SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 37
  1. #1
    SitePoint Addict
    Join Date
    Apr 2007
    Posts
    211
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Why won't php "see" my database?

    FYI: I inherited this website from the previous computer guy.

    My php login page
    Code:
    <?php
    
    session_start();
    
    if($submit || $FrontPage) {
    	include('db_con.php');
    $User_Exists = mysql_query("SELECT table_id, rest_username, rest_pass, contact_fname FROM 123_table WHERE rest_username='$username' AND rest_pass = '$password' AND table_id = '$id'", $db_link);
    		$exists = mysql_num_rows($User_Exists);
    		$row = mysql_fetch_array($User_Exists);
    		
    		if($exists) {
    		$_SESSION['track_id'] = $row['table_id'];
    		$_SESSION['track_name'] = $row['contact_fname'];
    		
    		
    		echo '<script type="text/javascript">
    			location="home.php"
    		* * * </script>';
    		
    }else{
    $login_fail="true";
    }
    }
    ?>
    <html>
    
    	<head>
    		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
    		<meta name="generator" content="Adobe GoLive 5">
    		<title>Admin Page :: Login</title>
    	</head>
    
    	<body bgcolor="#ffffff">
    		<div align="center">
    			<font face="Verdana, Arial, Helvetica, sans-serif">You're loged in!: <? echo $id; ?><br>
    				<br>
    				<? if ($login_fail=="true"){
    				echo "<b><font color='#cc0033' face='Verdana, Arial, Helvetica, sans-serif'>Login Incorrect, please try again</font></b>";
    				}
    				?><br>
    				<form name="FormName" action="<?=$PHP_SELF;?>" method="post">
    					<table border="0" cellpadding="0" cellspacing="2" width="180">
    						<tr height="19">
    							<td colspan="2" height="19">
    								<div align="center">
    									<font size="3"><b>
    										
    										Login</b></font></div>
    							</td>
    						</tr>
    						<tr>
    							<td>Username:</td>
    							<td><input type="text" name="username" CLASS="formTextbox" size="24"></td>
    						</tr>
    						<tr>
    							<td>Password:</td>
    							<td><input type="password" name="password" CLASS="formTextbox" size="24"></td>
    						</tr>
    						<tr>
    							<td colspan="2">
    								<div align="center">
    									<input type="submit" CLASS="formTextbox" name="submit" value="Login"></div>
    							</td>
    						</tr>
    					</table>
    				</form>
    			</font></div>
    	</body>
    
    </html>
    My database has a table called 123_table, in that table are fields named rest_username, rest_pass, contact_fname and table_id

    My db_con
    Code:
    <?
    $db_hostname = "localhost";
    $db_name = "DBNAME";
    $db_username = "USERNAME";
    $db_password = "PASSWORD";
    
    	$db_link = @mysql_connect($db_hostname, $db_username, $db_password);
    		$db_get = mysql_select_db($db_name, $db_link);
    
    ?>
    When I try to login it says "login incorrect, please try again".

  2. #2
    Sell crazy someplace else markl999's Avatar
    Join Date
    Aug 2003
    Location
    Manchester, UK
    Posts
    4,007
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That code requires register_globals to be On (and it's rightly Off by default since PHP 4.2.0). If turning register_globals On fixes it then you should fix it so it doesn't require them to be On and also add some input validation

  3. #3
    SitePoint Addict
    Join Date
    Apr 2007
    Posts
    211
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    register globals is on

  4. #4
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,806
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    Looks like the script is relying on register_globals being on.
    add this to the top of the script just before the query:
    PHP Code:

    $username 
    $_POST['username'];
    $password $_POST['password']; 
    Spike
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  5. #5
    Sell crazy someplace else markl999's Avatar
    Join Date
    Aug 2003
    Location
    Manchester, UK
    Posts
    4,007
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Okie, so next add some error checking:
    PHP Code:
    $sql "SELECT table_id, rest_username, rest_pass, contact_fname FROM 123_table WHERE rest_username='$username' AND rest_pass = '$password' AND table_id = '$id'";
    echo 
    'DEBUG: '.$sql.'<br />';
    User_Exists mysql_query($sql) or die(mysql_error());
    $exists mysql_num_rows($User_Exists);
    $row mysql_fetch_array($User_Exists);
    var_dump($row); 

  6. #6
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,806
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    was just about to post something similar and refreshed before I did, I will leave this one to you Mark
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  7. #7
    Sell crazy someplace else markl999's Avatar
    Join Date
    Aug 2003
    Location
    Manchester, UK
    Posts
    4,007
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by spikeZ View Post
    was just about to post something similar and refreshed before I did, I will leave this one to you Mark
    Keep an eye on me though, I've just pulled an all nighter and am prone to silly errors due to lack of sleep

  8. #8
    SitePoint Addict
    Join Date
    Apr 2007
    Posts
    211
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    still no good

    Code:
    <?php
    session_start();
    
    // dunno if the or is correct here...
    if($submit || $FrontPage) {
    	include('db_con.php');
      // also not suer where $id comes from? 
    $username = $_POST['username'];
    
    $password = $_POST['password'];
    $User_Exists = mysql_query("SELECT table_id, rest_username, rest_pass, contact_fname FROM abc_tables WHERE rest_username='".$_POST['$username']."' AND rest_pass = '".$_POST['password']."' AND table_id = '".$id."'", $db_link);
    		$exists = mysql_num_rows($User_Exists);
    		$row = mysql_fetch_array($User_Exists);
    Last time i had a problem like this it was partly because of permissions but i have www as the owner with read write, and www as the group with read write. I even gave everyone read write just to be on the safe side.

  9. #9
    Sell crazy someplace else markl999's Avatar
    Join Date
    Aug 2003
    Location
    Manchester, UK
    Posts
    4,007
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Add the error checking/debugging in my previous post and see if that shines any light on it. Also putting error_reporting(E_ALL); at the top of the script can help (if it's not already set to that).

  10. #10
    SitePoint Addict
    Join Date
    Apr 2007
    Posts
    211
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    DEBUG: SELECT table_id, rest_username, rest_pass, contact_fname FROM abc_tables WHERE rest_username='test' AND rest_pass = 'test' AND table_id = ''
    bool(false)

  11. #11
    Sell crazy someplace else markl999's Avatar
    Join Date
    Aug 2003
    Location
    Manchester, UK
    Posts
    4,007
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    table_id = '' ??
    Where is $id supposed to come from?

  12. #12
    SitePoint Addict
    Join Date
    Apr 2007
    Posts
    211
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    with the error reporting turned on i get this when i try to load the page:

    Parse error: syntax error, unexpected T_IF in /Library/Tenon/WebServer/WebSites/admin/rest_site_creation/mgmt_index.php on line 6

    line 6:
    Code:
    if($submit || $FrontPage) {

  13. #13
    SitePoint Addict
    Join Date
    Apr 2007
    Posts
    211
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by markl999 View Post
    table_id = '' ??
    Where is $id supposed to come from?
    I dunno. I was told that everything in the site worked fine when I took it over. Should I remove it?

  14. #14
    Sell crazy someplace else markl999's Avatar
    Join Date
    Aug 2003
    Location
    Manchester, UK
    Posts
    4,007
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well either remove it or set it. Unless you know whre and what to set it to you'll have to remove it

  15. #15
    SitePoint Addict
    Join Date
    Apr 2007
    Posts
    211
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    removed table_id
    Code:
    $User_Exists = mysql_query("SELECT table_id, rest_username, rest_pass, contact_fname FROM abc_tables WHERE rest_username='".$_POST['$username']."' AND rest_pass = '".$_POST['password']."', $db_link);
    still have the error on line 6

  16. #16
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,806
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    run this.....
    PHP Code:
    <?php

    session_start
    ();
    include(
    'db_con.php');

    if(isset(
    $_POST['submit'])) {

    $username $_POST['username']; 
    $password $_POST['password'];

    $User_Exists mysql_query("SELECT table_id, rest_username, rest_pass, contact_fname FROM 123_table WHERE rest_username='$username' AND rest_pass = '$password'"$db_link);
            
    $exists mysql_num_rows($User_Exists);
            
    $row mysql_fetch_array($User_Exists);
            
            if(
    $exists 0) {
            
    $_SESSION['track_id'] = $row['table_id'];
            
    $_SESSION['track_name'] = $row['contact_fname'];
            
            
            echo 
    '<script type="text/javascript">
                location="home.php"
            * * * </script>'
    ;
            
            }else{
                
    $login_fail="true";
                
    print_r($_SESSION);
                
    print_r($_POST);
            }
    }
    ?>
    <html>

        <head>
            <meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
            <meta name="generator" content="Adobe GoLive 5">
            <title>Admin Page :: Login</title>
        </head>

        <body bgcolor="#ffffff">
            <div align="center">
                <font face="Verdana, Arial, Helvetica, sans-serif">You're loged in!: <? echo $id?><br>
                    <br>
                    <? if ($login_fail=="true"){
                    echo 
    "<b><font color='#cc0033' face='Verdana, Arial, Helvetica, sans-serif'>Login Incorrect, please try again</font></b>";
                    }
                    
    ?><br>
                    <form name="FormName" action="<?=$PHP_SELF;?>" method="post">
                        <table border="0" cellpadding="0" cellspacing="2" width="180">
                            <tr height="19">
                                <td colspan="2" height="19">
                                    <div align="center">
                                        <font size="3"><b>
                                            
                                            Login</b></font></div>
                                </td>
                            </tr>
                            <tr>
                                <td>Username:</td>
                                <td><input type="text" name="username" CLASS="formTextbox" size="24"></td>
                            </tr>
                            <tr>
                                <td>Password:</td>
                                <td><input type="password" name="password" CLASS="formTextbox" size="24"></td>
                            </tr>
                            <tr>
                                <td colspan="2">
                                    <div align="center">
                                        <input type="submit" CLASS="formTextbox" name="submit" value="Login"></div>
                                </td>
                            </tr>
                        </table>
                    </form>
                </font></div>
        </body>

    </html>
    and in db_con
    PHP Code:
    <?
    $db_hostname 
    "localhost";
    $db_name "DBNAME";
    $db_username "USERNAME";
    $db_password "PASSWORD";

        
    $db_link mysql_connect($db_hostname$db_username$db_password);
        
    $db_get mysql_select_db($db_name$db_link);

    ?>
    Try that
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  17. #17
    Sell crazy someplace else markl999's Avatar
    Join Date
    Aug 2003
    Location
    Manchester, UK
    Posts
    4,007
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Keep the error checking code in there and also the debug line until you get it working, that way you can see what's happening.
    The next thing that springs to mind is the password. It's unusual (and a bad idea) to store plain text passwords in the database, are you sure they're not md5'd? If you view the database in the mysql console or phpmyadmin etc.. is the password column encrypted or plain text?

  18. #18
    SitePoint Addict
    Join Date
    Apr 2007
    Posts
    211
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    were getting closer!!
    when i enter a username and pass that is in the databse it just reloads the page but when i enter a username and pass that are not in the database it says "incorrect login, please try again"
    so it is looking into the database for the user and pass now

  19. #19
    Sell crazy someplace else markl999's Avatar
    Join Date
    Aug 2003
    Location
    Manchester, UK
    Posts
    4,007
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Instead of:
    Code:
    echo '<script type="text/javascript">
        location="home.php"
    * * * </script>';
    try:
    PHP Code:
    header("Location: home.php");
    exit; 
    Or preferably use the full url to home.php

  20. #20
    SitePoint Addict
    Join Date
    Apr 2007
    Posts
    211
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    made a little progress. when the page loads it gives me an error:
    Code:
    Notice: Undefined variable: login_fail in /Library/Tenon/WebServer/WebSites/admin/rest_site_creation/mgmt_index.php on line 51
    line 51:
    Code:
    <? if ($login_fail=="true"){
    Code:
    <?php
    error_reporting(E_ALL);
    session_start();
    include('db_con.php'); 
    
    
    
    if(isset($_POST['submit'])) {
    
    $sql = "SELECT table_id, rest_username, rest_pass, contact_fname FROM abc_tables WHERE rest_username='$username' AND rest_pass = '$password'";
    
    echo 'DEBUG: '.$sql.'<br />';
    
    $User_Exists = mysql_query($sql) or die(mysql_error());
    
    $exists = mysql_num_rows($User_Exists);
    
    $row = mysql_fetch_array($User_Exists);
    
    var_dump($row);
    
     
    $username = $_POST['username']; 
    
    $password = $_POST['password']; 
    
    
    
    $User_Exists = mysql_query("SELECT table_id, rest_username, rest_pass, contact_fname FROM abc_tables WHERE rest_username='$username' AND rest_pass = '$password'", $db_link); 
    
            $exists = mysql_num_rows($User_Exists); 
    
            $row = mysql_fetch_array($User_Exists); 
    
             
    
            if($exists > 0) { 
    
            $_SESSION['track_id'] = $row['table_id']; 
    
            $_SESSION['track_name'] = $row['contact_fname']; 
    
             
    
             
    
            echo '<script type="text/javascript"> 
    
                location="home.php" 
    
            * * * </script>'; 
    
             
    
            }else{ 
    
                $login_fail="true"; 
    
                print_r($_SESSION); 
    
                print_r($_POST); 
    
            } 
    
    } 
    
    ?>
    <html>
    
    	<head>
    		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
    		<meta name="generator" content="Adobe GoLive 5">
    		<title>Admin Page :: Login</title>
    	</head>
    
    	<body bgcolor="#ffffff">
    		<div align="center">
    			<font face="Verdana, Arial, Helvetica, sans-serif">Please log in: <br>
    				<br>
    				<? if ($login_fail=="true"){
    				echo "<b><font color='#cc0033' face='Verdana, Arial, Helvetica, sans-serif'>Login Incorrect, please try again</font></b>";
    				}
    				?><br>
    				<form name="FormName" action="<?=$PHP_SELF;?>" method="post">
    					<table border="0" cellpadding="0" cellspacing="2" width="180">
    						<tr height="19">
    							<td colspan="2" height="19">
    								<div align="center">
    									<font size="3"><b>
    										
    										Login</b></font></div>
    							</td>
    						</tr>
    						<tr>
    							<td>Username:</td>
    							<td><input type="text" name="username" CLASS="formTextbox" size="24"></td>
    						</tr>
    						<tr>
    							<td>Password:</td>
    							<td><input type="password" name="password" CLASS="formTextbox" size="24"></td>
    						</tr>
    						<tr>
    							<td colspan="2">
    								<div align="center">
    									<input type="submit" CLASS="formTextbox" name="submit" value="Login"></div>
    							</td>
    						</tr>
    					</table>
    				</form>
    			</font></div>
    	</body>
    
    </html>

  21. #21
    SitePoint Addict
    Join Date
    Apr 2007
    Posts
    211
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by markl999 View Post
    Instead of:
    Code:
    echo '<script type="text/javascript">
        location="home.php"
    * * * </script>';
    try:
    PHP Code:
    header("Location: home.php");
    exit; 
    Or preferably use the full url to home.php
    DEBUG: SELECT table_id, rest_username, rest_pass, contact_fname FROM abc_tables WHERE rest_username='test' AND rest_pass = 'test'
    array(8) { [0]=> string(6) "100565" ["table_id"]=> string(6) "100565" [1]=> string(4) "test" ["rest_username"]=> string(4) "test" [2]=> string(4) "test" ["rest_pass"]=> string(4) "test" [3]=> string(13) "Paul & Sharon" ["contact_fname"]=> string(13) "Paul & Sharon" }
    Warning: Cannot modify header information - headers already sent by (output started at /Library/Tenon/WebServer/WebSites/admin/rest_site_creation/mgmt_index.php:9) in /Library/Tenon/WebServer/WebSites/admin/rest_site_creation/mgmt_index.php on line 28

    I get that error when the page loads

  22. #22
    SitePoint Addict
    Join Date
    Apr 2007
    Posts
    211
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    still playing with the syntax. I'm not sure if the problem is on line 51 or if it is really between 32 and 36

    lines 32 - 36:
    Code:
            }else{ 
    
                $login_fail="true"; 
    
                print_r($_SESSION); 
    
                print_r($_POST); 
    
            }

  23. #23
    dooby dooby doo silver trophybronze trophy
    spikeZ's Avatar
    Join Date
    Aug 2004
    Location
    Manchester UK
    Posts
    13,806
    Mentioned
    158 Post(s)
    Tagged
    3 Thread(s)
    Believe it or not, thats actually a good thing!

    for line 51 use (just before your header("location:...");
    PHP Code:
    $login_fail false
    and remove all debugging stuff!
    Mike Swiffin - Community Team Advisor
    Only a woman can read between the lines of a one word answer.....

  24. #24
    SitePoint Addict
    Join Date
    Apr 2007
    Posts
    211
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    When I use a username and pass that is not in the database I get this error along with the login failed I'm supposed to get:
    DEBUG: SELECT table_id, rest_username, rest_pass, contact_fname FROM abc_tables WHERE rest_username='sdfsf' AND rest_pass = 'sdfwe'
    bool(false) Array ( [track_id] => 100565 [track_name] => Paul & Sharon ) Array ( [username] => sdfsf [password] => sdfwe [submit] => Login )



    When I use a username and pass that is in the database I get this error and the page just reloads (with the error)

    DEBUG: SELECT table_id, rest_username, rest_pass, contact_fname FROM abc_tables WHERE rest_username='test' AND rest_pass = 'test'
    array(8) { [0]=> string(6) "100565" ["table_id"]=> string(6) "100565" [1]=> string(4) "test" ["rest_username"]=> string(4) "test" [2]=> string(4) "test" ["rest_pass"]=> string(4) "test" [3]=> string(13) "Paul & Sharon" ["contact_fname"]=> string(13) "Paul & Sharon" }
    Warning: Cannot modify header information - headers already sent by (output started at /Library/Tenon/WebServer/WebSites/www.ABCAdvertising.net/admin/rest_site_creation/mgmt_index.php:9) in /Library/Tenon/WebServer/WebSites/www.ABCAdvertising.net/admin/rest_site_creation/mgmt_index.php on line 28


    when the page first loads I still get this error:

    <? if ($login_fail=="true"){

  25. #25
    Sell crazy someplace else markl999's Avatar
    Join Date
    Aug 2003
    Location
    Manchester, UK
    Posts
    4,007
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You need to remove (or better still, comment out) the DEBUG lines so you can do the header("Location (as spikeZ said above)
    No output can be sent before the header and the debug line counts as output and is only there should you have problems with the query .. you can uncomment them again if you need to.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •