Back to the sign in problem

Encenta.com · 09-12-2005, 03:33 PM

Encountered the MySQL problem again. My whole login form is screwed and I cannot cope with it anymore. Help is apreciated very much.

PHP Code:

  <?php 

session_start();

 
 
include("config.php"); 

????: NamePros.com http://www.namepros.com/programming/123167-back-to-the-sign-in-problem.html
 
$passwordbeforemd5=$_POST['password'];

????: NamePros.com http://www.namepros.com/showthread.php?t=123167
 
$username=$_POST['username'];

$password=md5('$passwordbeforemd5');

 
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'" or die(mysql_error());

$id = mysql_result($query,0,"id");

$account = mysql_result($query,0,"account");

 
 
//$username=!isset($_SESSION['username'];

//$password=!isset($_SESSION['password'];

 
// Registering the variables uname and pwd

session_register("username","password","id", "account");

 
//Check user exists in database

$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");

 
//Using mysql_num_rows we count the number of rows matching username and password which should be 1 if true and 0 if false

$login_check = mysql_num_rows($sql);

 
if ($login_check == "1") {

$_SESSION['logged_in'] = true;

include ("membersarea.php");

}

else {

include("head.php");

session_unset();

echo "<h1>Error</h1><p>Your attempt at logging in failed. If you feel as if there is

a problem, email the administrator at admin@darkfx.co.uk or use the contact form</p>";

include("foot.php");

}

 
 
 
?>

That's my whole sign in verification script. Obviously a form gets posted to this script with two text fields 'username' and 'password'. I cannot login. Or when I can, it lets me log in with any password. It's very screwed up but this is my last resort. If you guys cannot help me, I'm packing the whole thing in....Thanks

moondog · 09-12-2005, 03:52 PM

What is the mySQL error that is being displayed?

-Bob

Encenta.com · 09-12-2005, 04:03 PM

Well, it displays :

PHP Code:

  Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /usr/local/psa/home/vhosts/darkfx.co.uk/httpdocs/studios/xsignin.php on line 13

????: NamePros.com http://www.namepros.com/showthread.php?t=123167
 
Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /usr/local/psa/home/vhosts/darkfx.co.uk/httpdocs/studios/xsignin.php on line 14

But I can also log in with any password as long as the username is within the database. Sorry for being grumpy - very bad day

Eric · 09-12-2005, 04:17 PM

Kinda in a rush but I think this will work..

PHP Code:

  <?php

session_start();

 
 
include("config.php");

 
$passwordbeforemd5 = $_POST['password'];

 
$username = $_POST['username'];

$password = md5('$passwordbeforemd5');

 
$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1") or die(mysql_error());

$id = mysql_query($query, 0, "id");

$account = mysql_query($query, 0, "account");

 
 
//$username=!isset($_SESSION['username'];

//$password=!isset($_SESSION['password'];

 
// Registering the variables uname and pwd

session_register("username", "password", "id", "account");

 
//Check user exists in database

$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1");

 
//Using mysql_num_rows we count the number of rows matching username and password which should be 1 if true and 0 if false

$login_check = mysql_num_rows($sql);

 
if ($login_check == "1") {

????: NamePros.com http://www.namepros.com/showthread.php?t=123167
$_SESSION['logged_in'] = true;

include ("membersarea.php");

}

else {

include("head.php");

session_unset();

echo "<h1>Error</h1><p>Your attempt at logging in failed. If you feel as if there is

a problem, email the administrator at admin@darkfx.co.uk or use the contact form</p>";

????: NamePros.com http://www.namepros.com/showthread.php?t=123167
include("foot.php");

}

 
?>

Encenta.com · 09-12-2005, 04:22 PM

Thanks for the help but no change

moondog · 09-12-2005, 06:04 PM

Again, I think you forgot the mysql_query when you defined $query. Try changing this:

PHP Code:

  $query = "SELECT * FROM users WHERE username='$username' AND password='$password'" or die(mysql_error());

$id = mysql_result($query,0,"id");

$account = mysql_result($query,0,"account");

To this:

PHP Code:

  $query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'") or die(mysql_error());

$id = mysql_result($query,0,"id");

????: NamePros.com http://www.namepros.com/showthread.php?t=123167
$account = mysql_result($query,0,"account");

-Bob

Encenta.com · 09-13-2005, 09:02 AM

I did try that but I must've changed it back. This prevents the PHP error but I am still able to log in with any password

moondog · 09-13-2005, 01:23 PM

Hmmm, tough but interesting one. Would you like me to have a look at it for you? I am good with troubleshooting. All I'd need is ftp access.

-Bob

Encenta.com · 09-13-2005, 02:24 PM

That would be brilliant. I'm just trying to fixup an FTP account which is proving difficult

moondog · 09-15-2005, 10:10 AM

After playing around with it, the problem lies here (I should have seen this in the beginning):

PHP Code:

  $password=md5('$passwordbeforemd5');

the md5 function takes a string as a parameter. You have passed it a parameter, but you have enclosed it in single quotes. When you enclose a variable in single quotes, the variable is NOT interpolated. All you have to do is change the single quotes to double quotes and it works (which I did in your script).

So in essence what was happening is that the md5() function was performing its duty on the string '$passwordbeforemd5' ALL THE TIME, and NOT what the user had entered in the password form field. This led to the SAME $password variable EVERY time.
????: NamePros.com http://www.namepros.com/showthread.php?t=123167

You will need to reset the password for the specified user to whatever you want it to be, then all should work.

PM / reply if you have additional questions.

-Bob

Encenta.com · 09-16-2005, 07:11 AM

woAh. I cannot thank you enough!

Reputation boosted! NP $'s Donated (bit tight though, sorry)!

moondog · 09-16-2005, 12:16 PM

Originally Posted by miseria

woAh. I cannot thank you enough!

Reputation boosted! NP $'s Donated (bit tight though, sorry)!

Welcome and no worries on the NP$. Glad I could help.
????: NamePros.com http://www.namepros.com/showthread.php?t=123167

Happy coding.

-Bob

09-12-2005, 03:33 PM	THREAD STARTER #1 (permalink)
Encenta.com SQLdumpster.com Join Date: Jun 2005 Location: West Sussex, UK Posts: 573 Follow @MiseriaSK	Back to the sign in problem Encountered the MySQL problem again. My whole login form is screwed and I cannot cope with it anymore. Help is apreciated very much. PHP Code: <?php session_start(); include("config.php"); ????: NamePros.com http://www.namepros.com/programming/123167-back-to-the-sign-in-problem.html $passwordbeforemd5=$_POST['password']; ????: NamePros.com http://www.namepros.com/showthread.php?t=123167 $username=$_POST['username']; $password=md5('$passwordbeforemd5'); $query = "SELECT * FROM users WHERE username='$username' AND password='$password'" or die(mysql_error()); $id = mysql_result($query,0,"id"); $account = mysql_result($query,0,"account"); //$username=!isset($_SESSION['username']; //$password=!isset($_SESSION['password']; // Registering the variables uname and pwd session_register("username","password","id", "account"); //Check user exists in database $sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); //Using mysql_num_rows we count the number of rows matching username and password which should be 1 if true and 0 if false $login_check = mysql_num_rows($sql); if ($login_check == "1") { $_SESSION['logged_in'] = true; include ("membersarea.php"); } else { include("head.php"); session_unset(); echo "<h1>Error</h1><p>Your attempt at logging in failed. If you feel as if there is a problem, email the administrator at admin@darkfx.co.uk or use the contact form</p>"; include("foot.php"); } ?> That's my whole sign in verification script. Obviously a form gets posted to this script with two text fields 'username' and 'password'. I cannot login. Or when I can, it lets me log in with any password. It's very screwed up but this is my last resort. If you guys cannot help me, I'm packing the whole thing in....Thanks

09-12-2005, 03:52 PM	#2 (permalink)
moondog NamePros Regular Join Date: Jun 2004 Posts: 587	What is the mySQL error that is being displayed? -Bob __________________ Can't wait to be out of this forsaken business. Getting close! :)

09-12-2005, 04:03 PM	THREAD STARTER #3 (permalink)
Encenta.com SQLdumpster.com Join Date: Jun 2005 Location: West Sussex, UK Posts: 573 Follow @MiseriaSK	Well, it displays : PHP Code: `Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /usr/local/psa/home/vhosts/darkfx.co.uk/httpdocs/studios/xsignin.php on line 13 ????: NamePros.com http://www.namepros.com/showthread.php?t=123167 Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /usr/local/psa/home/vhosts/darkfx.co.uk/httpdocs/studios/xsignin.php on line 14` But I can also log in with any password as long as the username is within the database. Sorry for being grumpy - very bad day

09-12-2005, 04:17 PM	#4 (permalink)
Eric Senior Member Join Date: Mar 2005 Posts: 4,948	Kinda in a rush but I think this will work.. PHP Code: <?php session_start(); include("config.php"); $passwordbeforemd5 = $_POST['password']; $username = $_POST['username']; $password = md5('$passwordbeforemd5'); $query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1") or die(mysql_error()); $id = mysql_query($query, 0, "id"); $account = mysql_query($query, 0, "account"); //$username=!isset($_SESSION['username']; //$password=!isset($_SESSION['password']; // Registering the variables uname and pwd session_register("username", "password", "id", "account"); //Check user exists in database $sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1"); //Using mysql_num_rows we count the number of rows matching username and password which should be 1 if true and 0 if false $login_check = mysql_num_rows($sql); if ($login_check == "1") { ????: NamePros.com http://www.namepros.com/showthread.php?t=123167 $_SESSION['logged_in'] = true; include ("membersarea.php"); } else { include("head.php"); session_unset(); echo "<h1>Error</h1><p>Your attempt at logging in failed. If you feel as if there is a problem, email the administrator at admin@darkfx.co.uk or use the contact form</p>"; ????: NamePros.com http://www.namepros.com/showthread.php?t=123167 include("foot.php"); } ?> Last edited by SecondVersion; 09-12-2005 at 04:22 PM.

09-12-2005, 06:04 PM	#6 (permalink)
moondog NamePros Regular Join Date: Jun 2004 Posts: 587	Again, I think you forgot the mysql_query when you defined $query. Try changing this: PHP Code: `$query = "SELECT * FROM users WHERE username='$username' AND password='$password'" or die(mysql_error()); $id = mysql_result($query,0,"id"); $account = mysql_result($query,0,"account");` To this: PHP Code: `$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'") or die(mysql_error()); $id = mysql_result($query,0,"id"); ????: NamePros.com http://www.namepros.com/showthread.php?t=123167 $account = mysql_result($query,0,"account");` -Bob __________________ Can't wait to be out of this forsaken business. Getting close! :)

09-12-2005, 04:22 PM	THREAD STARTER #5 (permalink)
Encenta.com SQLdumpster.com Join Date: Jun 2005 Location: West Sussex, UK Posts: 573 Follow @MiseriaSK	Thanks for the help but no change

09-13-2005, 09:02 AM	THREAD STARTER #7 (permalink)
Encenta.com SQLdumpster.com Join Date: Jun 2005 Location: West Sussex, UK Posts: 573 Follow @MiseriaSK	I did try that but I must've changed it back. This prevents the PHP error but I am still able to log in with any password

09-13-2005, 01:23 PM	#8 (permalink)
moondog NamePros Regular Join Date: Jun 2004 Posts: 587	Hmmm, tough but interesting one. Would you like me to have a look at it for you? I am good with troubleshooting. All I'd need is ftp access. -Bob __________________ Can't wait to be out of this forsaken business. Getting close! :)

09-13-2005, 02:24 PM	THREAD STARTER #9 (permalink)
Encenta.com SQLdumpster.com Join Date: Jun 2005 Location: West Sussex, UK Posts: 573 Follow @MiseriaSK	That would be brilliant. I'm just trying to fixup an FTP account which is proving difficult __________________ Encenta - Amazon Associates CMS

09-15-2005, 10:10 AM	#10 (permalink)
moondog NamePros Regular Join Date: Jun 2004 Posts: 587	After playing around with it, the problem lies here (I should have seen this in the beginning): PHP Code: `$password=md5('$passwordbeforemd5');` the md5 function takes a string as a parameter. You have passed it a parameter, but you have enclosed it in single quotes. When you enclose a variable in single quotes, the variable is NOT interpolated. All you have to do is change the single quotes to double quotes and it works (which I did in your script). So in essence what was happening is that the md5() function was performing its duty on the string '$passwordbeforemd5' ALL THE TIME, and NOT what the user had entered in the password form field. This led to the SAME $password variable EVERY time. ????: NamePros.com http://www.namepros.com/showthread.php?t=123167 You will need to reset the password for the specified user to whatever you want it to be, then all should work. PM / reply if you have additional questions. -Bob __________________ Can't wait to be out of this forsaken business. Getting close! :) Last edited by moondog; 09-15-2005 at 10:16 AM.

09-16-2005, 07:11 AM	THREAD STARTER #11 (permalink)
Encenta.com SQLdumpster.com Join Date: Jun 2005 Location: West Sussex, UK Posts: 573 Follow @MiseriaSK	woAh. I cannot thank you enough! Reputation boosted! NP $'s Donated (bit tight though, sorry)! __________________ Encenta - Amazon Associates CMS

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Back Button problem after log out HELP!	3rulzs	Programming	2	05-17-2004 07:55 AM
Howto: Protect your site from BACK BUTTON TRAPS	Mp)Tarh	Webmaster Tutorials	0	08-10-2003 01:13 PM