Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 6th December 2009, 21:45
DDD_DDD DDD_DDD is offline
Junior Member
 
Join Date: Oct 2009
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default problem with script

hello i have the following script:
Code:
<?php
$host="localhost"; // Host name
$username="test"; // Mysql username
$password="test"; // Mysql password
$db_name="test"; // Database name
$tbl_name="members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$amyusername=$_POST['amyusername'];
$encrypted_mypassword=md5($amypassword);

// To protect MySQL injection (more detail about MySQL injection)
 $amyusername = stripslashes($amyusername);
$encrypted_mypassword = stripslashes($encrypted_mypassword);
$amyusername = mysql_real_escape_string($amyusername);
$encrypted_mypassword = mysql_real_escape_string($encrypted_mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$amyusername' and password='$encrypted_mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $amyusername, $amypassword and redirect to file "login_success.php"
session_register("amyusername");
session_register("amypassword");
header("location:login_success.php");
}
else {
header("location:login_failed.php");
}
?>
in my homeserver (apache) it runs fine with no problems at all.
but in my vps (lighttpd) always goes to login_failed.php.
i can't understand what's the problem.
if i change "if($count==1)" to "if($count<1)" it will work with all the usernames.

what the hell?
Reply With Quote
Sponsored Links
  #2  
Old 7th December 2009, 10:32
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,126
Thanks: 4
Thanked 43 Times in 40 Posts
Default

before running the

Code:
$result=mysql_query($sql);
add this:

Code:
echo $sql; exit;
and run the output then in the phpMyAdmin sql box. Will it return just one row?
__________________
"Common sense is not as common as commonly believed" by sjau

Auto-Install Script for ISPConfig and Horde on a Vanilla Debian Stable

Need more Repos for Ubuntu? Repository Generator
Need more Repos for Debian? Debian Repository Generator
Reply With Quote
  #3  
Old 7th December 2009, 13:05
DDD_DDD DDD_DDD is offline
Junior Member
 
Join Date: Oct 2009
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

The output is one row.
Quote:
SELECT * FROM members WHERE username='username' and password='md5hash'
Reply With Quote
  #4  
Old 7th December 2009, 13:17
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,126
Thanks: 4
Thanked 43 Times in 40 Posts
Default

and now run that query in phpmyadmin and check how many rows actually get selected.
__________________
"Common sense is not as common as commonly believed" by sjau

Auto-Install Script for ISPConfig and Horde on a Vanilla Debian Stable

Need more Repos for Ubuntu? Repository Generator
Need more Repos for Debian? Debian Repository Generator
Reply With Quote
  #5  
Old 7th December 2009, 13:33
DDD_DDD DDD_DDD is offline
Junior Member
 
Join Date: Oct 2009
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

not understood.. where to run it? in the "SQL" tab? if i run it there it says:
Quote:
MySQL returned an empty result set (i.e. zero rows). (Query took 0.0002 sec)
Reply With Quote
  #6  
Old 7th December 2009, 13:54
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,126
Thanks: 4
Thanked 43 Times in 40 Posts
Default

that means your query is not right. check if username and password are really like that in the db. I guess the password is wrong.
__________________
"Common sense is not as common as commonly believed" by sjau

Auto-Install Script for ISPConfig and Horde on a Vanilla Debian Stable

Need more Repos for Ubuntu? Repository Generator
Need more Repos for Debian? Debian Repository Generator
Reply With Quote
  #7  
Old 7th December 2009, 13:57
DDD_DDD DDD_DDD is offline
Junior Member
 
Join Date: Oct 2009
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

no it's ok.. it's working on localhost.
Reply With Quote
  #8  
Old 7th December 2009, 14:03
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,126
Thanks: 4
Thanked 43 Times in 40 Posts
Default

you said yourself that phpmyadmin returns no row with the echoed query. So the query is wrong and you'll have to find out why. So compare the values in the where clause to the one in the database.
__________________
"Common sense is not as common as commonly believed" by sjau

Auto-Install Script for ISPConfig and Horde on a Vanilla Debian Stable

Need more Repos for Ubuntu? Repository Generator
Need more Repos for Debian? Debian Repository Generator
Reply With Quote
  #9  
Old 7th December 2009, 14:52
DDD_DDD DDD_DDD is offline
Junior Member
 
Join Date: Oct 2009
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

i encypt my passwords with "md5encryption.com". i found that if i add "echo $sql; exit;" the hash is different :/ why? (the password I'm putting is 100% correct.
Reply With Quote
  #10  
Old 7th December 2009, 14:54
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,126
Thanks: 4
Thanked 43 Times in 40 Posts
 
Default

because the original mechanism used to encrypt the password and the one you use in that script above are not identical.
__________________
"Common sense is not as common as commonly believed" by sjau

Auto-Install Script for ISPConfig and Horde on a Vanilla Debian Stable

Need more Repos for Ubuntu? Repository Generator
Need more Repos for Debian? Debian Repository Generator
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sql ledger using forum.. yurtboy1 General 19 25th December 2010 21:08
freebsd 7, samba 3, domain controller alexdimarco Suggest HOWTO 6 5th November 2010 16:54
sending e-mail using mail() function linuxuser1 HOWTO-Related Questions 38 21st April 2009 12:20
Virtual users... Ubuntu 8.04 spaceuser HOWTO-Related Questions 12 19th June 2008 08:04
apache2 problem laser144 Server Operation 8 15th March 2007 17:32


All times are GMT +2. The time now is 13:36.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.