SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Enthusiast BMorganVA's Avatar
    Join Date
    Mar 2010
    Posts
    91
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Passwords never match!

    When I match a password a user entered to a password in the database, the don't match. I can't find the problem.

    Can someone help me find the error and tell me what I'm doing wrong?

    PHP Code:
        $confEmail mysql_query(
            
    sprintf(
                
    "SELECT ID,Passwd,Email FROM sq_users WHERE Email = '%s'",
                    
    mysql_real_escape_string($_POST['email'])
            )
        );
        
    $passFlat $_POST['pass'];
        
    $passE md5($passFlat);
        
        
    $row mysql_fetch_row($confEmail);
        
        if(
    $passE == $row[1]) 
    Thanks for the help! Also, if you know how to use mod_rewrite, look at this thread.

  2. #2
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Since you believe the two variable to be the same value, but are stumped as to why they don't compare as being equal, it would suggest the values aren't the same. So, a good next step would be to take a close look at what the values really are, because it can give a great a hint at where the problem manifested itself. var_dump() is a good way to inspect the value of a variable.

  3. #3
    SitePoint Enthusiast BMorganVA's Avatar
    Join Date
    Mar 2010
    Posts
    91
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here is more code needed for the problem.

    PHP Code:
    $cemail mysql_real_escape_string($_POST['email']);
    $sql "SELECT Email FROM sq_users WHERE Email = '$cemail'";
    $res mysql_query($sql);
    if (!
    $restrigger_error(mysql_error().' in '.$sql);
    if(
    !== mysql_num_rows($res)){
        
    $confEmail mysql_query(
            
    sprintf(
                
    "SELECT ID,Passwd,Email FROM sq_users WHERE Email = '%s'",
                    
    mysql_real_escape_string($_POST['email'])
            )
        );
        
    $passFlat $_POST['pass'];
        
    $passE md5($passFlat);
        
        
    $row mysql_fetch_row($confEmail);
        
        if(
    $passE == $row[1]) 
    It says $row[1] is NULL. That means something went wrong, I'm assuming, at the "mysql_fetch_row()". Can someone spot the error?

  4. #4
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You might also want to var_dump($row) to see if the array has any values at all, or if it's even an array.

    Depending on the outcome, next step might be to verify the query succeeded. inspect the value of $confEmail, and also see mysql_error() and mysql_num_rows().

  5. #5
    SitePoint Enthusiast BMorganVA's Avatar
    Join Date
    Mar 2010
    Posts
    91
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If pinpointed the error more closely. When I die the error message, I get "Access denied for user 'SYSTEM'@'localhost' (using password: NO)" Here is my SQL code.

    PHP Code:
    require("includes/connect.php");

    $cemail mysql_real_escape_string($_POST['email']);
    $sql "SELECT Email FROM sq_users WHERE Email = ".$cemail;
    $res mysql_query($sql) or die(mysql_error()); 
    Here is connect.php

    PHP Code:
    <?php
    $host 
    "localhost";
    $username "root";
    $password "temple01";
    $db_name "socialquests";

    $con mysql_connect($host$username$password);
    if (!
    $contrigger_error(mysql_error());

    $open mysql_select_db($db_name$con);
    if (!
    $opentrigger_error(mysql_error());
    ?>
    Thanks for the help!

  6. #6
    SitePoint Zealot cools_sonu's Avatar
    Join Date
    Jan 2010
    Posts
    136
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by BMorganVA View Post
    When I match a password a user entered to a password in the database, the don't match. I can't find the problem.

    Can someone help me find the error and tell me what I'm doing wrong?

    PHP Code:
        $confEmail mysql_query(
            
    sprintf(
                
    "SELECT ID,Passwd,Email FROM sq_users WHERE Email = '%s'",
                    
    mysql_real_escape_string($_POST['email'])
            )
        );    
            
    $passFlat $_POST['pass'];
        
    $passE md5($passFlat);
        
        
    $row mysql_fetch_row($confEmail);
        
        if(
    $passE == $row[1]) 
    Thanks for the help! Also, if you know how to use mod_rewrite, look at this thread.

    Is it querying the database correctly ?

    PHP Code:
    $confEmail mysql_query(
            
    sprintf(
                
    "SELECT ID,Passwd,Email FROM sq_users WHERE Email = '%s'",
                    
    mysql_real_escape_string($_POST['email'])
            )
        ) or die(
    "Query failed: "mysql_error()); 
    and if it is querying the database then check the value
    PHP Code:
    $row mysql_fetch_row($confEmail);

    echo 
    "<pre>";
    print_r($row);
    echo 
    "</pre>"
    This might help u out.

  7. #7
    SitePoint Enthusiast BMorganVA's Avatar
    Join Date
    Mar 2010
    Posts
    91
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That's not the problem. Read my latest post to be more up-to-date.

  8. #8
    SitePoint Zealot cools_sonu's Avatar
    Join Date
    Jan 2010
    Posts
    136
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by BMorganVA View Post
    If pinpointed the error more closely. When I die the error message, I get "Access denied for user 'SYSTEM'@'localhost' (using password: NO)" Here is my SQL code.
    This line says it all, try to access the database w/o any password. Probably it will help.

  9. #9
    SitePoint Enthusiast BMorganVA's Avatar
    Join Date
    Mar 2010
    Posts
    91
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    For more security, I'm not going to try that. Thanks though!

    Any other suggestions? Thanks for all your help!

  10. #10
    SitePoint Guru risoknop's Avatar
    Join Date
    Feb 2008
    Location
    end($world)
    Posts
    834
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If they don't match, they are 100&#37; not the same. Are you sure the password in the database is not also salted? Or that it is hashed with md5() and not sha1() or something other?

  11. #11
    SitePoint Zealot zalucius's Avatar
    Join Date
    Jul 2007
    Location
    Denmark
    Posts
    162
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by BMorganVA View Post
    For more security, I'm not going to try that. Thanks though!

    Any other suggestions? Thanks for all your help!
    Well, if your localhost database does not require a password, then you should not try to use a password...

    First fix the connection problem, by using the correct "user" and "pass", and ofcourse the correct "database".

    Clearly, if the mysql_connect fails, then it must be one of four problems.
    1. wrong host
    2. wrong username
    3. wrong password.
    4. SQL server is not running.

    Then it's possible to move to the next problem (if any still exist).
    zalucius


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •