Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    New Coder
    Join Date
    Jan 2006
    Posts
    73
    Thanks
    2
    Thanked 3 Times in 3 Posts

    MySQL fetch row problem

    Hiya, I'm making a login script and have come pretty far but can't get this mysql fetch row statement to function properly. Here is my code that links to it.

    PHP Code:
            $check mysql_query("SELECT username, password, level FROM users WHERE username = '".$_POST['uname']."'") or die(mysql_error());
        
    $checknumrow mysql_num_rows($check);
            
        if (
    $checknumrow == 0)
        {
            die(
    'That username does not exist in our database.');
        }

        
    $info mysql_fetch_row($check);

        
    $_POST['passwd'] = stripslashes($_POST['passwd']);
        
    $info['password'] = stripslashes($info['password']);
        
    $_POST['passwd'] = md5($_POST['passwd']);

        if (
    $_POST['passwd'] != $info['password'])
        {
            die(
    'Incorrect password, please try again.');
        } 
    When I try logging in with the correct password it says incorrect password. :/

    I don't think I'm using it correctly but how would I make it be able to execute the code below it? Thanks in advanced.
    Last edited by xGIHavoc; 12-19-2006 at 07:25 PM.

  • #2
    Regular Coder Tyree's Avatar
    Join Date
    Sep 2003
    Posts
    254
    Thanks
    0
    Thanked 0 Times in 0 Posts
    First, I'd reduce all this to a simpler bit:
    PHP Code:
    $_POST['passwd'] = stripslashes($_POST['passwd']);
    $info['password'] = stripslashes($info['password']);
    $_POST['passwd'] = md5($_POST['passwd']); 
    To...
    PHP Code:
    $pword md5(stripslashes($_POST['passwd']));
    $matchPword stripslashes($info['password']); 
    I'm assuming your password in your db table is stored in md5 format?
    Matt Tyree
    TyreeOnline
    If I didn't just "make it worse," show me some love! Hit me with the rep points! :) (The white scales icon on the left)

  • #3
    New Coder
    Join Date
    Jan 2006
    Posts
    73
    Thanks
    2
    Thanked 3 Times in 3 Posts
    I'm assuming your password in your db table is stored in md5 format?
    Yes it is.

  • #4
    Regular Coder Tyree's Avatar
    Join Date
    Sep 2003
    Posts
    254
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Actually, I don't see any reason why you need to run stripslashes on your posted password. It shouldn't have any unneeded slashes in it. You may want to add trim() to it though. That'll take off any additional whitespace on either end of the password string. Like:
    PHP Code:
    $pword md5(trim($_POST['passwd'])); 
    Otherwise, I don't see any reason that this code wouldn't work if your password is sotred in md5 format.

    Try the changes I suggested and see what happens.
    Matt Tyree
    TyreeOnline
    If I didn't just "make it worse," show me some love! Hit me with the rep points! :) (The white scales icon on the left)

  • #5
    New Coder
    Join Date
    Jan 2006
    Posts
    73
    Thanks
    2
    Thanked 3 Times in 3 Posts
    Nope, didn't work. I think the problem is on these lines:
    PHP Code:
    $info mysql_fetch_row($check); 
    and
    PHP Code:
        if ($_POST['passwd'] != $info['password']) 

  • #6
    teh Moderatorinator
    Join Date
    Sep 2004
    Location
    USA
    Posts
    2,472
    Thanks
    4
    Thanked 40 Times in 40 Posts
    You may even want to save yourself a little work and alter your query to check for password as well, then all you need is your mysql_num_rows check.
    if rows > 0 you are logged in, else login failed.

    good luck;

  • #7
    Regular Coder Tyree's Avatar
    Join Date
    Sep 2003
    Posts
    254
    Thanks
    0
    Thanked 0 Times in 0 Posts
    switch from mysql_fetch_row to mysql_fetch_assoc. That'll give you the field names as keys.

    Brando's right though...could save you a lot!
    Matt Tyree
    TyreeOnline
    If I didn't just "make it worse," show me some love! Hit me with the rep points! :) (The white scales icon on the left)

  • #8
    New Coder
    Join Date
    Jan 2006
    Posts
    73
    Thanks
    2
    Thanked 3 Times in 3 Posts
    Well, I have the rest done so I don't need to worry about more work, just the little snippet

    I was originally using the PEAR:: DB classes but since my host doesn't support it and I'm not only making this for myself, I want to convert it to plain MySQL. This is the only part I've had trouble in.

    Originally I had this and it worked fine:

    PHP Code:
        $check $db_object->query("SELECT username, password, level FROM users WHERE username = '".$_POST['uname']."'");

        if (
    DB::isError($check) || $check->numRows() == 0) {
            die(
    'That username does not exist in our database.');
        }

        
    $info $check->fetchRow();

        
    $_POST['passwd'] = stripslashes($_POST['passwd']);
        
    $info['password'] = stripslashes($info['password']);
        
    $_POST['passwd'] = md5($_POST['passwd']);

        if (
    $_POST['passwd'] != $info['password']) {
            die(
    'Incorrect password, please try again.');
        } 
    But since I no longer can use the PEAR:: DB classes I can't use that anymore.

    If I can get this one part to work, the rest is fine and easy to convert.

  • #9
    Regular Coder Tyree's Avatar
    Join Date
    Sep 2003
    Posts
    254
    Thanks
    0
    Thanked 0 Times in 0 Posts
    What brando suggested is gold. That's your ticket. There's no reason it shouldn't work.
    PHP Code:
    $uname trim($_POST['uname']); 
    $passwd md5(trim($_POST['passwd'])); 

    $check mysql_query("SELECT username, password, level FROM users WHERE username = '$uname' AND password='$passwd'") or die(mysql_error());
        
    $checknumrow mysql_num_rows($check);
            
        if (
    $checknumrow == 0)
        {
            die(
    'That username does not exist in our database.');

        } else {

            
    User is good to go!

        } 
    Matt Tyree
    TyreeOnline
    If I didn't just "make it worse," show me some love! Hit me with the rep points! :) (The white scales icon on the left)

  • #10
    New Coder
    Join Date
    Jan 2006
    Posts
    73
    Thanks
    2
    Thanked 3 Times in 3 Posts
    Ah, that helped a great bunch. Thanks guys, at first I didn't get what you meant Brandoe.

    Since I wanted two checks like the previous version, one for the username and one for the password... I did this:

    PHP Code:
        $check1 mysql_query("SELECT username FROM users WHERE username = '".$_POST['uname']."'") or die(mysql_error());
        
    $check1numrow mysql_num_rows($check1);
            
        if (
    $check1numrow == 0)
        {
            die(
    'That username does not exist in our database.');
        }

        
    $password md5(trim($_POST['passwd']));

        
    $check2 mysql_query("SELECT password FROM users WHERE password = '".$password."'") or die(mysql_error());
        
    $check2numrow mysql_num_rows($check2);
            
        if (
    $check2numrow == 0)
        {
            die(
    'Incorrect password, please try again.');
        } 

  • #11
    Regular Coder Tyree's Avatar
    Join Date
    Sep 2003
    Posts
    254
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Cool cool...glad it worked!
    Matt Tyree
    TyreeOnline
    If I didn't just "make it worse," show me some love! Hit me with the rep points! :) (The white scales icon on the left)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •