problem with script

Discussion in 'Server Operation' started by DDD_DDD, Dec 6, 2009.

  1. DDD_DDD

    DDD_DDD New Member

    hello i have the following script:
    Code:
    <?php
    $host="localhost"; // Host name
    $username="test"; // Mysql username
    $password="test"; // Mysql password
    $db_name="test"; // Database name
    $tbl_name="members"; // Table name
    
    // Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect");
    mysql_select_db("$db_name")or die("cannot select DB");
    
    // username and password sent from form
    $amyusername=$_POST['amyusername'];
    $encrypted_mypassword=md5($amypassword);
    
    // To protect MySQL injection (more detail about MySQL injection)
     $amyusername = stripslashes($amyusername);
    $encrypted_mypassword = stripslashes($encrypted_mypassword);
    $amyusername = mysql_real_escape_string($amyusername);
    $encrypted_mypassword = mysql_real_escape_string($encrypted_mypassword);
    
    $sql="SELECT * FROM $tbl_name WHERE username='$amyusername' and password='$encrypted_mypassword'";
    $result=mysql_query($sql);
    
    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);
    // If result matched $myusername and $mypassword, table row must be 1 row
    
    if($count==1){
    // Register $amyusername, $amypassword and redirect to file "login_success.php"
    session_register("amyusername");
    session_register("amypassword");
    header("location:login_success.php");
    }
    else {
    header("location:login_failed.php");
    }
    ?>
    in my homeserver (apache) it runs fine with no problems at all.
    but in my vps (lighttpd) always goes to login_failed.php.
    i can't understand what's the problem.
    if i change "if($count==1)" to "if($count<1)" it will work with all the usernames.

    what the hell?
     
  2. sjau

    sjau Local Meanie

    before running the

    Code:
    $result=mysql_query($sql);
    
    add this:

    Code:
    echo $sql; exit;
    
    and run the output then in the phpMyAdmin sql box. Will it return just one row?
     
  3. DDD_DDD

    DDD_DDD New Member

    The output is one row.
     
  4. sjau

    sjau Local Meanie

    and now run that query in phpmyadmin and check how many rows actually get selected.
     
  5. DDD_DDD

    DDD_DDD New Member

    not understood.. where to run it? in the "SQL" tab? if i run it there it says:
     
  6. sjau

    sjau Local Meanie

    that means your query is not right. check if username and password are really like that in the db. I guess the password is wrong.
     
  7. DDD_DDD

    DDD_DDD New Member

    no it's ok.. it's working on localhost.
     
  8. sjau

    sjau Local Meanie

    you said yourself that phpmyadmin returns no row with the echoed query. So the query is wrong and you'll have to find out why. So compare the values in the where clause to the one in the database.
     
  9. DDD_DDD

    DDD_DDD New Member

    i encypt my passwords with "md5encryption.com". i found that if i add "echo $sql; exit;" the hash is different :/ why? (the password I'm putting is 100% correct.
     
  10. sjau

    sjau Local Meanie

    because the original mechanism used to encrypt the password and the one you use in that script above are not identical.
     
  11. DDD_DDD

    DDD_DDD New Member

    but it works in my local pc (apache).. anyway how can i encrypt it to be identical?
     

Share This Page