user/password check help!!!

[drewcoster]

Hi All
At the moment I am learning PHP and I am going through a tute in a book - unfortunately like most books nothing ever seems to work properly. I'm trying to work on username and password verification but for some reason it never recognises my password.
The MySQL code I am using is:----
create database auth;
use auth;
create table auth (
name varchar(10) not null,
pass varchar(30) not null,
primary key (name));

insert into auth values
('user', 'pass');
insert into auth values
( 'testuser', password('test123') );

grant select, insert, update, delete
on auth.*
to webauth@localhost
identified by 'webauth';
--------
and on the PHP side I am using this code:-------
<?
if(!isset($name)&&!isset($password))
{
//Visitor needs to enter a name and password
?>
<h1>Please Log In</h1>
This page is secret.
<form action="secret.php" method="post">
<table border = 1>
<tr>
<th> Username </th>
<td> <input type = text name = name> </td>
</tr>
<tr>
<th> Password </th>
<td> <input type = password name = password> </td>
</tr>
<tr>
<td colspan =2 align = center>
<input type = submit value = "Log In">
</td>
</tr>
</table>
</form>
<?
}
else
{
// connect to mysql
$mysql = mysql_connect( 'localhost', 'webauth', 'webauth' );
if(!$mysql)
{
echo 'Cannot connect to database.';
exit;
}
// select the appropriate database
$mysql = mysql_select_db( 'auth' );
if(!$mysql)
{
echo 'Cannot select database.';
exit;
}
// query the database to see if there is a record which matches
$query = "select count(*) from auth where
name = '$name' and
pass = '$password'";

$result = mysql_query( $query );
if(!$result)
{
echo 'Cannot run query.';
exit;
}
$count = mysql_result( $result, 0, 0 );
if ( $count > 0 )
{
// visitor's name and password combination are correct
echo "<h1>Here There!</h1>";
echo "Welcome to this page.";
}
else
{
// visitor's name and password combination are not correct
echo "<h1>Denied!</h1>";
echo "You are not authorized to view this resource.";
}
}
?>
---------
I just wondered if any of you could see a reason why I keep getting the denied header when I only have the 1 password in MySQL. I know MySQL is working okay as I have tried other scripts on it....

Thanks you for any help
Drew

[7stud]

Hi,

One password in the table? You have two insert statements, so you have two passwords. Also, no one is going to be able to tell what's wrong because you have a password() function that does who knows what to the password entered by the user. I would say you are not entering the same password that is stored in your mysql table, so why don't you copy and paste what is in your mysql table and use that for the password and see if that works.

[RKuhle]

Otherwise just login through telnet or SSH and reset your password. I had this problem once also...and sure enough, I was entering the password wrong.

[drewcoster]

Hi Guys - Thanks for the input. I finally got the thing to work after I took out the word password and the second set of parentheses and it worked fine since then.

'insert into auth values ('user', 'pass'); insert into auth values
( 'testuser', password('test123') );

Cheers

Drew