Back to the sign in problem

miseria · 09-12-2005, 02:33 PM

Encountered the MySQL problem again. My whole login form is screwed and I cannot cope with it anymore. Help is apreciated very much.

PHP Code:

  <?php 

session_start();

 
 
include("config.php"); 

 
$passwordbeforemd5=$_POST['password'];

 
$username=$_POST['username'];

$password=md5('$passwordbeforemd5');

 
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'" or die(mysql_error());

$id = mysql_result($query,0,"id");

$account = mysql_result($query,0,"account");

 
 
//$username=!isset($_SESSION['username'];

//$password=!isset($_SESSION['password'];

 
// Registering the variables uname and pwd

session_register("username","password","id", "account");

 
//Check user exists in database

$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");

 
//Using mysql_num_rows we count the number of rows matching username and password which should be 1 if true and 0 if false

$login_check = mysql_num_rows($sql);

 
if ($login_check == "1") {

$_SESSION['logged_in'] = true;

include ("membersarea.php");

}

else {

include("head.php");

session_unset();

echo "<h1>Error</h1><p>Your attempt at logging in failed. If you feel as if there is

a problem, email the administrator at admin@darkfx.co.uk or use the contact form</p>";

include("foot.php");

}

 
 
 
?>

That's my whole sign in verification script. Obviously a form gets posted to this script with two text fields 'username' and 'password'. I cannot login. Or when I can, it lets me log in with any password. It's very screwed up but this is my last resort. If you guys cannot help me, I'm packing the whole thing in....Thanks

moondog · 09-12-2005, 02:52 PM

What is the mySQL error that is being displayed?

-Bob

miseria · 09-12-2005, 03:03 PM

Well, it displays :

PHP Code:

  Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /usr/local/psa/home/vhosts/darkfx.co.uk/httpdocs/studios/xsignin.php on line 13

 
Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /usr/local/psa/home/vhosts/darkfx.co.uk/httpdocs/studios/xsignin.php on line 14

But I can also log in with any password as long as the username is within the database. Sorry for being grumpy - very bad day

**Eric** · 09-12-2005, 03:17 PM

Kinda in a rush but I think this will work..

PHP Code:

  <?php

session_start();

 
 
include("config.php");

 
$passwordbeforemd5 = $_POST['password'];

 
$username = $_POST['username'];

$password = md5('$passwordbeforemd5');

 
$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1") or die(mysql_error());

$id = mysql_query($query, 0, "id");

$account = mysql_query($query, 0, "account");

 
 
//$username=!isset($_SESSION['username'];

//$password=!isset($_SESSION['password'];

 
// Registering the variables uname and pwd

session_register("username", "password", "id", "account");

 
//Check user exists in database

$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1");

 
//Using mysql_num_rows we count the number of rows matching username and password which should be 1 if true and 0 if false

$login_check = mysql_num_rows($sql);

 
if ($login_check == "1") {

$_SESSION['logged_in'] = true;

include ("membersarea.php");

}

else {

include("head.php");

session_unset();

echo "<h1>Error</h1><p>Your attempt at logging in failed. If you feel as if there is

a problem, email the administrator at admin@darkfx.co.uk or use the contact form</p>";

include("foot.php");

}

 
?>

miseria · 09-12-2005, 03:22 PM

Thanks for the help but no change

moondog · 09-12-2005, 05:04 PM

Again, I think you forgot the mysql_query when you defined $query. Try changing this:

PHP Code:

  $query = "SELECT * FROM users WHERE username='$username' AND password='$password'" or die(mysql_error());

$id = mysql_result($query,0,"id");

$account = mysql_result($query,0,"account");

To this:

PHP Code:

  $query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'") or die(mysql_error());

$id = mysql_result($query,0,"id");

$account = mysql_result($query,0,"account");

-Bob

miseria · 09-13-2005, 08:02 AM

I did try that but I must've changed it back. This prevents the PHP error but I am still able to log in with any password

moondog · 09-13-2005, 12:23 PM

Hmmm, tough but interesting one. Would you like me to have a look at it for you? I am good with troubleshooting. All I'd need is ftp access.

-Bob

miseria · 09-13-2005, 01:24 PM

That would be brilliant. I'm just trying to fixup an FTP account which is proving difficult

moondog · 09-15-2005, 09:10 AM

After playing around with it, the problem lies here (I should have seen this in the beginning):

PHP Code:

  $password=md5('$passwordbeforemd5');

the md5 function takes a string as a parameter. You have passed it a parameter, but you have enclosed it in single quotes. When you enclose a variable in single quotes, the variable is NOT interpolated. All you have to do is change the single quotes to double quotes and it works (which I did in your script).

So in essence what was happening is that the md5() function was performing its duty on the string '$passwordbeforemd5' ALL THE TIME, and NOT what the user had entered in the password form field. This led to the SAME $password variable EVERY time.

You will need to reset the password for the specified user to whatever you want it to be, then all should work.

PM / reply if you have additional questions.

-Bob

miseria · 09-16-2005, 06:11 AM

woAh. I cannot thank you enough!

Reputation boosted! NP $'s Donated (bit tight though, sorry)!

moondog · 09-16-2005, 11:16 AM

Quote:

Originally Posted by miseria

woAh. I cannot thank you enough!

Reputation boosted! NP $'s Donated (bit tight though, sorry)!

Welcome and no worries on the NP$. Glad I could help.

Happy coding.

-Bob

09-12-2005, 02:33 PM	#1 (permalink)
miseria SQLdumpster.com Join Date: Jun 2005 Location: West Sussex, UK Posts: 545 205.50 NP$ (Donate)	Back to the sign in problem Encountered the MySQL problem again. My whole login form is screwed and I cannot cope with it anymore. Help is apreciated very much. PHP Code: <?php session_start(); include("config.php"); $passwordbeforemd5=$_POST['password']; $username=$_POST['username']; $password=md5('$passwordbeforemd5'); $query = "SELECT * FROM users WHERE username='$username' AND password='$password'" or die(mysql_error()); $id = mysql_result($query,0,"id"); $account = mysql_result($query,0,"account"); //$username=!isset($_SESSION['username']; //$password=!isset($_SESSION['password']; // Registering the variables uname and pwd session_register("username","password","id", "account"); //Check user exists in database $sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); //Using mysql_num_rows we count the number of rows matching username and password which should be 1 if true and 0 if false $login_check = mysql_num_rows($sql); if ($login_check == "1") { $_SESSION['logged_in'] = true; include ("membersarea.php"); } else { include("head.php"); session_unset(); echo "<h1>Error</h1><p>Your attempt at logging in failed. If you feel as if there is a problem, email the administrator at admin@darkfx.co.uk or use the contact form</p>"; include("foot.php"); } ?> That's my whole sign in verification script. Obviously a form gets posted to this script with two text fields 'username' and 'password'. I cannot login. Or when I can, it lets me log in with any password. It's very screwed up but this is my last resort. If you guys cannot help me, I'm packing the whole thing in....Thanks

09-12-2005, 02:52 PM	#2 (permalink)
moondog NamePros Regular Join Date: Jun 2004 Posts: 476 3,677.00 NP$ (Donate)	What is the mySQL error that is being displayed? -Bob __________________ The mass purge has begun.

09-12-2005, 03:03 PM	#3 (permalink)
miseria SQLdumpster.com Join Date: Jun 2005 Location: West Sussex, UK Posts: 545 205.50 NP$ (Donate)	Well, it displays : PHP Code: `Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /usr/local/psa/home/vhosts/darkfx.co.uk/httpdocs/studios/xsignin.php on line 13 Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /usr/local/psa/home/vhosts/darkfx.co.uk/httpdocs/studios/xsignin.php on line 14` But I can also log in with any password as long as the username is within the database. Sorry for being grumpy - very bad day

09-12-2005, 03:17 PM	#4 (permalink)
Eric NPQ's PA, Slave, and On Call Coder Technical Services Join Date: Mar 2005 Posts: 4,545 0.71 NP$ (Donate)	Kinda in a rush but I think this will work.. PHP Code: <?php session_start(); include("config.php"); $passwordbeforemd5 = $_POST['password']; $username = $_POST['username']; $password = md5('$passwordbeforemd5'); $query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1") or die(mysql_error()); $id = mysql_query($query, 0, "id"); $account = mysql_query($query, 0, "account"); //$username=!isset($_SESSION['username']; //$password=!isset($_SESSION['password']; // Registering the variables uname and pwd session_register("username", "password", "id", "account"); //Check user exists in database $sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1"); //Using mysql_num_rows we count the number of rows matching username and password which should be 1 if true and 0 if false $login_check = mysql_num_rows($sql); if ($login_check == "1") { $_SESSION['logged_in'] = true; include ("membersarea.php"); } else { include("head.php"); session_unset(); echo "<h1>Error</h1><p>Your attempt at logging in failed. If you feel as if there is a problem, email the administrator at admin@darkfx.co.uk or use the contact form</p>"; include("foot.php"); } ?> __________________ Last edited by SecondVersion; 09-12-2005 at 03:22 PM.

09-12-2005, 05:04 PM	#6 (permalink)
moondog NamePros Regular Join Date: Jun 2004 Posts: 476 3,677.00 NP$ (Donate)	Again, I think you forgot the mysql_query when you defined $query. Try changing this: PHP Code: `$query = "SELECT * FROM users WHERE username='$username' AND password='$password'" or die(mysql_error()); $id = mysql_result($query,0,"id"); $account = mysql_result($query,0,"account");` To this: PHP Code: `$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'") or die(mysql_error()); $id = mysql_result($query,0,"id"); $account = mysql_result($query,0,"account");` -Bob __________________ The mass purge has begun.

09-12-2005, 03:22 PM	#5 (permalink)
miseria SQLdumpster.com Join Date: Jun 2005 Location: West Sussex, UK Posts: 545 205.50 NP$ (Donate)	Thanks for the help but no change

09-13-2005, 08:02 AM	#7 (permalink)
miseria SQLdumpster.com Join Date: Jun 2005 Location: West Sussex, UK Posts: 545 205.50 NP$ (Donate)	I did try that but I must've changed it back. This prevents the PHP error but I am still able to log in with any password

09-13-2005, 12:23 PM	#8 (permalink)
moondog NamePros Regular Join Date: Jun 2004 Posts: 476 3,677.00 NP$ (Donate)	Hmmm, tough but interesting one. Would you like me to have a look at it for you? I am good with troubleshooting. All I'd need is ftp access. -Bob __________________ The mass purge has begun.

09-13-2005, 01:24 PM	#9 (permalink)
miseria SQLdumpster.com Join Date: Jun 2005 Location: West Sussex, UK Posts: 545 205.50 NP$ (Donate)	That would be brilliant. I'm just trying to fixup an FTP account which is proving difficult __________________ !!!!!!! see something you like? Accepting offers for great affiliate websites !!!!!!! Free Databases for your Website \| All Things Playstation 3 Website Design Books \| Music While You Work? \| Computer Gadgets

09-15-2005, 09:10 AM	#10 (permalink)
moondog NamePros Regular Join Date: Jun 2004 Posts: 476 3,677.00 NP$ (Donate)	After playing around with it, the problem lies here (I should have seen this in the beginning): PHP Code: `$password=md5('$passwordbeforemd5');` the md5 function takes a string as a parameter. You have passed it a parameter, but you have enclosed it in single quotes. When you enclose a variable in single quotes, the variable is NOT interpolated. All you have to do is change the single quotes to double quotes and it works (which I did in your script). So in essence what was happening is that the md5() function was performing its duty on the string '$passwordbeforemd5' ALL THE TIME, and NOT what the user had entered in the password form field. This led to the SAME $password variable EVERY time. You will need to reset the password for the specified user to whatever you want it to be, then all should work. PM / reply if you have additional questions. -Bob __________________ The mass purge has begun. Last edited by moondog; 09-15-2005 at 09:16 AM.

09-16-2005, 06:11 AM	#11 (permalink)
miseria SQLdumpster.com Join Date: Jun 2005 Location: West Sussex, UK Posts: 545 205.50 NP$ (Donate)	woAh. I cannot thank you enough! Reputation boosted! NP $'s Donated (bit tight though, sorry)! __________________ !!!!!!! see something you like? Accepting offers for great affiliate websites !!!!!!! Free Databases for your Website \| All Things Playstation 3 Website Design Books \| Music While You Work? \| Computer Gadgets

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Back Button problem after log out HELP!	3rulzs	Programming	2	05-17-2004 06:55 AM
Howto: Protect your site from BACK BUTTON TRAPS	Mp)Tarh	Webmaster Tutorials	0	08-10-2003 12:13 PM

Technical Services