By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,986 Members | 2,042 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,986 IT Pros & Developers. It's quick & easy.

phpmyadmin database built on my server and i cannot connect wiht my login page

tolkienarda
100+
P: 316
Hi all
I work for a small webdesign company and we have remote hosting. i built a mysql database with phpmyadmin on the server. i then downloaded and modified a php login page. i am continuing to get the ---invalid username or password--- i am not getting the E_USER_ERROR so i don't know if there is a problem with the php, how i set up the database or mabe somthing in between. so everyone knows all of my server interface is GUI. I use a company called Rackspace and software called Plesk. I set the database up on the correct domain and i setup username and passwords for all students and teachers at the school (this is for a private school management online program.)

any how here is the code

i have this setup on the domain where i built the database and here is a link to this page in action.
http://www.wyrchurch.com/RCA/login.php
as you can see the person who wrote this commented it but i changed alot here is a link to where i got the code so you can see the original cause mabe the error is comming from a change i made. now i did go back to the orginial once but it diddn't work.
http://www.tutorialized.com/tutorial/Login-Logout-with-a-Session-in-1-file/20041
Expand|Select|Wrap|Line Numbers
  1. <?
  2. // Use session variable on this page. This function must put on the top of page.
  3. session_start();
  4.  
  5. ////// Logout Section. Delete all session variable.
  6. session_destroy();
  7.  
  8. $message="";
  9.  
  10. ////// Login Section.
  11. $Login=$_POST['Login'];
  12. if($Login){ // If clicked on Login button.
  13. $username=$_POST['username'];
  14. $password=$_POST['password'];
  15.  
  16. // Connect database.
  17. $host="localhost"; // Host name.
  18. $db_user="rcadmin"; // MySQL username.
  19. $db_password="nsds2004"; // MySQL password.
  20. $database="RCA"; // Database name.
  21. $RCA = mysql_pconnect($host, $db_user, $db_password) or trigger_error(mysql_error(),E_USER_ERROR);
  22.  mysql_select_db($database, $RCA);
  23.  
  24. // Check matching of username and password.
  25. $result=mysql_query("SELECT Login, Pass, Accesslvl FROM useraccess WHERE Login='username' AND pass='password'");
  26. if(mysql_num_rows($result)!='0'){ // If match.
  27. session_register("username"); // Craete session username.
  28. header("location:main.php"); // Re-direct to main.php
  29. }else{ // If not match.
  30. $message="--- Incorrect Username or Password ---";
  31. }
  32.  
  33. } // End Login authorize check.
  34. ?>
  35.  
  36. <html xmlns="http://www.w3.org/1999/xhtml">
  37. <head>
  38. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  39. <title>Untitled Document</title>
  40. </head>
  41.  
  42. <body>
  43. <? echo $message; ?>
  44. <form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>">
  45. <table>
  46. <tr>
  47. <td>User : </td>
  48. <td><input name="username" type="text" id="username" /></td>
  49. </tr>
  50. <tr>
  51. <td>Password : </td>
  52. <td><input name="password" type="password" id="password" /></td>
  53. </tr>
  54. </table>
  55. <input name="Login" type="submit" id="Login" value="Login" />
  56. </form>
  57. </body>
  58. </html>
  59.  
Jan 9 '07 #1
Share this Question
Share on Google+
4 Replies


ronverdonk
Expert 2.5K+
P: 4,258
The SELECT query is incorrect. You use constants ('username' and 'password')and you must use the variable names in which you have stored the username and the password. I also added the error message display to this statement. SELECT statement must be:[php]$result=mysql_query("SELECT Login, Pass, Accesslvl FROM useraccess WHERE Login='$username' AND pass='$password'")
or die("SELECT error: " . mysql_error());[/php]
Ronald :cool:
Jan 9 '07 #2

tolkienarda
100+
P: 316
Hi thanks
that didn't seem to fix all of the problems. I tried to do some basic injection to bypass the user pass field
Expand|Select|Wrap|Line Numbers
  1.  1'or'1'='1 
and it worked so i now i think that the problem is definatly with my database or the connection. i remember which forum i am in so if the following is out of line please tell me and i will repost in the correct forum.
here are what the useraccess table looks listed below are all of the sql commands for the entire database.
Expand|Select|Wrap|Line Numbers
  1. CREATE TABLE `useraccess` (
  2.   `Login` varchar(4) NOT NULL default '',
  3.   `Accesslvl` int(1) NOT NULL default '0',
  4.   `Pass` varchar(10) NOT NULL default '',
  5.   PRIMARY KEY  (`Login`)
  6. ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
  7.  
  8.  
and the data in it
Expand|Select|Wrap|Line Numbers
  1. INSERT INTO `useraccess` VALUES ('kska', 1, '442677ee0a');
  2. INSERT INTO `useraccess` VALUES ('lska', 1, '6a0b078b24');
  3. INSERT INTO `useraccess` VALUES ('kfar', 1, '2d9a3b9c24');
  4. INSERT INTO `useraccess` VALUES ('boli', 1, '7f3929231d');
  5. INSERT INTO `useraccess` VALUES ('calu', 1, '25bce6805f');
  6. INSERT INTO `useraccess` VALUES ('rrav', 1, '10b354ad0e');
  7. INSERT INTO `useraccess` VALUES ('jwin', 1, '1be083995a');
  8. INSERT INTO `useraccess` VALUES ('dsco', 1, '5ab409f300');
  9. INSERT INTO `useraccess` VALUES ('mshi', 1, '4ab1bfa158');
  10. INSERT INTO `useraccess` VALUES ('smen', 1, '49b042c67f');
  11. INSERT INTO `useraccess` VALUES ('ahai', 1, '496724782b');
  12. INSERT INTO `useraccess` VALUES ('kcho', 1, '2286f34263');
  13. INSERT INTO `useraccess` VALUES ('cbar', 2, '560f954803');
  14. INSERT INTO `useraccess` VALUES ('tblo', 2, '422655e331');
  15. INSERT INTO `useraccess` VALUES ('cste', 2, '66cbb47e22');
  16. INSERT INTO `useraccess` VALUES ('aste', 2, '4d4640b12e');
  17. INSERT INTO `useraccess` VALUES ('nyoh', 2, '74be5b5f63');
  18. INSERT INTO `useraccess` VALUES ('pbur', 2, '712fd7684d');
  19. INSERT INTO `useraccess` VALUES ('pgib', 2, '66acd61906');
  20. INSERT INTO `useraccess` VALUES ('ngib', 2, '5604d7af03');
  21. INSERT INTO `useraccess` VALUES ('egib', 2, '423ee8e130');
  22. INSERT INTO `useraccess` VALUES ('kgro', 2, '66f5799c22');
  23. INSERT INTO `useraccess` VALUES ('dhai', 2, '4d57fc102d');
  24. INSERT INTO `useraccess` VALUES ('thai', 2, '74bc0e6363');
  25. INSERT INTO `useraccess` VALUES ('jorh', 2, '4be463b221');
  26. INSERT INTO `useraccess` VALUES ('joeh', 2, '6ccb3e7f22');
  27. INSERT INTO `useraccess` VALUES ('khen', 2, '0e3763ae08');
  28. INSERT INTO `useraccess` VALUES ('dake', 2, '7139bc404d');
  29. INSERT INTO `useraccess` VALUES ('deke', 2, '66b3616006');
  30. INSERT INTO `useraccess` VALUES ('ckel', 2, '561c5b0f07');
  31. INSERT INTO `useraccess` VALUES (' ilo', 2, '422e22be31');
  32. INSERT INTO `useraccess` VALUES ('glut', 2, '66fb783b22');
  33. INSERT INTO `useraccess` VALUES ('bpea', 2, '4d499d0d2e');
  34. INSERT INTO `useraccess` VALUES ('jpea', 2, '7480a48c63');
  35. INSERT INTO `useraccess` VALUES ('dror', 2, '4bca34b020');
  36. INSERT INTO `useraccess` VALUES ('zrop', 2, '4e715c7948');
  37. INSERT INTO `useraccess` VALUES ('sash', 2, '0e27703f08');
  38. INSERT INTO `useraccess` VALUES ('stsh', 2, '712b9b974d');
  39. INSERT INTO `useraccess` VALUES ('epat', 2, '0123ws');
  40.  
Jan 10 '07 #3

tolkienarda
100+
P: 316
OK i found the problem but i have no idea how to fix it.

when i entered all of my passwords into the mysql data base i used this basic structure
Expand|Select|Wrap|Line Numbers
  1. INSERT INTO `useraccess` ( `Login` , `Accesslvl` , `Pass` )
  2. VALUES (
  3. 'admin', '0', PASSWORD( 'rootpass' )
  4. );
  5.  
thanks
eirc
Jan 10 '07 #4

tolkienarda
100+
P: 316
ok i didn't finish typing that sorry. the problem is that all of the passwords are encrypted and when i compare the passwords entered via the form i get an incorrect password. i had one password in the database that wasn't encrypted and it workded great.

and second. problem i am having is that i am a complete beginer at php and i am trying to save the Accesslvl field from that row to a variable then redirect the browser to either a student or teacher page

thanks eric
Jan 10 '07 #5

Post your reply

Sign in to post your reply or Sign up for a free account.