472,139 Members | 1,366 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,139 software developers and data experts.

phpmyadmin database built on my server and i cannot connect wiht my login page

316 100+
Hi all
I work for a small webdesign company and we have remote hosting. i built a mysql database with phpmyadmin on the server. i then downloaded and modified a php login page. i am continuing to get the ---invalid username or password--- i am not getting the E_USER_ERROR so i don't know if there is a problem with the php, how i set up the database or mabe somthing in between. so everyone knows all of my server interface is GUI. I use a company called Rackspace and software called Plesk. I set the database up on the correct domain and i setup username and passwords for all students and teachers at the school (this is for a private school management online program.)

any how here is the code

i have this setup on the domain where i built the database and here is a link to this page in action.
as you can see the person who wrote this commented it but i changed alot here is a link to where i got the code so you can see the original cause mabe the error is comming from a change i made. now i did go back to the orginial once but it diddn't work.
Expand|Select|Wrap|Line Numbers
  1. <?
  2. // Use session variable on this page. This function must put on the top of page.
  3. session_start();
  5. ////// Logout Section. Delete all session variable.
  6. session_destroy();
  8. $message="";
  10. ////// Login Section.
  11. $Login=$_POST['Login'];
  12. if($Login){ // If clicked on Login button.
  13. $username=$_POST['username'];
  14. $password=$_POST['password'];
  16. // Connect database.
  17. $host="localhost"; // Host name.
  18. $db_user="rcadmin"; // MySQL username.
  19. $db_password="nsds2004"; // MySQL password.
  20. $database="RCA"; // Database name.
  21. $RCA = mysql_pconnect($host, $db_user, $db_password) or trigger_error(mysql_error(),E_USER_ERROR);
  22.  mysql_select_db($database, $RCA);
  24. // Check matching of username and password.
  25. $result=mysql_query("SELECT Login, Pass, Accesslvl FROM useraccess WHERE Login='username' AND pass='password'");
  26. if(mysql_num_rows($result)!='0'){ // If match.
  27. session_register("username"); // Craete session username.
  28. header("location:main.php"); // Re-direct to main.php
  29. }else{ // If not match.
  30. $message="--- Incorrect Username or Password ---";
  31. }
  33. } // End Login authorize check.
  34. ?>
  36. <html xmlns="http://www.w3.org/1999/xhtml">
  37. <head>
  38. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  39. <title>Untitled Document</title>
  40. </head>
  42. <body>
  43. <? echo $message; ?>
  44. <form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>">
  45. <table>
  46. <tr>
  47. <td>User : </td>
  48. <td><input name="username" type="text" id="username" /></td>
  49. </tr>
  50. <tr>
  51. <td>Password : </td>
  52. <td><input name="password" type="password" id="password" /></td>
  53. </tr>
  54. </table>
  55. <input name="Login" type="submit" id="Login" value="Login" />
  56. </form>
  57. </body>
  58. </html>
Jan 9 '07 #1
4 3946
4,258 Expert 4TB
The SELECT query is incorrect. You use constants ('username' and 'password')and you must use the variable names in which you have stored the username and the password. I also added the error message display to this statement. SELECT statement must be:[php]$result=mysql_query("SELECT Login, Pass, Accesslvl FROM useraccess WHERE Login='$username' AND pass='$password'")
or die("SELECT error: " . mysql_error());[/php]
Ronald :cool:
Jan 9 '07 #2
316 100+
Hi thanks
that didn't seem to fix all of the problems. I tried to do some basic injection to bypass the user pass field
Expand|Select|Wrap|Line Numbers
  1.  1'or'1'='1 
and it worked so i now i think that the problem is definatly with my database or the connection. i remember which forum i am in so if the following is out of line please tell me and i will repost in the correct forum.
here are what the useraccess table looks listed below are all of the sql commands for the entire database.
Expand|Select|Wrap|Line Numbers
  1. CREATE TABLE `useraccess` (
  2.   `Login` varchar(4) NOT NULL default '',
  3.   `Accesslvl` int(1) NOT NULL default '0',
  4.   `Pass` varchar(10) NOT NULL default '',
  5.   PRIMARY KEY  (`Login`)
and the data in it
Expand|Select|Wrap|Line Numbers
  1. INSERT INTO `useraccess` VALUES ('kska', 1, '442677ee0a');
  2. INSERT INTO `useraccess` VALUES ('lska', 1, '6a0b078b24');
  3. INSERT INTO `useraccess` VALUES ('kfar', 1, '2d9a3b9c24');
  4. INSERT INTO `useraccess` VALUES ('boli', 1, '7f3929231d');
  5. INSERT INTO `useraccess` VALUES ('calu', 1, '25bce6805f');
  6. INSERT INTO `useraccess` VALUES ('rrav', 1, '10b354ad0e');
  7. INSERT INTO `useraccess` VALUES ('jwin', 1, '1be083995a');
  8. INSERT INTO `useraccess` VALUES ('dsco', 1, '5ab409f300');
  9. INSERT INTO `useraccess` VALUES ('mshi', 1, '4ab1bfa158');
  10. INSERT INTO `useraccess` VALUES ('smen', 1, '49b042c67f');
  11. INSERT INTO `useraccess` VALUES ('ahai', 1, '496724782b');
  12. INSERT INTO `useraccess` VALUES ('kcho', 1, '2286f34263');
  13. INSERT INTO `useraccess` VALUES ('cbar', 2, '560f954803');
  14. INSERT INTO `useraccess` VALUES ('tblo', 2, '422655e331');
  15. INSERT INTO `useraccess` VALUES ('cste', 2, '66cbb47e22');
  16. INSERT INTO `useraccess` VALUES ('aste', 2, '4d4640b12e');
  17. INSERT INTO `useraccess` VALUES ('nyoh', 2, '74be5b5f63');
  18. INSERT INTO `useraccess` VALUES ('pbur', 2, '712fd7684d');
  19. INSERT INTO `useraccess` VALUES ('pgib', 2, '66acd61906');
  20. INSERT INTO `useraccess` VALUES ('ngib', 2, '5604d7af03');
  21. INSERT INTO `useraccess` VALUES ('egib', 2, '423ee8e130');
  22. INSERT INTO `useraccess` VALUES ('kgro', 2, '66f5799c22');
  23. INSERT INTO `useraccess` VALUES ('dhai', 2, '4d57fc102d');
  24. INSERT INTO `useraccess` VALUES ('thai', 2, '74bc0e6363');
  25. INSERT INTO `useraccess` VALUES ('jorh', 2, '4be463b221');
  26. INSERT INTO `useraccess` VALUES ('joeh', 2, '6ccb3e7f22');
  27. INSERT INTO `useraccess` VALUES ('khen', 2, '0e3763ae08');
  28. INSERT INTO `useraccess` VALUES ('dake', 2, '7139bc404d');
  29. INSERT INTO `useraccess` VALUES ('deke', 2, '66b3616006');
  30. INSERT INTO `useraccess` VALUES ('ckel', 2, '561c5b0f07');
  31. INSERT INTO `useraccess` VALUES (' ilo', 2, '422e22be31');
  32. INSERT INTO `useraccess` VALUES ('glut', 2, '66fb783b22');
  33. INSERT INTO `useraccess` VALUES ('bpea', 2, '4d499d0d2e');
  34. INSERT INTO `useraccess` VALUES ('jpea', 2, '7480a48c63');
  35. INSERT INTO `useraccess` VALUES ('dror', 2, '4bca34b020');
  36. INSERT INTO `useraccess` VALUES ('zrop', 2, '4e715c7948');
  37. INSERT INTO `useraccess` VALUES ('sash', 2, '0e27703f08');
  38. INSERT INTO `useraccess` VALUES ('stsh', 2, '712b9b974d');
  39. INSERT INTO `useraccess` VALUES ('epat', 2, '0123ws');
Jan 10 '07 #3
316 100+
OK i found the problem but i have no idea how to fix it.

when i entered all of my passwords into the mysql data base i used this basic structure
Expand|Select|Wrap|Line Numbers
  1. INSERT INTO `useraccess` ( `Login` , `Accesslvl` , `Pass` )
  2. VALUES (
  3. 'admin', '0', PASSWORD( 'rootpass' )
  4. );
Jan 10 '07 #4
316 100+
ok i didn't finish typing that sorry. the problem is that all of the passwords are encrypted and when i compare the passwords entered via the form i get an incorrect password. i had one password in the database that wasn't encrypted and it workded great.

and second. problem i am having is that i am a complete beginer at php and i am trying to save the Accesslvl field from that row to a variable then redirect the browser to either a student or teacher page

thanks eric
Jan 10 '07 #5

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

7 posts views Thread by News | last post: by
3 posts views Thread by BobLaughland | last post: by
6 posts views Thread by mplpost | last post: by
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.