Foser Posted June 24, 2007 Share Posted June 24, 2007 Ok for some reason I have a issue login in. - I have check the for the registration to also be MD5-SHA1-MD5-MD5. Here is my code: <?php require("config.php"); $user = mysql_real_escape_string($_POST['user']); $pw = md5(sha1(md5(md5($_POST['pw'])))); mysql_fetch_assoc(mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")) or die(mysql_error()); if ($pw == $user_info['password'] && $user == $user_info['username']){ mysql_fetch_assoc(mysql_query("SELECT rights FROM user_info WHERE username = '$user'")) or die(mysql_error()); echo "You are now logged in as a $user_info[rights]."; echo "<br>Welcome!"; } else { echo "You have typed in an incorrect password or/and username. Please try again."; } ?> When I type in the false data nothing is executed leads me to a blank page. When I put in the correct data it will show me my else statement: You have typed in an incorrect password or/and username. Please try again. thank you a lot! Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/ Share on other sites More sharing options...
trq Posted June 24, 2007 Share Posted June 24, 2007 You really need to do some tutorials on accessing data from a database. You never save the results of your queries so you can actually use them. Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281351 Share on other sites More sharing options...
Foser Posted June 24, 2007 Author Share Posted June 24, 2007 I'm not totally sure what your are saying about saving the results of the queries. Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281356 Share on other sites More sharing options...
trq Posted June 24, 2007 Share Posted June 24, 2007 <?php require("config.php"); $user = mysql_real_escape_string($_POST['user']); $pw = md5(sha1(md5(md5($_POST['pw'])))); // if query succeeds, save the results in the var $result if ($result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")) { // check a user was found. if (mysql_num_rows($result)) { // fetch data into $row $row = mysql_fetch_assoc($result); echo "You are now logged in as a {$row['rights']}."; echo "<br>Welcome!"; } else { echo "You have typed in an incorrect password or/and username. Please try again."; } } } else { echo mysql_error(); } ?> Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281363 Share on other sites More sharing options...
Foser Posted June 24, 2007 Author Share Posted June 24, 2007 What is $result assigned to? can we also do <?php if ($user && $pw = ........){... ?> Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281373 Share on other sites More sharing options...
Foser Posted June 24, 2007 Author Share Posted June 24, 2007 What is $result assigned to? can we also do <?php if ($user && $pw = ........){... ?> oh nvm i understand. the if statement will assign the result if it is true. Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281375 Share on other sites More sharing options...
Foser Posted June 24, 2007 Author Share Posted June 24, 2007 Alright I have edited my code : <?php require("config.php"); $user = mysql_real_escape_string($_POST['user']); $pw = md5(sha1(md5(md5($_POST['pw'])))); if ($result = ("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")){ if (mysql_num_rows($result)){ $row = mysql_fetch_assoc($result); echo "You are now logged in as a $user_info[rights]."; echo "<br>Welcome!";}} else { echo "You have typed in an incorrect password or/and username. Please try again."; } ?> But now I get a error : (Line 8 is the $row =...) Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\WAMP\www\Tutorials\PHP_MYSQL\Simple_MySQL\Login\login.php on line 8 thanks Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281379 Share on other sites More sharing options...
trq Posted June 24, 2007 Share Posted June 24, 2007 Now your not executing the query. This line.... if ($result = ("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")){ Needs to be.... if ($result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")) { Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281387 Share on other sites More sharing options...
Foser Posted June 24, 2007 Author Share Posted June 24, 2007 Thanks it works fine now! But for some reason we cannot see the rights array. but everything echos ok! thx Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281391 Share on other sites More sharing options...
Foser Posted June 24, 2007 Author Share Posted June 24, 2007 Also if i put in wrong data, I will get a blank page nothing will be executed it seems like. Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281394 Share on other sites More sharing options...
trq Posted June 24, 2007 Share Posted June 24, 2007 Honestly, you need to find some tutorials. You never define an array called $user_info. The data your after is in an array called $row. Look again at my example. Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281395 Share on other sites More sharing options...
Foser Posted June 24, 2007 Author Share Posted June 24, 2007 ah thanks a lot! I learnt it that the assoc array will be the name of the database table. My other else statement don't execute when my data is false. Only get a blank page. Thanks again.. Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281403 Share on other sites More sharing options...
trq Posted June 24, 2007 Share Posted June 24, 2007 My other else statement don't execute when my data is false. Only get a blank page. Can you post your now current code? Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281405 Share on other sites More sharing options...
Foser Posted June 25, 2007 Author Share Posted June 25, 2007 <?php require("config.php"); $user = mysql_real_escape_string($_POST['user']); $pw = md5(sha1(md5(md5($_POST['pw'])))); if ($result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")){ if (mysql_num_rows($result)or die(mysql_error())) { $row = mysql_fetch_assoc($result); echo "You are now logged in as a {$row['rights']}."; echo "<br>Welcome!";} else { echo "You have typed in an incorrect password or/and username. Please try again."; }} else { echo mysql_error();} ?> Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281715 Share on other sites More sharing options...
soycharliente Posted June 25, 2007 Share Posted June 25, 2007 Pull the $row['rights'] out and save it in it's own variable. I've had many, many problems trying to use an array variable like that inside quotes. <?php require("config.php"); $user = mysql_real_escape_string($_POST['user']); $pw = md5(sha1(md5(md5($_POST['pw'])))); if ($result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")) { if (mysql_num_rows($result)or die(mysql_error())) { $row = mysql_fetch_assoc($result); $rights = $row["rights"]; echo "You are now logged in as a {$rights}."; echo "<br>Welcome!"; } else { echo "You have typed in an incorrect password or/and username. Please try again."; } } else { echo mysql_error(); } ?> I have another question though. Why are you hashing the password 4 times? Are you doing secret work for the FBI or something? Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281733 Share on other sites More sharing options...
Foser Posted June 25, 2007 Author Share Posted June 25, 2007 That was my first question. My second issue, is my else statement does not execute. Therefore when I write the incorrect data it shows a blank page. instead of wrong password or username. Could anyone help? The reason I am hashing more than once is it is more secure than only a simple one time sha1 or one time MD5.They are reasonably easy to decrypt. Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281940 Share on other sites More sharing options...
Foser Posted June 25, 2007 Author Share Posted June 25, 2007 Because of it being a new page I'll repost the script. <?php require("config.php"); $user = mysql_real_escape_string($_POST['user']); $pw = md5(sha1(md5(md5($_POST['pw'])))); if ($result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")){ if (mysql_num_rows($result)or die(mysql_error())) { $row = mysql_fetch_assoc($result); $rights = $row['rights']; echo "You are now logged in as a {$rights}."; echo "<br>Welcome!";} else { echo "You have typed in an incorrect password or/and username. Please try again."; }} else { echo mysql_error();} ?> Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281943 Share on other sites More sharing options...
soycharliente Posted June 25, 2007 Share Posted June 25, 2007 Try structuring your query in a different way. <?php require("config.php"); $user = mysql_real_escape_string($_POST['user']); $pw = md5(sha1(md5(md5($_POST['pw'])))); $query = "SELECT * FROM user_info WHERE username = '$user' and password = '$pw'"; $result = mysql_query($query) or DIE(mysql_error()); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_assoc($result); $rights = $row["rights"]; echo "You are now logged in as a {$rights}."; echo "<br />Welcome!"; } else { echo "You have typed in an incorrect password or/and username. Please try again."; } ?> Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281961 Share on other sites More sharing options...
Foser Posted June 25, 2007 Author Share Posted June 25, 2007 I didn't do it your way but I took your idea. I added > 0 in my second if and it worked! Thanks a lot! Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281966 Share on other sites More sharing options...
soycharliente Posted June 25, 2007 Share Posted June 25, 2007 You really should have your DIE statement right after you run your query so I won't try to process anything else. Link to comment https://forums.phpfreaks.com/topic/56960-solved-login-in-issue/#findComment-281967 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.