php mysql authentication problem! help

1 New Member

Hi Guys

I have created a website and to makes things easier i decided to use dreamweaver to do the secure login section and access levels for the pages.

When testing locally on wamp my website works perfectly. On internet though, the pages that don't require a user to log in i can search my job database perfectly and see the results so the connection to the database is fine.

When i try to log in though i just get a user is unauthorised error because for some reason its not getting the info from the right database or the right table on the database or the connection is not right im not sure. I have emailed my support and they say they can't see an error with the connection dbusername dbpass dbname and suggest its a problem with my code somewhere.

It works perfectly on my local machine though arghhh!! Below is some of the code from the wizard.php page that was created in the /connections folder by dreamweaver. It all looks correct to me.

$[PHP] hostname_Wizard = "mysqlservernam e";

$database_Wizar d = "mydatabasename ";

$username_Wizar d = "mysqlusername" ;

$password_Wizar d = "mysqlpassword" ;

$Wizard = mysql_pconnect( $hostname_Wizar d, $username_Wizar d, $password_Wizar d) or trigger_error(m ysql_error(),E_ USER_ERROR);

Below is code from the page where the user will log in located above the head tag.

<?php require_once('C onnections/Wizard.php'); ?>

<?php

//initialize the session

session_start() ;

// ** Logout the current user. **

$logoutAction = $ SERVER['PHP_SELF']."?doLogout=tru e";

if ((isset( $ SERVER['QUERY_STRING'])) && ( $ SERVER['QUERY_STRING'] != "")){

$logoutAction .="&". htmlentities( $ SERVER['QUERY_STRING']);

}

if ((isset( $ GET['doLogout'])) &&( $ GET['doLogout']=="true")){

//to fully log out a visitor we need to clear the session varialbles

session_unregis ter('MM_Usernam e');

session_unregis ter('MM_UserGro up');

$logoutGoTo = "stafflogin.php ";

if ($logoutGoTo) {

header("Locatio n: $logoutGoTo");

exit;

}

}

?>

<?php

// *** Validate request to login to this site.

if (!isset( $ SESSION)) {

session_start() ;

}

$loginFormActio n = $ SERVER['PHP_SELF'];

if (isset( $ GET['accesscheck'])) {

$ SESSION['PrevUrl'] = $ GET['accesscheck'];

}

if (isset( $ POST['username2'])) {

$loginUsername= $ POST['username2'];

$password= $ POST['password2'];

$MM_fldUserAuth orization = "accessleve l";

$MM_redirectLog inSuccess = "securestaff.ph p";

$MM_redirectLog inFailed = "unauthorised.p hp";

$MM_redirecttoR eferrer = true;

mysql_select_db ($database_Wiza rd, $Wizard);

$LoginRS__query =sprintf("SELEC T name, pass, accesslevel FROM staff WHERE name='%s' AND pass='%s'",

get_magic_quote s_gpc() ? $loginUsername : addslashes($log inUsername), get_magic_quote s_gpc() ? $password : addslashes($pas sword));

$LoginRS = mysql_query($Lo ginRS__query, $Wizard) or die(mysql_error ());

$loginFoundUser = mysql_num_rows( $LoginRS);

if ($loginFoundUse r) {

$loginStrGroup = mysql_result($L oginRS,0,'acces slevel');

//declare two session variables and assign them

$ SESSION['MM_Username'] = $loginUsername;

$ SESSION['MM_UserGroup'] = $loginStrGroup;

if (isset( $ SESSION['PrevUrl']) && true) {

$MM_redirectLog inSuccess = $ SESSION['PrevUrl'];

}

header("Locatio n: " . $MM_redirectLog inSuccess );

}

else {

header("Locatio n: ". $MM_redirectLog inFailed );

}

}

?>

[/PHP]

Below is code from the body of the page at the login boxes.

[HTML] <form action="<?php echo $loginFormActio n; ?>" method="POST">

<table width="271" border="0" cellspacing="2" cellpadding="1" >

<tr>

<td width="96" bgcolor="#EAEAE A"><label>Usern ame:</label></td>

<td width="120"><in put type="text" name="username2 " size="20" /></td>

<td width="41">&nbs p;</td>

</tr>

<tr>

<td bgcolor="#EAEAE A"><label>Passw ord: </label></td>

<td><input type="password" name="password2 " size="20" /></td>

<td> </td>

</tr>

<tr>

<td bgcolor="#EAEAE A">Log In:</td>

<td><input type="submit" value=" Log In " /></td>

<td> </td>

</tr>

</table>

</form>

[/HTML]

Below is some code from the page that works it all out.

[PHP] <?php

//initialize the session

session_start() ;

// ** Logout the current user. **

$logoutAction = $ SERVER['PHP_SELF']."?doLogout=tru e";

if ((isset( $ SERVER['QUERY_STRING'])) && ( $ SERVER['QUERY_STRING'] != "")){

$logoutAction .="&". htmlentities( $ SERVER['QUERY_STRING']);

}

if ((isset( $ GET['doLogout'])) &&( $ GET['doLogout']=="true")){

//to fully log out a visitor we need to clear the session varialbles

session_unregis ter('MM_Usernam e');

session_unregis ter('MM_UserGro up');

$logoutGoTo = "index.php" ;

if ($logoutGoTo) {

header("Locatio n: $logoutGoTo");

exit;

}

}

?>

<?php

session_start() ;

$MM_authorizedU sers = "administrator" ;

$MM_donotChecka ccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page

function isAuthorized($s trUsers, $strGroups, $UserName, $UserGroup) {

// For security, start by assuming the visitor is NOT authorized.

$isValid = False;

// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.

// Therefore, we know that a user is NOT logged in if that Session variable is blank.

if (!empty($UserNa me)) {

// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.

// Parse the strings into arrays.

$arrUsers = Explode(",", $strUsers);

$arrGroups = Explode(",", $strGroups);

if (in_array($User Name, $arrUsers)) {

$isValid = true;

}

// Or, you may restrict access to only certain users based on their username.

if (in_array($User Group, $arrGroups)) {

$isValid = true;

}

if (($strUsers == "") && true) {

$isValid = true;

}

}

return $isValid;

}

$MM_restrictGoT o = "unauthorised.p hp";

if (!((isset( $ SESSION['MM_Username'])) && (isAuthorized(" ",$MM_authorize dUsers, $ SESSION['MM_Username'], $ SESSION['MM_UserGroup'])))) {

$MM_qsChar = "?";

$MM_referrer = $ SERVER['PHP_SELF'];

if (strpos($MM_res trictGoTo, "?")) $MM_qsChar = "&";

if (isset($QUERY_S TRING) && strlen($QUERY_S TRING) > 0)

$MM_referrer .= "?" . $QUERY_STRING;

$MM_restrictGoT o = $MM_restrictGoT o. $MM_qsChar . "accesschec k=" . urlencode($MM_r eferrer);

header("Locatio n: ". $MM_restrictGoT o);

exit;

}

?>

[/PHP] I know its a big ask but i would really appreciate some php gurus help here as im stuck because it all works perfectly on my local wampserver but not on the net.

Regards

Joseph

Jul 2 '06 #1

Subscribe Reply

4287

ronverdonk

4,258

Recognized Expert Specialist

Before going through this bunch of code, have you ever traced the content of the important variables during processing, such as $LoginRS__query (contains the actual query with username and password) and the results from that query.

That must at least give you an answer to your hunch that the query is wrong or that the incorrect data base is used.

Ronald :cool:

Jul 21 '06 #2

bevort

New Member

I ran into a same kind of problem when having to reinstall my local developing machine. The code that worked before and still works on the net does noet work anymore. I found my solution in checking the PHP.INI file (working on a windows server) and the Apache server. Check your settings on your local machine and set them to your net server then you have the same area to develop in as your online site.

Major differances can be found in PHP.ini when using registor_global s are set on or off. the same goes for the session.save_pa th.

Changing your local setting may force you to rebuild parts of your code but you will be certain that the code will work on both servers now.

I also see 2 session_start() statements in your last page. This will generate 2 sessioncookies on the server. The code will work with the last and store variables in this one but the server will work with the 1st one. So going to another page and using session_start your browser will point to an empty session witn no login information.

Another this is to keep things together. Keep only those part thah have to do with ligon in its own script and the logout parts in another. Afterwords put duplicate code into includefiles. This makes your files readable and maintainable even after several years.

Vincent

Jul 30 '06 #3

Similar topics

2352

Client does not support authentication protocol MYSQL

by: ME | last post by:

Just thought I would post a solution (temporary at best, but a solution at least.) for all those using PostNuke who have upgraded MySql to 4.1. I have had problems with PostNuke logging into MySql after upgrading to MySql 4.1. I received the message: "Client does not support authentication protocol requested by server. Consider upgrading MySQL client." After reading here: http://www.mysql.com/doc/en/Old_client.html

PHP

7949

[MySQL] Client does not support authentication protocol

by: yzzzzz | last post by:

Hi I just upgraded from MySQL 4.0.something to 4.1.1 (alpha). When I try to connect to MySQL in a PHP script, I get the following error: "mysql_connect(): Client does not support authentication protocol requested by server; consider upgrading MySQL client in file.php on line 130"

PHP

3720

Checking password with mysql & PASSWORD()

by: John Victor | last post by:

In my mysql database, I've stored all the passwords using the PASSWORD() function. Now I'm running a test and need to compare the password in my php document to that saved in the database. I used the string "Select name From users Where password = PASSWORD('$testPass')" and ran mysql_query() using the string. But nothing was returned. So I decided to run a test and try to change a password from my php page using the string

PHP

7644

DBI connect failed : Client does not support authentication protocol requested by server; consider upgrading MySQL client

by: Thomas | last post by:

Hallo. Habe auf einem SeSE 9.1 Server due neue MySQL 4.1.11 und den dazugehörigen client installiert. #: mysql -V mysql Ver 14.7 Distrib 4.1.11, for pc-linux-gnu (i686) Soweit so gut der Server läuft auch. Nach dem ich die Datenbanken der Vorgängerversion 4.0.x in das

MySQL Database

1798

MySQL server initialize broken connections?

by: Dmitry Davletbaev | last post by:

Hi! I'm working on program that acts as MySQL client. After successful connection program send queries for a long time. When I stop server mysql_query return error (no surprise). But when I start server my program recieve information again without connection reinitialization. I suppose MySQL server track connections somehow but I didn't find any info about it in documentation. Can somebody point me to docs or explain this behaviour?

MySQL Database

1933

mod_auth_mysql or mysql usernames and passwords?

by: marc.wyburn | last post by:

I'm writing a web app that needs a login page. I'm doing the dev on a windows box although the final version will go on a Linux box. I can't find any versions of mod_auth_Mysql precompiled for windows and have no idea about compiling c.source on windows (or anything to do it with). Is there a good reason I shouldn't store hashed password in MySQL and call them from Python scripts instead of using the apache auth module directly? ...

MySQL Database

7401

MySQL Privileges Problem

by: jepler | last post by:

I find myself in a circular reference loop that I can't seem to resolve. I recently upgraded from MySQL 4.0.x to MySQL 4.1.21 on OS 10.3.9 Server. Then, I *thought* I set my open master root password correctly using usr/local/mysql/bin/mysqladmin -u root password new_password and /usr/local/mysql/bin/mysqladmin -u root -h `hostname` password "newpasswd" . After setting my master root password I then connected via phpMyAdmin 2.5.4 as...

MySQL Database

2498

php 4.4 not working with mysql 4.1

by: Paul | last post by:

I recently installed php 4.4.4 using windows binaries on Windows XP Pro. I also installed MySQL 4.1. I usually use Pear DB but I tried MDB2 and it worked fine until a client uses a different version so I reverted back to straigh PHP mysql function calls. I use this code: $link = mysql_connect('localhost', 'username', 'password'); if (!$link) { die('Could not connect: ' . mysql_error()); }

PHP

2154

Return info about PHP installation mySQL compatibility

by: Robin S. | last post by:

I've used phpinfo() to confirm settings for mySQL on our host server, and it's not returning accurate info. phpinfo() returns a mySQL client API version of 3.23.54 (uselss for me), where as a SELECT VERSION() query on the mySQL database returns version 5.0.27 (exactly what we need). I think there's something wrong with the mySQL library in PHP. Is there any more thurough method of seeing php's settings for mySQL? Obviously I don't...

PHP

13850

MySQL with Integrated Windows Authentication

by: JamieHowarth0 | last post by:

I have been trying to find a solution to this on the Internet for months. Literally, ages and ages and ages, praying that someone in the open-source community has enough knowledge to put together an LDAP connector for MySQL Community to connect to Active Directory. Alas, nothing. So I figured I'd try doing something similar. My business problem is/was as follows: I use Active Directory on Windows Server 2003 to manage my small corporate...

ASP / Active Server Pages

9672

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

10164

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

10001

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

9042

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

7538

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

5437

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

5563

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

4113

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

2920

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General