SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Addict manipura's Avatar
    Join Date
    Apr 2001
    Location
    Calgary,AB
    Posts
    345
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    secure? To be or not to be?

    Problem with sessions. When I type in a number for the password it lets me pass. I can't find any locigal reason why this happens.

  2. #2
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You are going to have to give us more than that to work with. Try showing some of your code and also maybe it might help to explain yourself a bit better.
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  3. #3
    SitePoint Addict manipura's Avatar
    Join Date
    Apr 2001
    Location
    Calgary,AB
    Posts
    345
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is the script... It checks the password for one in the database. I just don't understand why, if you enter numbers, it lets you pass.. Enter anything else that isn't in the database it goes to the access denied page
    _____________________________________________

    I don't know why this thought didn't come to me before, but the password for the username in the database was numbers. So I thought it was working, withouth thinking that whenever you put in numbers for the password it lets you in anyway. I now changed the password and its not letting me in. So I have no idea whats wrong now! PLEASE HELP!


    <?php // control.php

    include("db1.php");
    session_start();

    if(!isset($uid)) {
    ?> <html> <head> <title> Please Log In for Access </title> </head>
    <body> <h1> Login Required <?=$uid?></h1>
    <p>You must log in to access this area of the site.
    to sign up for instant access!</p>
    <p><form method="post" action="<?=$PHP_SELF?>">
    User ID: <input type="text" name="uid" size="8"><br>
    Password: <input type="password" name="pwd" SIZE="8"><br>
    <input type="submit" value="Log in"> </form></p>
    </body> </html>
    <?php exit;

    }


    session_register("uid");
    session_register("pwd");

    dbConnect("referral");
    $sql = "SELECT * FROM referral WHERE username = '$uid' AND password = $pwd";
    $result = mysql_query($sql);
    if (!$result) {
    session_unregister("uid");
    session_unregister("pwd");

    ?>
    <html> <head> <title> Access Denied </title> </head> <body>
    <h1> Access Denied </h1>
    <p>Your user ID or password is incorrect, or you are not a
    registered user on this site. To try logging in again, click
    <a href="<?=$PHP_SELF?>">here</a>. </p>
    </body> </html>
    <?php
    exit;
    }


    ?>
    Last edited by manipura; May 31, 2001 at 12:44.

  4. #4
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just a guess but change
    PHP Code:
    $sql "SELECT * FROM referral WHERE username = '$uid' AND password = $pwd"
    to
    PHP Code:
    $sql "SELECT * FROM referral WHERE username = '$uid' AND password = '$pwd'"
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  5. #5
    SitePoint Addict manipura's Avatar
    Join Date
    Apr 2001
    Location
    Calgary,AB
    Posts
    345
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Sort of working

    $sql = "SELECT * FROM referral WHERE username = '$uid' AND password = '$pwd'";

    This causes it to not work at all... Type in anything it will let you in....

    $sql = "SELECT * FROM referral WHERE username = $uid AND password = $pwd";

    Seemed to have worked... But now it just doesn't let me in at all. Even if it is the right information

  6. #6
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sorry I just looked at your query again and I realized you are only checking to see if the query ran okay
    PHP Code:
    if(!$result
    Should be changed to read

    PHP Code:
    if(mysql_num_rows($result) > 0) {
    //Authorized
    }

    else {
    session_unregister("uid"); 
    session_unregister("pwd"); 

    ?> 
    <html> <head> <title> Access Denied </title> </head> <body> 
    <h1> Access Denied </h1> 
    <p>Your user ID or password is incorrect, or you are not a 
    registered user on this site. To try logging in again, click 
    <a href="<?=$PHP_SELF?>">here</a>. </p> 
    </body> </html> 
    <?php 
    exit; 
    }
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  7. #7
    SitePoint Addict manipura's Avatar
    Join Date
    Apr 2001
    Location
    Calgary,AB
    Posts
    345
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Warning: Supplied argument is not a valid MySQL result resource in control.php on line 27


    Line 27 is
    if (mysql_num_rows($result) > 0) {

  8. #8
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So you are telling me that when you put
    PHP Code:
    $sql "SELECT * FROM referral WHERE username = '$uid' AND password = $pwd"
    $result mysql_query($sql); 
    if(
    mysql_num_rows($result) > 0) { 
    You get that error. Got to be something wrong with your db connection or something, can you post the whole shebang with your modified code in it again?
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  9. #9
    SitePoint Addict manipura's Avatar
    Join Date
    Apr 2001
    Location
    Calgary,AB
    Posts
    345
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Its working now.... Well........ At least for now


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •