473,320 Members | 1,612 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Problem with Code

I have this simple problem with some PHP5 code using MySQL 5 on Windows
and IIS 6. I think it has to do with my programming logic but I still
can't figure it out?

1. What is happening is the password function works BUT if you put in
the right username and wrong password it DOES NOT print out the message
'Password doesn't match!' Am I not using the 'elseif' statement
properly?
2. Not sure if this is a logic problem, using MySQL functions properly
or not using PHP5 functions properly. Thanks for any help anyone can
give me!

Schmidty

Here is the code;
------------------------------------------------------------------------------------------------------
function auth() {

if ($this->user =="" or $this->pass == "") { echo "ERROR"; exit; }

$mysqli = new mysqli("$network","$user","$password","$database") or
die("ERROR connecting to database server!");

$query = "SELECT username, pswd, type FROM userauth WHERE username =
'$this->user' AND pswd = '$this->pass'";

$result = $mysqli->query($query);

while(list($uname, $upass, $type) = $result->fetch_row()) {

if($uname == $this->user and $upass == $this->pass) {print "$uname -
$type<br />";} elseif ($upass !== $this->pass) { print "Password
doesn't match!<br />";} // <===== NOT SURE IF THIS IS CORRECT????
}

$result->free();
echo "Cleared results<br />";
$mysqli->close();
echo "Closed database<br />";

}
--------------------------------------------------------------------------------------------------------------------

Jan 11 '07 #1
7 1238
Schmidty wrote:
I have this simple problem with some PHP5 code using MySQL 5 on Windows
and IIS 6. I think it has to do with my programming logic but I still
can't figure it out?

1. What is happening is the password function works BUT if you put in
the right username and wrong password it DOES NOT print out the message
'Password doesn't match!' Am I not using the 'elseif' statement
properly?
2. Not sure if this is a logic problem, using MySQL functions properly
or not using PHP5 functions properly. Thanks for any help anyone can
give me!

Schmidty

Here is the code;
------------------------------------------------------------------------------------------------------
function auth() {

if ($this->user =="" or $this->pass == "") { echo "ERROR"; exit; }

$mysqli = new mysqli("$network","$user","$password","$database") or
die("ERROR connecting to database server!");

$query = "SELECT username, pswd, type FROM userauth WHERE username =
'$this->user' AND pswd = '$this->pass'";

$result = $mysqli->query($query);

while(list($uname, $upass, $type) = $result->fetch_row()) {

if($uname == $this->user and $upass == $this->pass) {print "$uname -
$type<br />";} elseif ($upass !== $this->pass) { print "Password
doesn't match!<br />";} // <===== NOT SURE IF THIS IS CORRECT????
}

$result->free();
echo "Cleared results<br />";
$mysqli->close();
echo "Closed database<br />";

}
--------------------------------------------------------------------------------------------------------------------
The query will actually match the password for you.
$query = "SELECT username, pswd, type FROM userauth WHERE username =
'$this->user' AND pswd = '$this->pass'";

Therefore right username with wrong password will not return anything
from the query

Hendri Kurniwan
Jan 11 '07 #2
Hendri,
Thanks for the quick reply.
How would I validate and reply with an error message if 'the right
username with wrong password' came up? Thanks...

Schmidty
Hendri Kurniawan wrote:
Schmidty wrote:
I have this simple problem with some PHP5 code using MySQL 5 on Windows
and IIS 6. I think it has to do with my programming logic but I still
can't figure it out?

1. What is happening is the password function works BUT if you put in
the right username and wrong password it DOES NOT print out the message
'Password doesn't match!' Am I not using the 'elseif' statement
properly?
2. Not sure if this is a logic problem, using MySQL functions properly
or not using PHP5 functions properly. Thanks for any help anyone can
give me!

Schmidty

Here is the code;
------------------------------------------------------------------------------------------------------
function auth() {

if ($this->user =="" or $this->pass == "") { echo "ERROR"; exit; }

$mysqli = new mysqli("$network","$user","$password","$database") or
die("ERROR connecting to database server!");

$query = "SELECT username, pswd, type FROM userauth WHERE username =
'$this->user' AND pswd = '$this->pass'";

$result = $mysqli->query($query);

while(list($uname, $upass, $type) = $result->fetch_row()) {

if($uname == $this->user and $upass == $this->pass) {print "$uname -
$type<br />";} elseif ($upass !== $this->pass) { print "Password
doesn't match!<br />";} // <===== NOT SURE IF THIS IS CORRECT????
}

$result->free();
echo "Cleared results<br />";
$mysqli->close();
echo "Closed database<br />";

}
--------------------------------------------------------------------------------------------------------------------

The query will actually match the password for you.
$query = "SELECT username, pswd, type FROM userauth WHERE username =
'$this->user' AND pswd = '$this->pass'";

Therefore right username with wrong password will not return anything
from the query

Hendri Kurniwan
Jan 11 '07 #3
Schmidty wrote:
Hendri,
Thanks for the quick reply.
How would I validate and reply with an error message if 'the right
username with wrong password' came up? Thanks...

Schmidty
Hendri Kurniawan wrote:
>Schmidty wrote:
>>I have this simple problem with some PHP5 code using MySQL 5 on Windows
and IIS 6. I think it has to do with my programming logic but I still
can't figure it out?

1. What is happening is the password function works BUT if you put in
the right username and wrong password it DOES NOT print out the message
'Password doesn't match!' Am I not using the 'elseif' statement
properly?
2. Not sure if this is a logic problem, using MySQL functions properly
or not using PHP5 functions properly. Thanks for any help anyone can
give me!

Schmidty

Here is the code;
------------------------------------------------------------------------------------------------------
function auth() {

if ($this->user =="" or $this->pass == "") { echo "ERROR"; exit; }

$mysqli = new mysqli("$network","$user","$password","$database") or
die("ERROR connecting to database server!");

$query = "SELECT username, pswd, type FROM userauth WHERE username =
'$this->user' AND pswd = '$this->pass'";

$result = $mysqli->query($query);

while(list($uname, $upass, $type) = $result->fetch_row()) {

if($uname == $this->user and $upass == $this->pass) {print "$uname -
$type<br />";} elseif ($upass !== $this->pass) { print "Password
doesn't match!<br />";} // <===== NOT SURE IF THIS IS CORRECT????
}

$result->free();
echo "Cleared results<br />";
$mysqli->close();
echo "Closed database<br />";

}
--------------------------------------------------------------------------------------------------------------------
The query will actually match the password for you.
$query = "SELECT username, pswd, type FROM userauth WHERE username =
'$this->user' AND pswd = '$this->pass'";

Therefore right username with wrong password will not return anything
from the query

Hendri Kurniwan
No prob

Change the query and ommit paswd checking
$query = "SELECT username, pswd, type FROM userauth WHERE username =
'$this->user'";

BTW... with password checking it's more secure.
The "user" won't know if he/she has the correct username or not.
Potential attackers won't know if they stumble upon an active username

Hendri Kurniawan
Jan 11 '07 #4
>How would I validate and reply with an error message if 'the right
>username with wrong password' came up? Thanks...
You shouldn't have a different error message for the cases:
right username with the wrong password
vs.
wrong username with any password at all

If you do, you're giving away which usernames are correct.
Jan 12 '07 #5
Okay I answered my own question "How would I validate and reply with an
error message if the right username with wrong password came up?" It
was pretty simple fix. At the end of the function 'auth()' I put the
line 'echo "ERROR";'. I might even add a function at this point to send
an email to the actual user indicating that someone tried to log-on
using their username with an invalid password!

Gordon Burditt wrote:
How would I validate and reply with an error message if 'the right
username with wrong password' came up? Thanks...

You shouldn't have a different error message for the cases:
right username with the wrong password
vs.
wrong username with any password at all

If you do, you're giving away which usernames are correct.
Jan 12 '07 #6
>Okay I answered my own question "How would I validate and reply with an
>error message if the right username with wrong password came up?" It
was pretty simple fix. At the end of the function 'auth()' I put the
line 'echo "ERROR";'. I might even add a function at this point to send
an email to the actual user indicating that someone tried to log-on
using their username with an invalid password!
In other words, you're going to allow your site to be used as a weapon
to mail-bomb your users? This is NOT a good idea unless you've got strict
limits on how often you can send that email (e.g. once every 24 hours max,
and even that's very annoying).
>
Gordon Burditt wrote:
>How would I validate and reply with an error message if 'the right
username with wrong password' came up? Thanks...

You shouldn't have a different error message for the cases:
right username with the wrong password
vs.
wrong username with any password at all

If you do, you're giving away which usernames are correct.

Jan 13 '07 #7
Your right, that would not be good for my users!!

Gordon Burditt wrote:
Okay I answered my own question "How would I validate and reply with an
error message if the right username with wrong password came up?" It
was pretty simple fix. At the end of the function 'auth()' I put the
line 'echo "ERROR";'. I might even add a function at this point to send
an email to the actual user indicating that someone tried to log-on
using their username with an invalid password!

In other words, you're going to allow your site to be used as a weapon
to mail-bomb your users? This is NOT a good idea unless you've got strict
limits on how often you can send that email (e.g. once every 24 hours max,
and even that's very annoying).

Gordon Burditt wrote:
How would I validate and reply with an error message if 'the right
username with wrong password' came up? Thanks...

You shouldn't have a different error message for the cases:
right username with the wrong password
vs.
wrong username with any password at all

If you do, you're giving away which usernames are correct.
Jan 15 '07 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

11
by: Kostatus | last post by:
I have a virtual function in a base class, which is then overwritten by a function of the same name in a publically derived class. When I call the function using a pointer to the derived class...
7
by: Keith Dewell | last post by:
Greetings! My current job has brought me back to working in C++ which I haven't used since school days. The solution to my problem may be trivial but I have struggled with it for the last two...
6
by: harry | last post by:
Hi, I have a program that runs on multiple client pc's. Occasionally one or more of those pc's use VPN to connect to another corporate network. When using VPN they need to set proxy server in...
28
by: Jon Davis | last post by:
If I have a class with a virtual method, and a child class that overrides the virtual method, and then I create an instance of the child class AS A base class... BaseClass bc = new ChildClass();...
9
by: Rajat Tandon | last post by:
Hello there, I am relatively new to the newsgroups and C#. I have never been disappointed with the groups and always got the prompt replies to my queries.This is yet another strange issue, I am...
2
by: Praveen K | last post by:
I have a problem in communicating between the C# and the Excel Interop objects. The problem is something as described below. I use Microsoft Office-XP PIA dll’s as these dll’s were been...
6
by: Ammar | last post by:
Dear All, I'm facing a small problem. I have a portal web site, that contains articles, for each article, the end user can send a comment about the article. The problem is: I the comment length...
8
by: Sarah | last post by:
I need to access some data on a server. I can access it directly using UNC (i.e. \\ComputerName\ShareName\Path\FileName) or using a mapped network drive resource (S:\Path\FileName). Here is my...
2
by: Mike Collins | last post by:
I cannot get the correct drop down list value from a drop down I have on my web form. I get the initial value that was loaded in the list. It was asked by someone else what the autopostback was...
6
by: TPJ | last post by:
Help me please, because I really don't get it. I think it's some stupid mistake I make, but I just can't find it. I have been thinking about it for three days so far and I still haven't found any...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.