Never the same, when they are!

PHP
1

The encrypted password doesn’t match the password in the row I want it to, when I checked and they both were the same… I think it’s something to do with the second query and the “mysql_fetch_row()” function because when I echo “$row[2]” and nothing shows up. I can’t find the problem. Thanks for the help.


if(0 !== mysql_num_rows($resultUser)){
	$resultUser = mysql_query(
    	sprintf(
      	  "SELECT ID,Username,Passwd,Verify FROM sq_users WHERE Username = '%s'",
     	   mysql_real_escape_string($_POST['username'])
   		)
	);
	$passFlat = $_POST['passwd'];
	$pass = md5($passFlat);
	
	$row = mysql_fetch_row($resultUser);
	
	if($pass == $row[2]){
		if($row[3] == 0){
			header('Location: '. $root . $valid);
			mysql_close($con);
			exit;
		}
		else{
			session_start();
			$_SESSION['id'] = $row[0];
			
			header('Location: '. $root . $home);
			mysql_close($con);
			exit;
		}
	}
	else{
		echo $row[2];
		mysql_close($con);
		exit;
	}
}
2

Code updated! Found where the error is, but I can’t find the problem.


	$resultUser = mysql_query("SELECT ID,Username,Passwd,Verify FROM sq_users WHERE Username = ". $uname);
	if(!$resultUser) echo "Query failed";
3

Are you sure the condition in the first line of code is passing?

4

It’s not. That’s confusing though, it should stop then. This make the problem even harder. Here is the code that could contain the problem.


$uname = $_POST['username'];

$userAuth = mysql_query("SELECT Username FROM sq_users WHERE Username = '$uname'");
if(!$userAuth) echo "Fail";
if(0 !== mysql_num_rows($userAuth)){
	$resultUser = mysql_query("SELECT ID,Username,Passwd,Verify FROM sq_users WHERE Username = '$uname'");
	if(!$resultUser) echo "Query failed";

Here is the code it uses to connect to the database.


<?php
$host = "localhost";
$username = "root";
$password = "temple01";
$db_name = "socialquests";

$con = mysql_connect("$host", "$username", "$password");
if (!$con) trigger_error(mysql_error());

$open = mysql_select_db("$db_name", "$con");
if (!$open) trigger_error(mysql_error());
?>
5

$userAuth will only be false if the query could not execute, not if there were no rows.

You really don’t need to do two queries here.

mysql_connect(...)
mysql_select_db(...)

$uname = mysql_real_escape_string($_POST['username']);
$result = mysql_query("SELECT ID, Username, Passwd, Verify FROM sq_users WHERE Username = '$uname'") or die("Database error: " . mysql_error());

if (mysql_num_rows($result) == 0) {

  echo "No user with that username.";

} else {

  $row = mysql_fetch_assoc($result);

  if ($row['Passwd'] == md5($_POST['passwd'])) {

    echo "Password matched.";

  } else {

    echo "Password didn't match.";

  }

}