JohnSmithers Posted February 27, 2011 Share Posted February 27, 2011 Is there anything wrong with this code? This appears to be the only way it accesses the database but any username and password which exists in the table 'testtable' is not found. Any help appreciated. <?php include_once 'common.php'; include_once 'db.php'; $username = isset($_POST['username']) ? $_POST['username'] : $_SESSION['username']; $pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd']; if(!isset($username)) { ?> <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Please Log In for Access </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> </head> <body> <h1> Login Required </h1> <p>You must log in to access this area of the site. If you are not a registered user, <a href="signup.php">click here</a> to sign up for instant access!</p> <p><form method="post" action="<?=$_SERVER['PHP_SELF']?>"> Username: <input type="text" name="username" size="8" /><br /> Password: <input type="password" name="pwd" SIZE="8" /><br /> <input type="submit" value="Log in" /> </form></p> </body> </html> <?php exit; } $_SESSION['username'] = $username; $_SESSION['pwd'] = $pwd; dbConnect(); $sql = "SELECT * FROM testtable WHERE username = '$username' AND password = PASSWORD('$pwd')"; $result = mysql_query($sql); if (!$result) { error('A database error occurred while checking your '. 'login details.\\nIf this error persists, please '. 'contact admin@test.com.'); } Quote Link to comment https://forums.phpfreaks.com/topic/229047-basic-query-cant-find-usernames-or-passwords-in-a-table/ Share on other sites More sharing options...
JohnSmithers Posted February 27, 2011 Author Share Posted February 27, 2011 should really include the final part of this.... if (mysql_num_rows($result) == 0) { unset($_SESSION['username']); unset($_SESSION['pwd']); ?> <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Access Denied </title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> </head> <body> <h1> Access Denied </h1> <p>Your user ID or password is incorrect, or you are not a registered user on this site. To try logging in again, click <a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant access, click <a href="signup.php">here</a>.</p> </body> </html> <?php exit; } $username = mysql_result($result,0,'username');?> Quote Link to comment https://forums.phpfreaks.com/topic/229047-basic-query-cant-find-usernames-or-passwords-in-a-table/#findComment-1180436 Share on other sites More sharing options...
fenway Posted February 27, 2011 Share Posted February 27, 2011 Actually, you shouldn't have posted either -- and you forgot to use code tags. I don't see any tests of this code, nor any input/output scenarios. Quote Link to comment https://forums.phpfreaks.com/topic/229047-basic-query-cant-find-usernames-or-passwords-in-a-table/#findComment-1180522 Share on other sites More sharing options...
JohnSmithers Posted February 27, 2011 Author Share Posted February 27, 2011 I'm only a noob. A keen amateur. So any assistance is appreciated. Test of this code? I don't know what you mean? Seriously. All I know is that i put the username and password in. I know its connecting to the database, but returns the null response even when I can look at the database - through phpmyadmin - and see the username and password are there. Quote Link to comment https://forums.phpfreaks.com/topic/229047-basic-query-cant-find-usernames-or-passwords-in-a-table/#findComment-1180536 Share on other sites More sharing options...
JohnSmithers Posted February 28, 2011 Author Share Posted February 28, 2011 First up. I have heeded the warning and will in future post what you need. I am very appreciative of people around the world taking time to respond to these questions and the least I can do is follow what's asked for. Having said that i found the solution by removing "PASSWORD" from the following part of the code leaving "password = '$pwd'" $sql = "SELECT * FROM supporters WHERE username = '$username' AND password = PASSWORD('$pwd')"; Why would having PASSWORD make a difference? Server version - 5.1.41 CREATE TABLE `supporters` ( `supporterid` int(10) unsigned NOT NULL AUTO_INCREMENT, `username` char(50) NOT NULL, `password` char(100) NOT NULL, `email` varchar(60) DEFAULT NULL, `Registration` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, PRIMARY KEY (`supporterid`) ) ENGINE=InnoDB AUTO_INCREMENT=43 DEFAULT CHARSET=latin1 Quote Link to comment https://forums.phpfreaks.com/topic/229047-basic-query-cant-find-usernames-or-passwords-in-a-table/#findComment-1180918 Share on other sites More sharing options...
fenway Posted March 1, 2011 Share Posted March 1, 2011 PASSWORD() is a function -- which means that $pwd already had PASSWORD() applied to it. Of course, you're never supposed to use PASSWORD() for anything. And you never need to send the password, even in hashed state, on the wire. Quote Link to comment https://forums.phpfreaks.com/topic/229047-basic-query-cant-find-usernames-or-passwords-in-a-table/#findComment-1181066 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.