Page 2 of 5

Posted: Mon Jan 15, 2007 1:02 pm
by feyd
Check $result to make sure it's not false....

Posted: Mon Jan 15, 2007 1:04 pm
by Ollie Saunders
Call it without any parameters.
Edit: sorry no, completely wrong there.

Posted: Mon Jan 15, 2007 8:34 pm
by Mightywayne
Okay, I checked it with this code

Code: Select all

if($result==false)
{
printf("False result.");
}
And it appears it IS false.

However. I have absolutely no idea why it's false, or how it became false. I think it may have something to do with the query being username AND password, but then $count would be messed up if I broke them apart into seperate queries... =/

Posted: Mon Jan 15, 2007 9:49 pm
by feyd
A false return value denotes an error happened. I would imagine it's using "password," but you can check it with mysql_error().

Posted: Tue Jan 16, 2007 1:47 am
by matthijs
Mightywayne, if I look at the code, it still is vulnerable to sql injection. Meaning that even if you get it to work, any hacker can hack your script, without having a valid username/password. If I enter a single quote as my username:

Code: Select all

<?php
$username = $_POST['username']; // '
$password = $_POST['password'];

$sql = "SELECT * FROM user WHERE username='$username' and password='$password'"; 
// $sql = "SELECT * FROM user WHERE username = '''

// etc
?>

Posted: Tue Jan 16, 2007 3:41 pm
by Mightywayne
Matt, I editted my post before the one you made to tell you that I like to add that stuff at the end to stop any confusion that may come from it. feyd, I'll check now.

Posted: Tue Jan 16, 2007 3:59 pm
by Mightywayne
Okay this is making absolutely NO sense at all. I did the SAME process from my "verification" one that I made, which turned out perfect, and for absolutely NO reason at all, the values are false. It's connecting properly, and I changed from the "AND password" thing, to

Code: Select all

$sql1 = "SELECT * FROM user WHERE username='$username'";
$result1 = mysql_query($sql1);

$sql2 = "SELECT * FROM user WHERE password='$password'";
$result2 = mysql_query($sql2);
Is there a tutorial any of you can suggest? Because obviously this tutorial from 2002 is messed up for some reason. Is there a different way to do it than using headers()? It doesn't seem like it should be hard, but I hate when coding does this; things that should work normally randomly don't.

Posted: Tue Jan 16, 2007 4:01 pm
by feyd
What does mysql_error() tell you?

Posted: Tue Jan 16, 2007 5:12 pm
by Ollie Saunders
Perhaps the initial connection is failing

Posted: Tue Jan 16, 2007 7:47 pm
by Mightywayne
Editted out in case some folks try to hax0r me. Seriously. o_O;;

Posted: Tue Jan 16, 2007 8:16 pm
by Ollie Saunders
read up on how to use mysql_error again.

Posted: Tue Jan 16, 2007 9:14 pm
by Christopher
I see a lot of code like that posted. It is pretty difficult to debug. I think, at least, some basic Structured Programming would be helpful. At a minimum a PHP database script ought to look something like this:

Code: Select all

<?php
// initialize variables
$errmsg = '';
$row = array();

// Connect to server
$con = mysql_connect("localhost","burnttoa_umonbre","don't_post_passwords");

if (mysql_errno()) {
     $errmsg = 'Could not connect:' . mysql_error();
} else {

     // Select database.
     mysql_select_db("burnttoa_monbre");

     if (mysql_errno()) {
          $errmsg = 'Could not select:' . mysql_error();
     } else {
          // Setup and do query

          // filter untrusted post variable
          $username = preg_replace('/[^a-zA-Z0-9]/', '', $_POST['username']);

          // escape untrusted post variable
          $username = mysql_real_escape_string($_POST['username']);

          $sql1 = "SELECT * FROM user WHERE username='$username'";
          $result1 = mysql_query($sql1);

          if (mysql_errno()) {
               $errmsg = 'Query failed:' . mysql_error();
          } else {
               $row = mysql_fetch_assoc($result);
          }
     }
}

// now the response
if ($errmsg) {
     // error goes here
     echo "Error: $errmsg<br/>";
} else {
     // success goes here
     dump($row);
}

// handy for debugging
function dump($value) {
     echo '<pre>' . print_r($value, 1) . '</pre>';
}
No die(), clear logic, thorough error checking, separation of connection and response (reporting an error is also a response), and basic security ...

Posted: Wed Jan 17, 2007 2:44 am
by daedalus__
arborint wrote:I see a lot of code like that posted. It is pretty difficult to debug. I think, at least, some basic Structured Programming would be helpful. At a minimum a PHP database script ought to look something like this:

Code: Select all

<?php
// initialize variables
$errmsg = '';
$row = array();

// Connect to server
$con = mysql_connect("localhost","burnttoa_umonbre","don't_post_passwords");

if (mysql_errno()) {
     $errmsg = 'Could not connect:' . mysql_error();
} else {

     // Select database.
     mysql_select_db("burnttoa_monbre");

     if (mysql_errno()) {
          $errmsg = 'Could not select:' . mysql_error();
     } else {
          // Setup and do query

          // filter untrusted post variable
          $username = preg_replace('/[^a-zA-Z0-9]/', '', $_POST['username']);

          // escape untrusted post variable
          $username = mysql_real_escape_string($_POST['username']);

          $sql1 = "SELECT * FROM user WHERE username='$username'";
          $result1 = mysql_query($sql1);

          if (mysql_errno()) {
               $errmsg = 'Query failed:' . mysql_error();
          } else {
               $row = mysql_fetch_assoc($result);
          }
     }
}

// now the response
if ($errmsg) {
     // error goes here
     echo "Error: $errmsg<br/>";
} else {
     // success goes here
     dump($row);
}

// handy for debugging
function dump($value) {
     echo '<pre>' . print_r($value, 1) . '</pre>';
}
No die(), clear logic, thorough error checking, separation of connection and response (reporting an error is also a response), and basic security ...
+1 for snippets

Posted: Wed Jan 17, 2007 12:08 pm
by Mightywayne
Uhm okay. I think I'm going to switch to cookies now. Instead of sessions. How bad is that? I've heard of cookie manipulation, but my friend suggests cookies, and sessions are right now confusing me majorly.

Also, I'm not really getting mysql_error either. It just keeps giving me Warning: mysql_error(): supplied argument is not a valid MySQL-Link resource in /home/burnttoa/public_html/monbre/checklogin.php on line 22 which google is no help for.

My friend just gave me a good cookie script so I'll check that out, it seems pretty good, sans some functions I'll have to learn. :) I hope the cookies aren't a security thing though... are they?

Posted: Wed Jan 17, 2007 12:15 pm
by aaronhall
First, you need to read how to use mysql_error()

Second, sessions use cookies, and the problem you are having now has nothing to do with either.