Foser Posted June 24, 2007 Share Posted June 24, 2007 Ok for some reason I have a issue login in. - I have check the for the registration to also be MD5-SHA1-MD5-MD5. Here is my code: <?php require("config.php"); $user = mysql_real_escape_string($_POST['user']); $pw = md5(sha1(md5(md5($_POST['pw'])))); mysql_fetch_assoc(mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")) or die(mysql_error()); if ($pw == $user_info['password'] && $user == $user_info['username']){ mysql_fetch_assoc(mysql_query("SELECT rights FROM user_info WHERE username = '$user'")) or die(mysql_error()); echo "You are now logged in as a $user_info[rights]."; echo "<br>Welcome!"; } else { echo "You have typed in an incorrect password or/and username. Please try again."; } ?> When I type in the false data nothing is executed leads me to a blank page. When I put in the correct data it will show me my else statement: You have typed in an incorrect password or/and username. Please try again. thank you a lot! Quote Link to comment Share on other sites More sharing options...
trq Posted June 24, 2007 Share Posted June 24, 2007 You really need to do some tutorials on accessing data from a database. You never save the results of your queries so you can actually use them. Quote Link to comment Share on other sites More sharing options...
Foser Posted June 24, 2007 Author Share Posted June 24, 2007 I'm not totally sure what your are saying about saving the results of the queries. Quote Link to comment Share on other sites More sharing options...
trq Posted June 24, 2007 Share Posted June 24, 2007 <?php require("config.php"); $user = mysql_real_escape_string($_POST['user']); $pw = md5(sha1(md5(md5($_POST['pw'])))); // if query succeeds, save the results in the var $result if ($result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")) { // check a user was found. if (mysql_num_rows($result)) { // fetch data into $row $row = mysql_fetch_assoc($result); echo "You are now logged in as a {$row['rights']}."; echo "<br>Welcome!"; } else { echo "You have typed in an incorrect password or/and username. Please try again."; } } } else { echo mysql_error(); } ?> Quote Link to comment Share on other sites More sharing options...
Foser Posted June 24, 2007 Author Share Posted June 24, 2007 What is $result assigned to? can we also do <?php if ($user && $pw = ........){... ?> Quote Link to comment Share on other sites More sharing options...
Foser Posted June 24, 2007 Author Share Posted June 24, 2007 What is $result assigned to? can we also do <?php if ($user && $pw = ........){... ?> oh nvm i understand. the if statement will assign the result if it is true. Quote Link to comment Share on other sites More sharing options...
Foser Posted June 24, 2007 Author Share Posted June 24, 2007 Alright I have edited my code : <?php require("config.php"); $user = mysql_real_escape_string($_POST['user']); $pw = md5(sha1(md5(md5($_POST['pw'])))); if ($result = ("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")){ if (mysql_num_rows($result)){ $row = mysql_fetch_assoc($result); echo "You are now logged in as a $user_info[rights]."; echo "<br>Welcome!";}} else { echo "You have typed in an incorrect password or/and username. Please try again."; } ?> But now I get a error : (Line 8 is the $row =...) Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\WAMP\www\Tutorials\PHP_MYSQL\Simple_MySQL\Login\login.php on line 8 thanks Quote Link to comment Share on other sites More sharing options...
trq Posted June 24, 2007 Share Posted June 24, 2007 Now your not executing the query. This line.... if ($result = ("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")){ Needs to be.... if ($result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")) { Quote Link to comment Share on other sites More sharing options...
Foser Posted June 24, 2007 Author Share Posted June 24, 2007 Thanks it works fine now! But for some reason we cannot see the rights array. but everything echos ok! thx Quote Link to comment Share on other sites More sharing options...
Foser Posted June 24, 2007 Author Share Posted June 24, 2007 Also if i put in wrong data, I will get a blank page nothing will be executed it seems like. Quote Link to comment Share on other sites More sharing options...
trq Posted June 24, 2007 Share Posted June 24, 2007 Honestly, you need to find some tutorials. You never define an array called $user_info. The data your after is in an array called $row. Look again at my example. Quote Link to comment Share on other sites More sharing options...
Foser Posted June 24, 2007 Author Share Posted June 24, 2007 ah thanks a lot! I learnt it that the assoc array will be the name of the database table. My other else statement don't execute when my data is false. Only get a blank page. Thanks again.. Quote Link to comment Share on other sites More sharing options...
trq Posted June 24, 2007 Share Posted June 24, 2007 My other else statement don't execute when my data is false. Only get a blank page. Can you post your now current code? Quote Link to comment Share on other sites More sharing options...
Foser Posted June 25, 2007 Author Share Posted June 25, 2007 <?php require("config.php"); $user = mysql_real_escape_string($_POST['user']); $pw = md5(sha1(md5(md5($_POST['pw'])))); if ($result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")){ if (mysql_num_rows($result)or die(mysql_error())) { $row = mysql_fetch_assoc($result); echo "You are now logged in as a {$row['rights']}."; echo "<br>Welcome!";} else { echo "You have typed in an incorrect password or/and username. Please try again."; }} else { echo mysql_error();} ?> Quote Link to comment Share on other sites More sharing options...
soycharliente Posted June 25, 2007 Share Posted June 25, 2007 Pull the $row['rights'] out and save it in it's own variable. I've had many, many problems trying to use an array variable like that inside quotes. <?php require("config.php"); $user = mysql_real_escape_string($_POST['user']); $pw = md5(sha1(md5(md5($_POST['pw'])))); if ($result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")) { if (mysql_num_rows($result)or die(mysql_error())) { $row = mysql_fetch_assoc($result); $rights = $row["rights"]; echo "You are now logged in as a {$rights}."; echo "<br>Welcome!"; } else { echo "You have typed in an incorrect password or/and username. Please try again."; } } else { echo mysql_error(); } ?> I have another question though. Why are you hashing the password 4 times? Are you doing secret work for the FBI or something? Quote Link to comment Share on other sites More sharing options...
Foser Posted June 25, 2007 Author Share Posted June 25, 2007 That was my first question. My second issue, is my else statement does not execute. Therefore when I write the incorrect data it shows a blank page. instead of wrong password or username. Could anyone help? The reason I am hashing more than once is it is more secure than only a simple one time sha1 or one time MD5.They are reasonably easy to decrypt. Quote Link to comment Share on other sites More sharing options...
Foser Posted June 25, 2007 Author Share Posted June 25, 2007 Because of it being a new page I'll repost the script. <?php require("config.php"); $user = mysql_real_escape_string($_POST['user']); $pw = md5(sha1(md5(md5($_POST['pw'])))); if ($result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")){ if (mysql_num_rows($result)or die(mysql_error())) { $row = mysql_fetch_assoc($result); $rights = $row['rights']; echo "You are now logged in as a {$rights}."; echo "<br>Welcome!";} else { echo "You have typed in an incorrect password or/and username. Please try again."; }} else { echo mysql_error();} ?> Quote Link to comment Share on other sites More sharing options...
soycharliente Posted June 25, 2007 Share Posted June 25, 2007 Try structuring your query in a different way. <?php require("config.php"); $user = mysql_real_escape_string($_POST['user']); $pw = md5(sha1(md5(md5($_POST['pw'])))); $query = "SELECT * FROM user_info WHERE username = '$user' and password = '$pw'"; $result = mysql_query($query) or DIE(mysql_error()); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_assoc($result); $rights = $row["rights"]; echo "You are now logged in as a {$rights}."; echo "<br />Welcome!"; } else { echo "You have typed in an incorrect password or/and username. Please try again."; } ?> Quote Link to comment Share on other sites More sharing options...
Foser Posted June 25, 2007 Author Share Posted June 25, 2007 I didn't do it your way but I took your idea. I added > 0 in my second if and it worked! Thanks a lot! Quote Link to comment Share on other sites More sharing options...
soycharliente Posted June 25, 2007 Share Posted June 25, 2007 You really should have your DIE statement right after you run your query so I won't try to process anything else. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.