I got a simple error in my code... just can't pin point it.


#1

Here is my code:

[code]<?
include(“inc/connect_db.inc.php”);
if ($submit == “Login”){
$query=“SELECT * FROM users WHERE username=$username”;
$mysql_stuff = mysql_query($query, $mysql_link);
while($roc = mysql_fetch_row($mysql_stuff)){
$realpass=PASSWORD($roc[2]);
if ($pass == $realpass){
print("“);
}
}
} else {
print(”

Login Username:
Password:
"); } ?>[/code]

And the error I get, is

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/virtual/site94/fst/var/www/html/logintest/login.php on line 6

the one I’ve seen many times (I take PHP in college) but I can’t remember what I did to remedy it. Any help?


#2

By the way, I’m aware my script isn’t very secure, but I’m only testing my password getting ability.

I had some spare time and started writing a username/password or a login script and I plan on building it. Call this 1.0 if you will.

:)

#3

Try removing “, $mysql_link”

If you are connected, and have seleced a db then you shouldnt need that.


#4

I tried it, but it still gives me the line 6 error.


#5

You forgot to put the " around the $username.

$query=“SELECT * FROM users WHERE username=”$username";";


#6

You can use ''s inside of ""s


#7

Quick question then,

The way I have my script I don’t believe it is getting the password out of the database properly. I stored it in the DB using PASSWORD(‘variable’);
but what do you use to get it and compare the non encrypted password with what they typed? The way I have it now, I think is not working.

Thanks for all the help.


#8

if you have encrypted the password already, you’re encrypting it again when you pull it from the db.

So, just pull it normal, encrypt the one they just typed, and compare those.

The change in your code would be (I think, if I understand you):

while($roc = mysql_fetch_row($mysql_stuff)){ $realpass=$roc[2]; if (PASSWORD($pass) == $realpass){ ......


#9

My php teacher quickly told me to use PASSWORD(‘variable’); to encrypt a password, but this is not going into the database (what they typed)… so how do I do a encrypte on a variable?
I tried password(’$pass’); but it gave me a fatal error.
Yeah! haha

EDIT: thanks for that script


#10

Hrm, I’m not getting this to work.
Here is my URL:
http://www.joystickadventures.com/logintest/login.php

The username and password in the DB is matt/123 but it isn’t reconizing something.

Here is my code:

[code]<?
include(“inc/connect_db.inc.php”);
if ($submit == “Login”){
$query=“SELECT * FROM users WHERE username=’$username’”;
$mysql_stuff = mysql_query($query);
while($roc = mysql_fetch_row($mysql_stuff)){
$realpass=$roc[2];
if (PASSWORD(’$pass’) == $realpass){
print("
Login Successful

“);
}
}
} else {
print(”

Login Username:
Password:
"); } ?> [/code]

EDIT: Updated my code (stupid mistakes on my behalf) but I’m getting that password error again on line 8.


#11

because the password isnt $pass

its stored in $pass but not $pass itself, remove the singles ''s


#12

So, wait, I think I misunderstood…

Your DB has value 123 as password? That’s unencrypted. So you would either need to encrypt it when you add to DB or, for testing purposes take out the whoe password() function altogether.

When you’re testing, just do a little display:

[code]<?
include(“inc/connect_db.inc.php”);
if ($submit == “Login”){
$query=“SELECT * FROM users WHERE username=’$username’”;
$mysql_stuff = mysql_query($query);
while($roc = mysql_fetch_row($mysql_stuff)){
$realpass=$roc[2];

  // here's a little test display
  echo "Password: $realpass<br>";
  echo "Entered: $pass<br>";
  //

     if ($pass == $realpass){
        print("<HTML><HEAD>
        <TITLE>Login Successful</TITLE></HEAD>
        <BODY><script language="javascript">
     ....etc....[/code]

This way you can see what’s actually going on. If you want to use the PASSWORD() function you need to encrypt the value in the db. There’s no use in encrypting the entered password if the DB password isn’t - the values won’t match up.


#13

Here is my updated code yet again, but I get an error. Sorry for not being perfectly clear but my PW in the DB is encrypted.

[code]<?
include(“inc/connect_db.inc.php”);
if ($submit == “Login”){
$query=“SELECT * FROM users WHERE username=’$username’”;
$mysql_stuff = mysql_query($query);
while($roc = mysql_fetch_row($mysql_stuff)){
$realpass=$roc[2];
echo “Password: $realpass
”;
echo “Entered: $pass
”;
if (PASSWORD($pass) == $realpass){
print("Login Successful
“);
}
}
} else {
print(”

Login Username:
Password:
"); } ?>[/code]

When I do this, I get an error message that says, well here is my output:

[i]Password: 773359240eb9a1d9
Entered: 123

Fatal error: Call to undefined function: password() in /home/virtual/site94/fst/var/www/html/logintest/login.php on line 10[/i]

That’s all that gets displayed. It says the password function is undefined.[/i]


#14

My bad. try this $realpass=$roc[2]; echo "Password: $realpass<br>"; echo "Entered: " . crypt($pass) . "<br>"; if (crypt($pass, $realpass) == $realpass){

That may or may not work. How are the passwords being encrypted in the Database?


#15

with the PASSWORD() function… but I only have one in there and it is from me inputting it through phpmyadmin… i put the Password function on that field.

Anyways, the password in the database is 123 but it is encrypted so it’s what shows in the last post I made.

EDIT: with crypt($pass), i get this:

Password: 773359240eb9a1d9
Entered: $1$eYiyou20$R9DdL14dLymbSuUIYz9t40

Maybe I should redo the password in my DB and crypt it instead of using password on it?

EDIT again: Hey I found that with crypt everytime you refresh or enter a new input into the password box, it changes itself. It doesn’t remain constant so that doesn’t work for password checking.


#16

The salt changes every time you refresh. If you crypt your password before you enter it into the DB (as a varchar, not password) and use theif(crypt($entered_password, $DB_password) == $DB_password)) {
it will use the same salt and should work.

Even easier is md5()

When you insert the password into the DB, enter it as md5($password)

Then when you check, just do aif(md5($entered_password) == $DB_password)) {

and you don’t have to worry about salt or anything. md5 is the same every time. I’ve hashed a 200 character string, and changed case on one character and md5 will still come up with a completely different hash.

It’s easy to use, and if you don’t plan on unencrypting it, works well for what you’re doing. (IMHO)


#17

Great man, it works nicely. I added a couple of if’s and such to test a couple of different inputs that the user could do.
Yet, I am missing one and I’m not sure exactly how I would go about doing it.
Say, the user inputs the username Brian and that doesn’t exist in the database, right now it just refreshs itself and does nothing (because I havent told it to do anything) but I want my script to check and if the username is not in existance (right now I only have 1 in my DB) that it will refresh itself and display a message, similar to if the password is wrong.

I believe that is the last thing I need to cover for my script to be pretty solid.
Check it out. Pretty much complete:
http://www.joystickadventures.com/logintest/login.php
username: matt
password: 123

So, I just need to check the DB to see if the username is there, if its not then display an error message. I’m sure it’s easy and I’m just overlooking how to do it.
Thanks man.

Tell me any other suggestions you may have from the link which has my script in working order.

EDIT: oh yeah, how does one display my viewposts.php page in oldest last fashion. I think it is DESC or something but I can’t remember.


#18

[code]<?
include(“inc/connect_db.inc.php”);
if ($submit == “Login”){
$query=“SELECT * FROM users WHERE username=’$username’”;
$mysql_stuff = mysql_query($query);
if(mysql_num_rows($mysql_stuff) < 1) {
// do stuff for new user
echo “New user, please resgister or whatnot
”;
die();
}

[/code]


#19

Hrm. Sorry if I was unclear.

What I need is something more along the lines of if someone logins with the username Brian, and there is no Brian in the database, then it will prompt the error.

Like user not found, or something…

Sorry for the confusion


#20

The text was an example, you can put anything you want there.