 3.23.32

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information