Re: [PHP] Problem Understanding Code in 2nd edition Welling/Thomson PHP?MySQL Web Development Book

This is a discussion on Re: [PHP] Problem Understanding Code in 2nd edition Welling/Thomson PHP?MySQL Web Development Book within the PHP General forums, part of the PHP Programming Forums category; Hi, from what I see the problem is that you add the authentification passwords to the database via password('password') ...


Go Back   Usenet Forums > PHP Programming Forums > PHP General

Reload this Page Re: [PHP] Problem Understanding Code in 2nd edition Welling/Thomson PHP?MySQL Web Development Book

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 11-08-2003
Duncan
 
Posts: n/a
Default Re: [PHP] Problem Understanding Code in 2nd edition Welling/Thomson PHP?MySQL Web Development Book
Hi,

from what I see the problem is that you add the authentification passwords to the database via password('password')
but then your script checks for entries in the database where username= username & password = password
which cannot work.
You have to make it
where username = username & password = password('password')

exactly:

"
// query the database to see if there is a record which matches
$query = "select count(*) from auth where
name = '$name' and
pass = password('$password')";
"

Regards,
Hendrik




Stephen Tiano wrote:

Sorry for the long post--and the cross-posting to a MySQL list, for those of you seeing this a second time--but I'm using with difficulty the 2nd edition of Welling/Thomson's PHP and MySQL Web Development as a textbook for self-teaching (and I'm at the end of my rope).

After being pleased to work my way thru to Chapter 14, not memorizing the earlier material, but having some success basically understanding it--I get to the first "meaty" topic that I was really looking forward to getting into: the business of authentication.

So I went into MySQL and created the database auth and the table auth, using the following script:

create database auth;

use auth;

create table auth (
name varchar(10) not null,
pass varchar(30) not null,
primary key (name)
);

insert into auth values
('user', 'pass');

insert into auth values
( 'testuser', password('test123') );

grant select, insert, update, delete
on auth.*
to stevt@localhost
identified by 'rivet';

I used my username that I log into the computer I'm working on--an offline Powerbook--at the bottom, 'stevet', as well as the password that belongs to that username, 'rivet'. Since I'm using the test server 'localhost' on the Powerbook, I used that in the code, as well. These have worked when called for in previous PHP/MySQL exercises, so it's not something new I invented just for this batch of tutorials.

Next I opened listing 14.2, secretdb.php--placed properly at the root level for accessing in my test server--in my browser. Here's secretdb.php:

<?php
if(!isset($_POST['name'])&&!isset($_POST['password']))
{
//Visitor needs to enter a name and password
?>
<h1>Please Log In</h1>
This page is secret.
<form method="post" action="secretdb.php">
<table border="1">
<tr>
<th> Username </th>
<td> <input type="text" name="name"> </td>
</tr>
<tr>
<th> Password </th>
<td> <input type="password" name="password"> </td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Log In">
</td>
</tr>
</table>
</form>
<?php
}
else
{
// connect to mysql
$mysql = mysql_connect( 'localhost', 'stevet', 'rivet' );
if(!$mysql)
{
echo 'Cannot connect to database.';
exit;
}
// select the appropriate database
$mysql = mysql_select_db( 'auth' );
if(!$mysql)
{
echo 'Cannot select database.';
exit;
}

// query the database to see if there is a record which matches
$query = "select count(*) from auth where
name = '$name' and
pass = '$password'";

$result = mysql_query( $query );
if(!$result)
{
echo 'Cannot run query.';
exit;
}

$count = mysql_result( $result, 0, 0 );

if ( $count > 0 )
{
// visitor's name and password combination are correct
echo '<h1>Here it is!</h1>';
echo 'I bet you are glad you can see this secret page.';
}
else
{
// visitor's name and password combination are not correct
echo '<h1>Go Away!</h1>';
echo 'You are not authorized to view this resource.';
}
}
?>

I was greeted by the Please Log In screen. I used 'user' as username and 'pass' as the password, as that was one of the two combinations the first bit of code above inserted into the table auth. After submitting, I got the customized error message: "Go Away! You are not authorized to view this resource."

Just to make certain, I substituted 'root' and my root password in both pieces of code for 'stevet' and 'rivet', and got the same error screen.

I don't understand why either of those username/password combinations don't work. I mean, they're in the authorization table. And I'm obviously connecting to the database, as I'm getting past that stage of the code. Can anyone tell me what I'm too dense to see?

Thanks very much.

Steve Tiano




Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 06:48 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0