Topic awaiting preservation: User Authenticating PHP/MySQL (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=12136" title="Pages that link to Topic awaiting preservation: User Authenticating PHP/MySQL (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: User Authenticating PHP/MySQL <span class="small">(Page 1 of 1)</span>\$

wazzupyo14 Obsessive-Compulsive (I) Inmate From: Insane since: Mar 2002	posted 03-24-2002 00:10 Hey, I'm new here and I got this code that I'm trying to get to work to make a members section on my website. But I can't get it to work. It will never connect to the database which is MySQL. Heres the code if anyone can help that'd be great. 1st Page: code: <?php // accesscontrol.php include("common.php"); include("db.php"); session_start(); if(!isset($uid)) { ?> <html> <head> <title> Please Log In for Access </title> </head> <body> <h1> Login Required </h1> <p>You must log in to access this area of the site. If you are not a registered user, <a href="signup.php">click here</a> to sign up for instant access!</p> <p><form method="post" action="<?=$PHP_SELF?>"> User ID: <input type="text" name="uid" size="8"><br> Password: <input type="password" name="pwd" SIZE="8"><br> <input type="submit" value="Log in"> </form></p> </body> </html> <?php exit; } session_register("uid"); session_register("pwd"); dbConnect("sessions"); $sql = "SELECT * FROM user WHERE userid = '$uid' AND password = PASSWORD('$pwd')"; $result = mysql_query($sql); if (!$result) { error("A database error occurred while checking your ". "login details.\\nIf this error persists, please ". "contact soundboard@sbcglobal.net."); } if (mysql_num_rows($result) == 0) { session_unregister("uid"); session_unregister("pwd"); ?> <html> <head> <title> Access Denied </title> </head> <body> <h1> Access Denied </h1> <p>Your user ID or password is incorrect, or you are not a registered user on this site. To try logging in again, click <a href="<?=$PHP_SELF?>">here</a>. To register for instant access, click <a href="signup.php">here</a>.</p> </body> </html> <?php exit; } $username = mysql_result($result,0,"fullname"); ?> 2nd Page: code: <?php // common.php function error($msg) { ?> <html> <head> <script language="JavaScript"> <!-- alert("<?=$msg?>"); history.back(); //--> </script> </head> <body> </body> </html> <? exit; } ?> 3rd Page: code: <?php // signup.php include("common.php"); include("db.php"); if (!isset($submitok)): // Display the user signup form ?> <html> <head><title>New User Registration</title></head> <body> <h3>New User Registration Form</h3> <p><font color=orangered size=+1><TT><B></B></TT></font> indicates a required field</p> <form method=post action="<?=$PHP_SELF?>"> <table border=0 cellpadding=0 cellspacing=5> <tr> <td align=right> <p>User ID</p> </td> <td> <input name=newid type=text maxlength=100 size=25> <font color=orangered size=+1><TT><B></B></TT></font> </td> </tr> <tr> <td align=right> <p>Full Name</p> </td> <td> <input name=newname type=text maxlength=100 size=25> <font color=orangered size=+1><TT><B></B></TT></font> </td> </tr> <tr> <td align=right> <p>E-Mail Address</p> </td> <td> <input name=newemail type=text maxlength=100 size=25> <font color=orangered size=+1><TT><B></B></TT></font> </td> </tr> <tr valign=top> <td align=right> <p>Other Notes</p> </td> <td> <textarea wrap name=newnotes rows=5 cols=30></textarea> </td> </tr> <tr> <td align=right colspan=2> <hr noshade color=black> <input type=reset value="Reset Form"> <input type=submit name="submitok" value=" OK "> </td> </tr> </table> </form> </body> </html> <?php else: // Process signup submission hookUpDb('sessions'); if ($newid=="" or $newname=="" or $newemail=="") { error("One or more required fields were left blank.\\n". "Please fill them in and try again."); } // Check for existing user with the new id $sql = "SELECT COUNT(*) FROM user WHERE userid = '$newid'"; $result = mysql_query($sql); if (!$result) { error("A database error occurred in processing your ". "submission.\\nIf this error persists, please ". "contact soundboard@sbcglobal.net."); } if (mysql_result($result,0,0)>0) { error("A user already exists with your chosen userid.\\n". "Please try another."); } $newpass = substr(md5(time()),0,6); $sql = "INSERT INTO user SET userid = '$newid', password = PASSWORD('$newpass'), fullname = '$newname', email = '$newemail', notes = '$newnotes'"; if (!mysql_query($sql)) error("A database error occurred in processing your ". "submission.\\nIf this error persists, please ". "contact soundboard@sbcglobal.net."); // Email the new password to the person. $message = "G'Day! Your personal account for the SoundBoard Web Site has been created! To log in, click Login in the navigational panel. Your personal login ID and password are as follows: User ID: $newid Password: $newpass You aren't stuck with this password! You can change it at any time after you have logged in. If you have any problems, feel free to contact me at <soundboard@sbcglobal.net>. -Alex SoundBoard Webmaster "; mail($newemail,"Your Password for the Project Website", $message, "From:Alex <soundboard@sbcglobal.net>"); ?> <html> <head><title> Registration Complete </title></head> <body> <p><strong>User registration successful!</strong></p> <p>Your User ID and Password have been emailed to <strong><?=$newemail?></strong>, the email address you just provided in your registration form. To log in, click <a href="index.php">here</a> to return to the login page, and enter your new personal User ID and Password.</p> </body> </html> <?php endif; ?> 4th Page: code: <?php include("accesscontrol.php"); ?> <html> <head> <title> Members-Only Page </title> </head> <body> <p>Welcome, <?=$username?>! You have entered a members-only area of the site. Don't you feel special?</p> </body> </html>/ 5th Page (and last) code: <?php // db.php $dbhost = "localhost"; $dbuser = "root"; $dbpass = ""; function hookUpDb($db="sessions") { global $dbhost, $dbuser, $dbpass; $dbcnx = @mysql_connect($dbhost, $dbuser, $dbpass) or die("The site database appears to be down."); if ($db!="" and !@mysql_select_db($db)) die("The site database is unavailable."); return $dbcnx; } ?> I know the answer will probably be something really simple but oh well. And as you can see it supposed to always stay at one URL and never change. So any help would be greatly appreciated. Latez
butcher Paranoid (IV) Inmate From: New Jersey, USA Insane since: Oct 2000	posted 03-24-2002 00:23 What kind of error messages are you getting? And, are you sure your $dbuser and $dbpass in db.php are correct? -Butcher-
wazzupyo14 Obsessive-Compulsive (I) Inmate From: Insane since: Mar 2002	posted 03-24-2002 01:56 I get the error "A database error has occurred. If this problem persists blahblahblah" And there is no user id or password in the database yet. I'm just trying to get it to work with the signup part I haven't gotten that far yet. If thats not what you mean please clarify. Thanks for the help. Latez
wazzupyo14 Obsessive-Compulsive (I) Inmate From: Insane since: Mar 2002	posted 03-28-2002 01:40 Sorry I didn't understand exactly what you meant, I used root for the dbuser and left dbpass blank. Hope you can help. Latez
wazzupyo14 Obsessive-Compulsive (I) Inmate From: Insane since: Mar 2002	posted 04-02-2002 15:02 btw i have administrative access to mysql so i am able to use root for other things, so it should work Latez
GRUMBLE Paranoid (IV) Mad Scientist From: Omicron Persei 8 Insane since: Oct 2000	posted 04-02-2002 15:23 hmmm try removiing the "@" and see if you get a more detailed error message.
cycus Nervous Wreck (II) Inmate From: Insane since: Nov 2000	posted 04-02-2002 20:21 Hi, I am wondering where your PASSWORD() function is from? is it a custom function, it didn't show up when i searched the php.net docs. Anyway here is my guess, first i would run the $pwd variable through that function before you define $sql, like: $passwd = PASSWORD($pwd); $sql = "....=$passwd...." second, i am thinking that the PASSWORD() function is maybe generating a hash of the plain text passwd, in which case it would be submitting the hash for authorization, i think even and empty $pwd will still generate a hash, i could be wrong about that tho. another thought is you said your user table was empty? if that is true then maybe the if(!result) check is being tripped b/c mysql has no data to return. put an or die after the mysql_query(), that way you can see if the sql is working. $results = mysql_query($sql) or die ("the data query has failed!") -cycus
stinx Bipolar (III) Inmate From: London, UK Insane since: Apr 2002	posted 04-11-2002 16:23 PASSWORD() is an sql function that creates a hash of the password - you should find it in the mysql documentation. From what I can see of this code, the problem lies in hookUpDb and $dbcnx You specify the host, user and passwd as global, and return the connection id, but this won't work unless you at least assign the return value of hookUpDb to a global variable. (The code here just calls it as a sub and you have no connection to execute your sql on). I don't know if it will work by declaring $dbcnx as global inside hookUpDb, but it will work if you use $dbcnx = hookUpDb("sessions"); stinx.
Dark Phoenix Paranoid (IV) Inmate From: Harrow, Ontario, Canada Insane since: Feb 2002	posted 04-11-2002 16:33 First of all, I don't see a definition of Dbconnect in that list there, yet you call it first, then start sending the database messages. And I found that connections to a database don't seem to be global. When I was writing my database driven program, I tried moving all the code to an external function, then running database stuff. And I kept getting errors. I found that the errors are because for some reason, when you use a function, you have to reconnect inside the function. "No one's going to give you a map; you've got to walk your own path." - Hot Ice Hilda, Outlaw Star.
stinx Bipolar (III) Inmate From: London, UK Insane since: Apr 2002	posted 04-11-2002 16:39 Nah - you can use functions to open connections - I use an include'd function library all the time just to save typing the user and passwd so often (I'm lazy, so what?) What does break things is if you call mysql_close($dbcnx), as for some reason, it closes every connection you have open, not just the one specified by $dbcnx ! stinx.
wazzupyo14 Obsessive-Compulsive (I) Inmate From: Insane since: Mar 2002	posted 04-17-2002 05:38 Ok thanks for all your help! It led me to my conclusion "Take all the info I got here and recode some of it!" hehe just the db.php and this is what I came up with: code: <?php // db.php $Host = "localhost"; $Username = "root"; $Password = ""; $DBName = "sessions"; $TableName = "users"; $Link = mysql_connect ($Host, $Username, $Password); function hookUpDb($DBName) { global $Host, $Username, $Password; $TableName = "users"; $Link = mysql_connect ($Host, $Username, $Password); $Link or die("The site database appears to be down."); $Connect = mysql_select_db ($DBName); $Connect or die("The database resource is not available."); return $Link; } ?> Then I had to redo some of the variables on the other pages to match these and it finally worked! Well what do you think? Should I modify it or is it just fine the way it is? Opinions greatly accepted and thanks for the help! Latez [This message has been edited by wazzupyo14 (edited 04-17-2002).]

Topic awaiting preservation: User Authenticating PHP/MySQL (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=12136" title="Pages that link to Topic awaiting preservation: User Authenticating PHP/MySQL (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: User Authenticating PHP/MySQL <span class="small">(Page 1 of 1)</span>\$

wazzupyo14
Obsessive-Compulsive (I) Inmate

From:
Insane since: Mar 2002

posted 03-24-2002 00:10

Hey, I'm new here and I got this code that I'm trying to get to work to make a members section on my website. But I can't get it to work. It will never connect to the database which is MySQL. Heres the code if anyone can help that'd be great.
1st Page:

code:

<?php // accesscontrol.php



include("common.php");

include("db.php");



session_start();



if(!isset($uid)) {

  ?>

  <html>

  <head>

  <title> Please Log In for Access </title>

  </head>

  <body>

  <h1> Login Required </h1>

  <p>You must log in to access this area of the site. If you are

     not a registered user, <a href="signup.php">click here</a>

     to sign up for instant access!</p>

  <p><form method="post" action="<?=$PHP_SELF?>">

    User ID: <input type="text" name="uid" size="8"><br>

    Password: <input type="password" name="pwd" SIZE="8"><br>

    <input type="submit" value="Log in">

  </form></p>

  </body>

  </html>

  <?php

  exit;

}



session_register("uid");

session_register("pwd");



dbConnect("sessions");

$sql = "SELECT * FROM user WHERE

        userid = '$uid' AND password = PASSWORD('$pwd')";

$result = mysql_query($sql);

if (!$result) {

  error("A database error occurred while checking your ".

        "login details.\\nIf this error persists, please ".

        "contact soundboard@sbcglobal.net.");

}



if (mysql_num_rows($result) == 0) {

  session_unregister("uid");

  session_unregister("pwd");

  ?>

  <html>

  <head>

  <title> Access Denied </title>

  </head>

  <body>

  <h1> Access Denied </h1>

  <p>Your user ID or password is incorrect, or you are not a

     registered user on this site. To try logging in again, click

     <a href="<?=$PHP_SELF?>">here</a>. To register for instant

     access, click <a href="signup.php">here</a>.</p>

  </body>

  </html>

  <?php

  exit;

}



$username = mysql_result($result,0,"fullname");

?>

2nd Page:

code:

<?php // common.php



function error($msg) {

    ?>

    <html>

    <head>

    <script language="JavaScript">

    <!--

        alert("<?=$msg?>");

        history.back();

    //-->

    </script>

    </head>

    <body>

    </body>

    </html>

    <?

    exit;

}

?>

3rd Page:

code:

<?php // signup.php



include("common.php");

include("db.php");



if (!isset($submitok)):

    // Display the user signup form

    ?>



<html>

<head><title>New User Registration</title></head>

<body>



<h3>New User Registration Form</h3>

<p><font color=orangered size=+1><TT><B>*</B></TT></font>

   indicates a required field</p>

<form method=post action="<?=$PHP_SELF?>">

<table border=0 cellpadding=0 cellspacing=5>

    <tr>

        <td align=right>

            <p>User ID</p>

        </td>

        <td>

            <input name=newid type=text maxlength=100 size=25>

            <font color=orangered size=+1><TT><B>*</B></TT></font>

        </td>

    </tr>

    <tr>

        <td align=right>

            <p>Full Name</p>

        </td>

        <td>

            <input name=newname type=text maxlength=100 size=25>

            <font color=orangered size=+1><TT><B>*</B></TT></font>

        </td>

    </tr>

    <tr>

        <td align=right>

            <p>E-Mail Address</p>

        </td>

        <td>

            <input name=newemail type=text maxlength=100 size=25>

            <font color=orangered size=+1><TT><B>*</B></TT></font>

        </td>

    </tr>

    <tr valign=top>

        <td align=right>

            <p>Other Notes</p>

        </td>

        <td>

            <textarea wrap name=newnotes rows=5 cols=30></textarea>

        </td>

    </tr>

    <tr>

        <td align=right colspan=2>

            <hr noshade color=black>

            <input type=reset value="Reset Form">

            <input type=submit name="submitok" value="   OK   ">

        </td>

    </tr>

</table>

</form>



</body>

</html>



    <?php

else:

    // Process signup submission

    hookUpDb('sessions');



    if ($newid=="" or $newname=="" or $newemail=="") {

        error("One or more required fields were left blank.\\n".

              "Please fill them in and try again.");

    }

    

    // Check for existing user with the new id

    $sql = "SELECT COUNT(*) FROM user WHERE userid = '$newid'";

    $result = mysql_query($sql);

    if (!$result) {	

        error("A database error occurred in processing your ".

              "submission.\\nIf this error persists, please ".

              "contact soundboard@sbcglobal.net.");

    }

    if (mysql_result($result,0,0)>0) {

        error("A user already exists with your chosen userid.\\n".

              "Please try another.");

    }

    

    $newpass = substr(md5(time()),0,6);

    

    $sql = "INSERT INTO user SET

              userid = '$newid',

              password = PASSWORD('$newpass'),

              fullname = '$newname',

              email = '$newemail',

              notes = '$newnotes'";

    if (!mysql_query($sql))

        error("A database error occurred in processing your ".

              "submission.\\nIf this error persists, please ".

              "contact soundboard@sbcglobal.net.");

              

    // Email the new password to the person.

    $message = "G'Day!



Your personal account for the SoundBoard Web Site

has been created! To log in, click Login in the navigational panel.



Your personal login ID and password are as

follows:



    User ID: $newid

    Password: $newpass



You aren't stuck with this password! You can

change it at any time after you have logged in.



If you have any problems, feel free to contact me at

<soundboard@sbcglobal.net>.



-Alex

 SoundBoard Webmaster

";



    mail($newemail,"Your Password for the Project Website",

         $message, "From:Alex <soundboard@sbcglobal.net>");

         

    ?>

    <html>

    <head><title> Registration Complete </title></head>

    <body>

    <p><strong>User registration successful!</strong></p>

    <p>Your User ID and Password have been emailed to

       <strong><?=$newemail?></strong>, the email address

       you just provided in your registration form. To log in,

       click <a href="index.php">here</a> to return to the login

       page, and enter your new personal User ID and Password.</p>

    </body>

    </html>

    <?php

endif;

?>

4th Page:

code:

<?php include("accesscontrol.php"); ?>

<html>

<head>

<title> Members-Only Page </title>

</head>

<body>

<p>Welcome, <?=$username?>! You have entered a members-only area

   of the site. Don't you feel special?</p>

</body>

</html>/

5th Page (and last)

code:

<?php // db.php



$dbhost = "localhost";

$dbuser = "root";

$dbpass = "";



function hookUpDb($db="sessions") {

    global $dbhost, $dbuser, $dbpass;

    

    $dbcnx = @mysql_connect($dbhost, $dbuser, $dbpass)

        or die("The site database appears to be down.");



    if ($db!="" and !@mysql_select_db($db))

        die("The site database is unavailable.");

    

    return $dbcnx;

}

?>

I know the answer will probably be something really simple but oh well. And as you can see it supposed to always stay at one URL and never change. So any help would be greatly appreciated.

Latez

butcher
Paranoid (IV) Inmate

From: New Jersey, USA
Insane since: Oct 2000

posted 03-24-2002 00:23

What kind of error messages are you getting? And, are you sure your $dbuser and $dbpass in db.php are correct?

-Butcher-

wazzupyo14
Obsessive-Compulsive (I) Inmate

From:
Insane since: Mar 2002

posted 03-24-2002 01:56

I get the error "A database error has occurred. If this problem persists blahblahblah" And there is no user id or password in the database yet. I'm just trying to get it to work with the signup part I haven't gotten that far yet. If thats not what you mean please clarify. Thanks for the help.

Latez

wazzupyo14
Obsessive-Compulsive (I) Inmate

From:
Insane since: Mar 2002

posted 03-28-2002 01:40

Sorry I didn't understand exactly what you meant, I used root for the dbuser and left dbpass blank. Hope you can help.

Latez

wazzupyo14
Obsessive-Compulsive (I) Inmate

From:
Insane since: Mar 2002

posted 04-02-2002 15:02

btw i have administrative access to mysql so i am able to use root for other things, so it should work

Latez

GRUMBLE
Paranoid (IV) Mad Scientist

From: Omicron Persei 8
Insane since: Oct 2000

posted 04-02-2002 15:23

hmmm
try removiing the "@" and see if you get a more detailed error message.

cycus
Nervous Wreck (II) Inmate

From:
Insane since: Nov 2000

posted 04-02-2002 20:21

Hi, I am wondering where your PASSWORD() function is from? is it a custom function, it didn't show up when i searched the php.net docs.

Anyway here is my guess, first i would run the $pwd variable through that function before you define $sql, like:

$passwd = PASSWORD($pwd);

$sql = "....=$passwd...."

second, i am thinking that the PASSWORD() function is maybe generating a hash of the plain text passwd, in which case it would be submitting the hash for authorization, i think even and empty $pwd will still generate a hash, i could be wrong about that tho.

another thought is you said your user table was empty? if that is true then maybe the if(!result) check is being tripped b/c mysql has no data to return. put an or die after the mysql_query(), that way you can see if the sql is working.

$results = mysql_query($sql) or die ("the data query has failed!")

-cycus

stinx
Bipolar (III) Inmate

From: London, UK
Insane since: Apr 2002

posted 04-11-2002 16:23

PASSWORD() is an sql function that creates a hash of the password - you should find it in the mysql documentation.

From what I can see of this code, the problem lies in hookUpDb and $dbcnx

You specify the host, user and passwd as global, and return the connection id, but this won't work unless you at least assign the return value of hookUpDb to a global variable. (The code here just calls it as a sub and you have no connection to execute your sql on).

I don't know if it will work by declaring $dbcnx as global inside hookUpDb, but it will work if you use
$dbcnx = hookUpDb("sessions");

stinx.

Dark Phoenix
Paranoid (IV) Inmate

From: Harrow, Ontario, Canada
Insane since: Feb 2002

posted 04-11-2002 16:33

First of all, I don't see a definition of Dbconnect in that list there, yet you call it first, then start sending the database messages.

And I found that connections to a database don't seem to be global. When I was writing my database driven program, I tried moving all the code to an external function, then running database stuff. And I kept getting errors. I found that the errors are because for some reason, when you use a function, you have to reconnect inside the function.

"No one's going to give you a map; you've got to walk your own path." - Hot Ice Hilda, Outlaw Star.

stinx
Bipolar (III) Inmate

From: London, UK
Insane since: Apr 2002

posted 04-11-2002 16:39

Nah - you can use functions to open connections - I use an include'd function library all the time just to save typing the user and passwd so often (I'm lazy, so what?)

What does break things is if you call mysql_close($dbcnx), as for some reason, it closes *every* connection you have open, not just the one specified by $dbcnx !

stinx.

wazzupyo14
Obsessive-Compulsive (I) Inmate

From:
Insane since: Mar 2002

posted 04-17-2002 05:38

Ok thanks for all your help! It led me to my conclusion "Take all the info I got here and recode some of it!" hehe just the db.php and this is what I came up with:

code:

<?php // db.php



$Host = "localhost";

$Username = "root";

$Password = "";

$DBName = "sessions";

$TableName = "users";

$Link = mysql_connect ($Host, $Username, $Password);



function hookUpDb($DBName) {

    global $Host, $Username, $Password;

    $TableName = "users";

    $Link = mysql_connect ($Host, $Username, $Password);

    $Link

        or die("The site database appears to be down.");



    $Connect = mysql_select_db ($DBName);

    $Connect

	or die("The database resource is not available.");

    

    return $Link;

}

?>

Then I had to redo some of the variables on the other pages to match these and it finally worked! Well what do you think? Should I modify it or is it just fine the way it is? Opinions greatly accepted and thanks for the help!

Latez

[This message has been edited by wazzupyo14 (edited 04-17-2002).]