www.webdeveloper.com
Results 1 to 4 of 4

Thread: [RESOLVED] Reading and validating user from SQL database table.

Hybrid View

  1. #1
    Join Date
    Mar 2007
    Location
    Las Vegas, NV
    Posts
    45

    resolved [RESOLVED] Reading and validating user from SQL database table.

    Hello, I've been pulling my hair!!!! I've done this with a site that's online and works and pretty much copy/pasted that code into this application; and yes I've changed the variable/field names of the involved tables and files. However, it's not working... If you could please look and see if I'm missing something really stupid!

    Thank You,
    Barrie

    Edit: I've echo'ed $techno and it's being passed correctly and is in the 'user' table. I'm running Ubuntu 8.04 / Apache 2.2.8 / PHP 5.2.4

    PHP Code:
    <?php
    session_start
    ();

    echo 
    "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">";
    echo 
    "<html>";

    echo 
    "<head>";
    echo 
    "<title>Password Check</title>";
    echo 
    "<meta http-equiv=\"content-type\" content=\"text/html; charset=iso-8859-1\" />";
    echo 
    "<meta name=\"generator\" content=\"Emacs\"/>";
    echo 
    "</head>";

    echo 
    "<body>";

    /*          We have a techno.

    */
    $techno $_POST['techno'];

    /*          Connect to the database and open the tables

    */

    $hostname="xxxxxxxxxx";
    $username="xxxxxxxxxx";
    $password="xxxxxxxxxx";
    $dbname="xxxxxxxxxx";

    mysql_connect($hostname$username$password) OR DIE ("Unable to connect to database! Please try again later.");

    mysql_select_db($dbname);

    /*          Get the user data

    */
    $sql "SELECT * FROM users WHERE techno = '$techno'";
    $result mysql_query($sql);

    while(
    $row mysql_fetch_row($result)) {
        
    $ndx $row[0];
        
    $name $row[1];
        
    $pword $row[2];
        
    $techno $row[3];
        }

    /*          Close the database connection

    */
    $sql mysql_close();    

    /*          Check if registered user; i.e. if $name is "" then no user found.

    */
        
    if ($name == "") {
          include 
    'badpass.php';
          exit();
          }

    /*           User is valid, save the techno
    */
    $_SESSION['techno'] = $techno;

    include 
    'index-go.html';

    echo 
    "</body>";
    echo 
    "</html>";
    exit();
    ?>
    Last edited by BarrieHie; 12-14-2008 at 12:02 PM. Reason: More info.

  2. #2
    Join Date
    Jun 2003
    Location
    here
    Posts
    4,551
    Hmn, try this:
    PHP Code:
    <?php
    session_start
    (); 
    define('DEBUG'TRUE);

    echo <<<MYHTML
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
    <html>
    <head>
      <title>Password Check</title>
      <meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
      <meta name="generator" content="Emacs">
    </head>
    <body>
    MYHTML;

    if(
    DEBUG)
      echo 
    "<pre>";

    if(isset(
    $_POST['techno'])){// submitted info

      
    $techno $_POST['techno']; 

      if(
    DEBUG)
         echo 
    "techno submited: {$techno}\n\n";

      
    $hostname="xxxxxxxxxx";
      
    $username="xxxxxxxxxx";
      
    $password="xxxxxxxxxx";
      
    $dbname="xxxxxxxxxx";
      
    mysql_connect($hostname$username$password) OR
                die(
    "Unable to connect to database! Please try again later.");
      
    mysql_select_db($dbname);
      
    $sql "SELECT * FROM `users` WHERE `techno`='{$techno}'";
      
    $result mysql_query($sql); 
      if(
    DEBUG)
         print 
    "\nQUERY: \n" && var_dump($sqlmysql_error());
      if(
    mysql_num_rows($result)){// one or more rows
        
    while($row mysql_fetch_row($result)) {
           
    $ndx $row[0];
           
    $name $row[1];
           
    $pword $row[2];
           
    $techno $row[3];
           if(
    DEBUG)
             print 
    "\nA ROW: \n" && var_dump($row);
        }
        
    $_SESSION['techno'] = $techno;
        include 
    'index-go.html'
      }else{
         include 
    'badpass.php';
      }
      
    mysql_close();
    }

    if(
    DEBUG)
      echo 
    "</pre>";

    echo 
    "</body>
    </html>"
    ;
    exit;
    It's not very different, I've just added some debug, which should be helpful (just edit the define of debug when you have found your probelm by setting it to FALSE for off).
    If you are using PHP please use the [PHP] and [/PHP] forum tags for highlighting...
    The same applies to HTML and the forums [HTML][/HTML] tags.

  3. #3
    Join Date
    Mar 2007
    Location
    Las Vegas, NV
    Posts
    45
    Thank you Scragar! This is most puzzling... I added a line in the query loop where it would print out the variables and the code is reading the user table and then it all falls to s*** on the test for a NULL user name. This app. isn't a security issue of any kind but this check precludes the tech.'s from entering a typo when they update their customer records. That could be a mess later...

    I'll give it a break for a bit...

    Barrie

    Edit: I even changed the query to SELECT * FROM users and setting a flag when the variables matched, still no go!
    Last edited by BarrieHie; 12-14-2008 at 03:07 PM. Reason: Addendum
    Debian lenny

  4. #4
    Join Date
    Mar 2007
    Location
    Las Vegas, NV
    Posts
    45
    Gottit! I had the field type set to TEXT and my techno had no.'s in it.

    Barrie
    Debian lenny

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles