Yes, you have it correct. The database connection is the one in the dbConnect.php file. Then the users are validated in the other database. For some reason, in my case, this isn't woking. I'll post some code in a few minutes.
This is the first web page that the user comes to. The user logs in and is then taken to the check_login.php page, which immediately has an include dbConnect.php (for the MySQL database Connection) declaration at the top of the code.
Code: Select all
<?php
// The user is logging in to the ClaimsWeb database with his user id and password.
if (file_exists("/var/www/html/shutdown.txt")) {
die("Server is shut down for maintenance");
}
?>
[text]
<html>
<body>
<br/>
<table width="300" border="0" align="center" cellpadding="0"
cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="check_login.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1"
bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>ClaimsWeb™ Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="password" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
Code: Select all
<?php
include ("dbConnect.php");
echo $page_footer;
if ($lDebug) {
var_dump($_SESSION);
}
?>
</html>
[/text]
Then the next page, check_login.php hits:
Code: Select all
<?php
include ("dbConnect.php"); // Connects to the mysql database through the user table.
$mosConfig_locale_debug = 0;
$mosConfig_locale_use_gettext = 0;
$table_name='logins'; // The table, 'logins', is in the Claimsweb database.
// Define $myusername and $mypassword
$myusername=$_POST['myusername']; // Carried forward from the posting from the login_page.php.
$mypassword=$_POST['mypassword']; // Carried forward from the posting from the login_page.php.
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
// THIS IS WHERE THE USER NAME AND PASSWORD DISAPPEAR COMPLETELY.
//$myusername = mysql_real_escape_string($myusername);
$myusername = mysqli_real_escape_string($conn, $myusername);
//$mypassword = mysql_real_escape_string($mypassword);
$mypassword = mysqli_real_escape_string($conn, $mypassword);
$sql = "SELECT client_no, access_level, logo_file, main_page, last_login, audit_year, active_client,
email_address FROM $table_name WHERE login_id='$myusername' and
login_password=aes_encrypt('$mypassword', 'password')";
//... MORE CODE...
DBCONNECT.PHP FOLLOWS: This ought to work, but it doesn't. I cannot establish a MySQL database connection.
Code: Select all
<?php
$lDebug = TRUE;
// MySQL Connection. The next variables set up for the connection to the MySQL database only.
$host = "localhost";
$user = "web_user";
$pass = "PASSWORD";
$db = "mysql";
// Main database for processing.
$dbCW = "claimsWeb";
$today = strtotime(date("Y-m-d"));
// This part sets up the connection to the database (so you don't need to reopen the connection
// again on the same page).
// Apache 2 PHP code has deprecated mysql_pconnect. Use mysqli_connect() instead.
//$ms = mysql_pconnect($host, $user, $pass);
$conn = mysqli_connect($host, $user, $pass, $db); // 01/08/2015 Cecil. The 4th parameter is the database called "mysql".
// Check Connection.
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// Select the database you want.
mysqli_select_db($conn, $dbCW);