I got a simple error in my code... just can't pin point it.

[kerek]

Here is my code:

Code: [Select]

<?
include("inc/connect_db.inc.php");
if ($submit == "Login"){
$query="SELECT * FROM users WHERE username=$username";
$mysql_stuff = mysql_query($query, $mysql_link);
while($roc = mysql_fetch_row($mysql_stuff)){
             $realpass=PASSWORD($roc[2]);
if ($pass == $realpass){
print("<script language="javascript">
<!--
location.replace("http://www.joystickadventures.com/logintest/login-s.php");
-->
</script>");
}
}
} else {
print("<HTML>
<HEAD>
<TITLE>Login</TITLE>
</HEAD>
<BODY>
<FORM ACTION ="login.php" method="POST">
Username: <input type="text" name="username[]" value="$username"><BR/>
Password: <input type="password" name="password[]" value="$pass"><BR/>
<input type="submit" name="submit" value="Login">
</FORM>
</BODY>
</HTML>
");
}
?>


And the error I get, is

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/virtual/site94/fst/var/www/html/logintest/login.php on line 6

the one I've seen many times (I take PHP in college) but I can't remember what I did to remedy it. Any help?

[kerek]

By the way, I'm aware my script isn't very secure, but I'm only testing my password getting ability.

I had some spare time and started writing a username/password or a login script and I plan on building it. Call this 1.0 if you will.

[Acecool]

Try removing ", $mysql_link"

If you are connected, and have seleced a db then you shouldnt need that.

[kerek]

I tried it, but it still gives me the line 6 error.

[lig]

You forgot to put the " around the $username.

$query="SELECT * FROM users WHERE username="$username";";

[Acecool]

You can use ''s inside of ""s

[kerek]

Quick question then,

The way I have my script I don't believe it is getting the password out of the database properly. I stored it in the DB using PASSWORD('variable');
but what do you use to get it and compare the non encrypted password with what they typed? The way I have it now, I think is not working.

Thanks for all the help.

[ManiacalV]

if you have encrypted the password already, you're encrypting it again when you pull it from the db.

So, just pull it normal, encrypt the one they just typed, and compare those.

The change in your code would be (I think, if I understand you):

Code: [Select]

while($roc = mysql_fetch_row($mysql_stuff)){
             $realpass=$roc[2];
         if (PASSWORD($pass) == $realpass){
......

[kerek]

My php teacher quickly told me to use PASSWORD('variable'); to encrypt  a password, but this is not going into the database (what they typed)... so how do I do a encrypte on a variable?
I tried password('$pass'); but it gave me a fatal error.
Yeah! haha

EDIT: thanks for that script

[kerek]

Hrm, I'm not getting this to work.
Here is my URL:
http://www.joystickadventures.com/logintest/login.php

The username and password in the DB is matt/123 but it isn't reconizing something.

Here is my code:

Code: [Select]

<?
include("inc/connect_db.inc.php");
if ($submit == "Login"){
$query="SELECT * FROM users WHERE username='$username'";
$mysql_stuff = mysql_query($query);
while($roc = mysql_fetch_row($mysql_stuff)){
$realpass=$roc[2];
if (PASSWORD('$pass') == $realpass){
print("<HTML><HEAD>
<TITLE>Login Successful</TITLE></HEAD>
<BODY><script language="javascript">
<!--
location.replace("http://www.joystickadventures.com/logintest/login-s.php");
-->
</script></BODY>
</HTML>");
}
}
} else {
print("<HTML>
<HEAD>
<TITLE>Login</TITLE>
</HEAD>
<BODY>
<FORM ACTION ="login.php" method="GET">
Username: <input type="text" name="username" value="$username"><BR/>
Password: <input type="password" name="pass" value="$pass"><BR/>
<input type="submit" name="submit" value="Login">
</FORM>
</BODY>
</HTML>
");
}
?>


EDIT: Updated my code (stupid mistakes on my behalf) but I'm getting that password error again on line 8.

[Acecool]

because the password isnt $pass

its stored in $pass but not $pass itself, remove the singles ''s

[ManiacalV]

So, wait, I think I misunderstood...

Your DB has value 123 as password? That's unencrypted. So you would either need to encrypt it when you add to DB or, for testing purposes take out the whoe password() function altogether.

When you're testing, just do a little display:

Code: [Select]

<?
include("inc/connect_db.inc.php");
if ($submit == "Login"){
   $query="SELECT * FROM users WHERE username='$username'";
   $mysql_stuff = mysql_query($query);
   while($roc = mysql_fetch_row($mysql_stuff)){
      $realpass=$roc[2];

      // here's a little test display
      echo "Password: $realpass<br>";
      echo "Entered: $pass<br>";
      //

         if ($pass == $realpass){
            print("<HTML><HEAD>
            <TITLE>Login Successful</TITLE></HEAD>
            <BODY><script language="javascript">
         ....etc....
This way you can see what's actually going on. If you want to use the PASSWORD() function you need to encrypt the value in the db.  There's no use in encrypting the entered password if the DB password isn't - the values won't match up.

[kerek]

Here is my updated code yet again, but I get an error. Sorry for not being perfectly clear but my PW in the DB is encrypted.

Code: [Select]

<?
include("inc/connect_db.inc.php");
if ($submit == "Login"){
$query="SELECT * FROM users WHERE username='$username'";
$mysql_stuff = mysql_query($query);
while($roc = mysql_fetch_row($mysql_stuff)){
$realpass=$roc[2];
echo "Password: $realpass<br>";
      echo "Entered: $pass<br>";
if (PASSWORD($pass) == $realpass){
print("<HTML><HEAD><TITLE>Login Successful</TITLE></HEAD><BODY><script language="javascript">
<!--
location.replace("http://www.joystickadventures.com/logintest/login-s.php");
-->
</script></BODY>
</HTML>");
}
}
} else {
print("<HTML>
<HEAD>
<TITLE>Login</TITLE>
</HEAD>
<BODY>
<FORM ACTION ="login.php" method="GET">
Username: <input type="text" name="username" value="$username"><BR/>
Password: <input type="password" name="pass" value="$pass"><BR/>
<input type="submit" name="submit" value="Login">
</FORM>
</BODY>
</HTML>
");
}
?>

When I do this, I get an error message that says, well here is my output:

Password: 773359240eb9a1d9
Entered: 123

Fatal error: Call to undefined function: password() in /home/virtual/site94/fst/var/www/html/logintest/login.php on line 10


That's all that gets displayed. It says the password function is undefined.[/i]

[ManiacalV]

My bad. try this

Code: [Select]

     $realpass=$roc[2];
      echo "Password: $realpass<br>";
      echo "Entered: " . crypt($pass) . "<br>";
         if (crypt($pass, $realpass) == $realpass){

That may or may not work. How are the passwords being encrypted in the Database?

[kerek]

with the PASSWORD() function... but I only have one in there and it is from me inputting it through phpmyadmin... i put the Password function on that field.

Anyways, the password in the database is 123 but it is encrypted so it's what shows in the last post I made.


EDIT: with crypt($pass), i get this:

Password: 773359240eb9a1d9
Entered: $1$eYiyou20$R9DdL14dLymbSuUIYz9t40

Maybe I should redo the password in my DB and crypt it instead of using password on it?

EDIT again: Hey I found that with crypt everytime you refresh or enter a new input into the password box, it changes itself. It doesn't remain constant so that doesn't work for password checking.