Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New to the CF scene
    Join Date
    Sep 2009
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    function not working

    hi
    the PASSWORD( ) used in the following code, is used to take the newly added password from user to database


    Code:
       function addUser()
    {
        $userName = $_POST['txtUserName'];
    	$password = $_POST['txtPassword'];
    		
    	// check if the username is taken
    	$sql = "SELECT user_name
    	        FROM tbl_user
    			WHERE user_name = '$userName'";
    	$result = dbQuery($sql);
    	
    	if (dbNumRows($result) == 1) {
    		header('Location: index.php?view=add&error=' . urlencode('Username already taken. Choose another one'));	
    	} else {			
    		$sql   = "INSERT INTO tbl_user (user_name, user_password, user_regdate)
    		          VALUES ('$userName',PASSWORD('$password'), NOW())";
    	
    		dbQuery($sql);
    		header('Location: index.php');	
    	}
    }
    But here in the admin login code as follow,the PASSWORD( ) is not working. If a call is made to this funtion it shows error as:UNDEFINED FUNCTION PASSWORD( )

    Code:
    function doLogin()
    {
    	
    	$userName = $_POST['txtUserName'];
    	$password=$_POST['txtPassword'];
            
    	
    	// first, make sure the username & password are not empty
    	if ($userName == '') {
    		$errorMessage = 'You must enter your username';
    	} else if ($password == '') {
    		$errorMessage = 'You must enter the password';
    	} else {
    		// check the database and see if the username and password combo do match
    		$sql = "SELECT user_id
    		        FROM tbl_user 
    				WHERE user_name = '$userName' AND user_password =PASSWORD('$password')";
    				
    $result = dbQuery($sql);
    what is the correct codes.....?


    Thanks
    karthikanov24

  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,854
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    I think you need sha1() or md5() there .
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #3
    New Coder
    Join Date
    Jul 2009
    Location
    Internet
    Posts
    37
    Thanks
    0
    Thanked 4 Times in 4 Posts
    I always use PHP's md5() function in the INSERT query and in the SELECT, rather than sql's PASSWORD().

  • #4
    New to the CF scene
    Join Date
    Sep 2009
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    function not work

    hi
    I tried md5() and sha1()

    but it still remains in the login screen showing "wrongly entered password"

    IT works only when going to database directly and change the password value say 'admin' ...and removing PASSWORD() in select statement...

    Could you give me the solution, please......



    thanks
    karthikanov24

  • #5
    New Coder
    Join Date
    Mar 2009
    Posts
    62
    Thanks
    19
    Thanked 1 Time in 1 Post
    Here's some things that I use, just writing for the fun of it =)

    You could use if(empty(variable)) instead of $username == ''.
    http://fi2.php.net/empty I find this function useful in my logins.

    In login you could see that if there are rows returned, login is valid.
    example: (the same idea that you have in the addUser() function.)
    PHP Code:
    $sql_query=your query;
    $result_query=mysql_query($sql_query);
    $count_rows=mysql_num_rows($result_query);
    if(
    $count_rows 1) { // db has a match, login is valid 
    }
    else { 
    //db does not have match, wrong login 

    ..snip... Edited rest out cause it was useless and i was tired
    Didnt help much after all to your problem hehe.
    Last edited by SystemJay; 10-13-2009 at 06:17 PM.

  • #6
    New to the CF scene
    Join Date
    Dec 2011
    Location
    City of San Jose del Mante Bulacan, Philippines
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Post Hey guys.. I have here the solutions for your problems about that..

    function doLogin()
    {
    // if we found an error save the error message in this variable
    $errorMessage = '';

    $userName = $_POST['txtUserName'];
    $password = $_POST['txtPassword'];
    $encrypt_password=md5($password);

    $userName = stripslashes($userName);
    $password = stripslashes($password);
    $userName = mysql_real_escape_string($userName);
    $password = mysql_real_escape_string($password);

    // first, make sure the username & password are not empty
    if ($userName == '') {
    $errorMessage = 'You must enter your username';
    } else if ($password == '') {
    $errorMessage = 'You must enter the password';
    } else {
    // check the database and see if the username and password combo do match
    $sql = "SELECT user_id
    FROM tbl_user
    WHERE user_name = '$userName' AND user_password = '$encrypt_password'";
    $result = dbQuery($sql);

    if (dbNumRows($result) == 1) {
    $row = dbFetchAssoc($result);
    $_SESSION['plaincart_user_id'] = $row['user_id'];

    // log the time when the user last login
    $sql = "UPDATE tbl_user
    SET user_last_login = NOW()
    WHERE user_id = '{$row['user_id']}'";
    dbQuery($sql);

    // now that the user is verified we move on to the next page
    // if the user had been in the admin pages before we move to
    // the last page visited
    if (isset($_SESSION['login_return_url'])) {
    header('Location: ' . $_SESSION['login_return_url']);
    exit;
    } else {
    header('Location: index.php');
    exit;
    }
    } else {
    $errorMessage = 'Wrong username or password';
    }

    }

    return $errorMessage;
    }

  • #7
    New to the CF scene
    Join Date
    Dec 2011
    Location
    City of San Jose del Mante Bulacan, Philippines
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You need to add those lines below:

    $userName = $_POST['txtUserName'];
    $password = $_POST['txtPassword'];
    $encrypt_password=md5($password);

    $userName = stripslashes($userName);
    $password = stripslashes($password);
    $userName = mysql_real_escape_string($userName);
    $password = mysql_real_escape_string($password);



    Quote Originally Posted by mark102191 View Post
    function doLogin()
    {
    // if we found an error save the error message in this variable
    $errorMessage = '';

    $userName = $_POST['txtUserName'];
    $password = $_POST['txtPassword'];
    $encrypt_password=md5($password);

    $userName = stripslashes($userName);
    $password = stripslashes($password);
    $userName = mysql_real_escape_string($userName);
    $password = mysql_real_escape_string($password);

    // first, make sure the username & password are not empty
    if ($userName == '') {
    $errorMessage = 'You must enter your username';
    } else if ($password == '') {
    $errorMessage = 'You must enter the password';
    } else {
    // check the database and see if the username and password combo do match
    $sql = "SELECT user_id
    FROM tbl_user
    WHERE user_name = '$userName' AND user_password = '$encrypt_password'";
    $result = dbQuery($sql);

    if (dbNumRows($result) == 1) {
    $row = dbFetchAssoc($result);
    $_SESSION['plaincart_user_id'] = $row['user_id'];

    // log the time when the user last login
    $sql = "UPDATE tbl_user
    SET user_last_login = NOW()
    WHERE user_id = '{$row['user_id']}'";
    dbQuery($sql);

    // now that the user is verified we move on to the next page
    // if the user had been in the admin pages before we move to
    // the last page visited
    if (isset($_SESSION['login_return_url'])) {
    header('Location: ' . $_SESSION['login_return_url']);
    exit;
    } else {
    header('Location: index.php');
    exit;
    }
    } else {
    $errorMessage = 'Wrong username or password';
    }

    }

    return $errorMessage;
    }


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •