SitePoint Sponsor

User Tag List

Results 1 to 17 of 17
  1. #1
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Cool Login Application baffle

    I am running a login in a test environment to push live, based a lesson plan, Ch. 24 from "PHP and MySQL Web Development" (2003). The tutorial works fine, but when I change the database from the lesson db to my live db. It doesnít work?? Although both databases have the same variables?!?! I am so stuck on this right now...

    Working DB: 'test_database'
    Tables:
    user (username, passwd, email)
    bookmark(username, bm_URL)

    Problem DB: 'onestop_bookmarks' (To make this book tutorial practical I duplicated the original db, + added a few more specifics)
    Tables:
    user (username, passwd, email, first, last, address, city, zip, phone, state)
    bookmark(username, bm_URL, bm_IMG, description, category, status, id)

    This is my first time using 'include' php application files and functions to make it all work together. Ive tried numerous times to get these to work together while my hair falls apart, lol.

    Here are the included functions that I appear to be using:
    PHP Code:
    function login($username$password)
    // check username and password with db
    // if yes, return true
    // else return false
    {
      
    // connect to db
      
    $conn db_connect();
      if (!
    $conn)
        return 
    false;

      
    // check if username is unique
      
    $result mysql_query("select * from user 
                             where username='
    $username'
                             and passwd = password('
    $password')");
      if (!
    $result)
         return 
    false;
      
      if (
    mysql_num_rows($result)>0)
         return 
    true;
      else 
         return 
    false;
    }

    function 
    check_valid_user()
    // see if somebody is logged in and notify them if not
    {
      global 
    $HTTP_SESSION_VARS;
      if (isset(
    $HTTP_SESSION_VARS['valid_user']))
      {
         
    //they are logged in
      
    }
      else
      {
         
    // they are not logged in  
         
    exit;
      }  

    I used the following form variables for the html login:
    method=post action="member.php"

    Here is member.php referred to from the login form
    PHP Code:
    //create short variable names
    $username $HTTP_POST_VARS['username'];
    $passwd $HTTP_POST_VARS['passwd'];

    if (
    $username && $passwd)
    // they have just tried logging in
    {
        if (
    login($username$passwd))
        {
          
    // if they are in the database register the user id
          
    $HTTP_SESSION_VARS['valid_user'] = $username;
        }  
        else
        {
          
    // unsuccessful login
    print("
    You are not logged in.
    //the html code for the unsuccessful login page has been omitted for this post
    "
    );
        }      
    }

    check_valid_user();
    // get the bookmarks this user has saved
    //if ($url_array = get_user_urls($HTTP_SESSION_VARS['valid_user']));
    //  do_html_header('My Shop - One Stop Auction Shop');
    print("
    You are logged in.
    //the html code for the welcome page has been omitted for this post
    "
    ); 
    What I donít understand is when I change the database from 'test_database' to 'onestop_database' it doesnít work, even though it is accessing the same table fields (username, passwd) AND I am sure that i cam connecting to the correct database, Ive spent countless hours on this project over the past few weeks. I learned a lot from studying the code, but I cant pinpoint the problem. Even though I have a working example to go with... I compared the differences and went through every line and Ive followed the application from the login form to the last line of member.php code.

    With the current setup why is one db working and the other not?? Any advice or help would be help indeed.

    ----------------------
    Kevin McCormick

  2. #2
    SitePoint Enthusiast
    Join Date
    Nov 2004
    Location
    tn
    Posts
    60
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I realize this is probably a dumb question, because I'm just plain new.. but have you ensured everything within your db_connect.php is correct?

  3. #3
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yes
    "AND I am sure that i cam connecting to the correct database"

  4. #4
    SitePoint Wizard mark_W's Avatar
    Join Date
    Mar 2004
    Location
    West Midlands, United Kingdom
    Posts
    2,631
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Does your onestop_database containt any data yet?

  5. #5
    web daemon jorasmi's Avatar
    Join Date
    Nov 2001
    Location
    Philippines
    Posts
    296
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    what is the error message?

  6. #6
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes the new database contains data.

    When logging in, it shows the error message that I am not logged in.

    When I change the db back to the working/test db it works fine for the login I set up. But when accessing the real db I want it returns "You are not logged in" as the script says.

  7. #7
    web daemon jorasmi's Avatar
    Join Date
    Nov 2001
    Location
    Philippines
    Posts
    296
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    how sure are you that are you connected to the database? you've ommited the db_connect() function definition.

    i have encounter that problem. i didn't know exactly the problem but this is how i do it. i use session variable like $_SESSION['variable_name'] instead of $HTTP_SESSION_VARS['valid_user'] and $_POST['variable_name'] instead of $HTTP_POST_VARS['variable_name'];

    one more thing, before using it you use session you should call session_start() function.

  8. #8
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok so i replaced all of the $http_ with $_post and $_session accordingly listed below:

    PHP Code:
    $username $_POST['username'];
    $passwd $_POST['passwd'];

    if (
    $username && $passwd)
    // they have just tried logging in
    {
        if (
    login($username$passwd))
        {
          
    // if they are in the database register the user id
          
    $_SESSION['valid_user'] = $username;

    //ALSO I CHANGED:

    function check_valid_user()
    // see if somebody is logged in and notify them if not
    {
      global 
    $_SESSION
      if (isset(
    $_SESSION['valid_user']))
      { 

    here is my db connect:
    PHP Code:
    function db_connect()
    {
       
    $result mysql_pconnect('localhost''xXxXxX''xXxXxX'); 
       if (!
    $result)
          return 
    false;
       if (!
    mysql_select_db('onestop_bookmarks'))     
          return 
    false;

       return 
    $result;

    Thanks for all the help so far. Im considering taking up stamp collecting. Where would I throw in the session_start() function, i tested it in a few spots and I got an error saying that a session was already called. I fig its already in the script somewhere.

    I didnt want to do this but here is all of the functions although i am only taking advantage of the login:

    USER_AUTH_FNS
    PHP Code:
    require_once('db_fns.php');

    function 
    register($username$email$password)
    // register new person with db
    // return true or error message
    {
     
    // connect to db
      
    $conn db_connect();
      if (!
    $conn)
        return 
    'Could not connect to database server - please try later.';

      
    // check if username is unique 
      
    $result mysql_query("select * from user where username='$username'"); 
      if (!
    $result)
         return 
    'Could not execute query';
      if (
    mysql_num_rows($result)>0
         return 
    'That username is taken - go back and choose another one.';

      
    // if ok, put in db
      
    $result mysql_query("insert into user values 
                             ('
    $username', password('$password'), '$email')");
      if (!
    $result)
        return 
    'Could not register you  in database - please try again later.';

      return 
    true;
    }
     
    function 
    login($username$password)
    // check username and password with db
    // if yes, return true
    // else return false
    {
      
    // connect to db
      
    $conn db_connect();
      if (!
    $conn)
        return 
    false;

      
    // check if username is unique
      
    $result mysql_query("select * from user 
                             where username='
    $username'
                             and passwd = password('
    $password')");
      if (!
    $result)
         return 
    false;
      
      if (
    mysql_num_rows($result)>0)
         return 
    true;
      else 
         return 
    false;
    }

    function 
    check_valid_user()
    // see if somebody is logged in and notify them if not
    {
      global 
    $_SESSION
      if (isset(
    $_SESSION['valid_user']))
      {
          
    //logged in
      
    }
      else
      {
         
    // they are not logged in 
        
         
         
         
         
    exit;
      }  
    }

    function 
    change_password($username$old_password$new_password)
    // change password for username/old_password to new_password
    // return true or false
    {
      
    // if the old password is right 
      // change their password to new_password and return true
      // else return false
      
    if (login($username$old_password))
      {
        if (!(
    $conn db_connect()))
          return 
    false;
        
    $result mysql_query"update user
                                set passwd = password('
    $new_password')
                                where username = '
    $username'");
        if (!
    $result)
          return 
    false;  // not changed
        
    else
          return 
    true;  // changed successfully
      
    }
      else
        return 
    false// old password was wrong
    }

    function 
    get_random_word($min_length$max_length)
    // grab a random word from dictionary between the two lengths
    // and return it
    {
       
    // generate a random word
      
    $word '';
      
    //remember to change this path to suit your system
      
    $dictionary '/usr/dict/words';  // the ispell dictionary
      
    $fp fopen($dictionary'r');
      if(!
    $fp)
        return 
    false
      
    $size filesize($dictionary);

      
    // go to a random location in dictionary
      
    srand ((double) microtime() * 1000000);
      
    $rand_location rand(0$size);
      
    fseek($fp$rand_location);

      
    // get the next whole word of the right length in the file
      
    while (strlen($word)< $min_length || strlen($word)>$max_length || strstr($word"'"))
      {  
         if (
    feof($fp))   
            
    fseek($fp0);        // if at end, go to start
         
    $word fgets($fp80);  // skip first word as it could be partial
         
    $word fgets($fp80);  // the potential password
      
    };
      
    $word=trim($word); // trim the trailing \n from fgets
      
    return $word;  
    }

    function 
    reset_password($username)
    // set password for username to a random value
    // return the new password or false on failure

      
    // get a random dictionary word b/w 6 and 13 chars in length
      
    $new_password get_random_word(613);
      
      if(
    $new_password==false)
        return 
    false;
      
    // add a number  between 0 and 999 to it
      // to make it a slightly better password
      
    srand ((double) microtime() * 1000000);
      
    $rand_number rand(0999); 
      
    $new_password .= $rand_number;
     
      
    // set user's password to this in database or return false
      
    if (!($conn db_connect()))
          return 
    false;
      
    $result mysql_query"update user
                              set passwd = password('
    $new_password')
                              where username = '
    $username'");
      if (!
    $result)
        return 
    false;  // not changed
      
    else
        return 
    $new_password;  // changed successfully  
    }

    function 
    notify_password($username$password)
    // notify the user that their password has been changed
    {
        if (!(
    $conn db_connect()))
          return 
    false;
        
    $result mysql_query("select email from user
                                where username='
    $username'");
        if (!
    $result)
        {
          return 
    false;  // not changed
        
    }
        else if (
    mysql_num_rows($result)==0)
        {
          return 
    false// username not in db
        
    }
        else
        {
          
    $email mysql_result($result0'email');
          
    $from "From: support@phpbookmark \r\n";
          
    $mesg "Your PHPBookmark password has been changed to $password \r\n"
                  
    ."Please change it next time you log in. \r\n";
          
          
          if (
    mail($email'PHPBookmark login information'$mesg$from))
            return 
    true;      
          else
            return 
    false;     
        }

    URL_FNS
    PHP Code:
    require_once('db_fns.php');

    function 
    get_user_urls($username)
    {
      
    //extract from the database all the URLs this user has stored
      
    if (!($conn db_connect()))
        return 
    false;
      
    $result mysql_query"select bm_URL
                              from bookmark
                              where username = '
    $username'");
      if (!
    $result)
        return 
    false

      
    //create an array of the URLs 
      
    $url_array = array();
      for (
    $count 1$row mysql_fetch_row ($result); ++$count
      {
        
    $url_array[$count] = addslashes($row[0]);
      }  
      return 
    $url_array;
    }
      
    function 
    add_bm($new_url)
    {
      
    // Add new bookmark to the database

      
    echo "Attempting to add ".htmlspecialchars($new_url).'<br />';
      global 
    $HTTP_SESSION_VARS;
      
    $valid_user $HTTP_SESSION_VARS['valid_user'];
      
      if (!(
    $conn db_connect()))
        return 
    false;

      
    // check not a repeat bookmark
      
    $result mysql_query("select * from bookmark
                             where username='
    $valid_user
                             and bm_URL='
    $new_url'");
      if (
    $result && (mysql_num_rows($result)>0))
        return 
    false;

      
    // insert the new bookmark
      
    if (!mysql_query"insert into bookmark values
                              ('
    $valid_user', '$new_url')"))
        return 
    false

      return 
    true;


    function 
    delete_bm($user$url)
    {
      
    // delete one URL from the database
      
    if (!($conn db_connect()))
        return 
    false;

       
    // delete the bookmark
      
    if (!mysql_query"delete from bookmark 
                           where username='
    $user' and bm_url='$url'"))
        return 
    false;
      return 
    true;  
    }

    function 
    recommend_urls($valid_user$popularity 1)
    {
      
    // We will provide semi intelligent recomendations to people
      // If they have an URL in common with other users, they may like
      // other URLs that these people like 
      
    if (!($conn db_connect()))
        return 
    false;

      
    // find other matching users
      // with an url the same as you
      
      
    if (!($result mysql_query("
                        select distinct(b2.username) 
                        from bookmark b1, bookmark b2
                        where b1.username='
    $valid_user'
                        and b1.username != b2.username
                        and b1.bm_URL = b2.bm_URL
                       "
    )))
         return 
    false;
      if (
    mysql_num_rows($result)==0)
        return 
    false;

      
    // create set of users with urls in common
      // for use in IN clause
      
    $row mysql_fetch_object($result);
      
    $sim_users "('".($row->username)."'";
      while (
    $row mysql_fetch_object($result))
      {
          
    $sim_users .= ", '".($row->username)."'";
      }
      
    $sim_users .= ')';

      
    // create list of user urls
      // to avoid replicating ones we already know about
      
    if (!($result mysql_query("
                        select bm_URL 
                        from bookmark
                        where username='
    $valid_user'")))
        return 
    false;

      
    // create set of user urls for use in IN clause
      
    $row mysql_fetch_object($result);
      
    $user_urls "('".($row->bm_URL)."'"
      while (
    $row mysql_fetch_object($result))
      {
          
    $user_urls .= ", '".($row->bm_URL)."'";
      }
      
    $user_urls .= ')'

      
    // as a simple way of excluding people's private pages, and 
      // increasing the chance of recommending appealing URLs, we
      // specify a minimum popularity level
      // if $popularity = 1, then more than one person must have 
      // an URL before we will recomend it
     
      // find out max number of possible URLs
      
    if (!($result mysql_query("
                        select bm_URL
                        from bookmark
                        where username in 
    $sim_users
                        and bm_URL not in 
    $user_urls
                        group by bm_URL 
                        having count(bm_URL)>
    $popularity
                      "
    )))
         return 
    false;
                                  
      if (!(
    $num_urls=mysql_num_rows($result)))
        return 
    false;

      
    $urls = array();
      
    // build an array of the relevant urls
      
    for ($count=0$row mysql_fetch_object($result); $count++)
      {
         
    $urls[$count] = $row->bm_URL
      }
                                  
      return 
    $urls


    BOOKMARK_FNS
    PHP Code:
      // We can include this file in all our files
      // this way, every file will contain all our functions
      
    require_once('data_valid_fns.php'); 
      require_once(
    'db_fns.php');
      require_once(
    'user_auth_fns.php');
      require_once(
    'output_fns.php');
      require_once(
    'url_fns.php'); 
    OUTPUT_FNS
    PHP Code:
    <?
    function display_login_form()
    {
    ?>
    <table width="225" border="0" cellpadding="0" cellspacing="0">
              <tr> 
                <td valign="top" bgcolor="#333333"><strong><font size="1" face="Verdana, Arial, Helvetica, sans-serif"><img src="http://onestopauctionshop.net/sm_blk_top.gif" width="225" height="8"><br>
                  </font></strong> <table width="204" height="25" border="0" align="center" cellpadding="8" cellspacing="0">
                    <tr> 
                      <td valign="top"><strong><font color="#CCCCCC" size="1" face="Verdana, Arial, Helvetica, sans-serif"> 
                        </font></strong> <form name="loginform" method=post action="member.php">
                          <table width="192" height="47" border="0" cellpadding="0" cellspacing="0">
                            <tr> 
                              <td><strong><font color="#CCCCCC" size="1" face="Verdana, Arial, Helvetica, sans-serif">MEMBER 
                                LOGIN:</font></strong><br> <table width="185" border="0" align="left" cellpadding="0" cellspacing="0">
                                  <tr> 
                                    <td width="106"><strong><font color="#FFFFFF" size="1" face="Verdana, Arial, Helvetica, sans-serif">user</font></strong></td>
                                    <td width="103"><strong><font color="#FFFFFF" size="1" face="Verdana, Arial, Helvetica, sans-serif">pass</font></strong></td>
                                  </tr>
                                  <tr align="left"> 
                                    <td><font color="#CCCC00" size="1" face="Verdana, Arial, Helvetica, sans-serif"> 
                                      <input type="text" name="username" value="" size="10">
                                      </font></td>
                                    <td><font color="#CCCC00" size="1" face="Verdana, Arial, Helvetica, sans-serif"> 
                                      <input name="passwd" type="password" value="" size="10">
                                      </font></td>
                                  </tr>
                                  <tr> 
                                    <td> <div align="center"><font color="#CCCC00"> 
                                        </font></div></td>
                                    <td><font color="#CCCC00"> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
                                      <input name="submit" type=submit value="Log in">
                                      </font></td>
                                  </tr>
                                </table></td>
                            </tr>
                          </table>
                        </form></td>
                    </tr>
                  </table></td>
              </tr>
              <tr> 
                <td><img src="http://onestopauctionshop.net/sm_blk_bottom.gif" width="225" height="8"></td>
              </tr>
            </table>



    <?php
    }
    function 
    do_html_header($title)
    {
      
    // print an HTML header
    ?>
     

    <?php
    }

    function 
    display_user_urls($url_array)
    {
      
    ?>
     
    <-- start member item table/query -->


    <?php
    }

    function 
    display_password_form()
    {
      
    // display html change password form
    ?>
       <br />
       <form action="change_passwd.php" method=post>
       <table width=250 cellpadding=2 cellspacing=0 bgcolor=#cccccc>
       <tr><td>Old password:</td>
           <td><input type=password name=old_passwd size=16 maxlength=16></td>
       </tr>
       <tr><td>New password:</td>
           <td><input type=password name=new_passwd size=16 maxlength=16></td>
       </tr>
       <tr><td>Repeat new password:</td>
           <td><input type=password name=new_passwd2 size=16 maxlength=16></td>
       </tr>
       <tr><td colspan=2 align=center><input type=submit value="Change password">
       </td></tr>
       </table>
       <br />
    <?php
    };

    function 
    display_forgot_form()
    {
      
    // display HTML form to reset and email password
    ?>
       <br />
       <form action="forgot_passwd.php" method=post>
       <table width=250 cellpadding=2 cellspacing=0 bgcolor=#cccccc>
       <tr><td>Enter your username</td>
           <td><input type=text name=username size=16 maxlength=16></td>
       </tr>
       <tr><td colspan=2 align=center><input type=submit value="Change password">
       </td></tr>
       </table>
       <br />
    <?php
    };

    ?>

  9. #9
    web daemon jorasmi's Avatar
    Join Date
    Nov 2001
    Location
    Philippines
    Posts
    296
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    lets do it step by step.

    1. you have an html page with a login form which is similar to the one below:
    ....
    <form name="loginform" method=post action="member.php">
    <input name="passwd" type="password" value="" size="10">
    <input name="submit" type=submit value="Log in">
    <input name="submit" type=submit value="Log in">
    </form>
    .....

    2. user click the submit button then a php script catches the post request.
    $username = $_POST['username'];
    $passwd = $_POST['passwd'];

    if ($username && $passwd){
    if (login($username, $passwd)){
    session_start();
    $_SESSION['valid_user'] = $username;
    echo "<h1>LOGIN ATLAST!</h1";
    }else{
    echo "<h1>FAILED</h1>";
    }
    }
    function db_connect()
    {
    //$result = mysql_pconnect('localhost', 'xXxXxX', 'xXxXxX');
    //lets just try this this one because mysql_pconnect() opens a persistent connection
    $result = mysql_connect('localhost', 'xXxXxX', 'xXxXxX');
    if (!$result)
    return false;
    if (!mysql_select_db('onestop_bookmarks'))
    return false;

    return $result;
    }
    function login($username, $password){

    $conn = db_connect();
    if (!$conn)
    return false;
    $result = mysql_query("select * from user
    where username='$username'
    and passwd = password('$password')");
    if (!$result)
    return false;

    if (mysql_num_rows($result)>0)
    return true;
    else
    return false;
    }
    3. pray it work... if it still doesnt work let me know

    i have a working sample at my website http://itworks.tk
    once your there click projects then online report submission.
    you can try it out using
    employee id: 101
    password: 101

    patience!

  10. #10
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    so close...

    Ok. I have your script running now, it works with the db 'test_database', but not with my 'onestop_bookarks' db?!? The same exact issue. I just compared the databases and I noticed that the working db has the passwords scrambled, and the other has their true values. I used different applications to input users for each database. I think this could be the problem!

    Here is the script that puts the password to the working database(scrambled password):
    PHP Code:
    $email=$HTTP_POST_VARS['email'];
      
    $username=$HTTP_POST_VARS['username'];
      
    $passwd=$HTTP_POST_VARS['passwd'];
      
    $passwd2=$HTTP_POST_VARS['passwd2'];
       
    // start session which may be needed later
       // start it now because it must go before headers
       
    session_start();

     
       
    // check forms filled in
       
    if (!filled_out($HTTP_POST_VARS))
       {
          
    do_html_header('Problem:');
          echo 
    'You have not filled the form out correctly - please go back'
              
    .' and try again.';
          
    do_html_footer();
          exit; 
       }    

       
    // email address not valid
       
    if (!valid_email($email))
       {
          
    do_html_header('Problem:');
          echo 
    'That is not a valid email address.  Please go back '
               
    .' and try again.';
          
    do_html_footer();
          exit;
       } 

       
    // passwords not the same 
       
    if ($passwd != $passwd2)
       {
          
    do_html_heading('Problem:');
          echo 
    'The passwords you entered do not match - please go back'
               
    .' and try again.';
          
    do_html_footer();
          exit;
       }

       
    // check password length is ok
       // ok if username truncates, but passwords will get
       // munged if they are too long.
       
    if (strlen($passwd)<|| strlen($passwd) >16)
       {
          
    do_html_header('Problem:');
          echo 
    'Your password must be between 6 and 16 characters.'
               
    .'Please go back and try again.';
          
    do_html_footer();
          exit;
       }
       
    // attempt to register
       
    $reg_result register($username$email$passwd);
       if (
    $reg_result === true)
       {
         
    // register session variable 
         
    $HTTP_SESSION_VARS['valid_user'] = $username;
         

         
    // provide link to members page
         
    do_html_header('Registration successful');
         echo 
    'Your registration was successful.  Go to the members page '
              
    .'to start setting up your bookmarks!';
         
    do_html_url('member.php''Go to members page');
       }
       else
       {
         
    // otherwise provide link back, tell them to try again
         
    do_html_header('Problem:');
         echo 
    $reg_result
         
    do_html_footer();
         exit;
       }

       
    // end page
       
    do_html_footer(); 
    Here is the script that registers a new user and writes the password into the database(as written/not scrambled). This database I want to have work!
    PHP Code:
     $db mysql_connect("localhost""onestop""magilla3220");

      
    mysql_select_db("onestop_bookmarks",$db);

    $username=$HTTP_POST_VARS['username'];
    $passwd=$HTTP_POST_VARS['passwd'];
    $email=$HTTP_POST_VARS['email'];
    $first=$HTTP_POST_VARS['first'];
    $last=$HTTP_POST_VARS['last'];
    $phone=$HTTP_POST_VARS['phone'];
    $address=$HTTP_POST_VARS['address'];
    $city=$HTTP_POST_VARS['city'];
    $state=$HTTP_POST_VARS['state'];
    $zip=$HTTP_POST_VARS['zip'];

      
    $sql "INSERT INTO user (username, passwd, email, first, last, phone, address, city, state, zip) VALUES ('$username','$passwd','$email','$first','$last','$phone','$address','$city','$state','$zip')";

      
    $result mysql_query($sql);

      echo 
    "New User Created.\n"
    Why is the second script writing differently to the password (scrambled vs. unscrambled)??

    so close...



    Everyone, thank you for your time-

    -Kevin
    ----------------------------------------------------------
    "All I want is food and creative love" -- Rusted Root

  11. #11
    web daemon jorasmi's Avatar
    Join Date
    Nov 2001
    Location
    Philippines
    Posts
    296
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    check the following:
    1. make sure that the field type are the same with your test database.
    2. try putting quotations on string.
    e.g.
    $sql = "INSERT INTO user (username, passwd, email, first, last, phone, address, city, state, zip) VALUES ('" . $username . "','" . $passwd . "','" . $email . "','" . $first . "','" . $last . "','" . $phone ."','" . $address . "','" . $city . "','" . $state . "','" . $zip . "')";

  12. #12
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    1. The one that works is varchar(16) the other is varchar(255).

    2. The string with quotes works, but still inputs into the db directly as written, not scrambled.

    A comment about the scrambled password- Is it scrambled because the varchar is set to 16? The major difference between the databases is that the passwords are scrambled... referred to in my previous post above. Why is one scrambled to 16 characters and the other written "as is"
    Code:
    Password example:
    
     "031b0d7a75f79094"  vs.  "password"
         ^                       ^
      this works            this dosent
    Somehow the one password is scrambled!

  13. #13
    web daemon jorasmi's Avatar
    Join Date
    Nov 2001
    Location
    Philippines
    Posts
    296
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    what is that password that when inputed produces a scrabled result? does the password contain special characters like /,.+& etc...? have you tried other username and password that is not scrubled?

  14. #14
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yes ive tried other passwords that are not scrambled.

    The password that is scrambled is "ripcurlksm"
    Last edited by ripcurlksm; Nov 24, 2004 at 17:15.

  15. #15
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    what would make the password scrambled in one script but not the other?

  16. #16
    web daemon jorasmi's Avatar
    Join Date
    Nov 2001
    Location
    Philippines
    Posts
    296
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i can only think of the special characters. in some cases if you tried to store value on a shorter field in a table, the value is truncated but still not scrubled. another is if you use a command that parses the special character with commands like add_slashes(), mysql_escape_string (), etc.. but i dont see those kind of functions in your code.

    can you login using other username and password?

    can you echo just the value of the username and password just right after the form is sent. dont let it pass to the other functions, just print it on the screen just so will know what is the value of those variable before we pass it to the other functions.

  17. #17
    SitePoint Guru ripcurlksm's Avatar
    Join Date
    Aug 2004
    Location
    San Clemente, CA
    Posts
    859
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    jorasmi,

    could you post a simple registration app to accompany yourr example?

    Thanks!

    -Kevin


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •