Re: Trying to understand sessions and using them to authenticate...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Aug 28, 2007, at 10:21 AM, Daniel Brown wrote:

On 8/28/07, Jason Pruim <japruim@xxxxxxxxxx> wrote:

On Aug 28, 2007, at 10:03 AM, Daniel Brown wrote:

On 8/28/07, Jason Pruim <japruim@xxxxxxxxxx> wrote:
[snip]
        $sql = "SELECT * FROM users WHERE user='".$user."' AND
pass='".$pass."' LIMIT 0,1;";
        $result = mysql_query($sql) or die("Wrong data supplied or
database error");
        while($row = mysql_fetch_array($result)) {

    Sounds to me like you're not getting through the while() clause,
meaning that there's no matching rows in the database.

    $sql = "SELECT * FROM login WHERE loginid='".$user."' AND
email='".$pass."' LIMIT 0,1;";

Is the password they supply in the `email` column of the database?

Yes it is... For now... I am just using test/test and I had a field
named password in the database but thought that was messing it up, so
I dropped that field and currently I am just using the e-mail field
as a password.

Once it works I'll change the field to a more appropriate selection
with MD5 hashing, and maybe even a little salt in the hash. (Gotta
add the flavor!)


--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424
www.raoset.com
japruim@xxxxxxxxxx




    If you have phpMyAdmin installed on that server, J, try using the
"search" tab to see if you can find that user/email combination in the
database using = and not LIKE.

    Perhaps there's a whitespace or something of the like that's
causing it to return zero rows.

    Also, try doing this after the $result = mysql_query($sql); line:

die("Number of rows returned by MySQL: ".mysql_num_rows ($result));

I don't have phpMyAdmin installed, never saw the need to... But I'll look into it in the future.

And after adding the die that you recommended, you were right, it wasn't returning any rows. So... I did some checking and it's amazing sometimes that you can't see the trees through the forrest.... a simple $user =$_POST['user']; and $pass=$_POST['pass']; and all is well. It logs into the page, now I just need to fine tune it since it doesn't like to display the actual database now, but that's something I should be able to figure out.

One other question, to logout, can I just call a file that has session_destroy() and a header("Location: ???"); in it? Or should I do something else for logging out?

Thanks again! Without your help... I wouldn't be able to do this!

--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424
www.raoset.com
japruim@xxxxxxxxxx

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux