...

View Full Version : function not working



karthikanov24
10-13-2009, 10:34 AM
hi
the PASSWORD( ) used in the following code, is used to take the newly added password from user to database



function addUser()
{
$userName = $_POST['txtUserName'];
$password = $_POST['txtPassword'];

// check if the username is taken
$sql = "SELECT user_name
FROM tbl_user
WHERE user_name = '$userName'";
$result = dbQuery($sql);

if (dbNumRows($result) == 1) {
header('Location: index.php?view=add&error=' . urlencode('Username already taken. Choose another one'));
} else {
$sql = "INSERT INTO tbl_user (user_name, user_password, user_regdate)
VALUES ('$userName',PASSWORD('$password'), NOW())";

dbQuery($sql);
header('Location: index.php');
}
}


But here in the admin login code as follow,the PASSWORD( ) is not working. If a call is made to this funtion it shows error as:UNDEFINED FUNCTION PASSWORD( )


function doLogin()
{

$userName = $_POST['txtUserName'];
$password=$_POST['txtPassword'];


// first, make sure the username & password are not empty
if ($userName == '') {
$errorMessage = 'You must enter your username';
} else if ($password == '') {
$errorMessage = 'You must enter the password';
} else {
// check the database and see if the username and password combo do match
$sql = "SELECT user_id
FROM tbl_user
WHERE user_name = '$userName' AND user_password =PASSWORD('$password')";

$result = dbQuery($sql);


what is the correct codes.....?


Thanks
karthikanov24

abduraooft
10-13-2009, 10:36 AM
I think you need sha1() or md5() there .

Sergey Popov
10-13-2009, 10:42 AM
I always use PHP's md5() function in the INSERT query and in the SELECT, rather than sql's PASSWORD().

karthikanov24
10-13-2009, 11:23 AM
hi
I tried md5() and sha1()

but it still remains in the login screen showing "wrongly entered password"

IT works only when going to database directly and change the password value say 'admin' ...and removing PASSWORD() in select statement...

Could you give me the solution, please......



thanks
karthikanov24

SystemJay
10-13-2009, 06:13 PM
Here's some things that I use, just writing for the fun of it =)

You could use if(empty(variable)) instead of $username == ''.
http://fi2.php.net/empty I find this function useful in my logins.

In login you could see that if there are rows returned, login is valid.
example: (the same idea that you have in the addUser() function.)


$sql_query=your query;
$result_query=mysql_query($sql_query);
$count_rows=mysql_num_rows($result_query);
if($count_rows > 1) { // db has a match, login is valid
}
else { //db does not have match, wrong login
}


..snip... Edited rest out cause it was useless and i was tired :p
Didnt help much after all to your problem hehe.

mark102191
12-21-2011, 01:07 AM
function doLogin()
{
// if we found an error save the error message in this variable
$errorMessage = '';

$userName = $_POST['txtUserName'];
$password = $_POST['txtPassword'];
$encrypt_password=md5($password);

$userName = stripslashes($userName);
$password = stripslashes($password);
$userName = mysql_real_escape_string($userName);
$password = mysql_real_escape_string($password);

// first, make sure the username & password are not empty
if ($userName == '') {
$errorMessage = 'You must enter your username';
} else if ($password == '') {
$errorMessage = 'You must enter the password';
} else {
// check the database and see if the username and password combo do match
$sql = "SELECT user_id
FROM tbl_user
WHERE user_name = '$userName' AND user_password = '$encrypt_password'";
$result = dbQuery($sql);

if (dbNumRows($result) == 1) {
$row = dbFetchAssoc($result);
$_SESSION['plaincart_user_id'] = $row['user_id'];

// log the time when the user last login
$sql = "UPDATE tbl_user
SET user_last_login = NOW()
WHERE user_id = '{$row['user_id']}'";
dbQuery($sql);

// now that the user is verified we move on to the next page
// if the user had been in the admin pages before we move to
// the last page visited
if (isset($_SESSION['login_return_url'])) {
header('Location: ' . $_SESSION['login_return_url']);
exit;
} else {
header('Location: index.php');
exit;
}
} else {
$errorMessage = 'Wrong username or password';
}

}

return $errorMessage;
}

mark102191
12-21-2011, 01:10 AM
You need to add those lines below:

$userName = $_POST['txtUserName'];
$password = $_POST['txtPassword'];
$encrypt_password=md5($password);

$userName = stripslashes($userName);
$password = stripslashes($password);
$userName = mysql_real_escape_string($userName);
$password = mysql_real_escape_string($password);




function doLogin()
{
// if we found an error save the error message in this variable
$errorMessage = '';

$userName = $_POST['txtUserName'];
$password = $_POST['txtPassword'];
$encrypt_password=md5($password);

$userName = stripslashes($userName);
$password = stripslashes($password);
$userName = mysql_real_escape_string($userName);
$password = mysql_real_escape_string($password);

// first, make sure the username & password are not empty
if ($userName == '') {
$errorMessage = 'You must enter your username';
} else if ($password == '') {
$errorMessage = 'You must enter the password';
} else {
// check the database and see if the username and password combo do match
$sql = "SELECT user_id
FROM tbl_user
WHERE user_name = '$userName' AND user_password = '$encrypt_password'";
$result = dbQuery($sql);

if (dbNumRows($result) == 1) {
$row = dbFetchAssoc($result);
$_SESSION['plaincart_user_id'] = $row['user_id'];

// log the time when the user last login
$sql = "UPDATE tbl_user
SET user_last_login = NOW()
WHERE user_id = '{$row['user_id']}'";
dbQuery($sql);

// now that the user is verified we move on to the next page
// if the user had been in the admin pages before we move to
// the last page visited
if (isset($_SESSION['login_return_url'])) {
header('Location: ' . $_SESSION['login_return_url']);
exit;
} else {
header('Location: index.php');
exit;
}
} else {
$errorMessage = 'Wrong username or password';
}

}

return $errorMessage;
}



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum