Page 1 of 1
MS Acess DB + PHP
Posted: Sat Nov 26, 2005 6:53 am
by janey
Im creating a simple log in script in php...
I want to have the login.php page check the password entered in txtPassword on login.htm and check it against an MD5 encrypted password stored in the database.
Im having no luck though...
(btw im a newbie to php)
Code: Select all
if(isset($_POST['btnLogin']))
{
//Get usernames
$SQL= "SELECT UserID, UPassword FROM TBLUsers
WHERE UserID = $_POST[txtUsername]' AND ACTIVATED = True ";
//checks password
if (md5($_POST['txtPassword']) == ($SQL['UPassword'])) {
$_SESSION['username'] = $susername;
$_SESSION['password'] = $spassword;
echo "Someting you what here";
} else {
echo "Wrong username or password, please try again";
session_write_close();
exit();
}
can anyone help?
Re: MS Acess DB + PHP
Posted: Sat Nov 26, 2005 9:06 am
by RobertGonzalez
janey wrote:Im creating a simple log in script in php...
I want to have the login.php page check the password entered in txtPassword on login.htm and check it against an MD5 encrypted password stored in the database.
Im having no luck though...
(btw im a newbie to php)
Code: Select all
if(isset($_POST['btnLogin']))
{
//Get usernames
$SQL= "SELECT UserID, UPassword FROM TBLUsers
WHERE UserID = $_POST[txtUsername]' AND ACTIVATED = True ";
//checks password
if (md5($_POST['txtPassword']) == ($SQL['UPassword'])) {
$_SESSION['username'] = $susername;
$_SESSION['password'] = $spassword;
echo "Someting you what here";
} else {
echo "Wrong username or password, please try again";
session_write_close();
exit();
}
can anyone help?
What errors are you getting or what problems are you receiving? I notice in your code that there is a single quote in your where clause and that the array index "txtUsername" is not wrapped in quotes either. That might help. Maybe try something like this:
Code: Select all
if(isset($_POST['btnLogin']))
{
$username = $_POST['txtUsername'];
$userpassword = $_POST['txtPassword'];
//Get usernames
$SQL= "SELECT UserID, UPassword
FROM TBLUsers
WHERE UserID = $username
AND ACTIVATED = True ";
if ( !($result = $odbc_query($SQL)) )
{
die("Could not run query: " . odbc_error());
}
while ( $row = odbc_fetch_array($result) )
{
//checks password
if (md5($userpassword) == ($row['UPassword']))
{
$_SESSION['username'] = $username;
$_SESSION['password'] = $userpassword; //change this value to either the posted value or db value
echo "Someting you what here";
}
else
{
echo "Wrong username or password, please try again";
session_write_close();
exit();
}
}
}
This is cheap and easy. Not a lot of validation, which on login scripts you want to add in as much validation as possible. But I think this does it.
In PHP the query is a string until it is passed to the db_query function (where db is what db function set you are using [mysql, mssql, odbc]). Once the query has been passed through the query function you can read the query resul;t into an array using the db_fetch_row, db_fetch_array functions. Then loop through those.
You also might want to check the PHP manula for using Access as a database. I have done it before but there were some things that seemed different than the usual for me when I did.
Posted: Sat Nov 26, 2005 9:54 am
by foobar
Ewwww! MSAccess....
Get
MySQL. Now.
Posted: Sat Nov 26, 2005 11:42 am
by ody
You could just check the actual password in the database query, if it matches you will get one row returned.
just a few pennies.
Posted: Sat Nov 26, 2005 11:55 am
by janey
ive been playing with the code a bit... re worked it to this
Code: Select all
if(isset($_POST['btnLogin']))
{
$encPass = md5($spassword);
echo "$encPass <br>";
//Get usernames
$sSQL= "SELECT UPassword FROM tblUsers
WHERE UserID = $_POST[txtUsername] AND UPassword = $encPass AND ACTIVATED = yes ";
echo "$sSQL this is the sql <br>";
// searches the DB
$rsMain = $adoCon->Execute( $sSQL );
//=====================================//
// Outputs all the selected fields in the table "tblUsers",
// processes each record until we reach the end of the recordset
while (!$rsMain->EOF)
{ // gets each of the fields
$susername = $rsMain->Fields("UserID")->value;
$spassword = $rsMain->Fields("UPassword")->value;
$_SESSION['username'] = $susername;
$_SESSION['password'] = $spassword;
echo "Someting you what here";
// prints each of the fields
print "$susername, pwd=[$spassword]<br />\n";
// moves to the next record OR runs out of records (hits end of recordset)
$rsMain->MoveNext();
}
?>
im getting errors in IIS with this line...
$rsMain = $adoCon->Execute( $sSQL );
any ideas?
foobar - I can't use mysql uni states it must be access and php...
Im ok with Oracle and ASP but php is totally new to me

Posted: Sat Nov 26, 2005 1:17 pm
by RobertGonzalez
Clean up your SQL a little bit...
Code: Select all
$sSQL= "SELECT UPassword
FROM tblUsers
WHERE UserID = " . $_POST['txtUsername'] . "
AND UPassword = '$encPass'
AND ACTIVATED = 'yes' ";
See if that helps.
Posted: Sat Nov 26, 2005 1:46 pm
by janey
Everah wrote:Clean up your SQL a little bit...
Code: Select all
$sSQL= "SELECT UPassword
FROM tblUsers
WHERE UserID = " . $_POST['txtUsername'] . "
AND UPassword = '$encPass'
AND ACTIVATED = 'yes' ";
See if that helps.
cheers but im still getting the same error on that line - could it be a permissions thing or am i using something thats not compatable with access
Notice: Undefined variable: odbc_query in c:\Inetpub\wwwroot\Assignment\login1.php on line 60
Fatal error: Function name must be a string in c:\Inetpub\wwwroot\Assignment\login1.php on line 60
Posted: Sat Nov 26, 2005 1:49 pm
by foobar
janey wrote:
foobar - I can't use mysql uni states it must be access and php...
Im ok with Oracle and ASP but php is totally new to me

I feel sorry for you. At the same time I can empathise with you to a certain degree. My uni has some weird requirements as regards software too... like using that obnoxious Eclipse IDE

. And not allowing students to surf porn... err... I mean... um...

Posted: Sat Nov 26, 2005 2:13 pm
by janey
foobar wrote:janey wrote:
foobar - I can't use mysql uni states it must be access and php...
Im ok with Oracle and ASP but php is totally new to me

I feel sorry for you. At the same time I can empathise with you to a certain degree. My uni has some weird requirements as regards software too... like using that obnoxious Eclipse IDE

. And not allowing students to surf porn... err... I mean... um...

lol you can surf anything at our uni nothing is blocked including bittorent sites and you can install some software like bitorent engines.
It is slightly annoying that you cant use mysql as theres loads of information on mysql and php and hardly anything on php and access.
It does feel sometimes like the uni is forcing us to use microsoft products

Posted: Sat Nov 26, 2005 3:41 pm
by RobertGonzalez
Sorry for the bad advice Janey. The function you want is odbc_exec($connetion_link, $query) not odbc_query. Try switching the function call in your code and see what you get.
Posted: Sat Nov 26, 2005 4:57 pm
by janey
Everah wrote:Sorry for the bad advice Janey. The function you want is odbc_exec($connetion_link, $query) not odbc_query. Try switching the function call in your code and see what you get.
hi, sorry i altered the code, tried to get around that bit by using a recordset, but it doesnt like the recordset either
Posted: Sat Nov 26, 2005 6:27 pm
by sheila
Is the UserID a char field? Does it need quotes like UPassword?
Code: Select all
$sSQL= "SELECT UPassword
FROM tblUsers
WHERE UserID = '" . $_POST['txtUsername'] . " '
AND UPassword = '$encPass'
AND ACTIVATED = 'yes' ";
Posted: Tue Nov 29, 2005 4:44 am
by janey
cheers for your help but still having trouble...
tried doing it this way...
Code: Select all
<?php
// allows session info to be used on this page
session_start();
?>
<html>
<link href="css.css" rel="stylesheet" type="text/css">
<head>
<title>Login</title>
</head>
<body>
<div id="wrapper">
<div id="banner"></div>
<div id="nav">
<ul>
<li><a href="register.php" onClick="return (false);">Register</a></li>
<li><a href="login.php" onClick="return (false);">Log in</a></li>
</ul>
<?php
//=====================================//
// gets data from form, may be an empty string
$username = $_POST['txtUsername'];
$spassword = $_POST['txtPassword'];
echo "$username <br>";
echo "$spassword <br>";
// if all strings are empty, goes back to the search page
if( strlen($username) + strlen($spassword) == 0 )
{
header("Location: login.htm");
echo('Please enter a username and password');
}
// creates a new Common-Object-Model (COM) connection object
$adoCon = new COM("ADODB.Connection");
//=====================================//
// opens the connection using a standard Access connection string
try
{
$adoCon->Open("Provider=Microsoft.Jet.OLEDB.4.0; Data Source=C:/Inetpub/wwwroot/Assignment/PRU.mdb");
}
catch(Exception $e)
{
die('Sorry - There was a problem with opening the database.<br />');
}
echo "hi jane database is open <br>";
//if submit was pressed, run SQL query to get user info
if(isset($_POST['btnLogin']))
{
$encPass = md5($spassword);
echo "$encPass <br>";
try
{
$rsMain=$adoCon->Execute
(
"SELECT UserID, UPassword, Activated
FROM TblUsers
WHERE UserID = $username AND UPassword = $encPass AND Activated = yes;"
);
//=====================================//
// Outputs all the selected fields in the table "tblUsers",
// processes each record until we reach the end of the recordset
while (!$rsMain->EOF)
{ // gets each of the fields
$username = $rsMain->Fields("UserID")->value;
$spassword = $rsMain->Fields("UPassword")->value;
$_SESSION['username'] = $username;
$_SESSION['password'] = $spassword;
echo "sessions bit done";
// prints each of the fields
echo "pwd=[$spassword]<br />\n";
echo "$username";
// moves to the next record OR runs out of records (hits end of recordset)
$rsMain->MoveNext();
}
//=====================================//
// closes the recordset, frees up resources, kills all traces
$rsMain->Close();
$rsMain->Release();
$rsMain = null;
}
catch(Exception $e)
{
echo "Sorry - Account does not exist <br />";
}
// searches the DB
//$rsMain = $adoCon->Execute("SELECT UserID, UPassword, Activated FROM tblUsers WHERE UserID = '$susername' AND UPassword = $encPass AND Activated = yes");
}
session_write_close();
session_write_close();
exit();
// closes the connection, frees up resources, kills all traces
$adoCon->Close();
$adoCon = null;
?>
<p>login page</p>
<div id="footer">
<p>Jane</p>
</div></div></div>
</body>
</html>
but im just getting the sorry account doesnt exist message when i know it does... so i know i have a problem with this bit...
Code: Select all
try
{
$rsMain=$adoCon->Execute
(
"SELECT UserID, UPassword, Activated
FROM TblUsers
WHERE UserID = $username AND UPassword = $encPass AND Activated = yes;"
);
//=====================================//
// Outputs all the selected fields in the table "tblUsers",
// processes each record until we reach the end of the recordset
while (!$rsMain->EOF)
{ // gets each of the fields
$username = $rsMain->Fields("UserID")->value;
$spassword = $rsMain->Fields("UPassword")->value;
$_SESSION['username'] = $username;
$_SESSION['password'] = $spassword;
echo "sessions bit done";
// prints each of the fields
echo "pwd=[$spassword]<br />\n";
echo "$username";
// moves to the next record OR runs out of records (hits end of recordset)
$rsMain->MoveNext();
}
//=====================================//
// closes the recordset, frees up resources, kills all traces
$rsMain->Close();
$rsMain->Release();
$rsMain = null;
}
Posted: Sat Dec 03, 2005 7:49 am
by janey
just thought id let you know that ive solved this problem, needed brackets around the where clause's as i had more than one.
Thanks to everyone who helped
