SitePoint Sponsor

User Tag List

Results 1 to 14 of 14

Thread: code error

  1. #1
    SitePoint Addict
    Join Date
    Nov 2006
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    code error

    PHP Code:
    $conn=@mysql_connect"*********""*****""******" ) or die ("err:Internal Server Error: Report the error to ");
        
    $sql "select * from users where email='$email' and pass='$password'"
    $result mysql_query($sql); 
    if (
    mysql_num_rows($result)!= 1
    {echo 
    "login failed";}
     else 
    {echo 
    "login passed";} 
    I keep getting login failed as an error, do you guys see any particular error with this part of the code?

  2. #2
    SitePoint Wizard cmuench's Avatar
    Join Date
    Jul 2005
    Location
    At my computer
    Posts
    2,251
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try the following and see what is spits out
    PHP Code:
    /*
    $conn=@mysql_connect( "*********", "*****", "******" ) or die ("err:Internal Server Error: Report the error to ");
        $sql = "select * from users where email='$email' and pass='$password'";
    $result = mysql_query($sql);
    if (mysql_num_rows($result)!= 1)
    {echo "login failed";}
    else
    {echo "login passed";}*/
    echo $email;
    echo 
    $password
    hopefully it spits out a email and password.

  3. #3
    SitePoint Wizard stereofrog's Avatar
    Join Date
    Apr 2004
    Location
    germany
    Posts
    4,324
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Remove the '@', insert 'error_reporting(E_ALL);' at very top and tell us what it says.

  4. #4
    SitePoint Addict
    Join Date
    Nov 2006
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is the whole code instead of a small section

    PHP Code:
    <?xml version="1.0" encoding="utf-8"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
            "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
        <title>LOGIN</title>
        <meta http-equiv="content-type" 
            content="text/html;charset=utf-8" />
        <meta http-equiv="Content-Style-Type" content="text/css" />
    </head>


    <?php
        $email 
    make_safe($_POST['email']);
        
    $password md5(make_safe($_POST['password']));
        
    $submit make_safe($_POST['login']);
        
    $tried make_safe($_POST['tried']);
        
                
    ########################################
                ###### protection from ' OR 1=1 # ######
                
    function make_safe($variable) {
                    
    $variable addslashes(trim($variable));
                    return 
    $variable;}
                
    ########################################
                
                ############################
                ####  Email Preg Match  ####
                
    if (preg_match('/@.+\..+$/'$email))
                    {
    $emailcheck true;}
                else
                    {
    $emailcheck false;}
                
    #############################        
        
    if (strlen($email) > 100)
            {
    $len_pass false;}
        else
            {
    $len_pass pass;}
                
    #############################
                ####    VALIDATION       ####

        
                 ##############################
                
        
            
    if(is_null($email) || $email == "" || is_null($password) || $password == "" || $len_pass == false || $emailcheck == false)
    {
        
    ?>    
         <?php##################LOGIN###########################################?>
         <form action="<?php echo $_SERVER['PHP_SELF'?>"method="POST" style="width: 100px">
            <fieldset>
            
                <legend>Login</legend>
                
                <label for="email">Courrier Ã‰lectronique/Email:</label>
                    <input name="email" id="email" type="text" maxlength="100" tabindex="1" size="25" autocomplete="on" /><br />

                <label for="password">Mot de Passe/Password : </label>
                    <input name="password" id="password" type="password" maxlength="50" tabindex="2" size="25" autocomplete="off" />
                    
                <input name="login" id="login" type="submit" tabindex="3" value="login" />
            
                <input type="hidden" name="tried" value="yes" />

            </fieldset>
        </form>
        <?php }
        
    ###################################################################
        
        
    ?>
        <?php
    if( $tried == "yes" && !is_null($email) && !is_null($password) && $len_pass == true && $emailcheck == true)
    {

    $conn=mysql_connect"********""****""****" ) or die ("err:Internal Server Error: Report the error to ");
        
    $sql "select * from users where email='$email' and pass='$password'"
    $result mysql_query($sql); 
    if (
    mysql_num_rows($result)!= 1
    {echo 
    "login failed";}
     else 
    {echo 
    "login passed";}
    echo 
    "<br>".$password."<br>";
         echo 
    $email."<br>";
        echo 
    $password."<br>";
        echo 
    $submit."<br>";
        echo 
    $emailcheck."<br>";
        
    #echo $len."<br>";
        
    }
        
    ?>
        
    </html>
    In the database I have the password encrypted md5, and so I figure that you do the check with a password that is also md5? Anyways whatever I seem to do it just echos what I enter
    login failed
    a1e7f048b6ec3c6ff2b7bdbe51086bee
    princemallow@************.com
    a1e7f048b6ec3c6ff2b7bdbe51086bee
    login
    1

    the "a1e7f048b6ec3c6ff2b7bdbe51086bee" is exactly as it is in the database.

  5. #5
    An average geek earl-grey's Avatar
    Join Date
    Mar 2005
    Location
    Ukraine
    Posts
    1,403
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Print out the query, execute it using MySQL client, such as phpMyAdmin, and tell us if returns the row you expected.

  6. #6
    SitePoint Addict
    Join Date
    Nov 2006
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    do you mean writing out the $sql string into mysql directly? if so then I already did that, and it returns the one row that I expect to see. if that's not what you mean then you need to eliborate on the phpmyadmin

  7. #7
    An average geek earl-grey's Avatar
    Join Date
    Mar 2005
    Location
    Ukraine
    Posts
    1,403
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Add:
    PHP Code:
    if (!$result)
    {
      print 
    mysql_error($conn);

    after
    PHP Code:
    $result mysql_query($sql); 
    and use the connection id in mysql_query as well:
    PHP Code:
    $result mysql_query($sql$conn); 

  8. #8
    SitePoint Addict
    Join Date
    Nov 2006
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    no database selected, This means I need to get into the database before I call for the table users, How does the syntax for that go?

    the new code:
    PHP Code:
    <?xml version="1.0" encoding="utf-8"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
            "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
        <title>LOGIN</title>
        <meta http-equiv="content-type" 
            content="text/html;charset=utf-8" />
        <meta http-equiv="Content-Style-Type" content="text/css" />
    </head>


    <?php
        $email 
    make_safe($_POST['email']);
        
    $password md5(make_safe($_POST['password']));
        
    $submit make_safe($_POST['login']);
        
    $tried make_safe($_POST['tried']);
        
                
    ########################################
                ###### protection from ' OR 1=1 # ######
                
    function make_safe($variable) {
                    
    $variable addslashes(trim($variable));
                    return 
    $variable;}
                
    ########################################
                
                ############################
                ####  Email Preg Match  ####
                
    if (preg_match('/@.+\..+$/'$email))
                    {
    $emailcheck true;}
                else
                    {
    $emailcheck false;}
                
    #############################        
        
    if (strlen($email) > 100)
            {
    $len_pass false;}
        else
            {
    $len_pass pass;}
                
    #############################
                ####    VALIDATION       ####

        
                 ##############################
                
        
            
    if(is_null($email) || $email == "" || is_null($password) || $password == "" || $len_pass == false || $emailcheck == false)
    {
        
    ?>    
         <?php##################LOGIN###########################################?>
         <form action="<?php echo $_SERVER['PHP_SELF'?>"method="POST" style="width: 100px">
            <fieldset>
            
                <legend>Login</legend>
                
                <label for="email">Courrier Ã‰lectronique/Email:</label>
                    <input name="email" id="email" type="text" maxlength="100" tabindex="1" size="25" autocomplete="on" /><br />

                <label for="password">Mot de Passe/Password : </label>
                    <input name="password" id="password" type="password" maxlength="50" tabindex="2" size="25" autocomplete="off" />
                    
                <input name="login" id="login" type="submit" tabindex="3" value="login" />
            
                <input type="hidden" name="tried" value="yes" />

            </fieldset>
        </form>
        <?php }
        
    ###################################################################
        
        
    ?>
        <?php
    if( $tried == "yes" && !is_null($email) && !is_null($password) && $len_pass == true && $emailcheck == true)
    {

    $conn=mysql_connect"****""****""****" ) or die ("err:Internal Server Error: Report the error to ");
        
    $sql "select * from users where email='$email' and pass='$password'"
    $result mysql_query($sql$conn);
    if (!
    $result)
    {
      print 
    mysql_error($conn);
    }  
    if (
    mysql_num_rows($result)!= 1
    {echo 
    "login failed";}
     else 
    {echo 
    "login passed";}
    echo 
    "<br>".$password."<br>";
         echo 
    $email."<br>";
        echo 
    $password."<br>";
        echo 
    $submit."<br>";
        echo 
    $emailcheck."<br>";
        
    #echo $len."<br>";
        
    }
        
    ?>
        
    </html>

  9. #9
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    mysql_select_db()

  10. #10
    SitePoint Addict
    Join Date
    Nov 2006
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Thank you

    Yeah it works just dandy, it's the little things that make you crazy. hehe. Could you guys comment on the security measure i'm using, or is it lacking any?

  11. #11
    An average geek earl-grey's Avatar
    Join Date
    Mar 2005
    Location
    Ukraine
    Posts
    1,403
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Use mysql_real_escape_string() instead of addslashes()

  12. #12
    SitePoint Addict
    Join Date
    Nov 2006
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    that gives me more problems

    PHP Warning: mysql_real_escape_string(): A link to the server could not be established in C:\Apache\htdocs\*********\_debug_tmp.php on line 58
    That seems to give me more problems???

  13. #13
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    see the documentation for functions before you use them.

    you should have an open database connection before trying to use that function.

  14. #14
    SitePoint Addict
    Join Date
    Nov 2006
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't want to make you guys work harder than you need to, but now I'm even more confused, I've stumbled upon some debates from mysql escape to addslashes, and it seems that they come to the conclusion that they are equally good, just that escape has more to it. Anyways I'ld just like to have a peice of code that works well. You said I need to open a connection before doing the mysql_real_escape_string, the code that I have posted above, would I simply add an open($conn); and then close it after the function and open it again later when I'm ready to test it against the database, or would it be "better" (more convinient) to add those slashes and such right before I insert them in the database, or test them against the database depending on the situation?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •