Re: Trying to understand sessions and using them to authenticate...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/28/07, Jason Pruim <japruim@xxxxxxxxxx> wrote:
>
> On Aug 28, 2007, at 10:21 AM, Daniel Brown wrote:
>
> > On 8/28/07, Jason Pruim <japruim@xxxxxxxxxx> wrote:
> >>
> >> On Aug 28, 2007, at 10:03 AM, Daniel Brown wrote:
> >>
> >>> On 8/28/07, Jason Pruim <japruim@xxxxxxxxxx> wrote:
> >>> [snip]
> >>>>>         $sql = "SELECT * FROM users WHERE user='".$user."' AND
> >>>>> pass='".$pass."' LIMIT 0,1;";
> >>>>>         $result = mysql_query($sql) or die("Wrong data supplied or
> >>>>> database error");
> >>>>>         while($row = mysql_fetch_array($result)) {
> >>>
> >>>     Sounds to me like you're not getting through the while() clause,
> >>> meaning that there's no matching rows in the database.
> >>>
> >>>     $sql = "SELECT * FROM login WHERE loginid='".$user."' AND
> >>> email='".$pass."' LIMIT 0,1;";
> >>>
> >>>     Is the password they supply in the `email` column of the
> >>> database?
> >>
> >> Yes it is... For now... I am just using test/test and I had a field
> >> named password in the database but thought that was messing it up, so
> >> I dropped that field and currently I am just using the e-mail field
> >> as a password.
> >>
> >> Once it works I'll change the field to a more appropriate selection
> >> with MD5 hashing, and maybe even a little salt in the hash. (Gotta
> >> add the flavor!)
> >>
> >>
> >> --
> >>
> >> Jason Pruim
> >> Raoset Inc.
> >> Technology Manager
> >> MQC Specialist
> >> 3251 132nd ave
> >> Holland, MI, 49424
> >> www.raoset.com
> >> japruim@xxxxxxxxxx
> >>
> >>
> >>
> >
> >     If you have phpMyAdmin installed on that server, J, try using the
> > "search" tab to see if you can find that user/email combination in the
> > database using = and not LIKE.
> >
> >     Perhaps there's a whitespace or something of the like that's
> > causing it to return zero rows.
> >
> >     Also, try doing this after the $result = mysql_query($sql); line:
> >
> >         die("Number of rows returned by MySQL: ".mysql_num_rows
> > ($result));
>
> I don't have phpMyAdmin installed, never saw the need to... But I'll
> look into it in the future.
>
> And after adding the die that you recommended, you were right, it
> wasn't returning any rows. So... I did some checking and it's amazing
> sometimes that you can't see the trees through the forrest.... a
> simple $user =$_POST['user']; and $pass=$_POST['pass']; and all is
> well. It logs into the page, now I just need to fine tune it since it
> doesn't like to display the actual database now, but that's something
> I should be able to figure out.
>
> One other question, to logout, can I just call a file that has
> session_destroy() and a header("Location: ???"); in it? Or should I
> do something else for logging out?
>
> Thanks again! Without your help... I wouldn't be able to do this!
>
> --
>
> Jason Pruim
> Raoset Inc.
> Technology Manager
> MQC Specialist
> 3251 132nd ave
> Holland, MI, 49424
> www.raoset.com
> japruim@xxxxxxxxxx
>
>
>

    For my purposes, I simply do a session_destroy();, but some people
may prefer to do an unset for their own purposes.

-- 
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

Hey, PHP-General list....
50% off for life on web hosting plans $10/mo. or more at
http://www.pilotpig.net/.
Use the coupon code phpgeneralaug07
Register domains for about $0.01 more than what it costs me at
http://domains.pilotpig.net/.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux