Page 1 of 1

small problem here :)

Posted: Fri May 05, 2006 10:16 pm
by Baby Kosub
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


here is an example of my problem in story form 

i made a starting account, example being pizza with the password atypeoffood

i make a new account, totally different password

the password for the new account doesn't work, but when i try to put in the password for pizza account into the new account, it works.

what is the problem?

heres an example of what i'm using.

Code: Select all

if(isset($_POST['login'])){
	$username=$_POST['username'];
	$_POST['password']=md5($_POST['password']);
	$h=mysql_query("select password from users where username='$username'");
	if($_POST['password']==$h){
		setcookie("etrin_username",$_POST['username'],time()+60*60*24*365);
		setcookie("etrin_password",$_POST['password'],time()+60*60*24*365); 
		echo"<meta http-equiv=\"Refresh\" content=\"3;url=$HTTP_SERVER_VARS[PHP_SELF]\">"; 
	}
}
the other information for login cycles simply just says what your username is and checks for these cookies


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Fri May 05, 2006 10:36 pm
by Burrito
you're trying to compare a string to a resource...that won't work.

you need use mysql_fetch_row() or ..fetch_assoc() or ..fetch_array() or the like to make something usable for your comparison.

Posted: Sat May 06, 2006 1:37 am
by Baby Kosub
could i see an example? i am still having trouble getting it to work
EDIT: nevermind, i got it to work after a little bit of trial and error, plus i looked at the php.net site which helped a small bit.

Re: small problem here :)

Posted: Sat May 06, 2006 2:13 am
by someberry

Code: Select all

if(isset($_POST['login'])){
	$username=$_POST['username'];
	$password = md5($_POST['password']);

	$h=mysql_query("SELECT password FROM users WHERE username='$username' AND password='$password'");

	if(mysql_num_rows($h) == 1){
		setcookie("etrin_username",$_POST['username'],time()+60*60*24*365);
		setcookie("etrin_password",$_POST['password'],time()+60*60*24*365); 
		echo"<meta http-equiv=\"Refresh\" content=\"3;url=$HTTP_SERVER_VARS[PHP_SELF]\">"; 
	}
	else{
		echo('Oh dear. It would appear you entered an incorrect password.');
	}
}

Posted: Sat May 06, 2006 2:24 am
by apoltix
Shouldnt the "username" field in the query also be selected along with the password field? I've had that problem many times, so I usually just select all (*)
E.g.

Code: Select all

mysql_query("SELECT username,password FROM users WHERE username='$username' AND password='$password");

Posted: Sat May 06, 2006 7:16 am
by timvw
<off-topic>
apoltix wrote:Shouldnt the "username" field in the query also be selected along with the password field? I've had that problem many times, so I usually just select all (*)
Why would you want to select a username if you already know it? It's not like it's going to change somewhere...
Are you aware that 'SELECT ALL' and 'SELECT *' mean different things?

Imho 'SELECT *' is a bad practice.
</off-topic>



Btw, i prefer:

Code: Select all

SELECT COUNT(primary_key_column) AS count FROM users WHERE username='$username' AND password='$password'
When the count is >= 1 (are there situations where it can be > 1 ?) i know that there is (atleast) one account with the same username and password and thus the credentials are valid...