unable to run query across databases

[swatisonee]

hi,

 

i have the foll. code that works in a fashion. Problem is the sql query doesnt check whether the un/pw is present in the table.

 

here's what the code is supposed to do:

there are 3 databases .  some users are present across all 3 and some in just one. so when a user logs in, the code is supposed to check which database they want to log into and then check whether that user is authorised to log into that db. Currently, with this code , even if someone types abcd as u/n and xyz as p/w , they get a successful login message . i'm missing something but havent been able to pinpoint it.

 

FILE :  login.php

<?php
//Process this if statement only if form was submitted
if($_POST['submit']){
$username=$_POST['username'];
$password=$_POST['password'];
$ip=$_SERVER['REMOTE_ADDR'];
//$date = putenv('TZ=America/Chicago	Central Time');
$date = putenv('TZ=US/Central');
mktime(0,0,0,1,1,1970) ;
$tm = date("Y-m-d H:i:s");
include ("include/session.php");


$dbtype = $_POST['dbtype'];

    //Define unique section vars, etc.
    if ($dbtype == 'Foo') {
        include "foo.php"; // contains dbname, pw and other info
        $section = 'Foo';
    }

    if ($dbtype == 'Admin') {
        include "admin.php"; // contains dbname, pw and other info
        $section = 'Admin';
    } 

if ($dbtype == 'Pow') {
        include "pow.php"; // contains dbname, pw and other info
        $section = 'Pow';
    }
        
    //Test for login success
    $sql = "SELECT * FROM Users WHERE Username='$username' AND Password = '$password'";
    $result = mysql_query($sql);
    if  ($myrow = mysql_fetch_array($result)){

        $userid = $myrow["Userid"];
        $type = $myrow["Type"];
        if ($type == '1') {  $userFile = 'account.php';     }
        include ("include/newsession.php")    ;

        if ($type == '2') {  $userFile = 'adminhead.php';    }
        include ("include/newsession.php")    ;

        if ($type == '3') {  $userFile = 'sales.php'; }
        include ("include/newsession.php")    ;

        $result2=mysql_query("insert into Log (Sessionid,Userid,IP,Date) values('$_SESSION[id]','$userid','$ip','$tm')");
        echo mysql_error();      }
      

$login_success = 'Yes';
    
require "include/bottom.php"; // this has the code to update status of the session and the link to logout

}

?>


<!doctype html public "-//w3c//dtd html 3.2//en">

<html>

<head>
<title>:Login:</title>

<meta name="GENERATOR" content="Arachnophilia 4.0">
<meta name="FORMATTER" content="Arachnophilia 4.0">
</head>

<body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#800080" alink="#ff0000">

<?php

$userid = $_SESSION['userid'];

if($_POST['submit'] && ($login_success == 'Yes')){

$successMessage = '<p class="data"><center><font face="Calibri" size=2>Thank you for logging in '.$username.' !<br /><br />';
    $successMessage .= '<a href="'.$section.'/'.$userFile.'?Userid='.$userid.'">Click here to proceed to your options</a></font></center></p>';


print $successMessage;

} elseif ($_POST['submit'] && ($login_success != 'Yes')) {
  session_unset();
  $failureMessage = '<p class="data"><center><font face="Verdana" size="2" color="red">Login Failure.  Please fill in all fields with the correct information.<br /></font></center></p>';
  print $failureMessage;


?>
<form action="<?php print $PHP_SELF ?>" method="post">

<table border='0' cellspacing='0' cellpadding='0' align=center>
  <tr id='cat'>
  <tr> <td bgcolor='#f1f1f1' ><font face='verdana, arial, helvetica' size='2' align='center'>   Username     
</font></td>
    <td bgcolor='#f1f1f1' align='center'><font face='verdana, arial, helvetica' size='2' >
<input type ='text' class='bginput' name='username' value="<?php print ((strlen($username))? $username : '' );?>" /></font></td></tr>

<tr> <td bgcolor='#ffffff' ><font face='verdana, arial, helvetica' size='2' align='center'>   Password
</font></td> <td bgcolor='#ffffff' align='center'><font face='verdana, arial, helvetica' size='2' >
<input type ='password' class='bginput' name='password' ></font></td></tr>

<tr> <td bgcolor='#f1f1f1' align='center'><font face='verdana, arial, helvetica' size='2' >   Select database:
</font></td> <td bgcolor='#f1f1f1' align='center'><font face='verdana, arial, helvetica' size='2' >
<select name="dbtype">
<?php
$typesArray = array (""=>"[select One]", "Pow"=>"Pow","Foo"=>"Foo","Admin"=>"Admin");
foreach ($typesArray AS $key=>$value) {
    print '<option value="'.$key.'" '.(($dbtype == $key)? "selected" :"").'>'.$value.'</option>';
}
?>
</select> </font></td></tr>

<tr> <td bgcolor='#ffffff' ><font face='verdana, arial, helvetica' size='2' align='center'>
<input name='submit' type='submit' value='Submit'> <input type='reset' value='Reset'>
</font></td> </tr>

</table></center></form>
<?php

} else {

?>
<form action="<?php print $PHP_SELF ?>" method="post">

<table border='0' cellspacing='0' cellpadding='0' align=center>
  <tr id='cat'>
  <tr> <td bgcolor='#f1f1f1' ><font face='verdana, arial, helvetica' size='2' align='center'>   Username     
</font></td>
    <td bgcolor='#f1f1f1' align='center'><font face='verdana, arial, helvetica' size='2' >
<input type ='text' class='bginput' name='username' value="<?php print ((strlen($username))? $username : '' );?>" /></font></td></tr>

<tr> <td bgcolor='#ffffff' ><font face='verdana, arial, helvetica' size='2' align='center'>   Password
</font></td> <td bgcolor='#ffffff' align='center'><font face='verdana, arial, helvetica' size='2' >
<input type ='password' class='bginput' name='password' ></font></td></tr>

<tr> <td bgcolor='#ffffff' ><font face='verdana, arial, helvetica' size='2' align='center'>   Select database:
</font></td> <td bgcolor='#ffffff' align='center'><font face='verdana, arial, helvetica' size='2' >
<select name="dbtype">
<?php
$typesArray = array (""=>"[select One]", "Pow"=>"Pow","Foo"=>"Foo","Admin"=>"Admin");
foreach ($typesArray AS $key=>$value) {
    print '<option value="'.$key.'" '.(($dbtype == $key)? "selected" :"").'>'.$value.'</option>';
}
?>
</select> </font></td></tr>

<tr> <td bgcolor='#f1f1f1' colspan='2' align='center'><font face='verdana, arial, helvetica' size='2' align='center'>
<input name='submit' type='submit' value='Submit'> <input type='reset' value='Reset'>
</font></td> </tr>

</table></center>
<input type="hidden" name="userid" value="<? echo $userid ?>" >
</form>
<?php
}
?>


</body>

</html>

FOO.PHP

 

<?
error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);

$dbservertype='mysql';

$servername='localhost';

$dbusername='abc';
$dbpassword='def';

$dbname='hij';



////////////////////////////////////////
////// DONOT EDIT BELOW  /////////
///////////////////////////////////////

connecttodb($servername,$dbname,$dbusername,$dbpassword);
function connecttodb($servername,$dbname,$dbusername,$dbpassword)
{
global $link;
$link=mysql_connect ("$servername","$dbusername","$dbpassword");
if(!$link){die("Could not connect to MySQL");}
mysql_select_db("$dbname",$link) or die ("could not open db".mysql_error());
}
?>

 

[andrewgauger]

I noticed this:

 

if  ($myrow = mysql_fetch_array($result)){

 

        $userid = $myrow["Userid"];

 

should be mysql_fetch_assoc

[swatisonee]

thanks for that but it doesnt help. anyone can still login with any random username and pw and access all the php files in the directory. i just cannot seem to "see" what critical code is missing

[ChemicalBliss]

if  ($myrow = mysql_fetch_array($result)){

 

Thats not the preferred way to check if the query returned a successfull result (a row), use mysql_num_rows($result):

 

if  (mysql_num_rows($result) >= 1){ 
$myrow = mysql_fetch_array($result);

 

-cb-

[swatisonee]

thanks cb but it makes no difference. For some reason the query itself is not running - that is

$sql = "SELECT * FROM Users WHERE Username='$username' AND Password = '$password'";    $result = mysql_query($sql);

 

doesnt seem to be checking whether the un and pw tally - it accepts anything thats typed into the textbox. either the error is in the query or in the way the form is getting processed - ie php self is going wrong. Atleast thats what i have surmised till now.

 

Would appreciate a look in !

[ignace]

I really laughed going through your code a good case example as to why you should 1) properly indent your code 2) adhere to a coding convention.

 

$login_succes = 'Yes'; always executes whether the login was successful or not.

[swatisonee]

That was the problem but not because of the code but its location ! It should have come immediately after the $sql . Now that i moved it, it works fine !