Anything wrong with this mysql?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
friedcpu
Forum Newbie
Posts: 4
Joined: Wed May 19, 2004 1:47 pm
Location: uk
Contact:

Anything wrong with this mysql?

Post by friedcpu »

Hi
this always returns wrong username or password, it just wont work, i have rewrote the code many times following php books, websites, and it just wont work, hopefully you could spot whats wrong?
<?
$user = "$username";
$pass = "$password";
$conn = mysql_connect("localhost","username","password");
$db = mysql_select_db("friedcpu");
$password = md5($pass);
$result = mysql_query("SELECT realname, username, password, email, url, country, datereg FROM users WHERE username='$user' and password='$pass'");
$myrow = mysql_fetch_array($result);
$real_username = $myrow["username"];
$real_password = $myrow["password"];
if ($user=="$real_username" && $pass=="$real_password") {
// Login Correct!
$cookie_user = $myrow["username"];
$cookie_pass = $myrow["password"];
$cookie_name = $myrow["realname"];
$cookie_email = $myrow["email"];
$cookie_url = $myrow["url"];
$cookie_country = $myrow["country"];
$cookie_datereg = $myrow["datereg"];
setcookie ("FriedCPU[username]", $cookie_user);
setcookie ("FriedCPU[pass]", $cookie_pass);
setcookie ("FriedCPU[name]", $cookie_name);
setcookie ("FriedCPU[email]", $cookie_email);
setcookie ("FriedCPU[url]", $cookie_url);
setcookie ("FriedCPU[country]", $cookie_country);
setcookie ("FriedCPU[datereg]", $cookie_datereg);
echo "Logged In As: $cookie_user";
}else{
echo "Wrong username or pass";
}
?>
thanks so much to anybody who answers! :D
pht
Forum Newbie
Posts: 7
Joined: Sat May 22, 2004 6:47 am

Post by pht »

Are you sure, you are comparing right values in

if ($user=="$real_username" && $pass=="$real_password") {

shouldn't it be:

if ($user=="$real_username" && $password=="$real_password") {

because sql query may give you only encrypted form of password, not "real"...

Another guestion is, that have you really inserted encrypted password to the table?

Do you get any results from the database?

I would begin with these checks...
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

$user = "$username";
$pass = "$password";
Where are these values coming from? If they are coming from a form post then try using $_POST['username'] and $_POST['password'] instead.
Also try this version which should show you where it's going wrong.

Code: Select all

<?php
$user = $username;
$pass = $password;
//If using a form POST use the 2 below instead.
//$user = $_POST['username'];
//$pass = $_POST['password'];
$conn = mysql_connect('localhost','username','password') or die(mysql_error());
$db = mysql_select_db('friedcpu') or die(mysql_error());
$password = md5($pass);
$query = "SELECT realname, username, password, email, url, country, datereg FROM users WHERE username='$user' and password='$pass'";
echo $query; //debugging to make sure the query is what you expect
$result = mysql_query($query) or die(mysql_error());
if(mysql_num_rows($result)){
	$myrow = mysql_fetch_array($result);
	$real_username = $myrow["username"];
	$real_password = $myrow["password"];
	$cookie_user = $myrow["username"];
	$cookie_pass = $myrow["password"];
	$cookie_name = $myrow["realname"];
	$cookie_email = $myrow["email"];
	$cookie_url = $myrow["url"];
	$cookie_country = $myrow["country"];
	$cookie_datereg = $myrow["datereg"];
	setcookie ("FriedCPU[username]", $cookie_user);
	setcookie ("FriedCPU[pass]", $cookie_pass);
	setcookie ("FriedCPU[name]", $cookie_name);
	setcookie ("FriedCPU[email]", $cookie_email);
	setcookie ("FriedCPU[url]", $cookie_url);
	setcookie ("FriedCPU[country]", $cookie_country);
	setcookie ("FriedCPU[datereg]", $cookie_datereg);
	echo "Logged In As: $cookie_user";
}else{
	echo "Wrong username or pass";
}
?>
friedcpu
Forum Newbie
Posts: 4
Joined: Wed May 19, 2004 1:47 pm
Location: uk
Contact:

Post by friedcpu »

thank you both for replying.

i used your $_POST[]; mark, that works,

but it actually turned out the error was

the length of the column in the database ws 25 for the encrypted password, the encrypted pass turns out to be longer, so the database cut it off, and the form didnt, so it was trying to match a long pass against a short pass.

all works now tho :D thanks for your help.
Post Reply