MS Acess DB + PHP

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
janey
Forum Newbie
Posts: 13
Joined: Sat Nov 26, 2005 6:48 am
Location: stoke

MS Acess DB + PHP

Post by janey »

Im creating a simple log in script in php...

I want to have the login.php page check the password entered in txtPassword on login.htm and check it against an MD5 encrypted password stored in the database.

Im having no luck though...

(btw im a newbie to php)

Code: Select all

if(isset($_POST['btnLogin']))
	{
	
	//Get usernames
	$SQL=	"SELECT UserID, UPassword FROM TBLUsers 
			WHERE UserID = $_POST[txtUsername]' AND ACTIVATED = True ";

	//checks password

	if (md5($_POST['txtPassword']) == ($SQL['UPassword'])) { 
		$_SESSION['username'] = $susername;
		$_SESSION['password'] = $spassword;
		echo "Someting you what here";

	} else { 
    
		echo "Wrong username or password, please try again";
		session_write_close();
		exit();
}
can anyone help?
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Re: MS Acess DB + PHP

Post by RobertGonzalez »

janey wrote:Im creating a simple log in script in php...

I want to have the login.php page check the password entered in txtPassword on login.htm and check it against an MD5 encrypted password stored in the database.

Im having no luck though...

(btw im a newbie to php)

Code: Select all

if(isset($_POST['btnLogin']))
	{
	
	//Get usernames
	$SQL=	"SELECT UserID, UPassword FROM TBLUsers 
			WHERE UserID = $_POST[txtUsername]' AND ACTIVATED = True ";

	//checks password

	if (md5($_POST['txtPassword']) == ($SQL['UPassword'])) { 
		$_SESSION['username'] = $susername;
		$_SESSION['password'] = $spassword;
		echo "Someting you what here";

	} else { 
		echo "Wrong username or password, please try again";
		session_write_close();
		exit();
}
can anyone help?
What errors are you getting or what problems are you receiving? I notice in your code that there is a single quote in your where clause and that the array index "txtUsername" is not wrapped in quotes either. That might help. Maybe try something like this:

Code: Select all

if(isset($_POST['btnLogin']))
{
	$username = $_POST['txtUsername'];
	$userpassword = $_POST['txtPassword'];

	//Get usernames
	$SQL=	"SELECT UserID, UPassword 
			FROM TBLUsers 
			WHERE UserID = $username 
			AND ACTIVATED = True ";

	if ( !($result = $odbc_query($SQL)) )
	{
		die("Could not run query: " . odbc_error());
	}

	while ( $row = odbc_fetch_array($result) )
	{
		//checks password
		if (md5($userpassword) == ($row['UPassword'])) 
		{ 
			$_SESSION['username'] = $username;
			$_SESSION['password'] = $userpassword; //change this value to either the posted value or db value
			echo "Someting you what here";

		} 
		else 
		{ 
    			echo "Wrong username or password, please try again";
			session_write_close();
			exit();
		}
	}
}
This is cheap and easy. Not a lot of validation, which on login scripts you want to add in as much validation as possible. But I think this does it.

In PHP the query is a string until it is passed to the db_query function (where db is what db function set you are using [mysql, mssql, odbc]). Once the query has been passed through the query function you can read the query resul;t into an array using the db_fetch_row, db_fetch_array functions. Then loop through those.

You also might want to check the PHP manula for using Access as a database. I have done it before but there were some things that seemed different than the usual for me when I did.
foobar
Forum Regular
Posts: 613
Joined: Wed Sep 28, 2005 10:08 am

Post by foobar »

Ewwww! MSAccess.... :o

Get MySQL. Now.
ody
Forum Contributor
Posts: 147
Joined: Sat Mar 27, 2004 4:42 am
Location: ManchesterUK

Post by ody »

You could just check the actual password in the database query, if it matches you will get one row returned.

just a few pennies.
janey
Forum Newbie
Posts: 13
Joined: Sat Nov 26, 2005 6:48 am
Location: stoke

Post by janey »

ive been playing with the code a bit... re worked it to this

Code: Select all

if(isset($_POST['btnLogin']))
	{
	$encPass = md5($spassword);
	echo "$encPass <br>";
	//Get usernames
	$sSQL=	"SELECT UPassword FROM tblUsers 
			WHERE UserID = $_POST[txtUsername] AND UPassword = $encPass AND ACTIVATED = yes ";
	echo "$sSQL this is the sql <br>";

	// searches the DB
	$rsMain = $adoCon->Execute( $sSQL );

//=====================================//
// Outputs all the selected fields in the table "tblUsers",
// processes each record until we reach the end of the recordset
	while (!$rsMain->EOF)
	{	// gets each of the fields
	    $susername = $rsMain->Fields("UserID")->value;
		$spassword = $rsMain->Fields("UPassword")->value;
		$_SESSION['username'] = $susername;
		$_SESSION['password'] = $spassword;
		echo "Someting you what here";

		// prints each of the fields
		print "$susername, pwd=[$spassword]<br />\n";

		// moves to the next record OR runs out of records (hits end of recordset)
		$rsMain->MoveNext();
	}



?>
im getting errors in IIS with this line...

$rsMain = $adoCon->Execute( $sSQL );

any ideas?

foobar - I can't use mysql uni states it must be access and php...
Im ok with Oracle and ASP but php is totally new to me :(
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Clean up your SQL a little bit...

Code: Select all

$sSQL=   "SELECT UPassword 
            FROM tblUsers
            WHERE UserID = " . $_POST['txtUsername'] . " 
            AND UPassword = '$encPass' 
            AND ACTIVATED = 'yes' ";
See if that helps.
janey
Forum Newbie
Posts: 13
Joined: Sat Nov 26, 2005 6:48 am
Location: stoke

Post by janey »

Everah wrote:Clean up your SQL a little bit...

Code: Select all

$sSQL=   "SELECT UPassword 
            FROM tblUsers
            WHERE UserID = " . $_POST['txtUsername'] . " 
            AND UPassword = '$encPass' 
            AND ACTIVATED = 'yes' ";
See if that helps.
cheers but im still getting the same error on that line - could it be a permissions thing or am i using something thats not compatable with access


Notice: Undefined variable: odbc_query in c:\Inetpub\wwwroot\Assignment\login1.php on line 60

Fatal error: Function name must be a string in c:\Inetpub\wwwroot\Assignment\login1.php on line 60
foobar
Forum Regular
Posts: 613
Joined: Wed Sep 28, 2005 10:08 am

Post by foobar »

janey wrote: foobar - I can't use mysql uni states it must be access and php...
Im ok with Oracle and ASP but php is totally new to me :(
I feel sorry for you. At the same time I can empathise with you to a certain degree. My uni has some weird requirements as regards software too... like using that obnoxious Eclipse IDE :evil: . And not allowing students to surf porn... err... I mean... um... :oops:
janey
Forum Newbie
Posts: 13
Joined: Sat Nov 26, 2005 6:48 am
Location: stoke

Post by janey »

foobar wrote:
janey wrote: foobar - I can't use mysql uni states it must be access and php...
Im ok with Oracle and ASP but php is totally new to me :(
I feel sorry for you. At the same time I can empathise with you to a certain degree. My uni has some weird requirements as regards software too... like using that obnoxious Eclipse IDE :evil: . And not allowing students to surf porn... err... I mean... um... :oops:
lol you can surf anything at our uni nothing is blocked including bittorent sites and you can install some software like bitorent engines.

It is slightly annoying that you cant use mysql as theres loads of information on mysql and php and hardly anything on php and access.

It does feel sometimes like the uni is forcing us to use microsoft products :(
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Sorry for the bad advice Janey. The function you want is odbc_exec($connetion_link, $query) not odbc_query. Try switching the function call in your code and see what you get.
janey
Forum Newbie
Posts: 13
Joined: Sat Nov 26, 2005 6:48 am
Location: stoke

Post by janey »

Everah wrote:Sorry for the bad advice Janey. The function you want is odbc_exec($connetion_link, $query) not odbc_query. Try switching the function call in your code and see what you get.
hi, sorry i altered the code, tried to get around that bit by using a recordset, but it doesnt like the recordset either
sheila
Forum Commoner
Posts: 98
Joined: Mon Sep 05, 2005 9:52 pm
Location: Texas

Post by sheila »

Is the UserID a char field? Does it need quotes like UPassword?

Code: Select all

$sSQL=   "SELECT UPassword 
            FROM tblUsers
            WHERE UserID = '" . $_POST['txtUsername'] . " '
            AND UPassword = '$encPass' 
            AND ACTIVATED = 'yes' ";
janey
Forum Newbie
Posts: 13
Joined: Sat Nov 26, 2005 6:48 am
Location: stoke

Post by janey »

cheers for your help but still having trouble...

tried doing it this way...

Code: Select all

<?php
	// allows session info to be used on this page
	session_start();
	?>
<html>
<link href="css.css" rel="stylesheet" type="text/css">
<head>
<title>Login</title>
</head>
<body>
<div id="wrapper">
<div id="banner"></div>
<div id="nav">
<ul>
<li><a href="register.php" onClick="return (false);">Register</a></li>
<li><a href="login.php" onClick="return (false);">Log in</a></li>
</ul>
<?php
//=====================================//
// gets data from form, may be an empty string

	$username = $_POST['txtUsername'];
	$spassword = $_POST['txtPassword'];
	echo "$username <br>";
	echo "$spassword <br>";

// if all strings are empty, goes back to the search page
	if( strlen($username) + strlen($spassword) == 0 )
		{	
			header("Location: login.htm");
			echo('Please enter a username and password');
		}

// creates a new Common-Object-Model (COM) connection object
	$adoCon = new COM("ADODB.Connection");
//=====================================//
// opens the connection using a standard Access connection string

	try
		{	
			$adoCon->Open("Provider=Microsoft.Jet.OLEDB.4.0; Data Source=C:/Inetpub/wwwroot/Assignment/PRU.mdb");
		}
	catch(Exception $e)
		{	
		die('Sorry - There was a problem with opening the database.<br />');
		}
	echo "hi jane database is open <br>";
//if submit was pressed, run SQL query to get user info
	if(isset($_POST['btnLogin']))
		{
			$encPass = md5($spassword);
			echo "$encPass <br>";

		try
			{	
				$rsMain=$adoCon->Execute
				(	
					"SELECT UserID, UPassword, Activated
					FROM TblUsers
					WHERE UserID = $username AND UPassword = $encPass AND Activated = yes;"
				);
//=====================================//
// Outputs all the selected fields in the table "tblUsers",
// processes each record until we reach the end of the recordset
			while (!$rsMain->EOF)
				{	// gets each of the fields
		    		$username = $rsMain->Fields("UserID")->value;
					$spassword = $rsMain->Fields("UPassword")->value;
					$_SESSION['username'] = $username;
					$_SESSION['password'] = $spassword;
					echo "sessions bit done";

					// prints each of the fields
					echo "pwd=[$spassword]<br />\n";
					echo "$username";
					// moves to the next record OR runs out of records (hits end of recordset)
					$rsMain->MoveNext();
				}
			//=====================================//
			// closes the recordset, frees up resources, kills all traces
			$rsMain->Close();
			$rsMain->Release();
			$rsMain = null;
		}
	catch(Exception $e)
		{	
			echo "Sorry - Account does not exist <br />";
		} 
// searches the DB
//$rsMain = $adoCon->Execute("SELECT UserID, UPassword, Activated FROM tblUsers WHERE UserID = '$susername' AND UPassword = $encPass AND Activated = yes");
	}	

	session_write_close();
	session_write_close();
	exit();
// closes the connection, frees up resources, kills all traces
	$adoCon->Close();
	$adoCon = null;
?>

<p>login page</p>
<div id="footer">
  <p>Jane</p>

</div></div></div>
</body>
</html>
but im just getting the sorry account doesnt exist message when i know it does... so i know i have a problem with this bit...

Code: Select all

try
			{	
				$rsMain=$adoCon->Execute
				(	
					"SELECT UserID, UPassword, Activated
					FROM TblUsers
					WHERE UserID = $username AND UPassword = $encPass AND Activated = yes;"
				);
//=====================================//
// Outputs all the selected fields in the table "tblUsers",
// processes each record until we reach the end of the recordset
			while (!$rsMain->EOF)
				{	// gets each of the fields
		    		$username = $rsMain->Fields("UserID")->value;
					$spassword = $rsMain->Fields("UPassword")->value;
					$_SESSION['username'] = $username;
					$_SESSION['password'] = $spassword;
					echo "sessions bit done";

					// prints each of the fields
					echo "pwd=[$spassword]<br />\n";
					echo "$username";
					// moves to the next record OR runs out of records (hits end of recordset)
					$rsMain->MoveNext();
				}
			//=====================================//
			// closes the recordset, frees up resources, kills all traces
			$rsMain->Close();
			$rsMain->Release();
			$rsMain = null;
		}
janey
Forum Newbie
Posts: 13
Joined: Sat Nov 26, 2005 6:48 am
Location: stoke

Post by janey »

just thought id let you know that ive solved this problem, needed brackets around the where clause's as i had more than one.

Thanks to everyone who helped :)
Post Reply