1
I have the problem that one and the same SQL query returns two different results.
1. When executed in PHPMyAdmin, the query returns 1 record set.
2. When executed in the script, recordcount returns 0.
This is the query in plain:
select users.uid, users.name, users.mail, users.status, users_roles.uid, users_roles.rid, role.rid from users LEFT JOIN users_roles ON (users.uid = users_roles.uid) LEFT JOIN role ON (users_roles.rid = role.rid) WHERE users.name = 'username' AND MD5('password') = users.pass AND role.rid = 3
And this is the relavant code segment:
Expand|Select|Wrap|Line Numbers
- if (!$adodb_drupal) $adodb_drupal = connect_adodb(DB_NAME_DRUPAL);
- //Check the input for illegal chars
- $current_username = check_input($_POST['username'],"username");
- $current_password = check_input($_POST['password'],"password");
- // check the input with concrete rules
- $input_check = "";
- $input_check .= check_username($current_username);
- $input_check .= check_password($current_password);
- // Input check is only filled if either the username or the password is worng! This is done in the function check_username/check_password.
- // Username/password are wrong if they contain certain characters or are too long or empty!
- if ($input_check != "")
- {
- // output/log
- update_log(trim($input_check,"\,"));
- }
- // Check user in Drupal DB
- $current_password = utf8_encode($current_password);
- $query = "select
- users.uid,
- users.name,
- users.mail,
- users.status,
- users_roles.uid,
- users_roles.rid,
- role.rid
- from users
- LEFT JOIN users_roles ON (users.uid = users_roles.uid)
- LEFT JOIN role ON (users_roles.rid = role.rid)
- WHERE users.name = '" . $current_username . "'
- AND MD5('".$current_password."') = users.pass
- AND role.rid = 3";
- $result = $adodb_drupal->Execute($query);
- // IF the result is filled, the user exists and we check if the user is active or not
- if (($result != FALSE) AND ($result->RecordCount() > 0))
- {
- // User found, checking status is active
- if ($result->fields['status'] == 1)
- {
- update_log("SUCCESS - user/pwd match active user. Username: " . $current_username);
- $_SESSION["uid"] = $result->fields['uid'];
- // If the user exists and is active we have "success"
- $_SESSION["authorization"] = "success";
- $_SESSION["action"] = "home";
- $action = "home";
- $validate ="1";
- $_POST['validate'] = "1";
- $User_ID = $result->fields['uid'];
- }
- else
- {
- update_log("FAILED - user/pwd match user not active. Username: " . $current_username);
- // If the user exists, but is not active, we have "notactive"
- $_SESSION['authorization'] = "notactive";
- }
- }
- else
- {
- update_log("FAILED - no user/pwd match. Username: " . $current_username);
- // If the user is not in the database we have "unknown"
- $_SESSION['authorization'] = "unknown";
- }
- $adodb_drupal->close();
Cheers,
Fred
