remote query

[sniperscope]

Hello

I have two physically seperated server and i want to Read, Update and Insert into remote server's database.

 

My connection code is working

<?php
$cn = mysql_connect("xxx.xxx.xxx.xxx:3306", "username", "password");
mysql_select_db("db_name", $cn);
?>

 

however, when i try to retrieve data from remote server i got nothing to return.

 

$sql = mysql_query("SELECT id FROM user_master WHERE user_id = '" .$name. "' AND user_pass = '" .$pass. "' LIMIT 1");
$row = mysql_fetch_array($sql);
if(mysql_num_rows($sql) == 0)
 echo "wrong username or password";
else
 header("location: index.php");

 

What am i doing wrong ?

[Barand]

Check for errors

 

if (!$sql) die(mysql_error());

[fenway]

Also, that's not a secure way to log in users.

[sniperscope]

@Barand: There is no error on output. But select query is return with 0 result.

@Fenway : What am i doing is Just use same database at two different server. User can login from Server B by sql query at Server A.

 

While waiting some help, i had a crazy idea. Not sure if it works or not but want to give a try.

 

Create same db at Server B as well, So if user update at Server A then updated parameters send to Server B through cURL. Delete and insert wil work same way. So i will have two different DB but simultaneously synchronize.

 

Is this good idea?

[fenway]

Are you using a case sensitive collation? Do you want passwords to end up in query logs and processlists? I think not.

[sniperscope]

nope, i always use utf8-general-ci.

 

I am trying to do is:

1 - Check user is really exist and valid when he click "Log in" button.

2 - After succesfully logged in then display his/her entire detail.

3 - If he/she edit/delete something then update on remote server db.

 

 

/* Off Topic */

 

It says "Advanced Member" in my profile but somehow i am still asking simple php question. What an irony

 

/* Off Topic */

Edited January 24, 2013 by sniperscope

[fenway]

nope, i always use utf8-general-ci.

 

In that case, your passwords are case-insensitive, too -- are you aware of that? That makes them much less secure.

[sniperscope]

My Password include lower/upper case and special character with 16 chars long and I Copy and paste from original connection string.

Is that possible that something on server A or B is blocking communicate.

Currently my servers has CSF firewall, iptables and ddos deflate. This is last thing i am thinking.

[fenway]

I don't know what you're talking about -- I'm referring to the user passwords, not your DB login password. That has nothing do with firewalls.

[sniperscope]

yes sir. User password is all uppercase and i am 100% sure login credentials are correct

[fenway]

yes sir. User password is all uppercase and i am 100% sure login credentials are correct

Sounds like a terrible idea.

[sniperscope]

Dear Fenway.

I am going to follow the path as i described in my previous post.

 

Thank you so much for your attention and help.

 

Have a nice day.

[Christian F.]

I would strongly recommend that you read this article about secure login systems. As everyone above pointed, your script is not secure at all.

If anyone would get a hold of your user DB, which is very likely, then all of your users' passwords is out there in the open. Since people tend to use the same password for all of the sites they've registered to, this means that your DB is a gold mine for anyone looking to get access of a large number of e-mail accounts.

Which spammer wouldn't love to do that..?

 

So, read the article, and adhere to its advice. For the sake of your users, if not your own reputation (and possible liability).

Edited January 24, 2013 by Christian F.