Closed Thread Icon

Topic awaiting preservation: User Authenticating PHP/MySQL (Page 1 of 1) Pages that link to <a href="https://ozoneasylum.com/backlink?for=12136" title="Pages that link to Topic awaiting preservation: User Authenticating PHP/MySQL (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: User Authenticating PHP/MySQL <span class="small">(Page 1 of 1)</span>\

 
wazzupyo14
Obsessive-Compulsive (I) Inmate

From:
Insane since: Mar 2002

posted posted 03-24-2002 00:10

Hey, I'm new here and I got this code that I'm trying to get to work to make a members section on my website. But I can't get it to work. It will never connect to the database which is MySQL. Heres the code if anyone can help that'd be great.
1st Page:

code:
<?php // accesscontrol.php

include("common.php");
include("db.php");

session_start();

if(!isset($uid)) {
?>
<html>
<head>
<title> Please Log In for Access </title>
</head>
<body>
<h1> Login Required </h1>
<p>You must log in to access this area of the site. If you are
not a registered user, <a href="signup.php">click here</a>
to sign up for instant access!</p>
<p><form method="post" action="<?=$PHP_SELF?>">
User ID: <input type="text" name="uid" size="8"><br>
Password: <input type="password" name="pwd" SIZE="8"><br>
<input type="submit" value="Log in">
</form></p>
</body>
</html>
<?php
exit;
}

session_register("uid");
session_register("pwd");

dbConnect("sessions");
$sql = "SELECT * FROM user WHERE
userid = '$uid' AND password = PASSWORD('$pwd')";
$result = mysql_query($sql);
if (!$result) {
error("A database error occurred while checking your ".
"login details.\\nIf this error persists, please ".
"contact soundboard@sbcglobal.net.");
}

if (mysql_num_rows($result) == 0) {
session_unregister("uid");
session_unregister("pwd");
?>
<html>
<head>
<title> Access Denied </title>
</head>
<body>
<h1> Access Denied </h1>
<p>Your user ID or password is incorrect, or you are not a
registered user on this site. To try logging in again, click
<a href="<?=$PHP_SELF?>">here</a>. To register for instant
access, click <a href="signup.php">here</a>.</p>
</body>
</html>
<?php
exit;
}

$username = mysql_result($result,0,"fullname");
?>


2nd Page:

code:
<?php // common.php

function error($msg) {
?>
<html>
<head>
<script language="JavaScript">
<!--
alert("<?=$msg?>");
history.back();
//-->
</script>
</head>
<body>
</body>
</html>
<?
exit;
}
?>


3rd Page:

code:
<?php // signup.php

include("common.php");
include("db.php");

if (!isset($submitok)):
// Display the user signup form
?>

<html>
<head><title>New User Registration</title></head>
<body>

<h3>New User Registration Form</h3>
<p><font color=orangered size=+1><TT><B>*</B></TT></font>
indicates a required field</p>
<form method=post action="<?=$PHP_SELF?>">
<table border=0 cellpadding=0 cellspacing=5>
<tr>
<td align=right>
<p>User ID</p>
</td>
<td>
<input name=newid type=text maxlength=100 size=25>
<font color=orangered size=+1><TT><B>*</B></TT></font>
</td>
</tr>
<tr>
<td align=right>
<p>Full Name</p>
</td>
<td>
<input name=newname type=text maxlength=100 size=25>
<font color=orangered size=+1><TT><B>*</B></TT></font>
</td>
</tr>
<tr>
<td align=right>
<p>E-Mail Address</p>
</td>
<td>
<input name=newemail type=text maxlength=100 size=25>
<font color=orangered size=+1><TT><B>*</B></TT></font>
</td>
</tr>
<tr valign=top>
<td align=right>
<p>Other Notes</p>
</td>
<td>
<textarea wrap name=newnotes rows=5 cols=30></textarea>
</td>
</tr>
<tr>
<td align=right colspan=2>
<hr noshade color=black>
<input type=reset value="Reset Form">
<input type=submit name="submitok" value=" OK ">
</td>
</tr>
</table>
</form>

</body>
</html>

<?php
else:
// Process signup submission
hookUpDb('sessions');

if ($newid=="" or $newname=="" or $newemail=="") {
error("One or more required fields were left blank.\\n".
"Please fill them in and try again.");
}

// Check for existing user with the new id
$sql = "SELECT COUNT(*) FROM user WHERE userid = '$newid'";
$result = mysql_query($sql);
if (!$result) {
error("A database error occurred in processing your ".
"submission.\\nIf this error persists, please ".
"contact soundboard@sbcglobal.net.");
}
if (mysql_result($result,0,0)>0) {
error("A user already exists with your chosen userid.\\n".
"Please try another.");
}

$newpass = substr(md5(time()),0,6);

$sql = "INSERT INTO user SET
userid = '$newid',
password = PASSWORD('$newpass'),
fullname = '$newname',
email = '$newemail',
notes = '$newnotes'";
if (!mysql_query($sql))
error("A database error occurred in processing your ".
"submission.\\nIf this error persists, please ".
"contact soundboard@sbcglobal.net.");

// Email the new password to the person.
$message = "G'Day!

Your personal account for the SoundBoard Web Site
has been created! To log in, click Login in the navigational panel.

Your personal login ID and password are as
follows:

User ID: $newid
Password: $newpass

You aren't stuck with this password! You can
change it at any time after you have logged in.

If you have any problems, feel free to contact me at
<soundboard@sbcglobal.net>.

-Alex
SoundBoard Webmaster
";

mail($newemail,"Your Password for the Project Website",
$message, "From:Alex <soundboard@sbcglobal.net>");

?>
<html>
<head><title> Registration Complete </title></head>
<body>
<p><strong>User registration successful!</strong></p>
<p>Your User ID and Password have been emailed to
<strong><?=$newemail?></strong>, the email address
you just provided in your registration form. To log in,
click <a href="index.php">here</a> to return to the login
page, and enter your new personal User ID and Password.</p>
</body>
</html>
<?php
endif;
?>


4th Page:

code:
<?php include("accesscontrol.php"); ?>
<html>
<head>
<title> Members-Only Page </title>
</head>
<body>
<p>Welcome, <?=$username?>! You have entered a members-only area
of the site. Don't you feel special?</p>
</body>
</html>/


5th Page (and last)

code:
<?php // db.php

$dbhost = "localhost";
$dbuser = "root";
$dbpass = "";

function hookUpDb($db="sessions") {
global $dbhost, $dbuser, $dbpass;

$dbcnx = @mysql_connect($dbhost, $dbuser, $dbpass)
or die("The site database appears to be down.");

if ($db!="" and !@mysql_select_db($db))
die("The site database is unavailable.");

return $dbcnx;
}
?>



I know the answer will probably be something really simple but oh well. And as you can see it supposed to always stay at one URL and never change. So any help would be greatly appreciated.

Latez

butcher
Paranoid (IV) Inmate

From: New Jersey, USA
Insane since: Oct 2000

posted posted 03-24-2002 00:23

What kind of error messages are you getting? And, are you sure your $dbuser and $dbpass in db.php are correct?

-Butcher-

wazzupyo14
Obsessive-Compulsive (I) Inmate

From:
Insane since: Mar 2002

posted posted 03-24-2002 01:56

I get the error "A database error has occurred. If this problem persists blahblahblah" And there is no user id or password in the database yet. I'm just trying to get it to work with the signup part I haven't gotten that far yet. If thats not what you mean please clarify. Thanks for the help.

Latez

wazzupyo14
Obsessive-Compulsive (I) Inmate

From:
Insane since: Mar 2002

posted posted 03-28-2002 01:40

Sorry I didn't understand exactly what you meant, I used root for the dbuser and left dbpass blank. Hope you can help.

Latez

wazzupyo14
Obsessive-Compulsive (I) Inmate

From:
Insane since: Mar 2002

posted posted 04-02-2002 15:02

btw i have administrative access to mysql so i am able to use root for other things, so it should work

Latez

GRUMBLE
Paranoid (IV) Mad Scientist

From: Omicron Persei 8
Insane since: Oct 2000

posted posted 04-02-2002 15:23

hmmm
try removiing the "@" and see if you get a more detailed error message.

cycus
Nervous Wreck (II) Inmate

From:
Insane since: Nov 2000

posted posted 04-02-2002 20:21

Hi, I am wondering where your PASSWORD() function is from? is it a custom function, it didn't show up when i searched the php.net docs.

Anyway here is my guess, first i would run the $pwd variable through that function before you define $sql, like:

$passwd = PASSWORD($pwd);

$sql = "....=$passwd...."

second, i am thinking that the PASSWORD() function is maybe generating a hash of the plain text passwd, in which case it would be submitting the hash for authorization, i think even and empty $pwd will still generate a hash, i could be wrong about that tho.

another thought is you said your user table was empty? if that is true then maybe the if(!result) check is being tripped b/c mysql has no data to return. put an or die after the mysql_query(), that way you can see if the sql is working.

$results = mysql_query($sql) or die ("the data query has failed!")


-cycus

stinx
Bipolar (III) Inmate

From: London, UK
Insane since: Apr 2002

posted posted 04-11-2002 16:23

PASSWORD() is an sql function that creates a hash of the password - you should find it in the mysql documentation.

From what I can see of this code, the problem lies in hookUpDb and $dbcnx

You specify the host, user and passwd as global, and return the connection id, but this won't work unless you at least assign the return value of hookUpDb to a global variable. (The code here just calls it as a sub and you have no connection to execute your sql on).

I don't know if it will work by declaring $dbcnx as global inside hookUpDb, but it will work if you use
$dbcnx = hookUpDb("sessions");

stinx.


Dark Phoenix
Paranoid (IV) Inmate

From: Harrow, Ontario, Canada
Insane since: Feb 2002

posted posted 04-11-2002 16:33

First of all, I don't see a definition of Dbconnect in that list there, yet you call it first, then start sending the database messages.

And I found that connections to a database don't seem to be global. When I was writing my database driven program, I tried moving all the code to an external function, then running database stuff. And I kept getting errors. I found that the errors are because for some reason, when you use a function, you have to reconnect inside the function.

"No one's going to give you a map; you've got to walk your own path." - Hot Ice Hilda, Outlaw Star.

stinx
Bipolar (III) Inmate

From: London, UK
Insane since: Apr 2002

posted posted 04-11-2002 16:39

Nah - you can use functions to open connections - I use an include'd function library all the time just to save typing the user and passwd so often (I'm lazy, so what?)

What does break things is if you call mysql_close($dbcnx), as for some reason, it closes *every* connection you have open, not just the one specified by $dbcnx !

stinx.


wazzupyo14
Obsessive-Compulsive (I) Inmate

From:
Insane since: Mar 2002

posted posted 04-17-2002 05:38

Ok thanks for all your help! It led me to my conclusion "Take all the info I got here and recode some of it!" hehe just the db.php and this is what I came up with:

code:
<?php // db.php

$Host = "localhost";
$Username = "root";
$Password = "";
$DBName = "sessions";
$TableName = "users";
$Link = mysql_connect ($Host, $Username, $Password);

function hookUpDb($DBName) {
global $Host, $Username, $Password;
$TableName = "users";
$Link = mysql_connect ($Host, $Username, $Password);
$Link
or die("The site database appears to be down.");

$Connect = mysql_select_db ($DBName);
$Connect
or die("The database resource is not available.");

return $Link;
}
?>



Then I had to redo some of the variables on the other pages to match these and it finally worked! Well what do you think? Should I modify it or is it just fine the way it is? Opinions greatly accepted and thanks for the help!

Latez

[This message has been edited by wazzupyo14 (edited 04-17-2002).]

« BackwardsOnwards »

Show Forum Drop Down Menu