Page 1 of 1

Anything wrong with this mysql?

Posted: Sat May 22, 2004 6:45 am
by friedcpu
Hi
this always returns wrong username or password, it just wont work, i have rewrote the code many times following php books, websites, and it just wont work, hopefully you could spot whats wrong?
<?
$user = "$username";
$pass = "$password";
$conn = mysql_connect("localhost","username","password");
$db = mysql_select_db("friedcpu");
$password = md5($pass);
$result = mysql_query("SELECT realname, username, password, email, url, country, datereg FROM users WHERE username='$user' and password='$pass'");
$myrow = mysql_fetch_array($result);
$real_username = $myrow["username"];
$real_password = $myrow["password"];
if ($user=="$real_username" && $pass=="$real_password") {
// Login Correct!
$cookie_user = $myrow["username"];
$cookie_pass = $myrow["password"];
$cookie_name = $myrow["realname"];
$cookie_email = $myrow["email"];
$cookie_url = $myrow["url"];
$cookie_country = $myrow["country"];
$cookie_datereg = $myrow["datereg"];
setcookie ("FriedCPU[username]", $cookie_user);
setcookie ("FriedCPU[pass]", $cookie_pass);
setcookie ("FriedCPU[name]", $cookie_name);
setcookie ("FriedCPU[email]", $cookie_email);
setcookie ("FriedCPU[url]", $cookie_url);
setcookie ("FriedCPU[country]", $cookie_country);
setcookie ("FriedCPU[datereg]", $cookie_datereg);
echo "Logged In As: $cookie_user";
}else{
echo "Wrong username or pass";
}
?>
thanks so much to anybody who answers! :D

Posted: Sat May 22, 2004 6:57 am
by pht
Are you sure, you are comparing right values in

if ($user=="$real_username" && $pass=="$real_password") {

shouldn't it be:

if ($user=="$real_username" && $password=="$real_password") {

because sql query may give you only encrypted form of password, not "real"...

Another guestion is, that have you really inserted encrypted password to the table?

Do you get any results from the database?

I would begin with these checks...

Posted: Sat May 22, 2004 7:02 am
by markl999
$user = "$username";
$pass = "$password";
Where are these values coming from? If they are coming from a form post then try using $_POST['username'] and $_POST['password'] instead.
Also try this version which should show you where it's going wrong.

Code: Select all

<?php
$user = $username;
$pass = $password;
//If using a form POST use the 2 below instead.
//$user = $_POST['username'];
//$pass = $_POST['password'];
$conn = mysql_connect('localhost','username','password') or die(mysql_error());
$db = mysql_select_db('friedcpu') or die(mysql_error());
$password = md5($pass);
$query = "SELECT realname, username, password, email, url, country, datereg FROM users WHERE username='$user' and password='$pass'";
echo $query; //debugging to make sure the query is what you expect
$result = mysql_query($query) or die(mysql_error());
if(mysql_num_rows($result)){
	$myrow = mysql_fetch_array($result);
	$real_username = $myrow["username"];
	$real_password = $myrow["password"];
	$cookie_user = $myrow["username"];
	$cookie_pass = $myrow["password"];
	$cookie_name = $myrow["realname"];
	$cookie_email = $myrow["email"];
	$cookie_url = $myrow["url"];
	$cookie_country = $myrow["country"];
	$cookie_datereg = $myrow["datereg"];
	setcookie ("FriedCPU[username]", $cookie_user);
	setcookie ("FriedCPU[pass]", $cookie_pass);
	setcookie ("FriedCPU[name]", $cookie_name);
	setcookie ("FriedCPU[email]", $cookie_email);
	setcookie ("FriedCPU[url]", $cookie_url);
	setcookie ("FriedCPU[country]", $cookie_country);
	setcookie ("FriedCPU[datereg]", $cookie_datereg);
	echo "Logged In As: $cookie_user";
}else{
	echo "Wrong username or pass";
}
?>

Posted: Sat May 22, 2004 8:02 am
by friedcpu
thank you both for replying.

i used your $_POST[]; mark, that works,

but it actually turned out the error was

the length of the column in the database ws 25 for the encrypted password, the encrypted pass turns out to be longer, so the database cut it off, and the form didnt, so it was trying to match a long pass against a short pass.

all works now tho :D thanks for your help.