Jump to content

Recommended Posts

Hi,

have had a mySQL database running on Godaddy shared linux host for 3 years without problem.

Thought I would like to do some enhancement on it but not wanting to stuff up a working system I thought I would create another mySQL database to test the changes before committing them to go live.

Problem is that the authentication on new DB does not work. Identical code except for the new database name and password.

Using cookie session and password hashing.

The connection obviously occurs because the login window appears, But when the username and password are entered, the query dies and I am returned to the login page.

Since constructing the initial working database, Godaddy is now offering mySQL versions of 4.1.22  or version 5.

The original DB which I dumped and imported into new DB is still in 4.0.27.  I Know the password hashing algorithm has changed, and the field size has to be increased to 41 chrs to accommodate this. I can see everything in new DB OK in MySQLFront, and phpMyAdmin, just cant connect via firefox, ie or safari.

Can anyone help me as to where I should look to fix this issue.

TIA

gilk9

Link to comment
https://forums.phpfreaks.com/topic/170484-something-has-changed-on-godaddy/
Share on other sites

Can anyone help me as to where I should look to fix this issue.

 

Google.

 

Or if you want us to take a look then post your code.

 

I have spent 20 hours on google looking for similar problems where a webhosters change of mySQL versions has broken previously usable code, to no avail. Hence my trip to the freaks!

Herewith the relevant part of the code....

<?php
session_start();
//check for required fields from the form
if ((!$_POST[username]) || (!$_POST[password])) {
header("Location: adminlogin.html");
exit;
}

//connect to server and select database
$conn = mysql_connect("***", "***", "***") or die(mysql_error());
mysql_select_db("AAAdistanceed",$conn) or die(mysql_error());

//create and issue the query
$sql = "select  *  from auth_users  where  student_type != 'x' AND username = '$_POST[username]'  AND password = password ( '$_POST[password] ' ) ";

$result = mysql_query($sql, $conn) or die(mysql_error());
if ($queryResult) {
        echo 'Success.';
}
else {
        echo 'Query failed. Please try again.';
}

it is at this point that the query fails!!! 

If it doesn't fail the code goes on to get values for the variables, set authorisation cookie and set session variables, etc etc. ending in ?>

 

As stated before, this code works well on host using ver 4.0.27 mySQL, but doesnt work on host using ver 4.1.22 mySQL

This is the only difference that I can see... so that is why I am hoping you experienced people  can see what I cant.

TIA

gilk9

 

If I remember you can't do != in a query but you have to right IS NOT,

(I can be wrong, if you may not do && or || why would it be possible to do !=)

 

P.S.: If I wanted to, I could break in, into your server because you just showed us, your username and password for the server!!!

 

edit your post,

Lucky for you I don't want to break in ;p

If I remember you can't do != in a query but you have to right IS NOT,

This is untrue. != is perfectly fine syntax. It means Not equal to. The same as it does in PHP.

 

As you're now using MYSQL4.1.x, your existing passwords stored in your database will no longer work. This is because in MYSQL 4.1 the PASSWORD function now returns a 41 byte hash. Where as the PASSWORD function for MySQL4.0 returns a 16 byte hash. This is why your users can no longer login any more. To fix this you can use the OLD_PASSWORD function instead.

If I remember you can't do != in a query but you have to right IS NOT,

(I can be wrong, if you may not do && or || why would it be possible to do !=)

 

P.S.: If I wanted to, I could break in, into your server because you just showed us, your username and password for the server!!!

 

edit your post,

Lucky for you I don't want to break in ;p

 

I wish you could break in with php code...because I cant    note this is just a testbed for another site so go for it please, then show me the code.

 

If I remember you can't do != in a query but you have to right IS NOT,

This is untrue. != is perfectly fine syntax. It means Not equal to. The same as it does in PHP.

 

As you're now using MYSQL4.1.x, your existing passwords stored in your database will no longer work. This is because in MYSQL 4.1 the PASSWORD function now returns a 41 byte hash. Where as the PASSWORD function for MySQL4.0 returns a 16 byte hash. This is why your users can no longer login any more. To fix this you can use the OLD_PASSWORD function instead.

 

I have already changed the field size to 41,

I have already generated new passwords with phpMyadmin using the new hash algorithm

Still the problem continues with the code shown

Still I can view the database with  MySQL-FRONT and phpMyAdmin

But cannot access the database using the code that has always worked before.

So what is different???

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.