Jump to content

Basic query - can't find usernames or passwords in a table

JohnSmithers

By JohnSmithers
in MySQL Help

 Share

Recommended Posts

JohnSmithers Newbie

JohnSmithers

Posted
Posted

Is there anything wrong with this code? This appears to be the only way it accesses the database but any username and password which exists in the table 'testtable' is not found.

 

:(

 

Any help appreciated.

 

 

<?php 
include_once 'common.php';
include_once 'db.php';

$username = isset($_POST['username']) ? $_POST['username'] : $_SESSION['username'];
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];

if(!isset($username)) {
  ?>
  <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title> Please Log In for Access </title>
    <meta http-equiv="Content-Type"
      content="text/html; charset=iso-8859-1" />
  </head>
  <body>
  <h1> Login Required </h1>
  <p>You must log in to access this area of the site. If you are
     not a registered user, <a href="signup.php">click here</a>
     to sign up for instant access!</p>
  <p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
    Username: <input type="text" name="username" size="8" /><br />
    Password: <input type="password" name="pwd" SIZE="8" /><br />
    <input type="submit" value="Log in" />
  </form></p>
  </body>
  </html>
  <?php
  exit;
}
$_SESSION['username'] = $username;
$_SESSION['pwd'] = $pwd;

dbConnect();
$sql = "SELECT * FROM testtable WHERE
        username = '$username' AND password = PASSWORD('$pwd')";
$result = mysql_query($sql);
if (!$result) {
  error('A database error occurred while checking your '.
        'login details.\\nIf this error persists, please '.
        'contact admin@test.com.');
}

 

Link to comment
Share on other sites
JohnSmithers Newbie

JohnSmithers

Posted
  • Author
Posted

should really include the final part of this....

 

if (mysql_num_rows($result) == 0) {
  unset($_SESSION['username']);
  unset($_SESSION['pwd']);
  ?>
  <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title> Access Denied </title>
    <meta http-equiv="Content-Type"
      content="text/html; charset=iso-8859-1" />
  </head>
  <body>
  <h1> Access Denied </h1>
  <p>Your user ID or password is incorrect, or you are not a
     registered user on this site. To try logging in again, click
     <a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
     access, click <a href="signup.php">here</a>.</p>
  </body>
  </html>
  <?php
  exit;
}

$username = mysql_result($result,0,'username');?>

 

Link to comment
Share on other sites
JohnSmithers Newbie

JohnSmithers

Posted
  • Author
Posted

I'm only a noob. A keen amateur. So any assistance is appreciated. Test of this code? I don't know what you mean? Seriously. All I know is that i put the username and password in. I know its connecting to the database, but returns the null response even when I can look at the database - through phpmyadmin - and see the username and password are there.

 

:shrug:

Link to comment
Share on other sites
JohnSmithers Newbie

JohnSmithers

Posted
  • Author
Posted

First up. I have heeded the warning and will in future post what you need. I am very appreciative of people around the world taking time to respond to these questions and the least I can do is follow what's asked for.

 

8)

 

Having said that i found the solution by removing "PASSWORD" from the following part of the code leaving "password = '$pwd'"

 

$sql = "SELECT * FROM supporters WHERE

        username = '$username' AND password = PASSWORD('$pwd')";

 

Why would having PASSWORD make a difference?

 

Server version - 5.1.41

 

CREATE TABLE `supporters` (

`supporterid` int(10) unsigned NOT NULL AUTO_INCREMENT,

`username` char(50) NOT NULL,

`password` char(100) NOT NULL,

`email` varchar(60) DEFAULT NULL,

`Registration` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,

PRIMARY KEY (`supporterid`)

) ENGINE=InnoDB AUTO_INCREMENT=43 DEFAULT CHARSET=latin1

 

Link to comment
Share on other sites
fenway Advanced Member

fenway

Posted
Posted

PASSWORD() is a function -- which means that $pwd already had PASSWORD() applied to it.

 

Of course, you're never supposed to use PASSWORD() for anything.  And you never need to send the password, even in hashed state, on the wire.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.