PDA

View Full Version : Please help me with this script.



csabi_fl
08-15-2006, 04:04 PM
Hi.
Could someone please take a look at this script and figure out why it isn't working.It denies access even to registered users.
<?php
/* get the incoming ID and password hash */
$user = $_POST["userid"];
$pass = sha1($_POST["password"]);
/* establish a connection with the database */
$server = mysql_connect("localhost", "ydmmtbz_ydmmtbz",
"slitodap");
if (!$server) die(mysql_error());
mysql_select_db("ydmmtbz_fmp");

/* SQL statement to query the database */
$query = "SELECT * FROM Users WHERE Userid = '$user'
AND Password = '$pass'";
/* query the database */
$result = mysql_query($query);
/* Allow access if a matching record was found, else deny access. */
if (mysql_fetch_row($result))
echo "Access granted.Welcome $user.";
else
echo "Access Denied: Invalid Credentials.";
mysql_close($server);
?>
Thank you for your time.

navaldesign
08-15-2006, 09:35 PM
Hi.
Could someone please take a look at this script and figure out why it isn't working.It denies access even to registered users.
<?php
/* get the incoming ID and password hash */
$user = $_POST["userid"];
$pass = $_POST["password"];
/* establish a connection with the database */
$server = mysql_connect("localhost", "ydmmtbz_ydmmtbz",
"slitodap");
if (!$server) die(mysql_error());
mysql_select_db("ydmmtbz_fmp");

/* SQL statement to query the database */
$query = "SELECT * FROM Users WHERE Userid = '$user'
AND Password = '$pass'";
/* query the database */
$result = mysql_query($query);
/* Allow access if a matching record was found, else deny access. */
if (mysql_fetch_row($result))
echo "Access granted.Welcome $user.";
else
echo "Access Denied: Invalid Credentials.";
mysql_close($server);
?>
Thank you for your time.


That's what i had already done but you changed it again!

csabi_fl
08-15-2006, 10:06 PM
I might have changed it,but not on purpose.I am no expert and I appreciate all your help.
Thank you Navaldesign.

navaldesign
08-16-2006, 07:10 AM
Your problem is that the original script "grabs" the sha1 (US Secure Hash Algorithm 1) number of the password, not the password itself. That would be ok if the registration form also stored the sha1 number of the password in the database, which apparently is not, so your validating script is trying to find the sha1 number of the password in the database, and can't find it so it dennies access. You either modify as indicated above, or modify your script that stores the password in the database. The use of the sha1 number of the password is a tecnique used to protect the system from intrusion by hacking computers that apply dictionary libraries to find passwords. But the password itself should be encoded before storing in tha database using the same algorithm. If you have manyally added those two couples of database usernames / passwords instead of going through your registration form, please verify your registration script, as it might be also encoding with sha1. In this case everything should run smooth.

csabi_fl
08-16-2006, 02:36 PM
I was wondering what that "sha1" was in the script but I left it alone not knowing what it does.Now that you explained it I do.The script is working beautiful now.
One more thing.How do I show the user's name on top of the member's page after they log in?I have found a script in this forum but it uses sessions and I don't.Is there any other way?
Thanks in advance.

navaldesign
08-16-2006, 02:48 PM
Are your members pages html or php ?

csabi_fl
08-16-2006, 02:58 PM
php.

navaldesign
08-16-2006, 03:19 PM
php.

The only serious way is to start a session and pass the variables from page to page. Otherwise, each link to other pages has to be a small form itself, like the ones i have in this example: http://www.navaldesign.info/Tips/var...startpage.html (http://www.navaldesign.info/Tips/variable_iframe_link_startpage.html). Each form has to implement the code i have used for the Multipage Form Tutorial (http://http://www.vodahost.com/vodatalk/bluevoda-tips-tricks-shortcuts/10151-multipage-form-tutorial.html#post57100), so it will pass through to the next page the necessary variables. Of course, in this case you need to have such a form also in the authentication (validate.php) page, so once the visitor has been authenticated, he clicks on this link (submit) button and gets to the first member page, and the variables that you want pass over also. Since you don't want to use a session, make sure to pass over also the user id and password, because this way you can implement the validate.php script in all your pages.

rinahearts
08-19-2006, 10:27 PM
hello i was wondering if anyone can tell me how to create forms that will sent to an email address when the user clicks submit? i am developing my first website and i am not familiar

Vasili
08-19-2006, 11:27 PM
You really need to start studying the Blue Voda Video Tutorials....they cover every question you have posted in the Forum so far, which demonstrates that you still haven't familiarized yourself with how the Forum can be searched for answers, and what the tutorials are all about!!
Start Here (http://www.vodahost.com/tut_bluevoda.htm)!

You also need to stop posting in exisitng threads (it's called interrupting), which is not allowed. (3 times today)
You are more apt to have a prompt and specific answer to your posts if you maintain Forum continuity by posting in the appropriate Forum, or within the complimentary thread!
..

navaldesign
08-20-2006, 06:34 AM
hello i was wondering if anyone can tell me how to create forms that will sent to an email address when the user clicks submit? i am developing my first website and i am not familiar

Hi, the basic tutorials for form are http://www.vodahost.com/vodatalk/images/statusicon/subforum_link.gif BlueVoda Form Tutorial 1 (http://www.vodahost.com/vodatalk/forms/9349-bluevoda-forms-tutorial-part-1-a.html), http://www.vodahost.com/vodatalk/images/statusicon/subforum_link.gif BlueVoda Form Tutorial 2 (http://www.vodahost.com/vodatalk/forms/9350-bluevoda-forms-tutorial-part-2-a.html)

Please read carefully the text UNDER the multimedia presentation of Tutorial #1