By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,998 Members | 2,837 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,998 IT Pros & Developers. It's quick & easy.

First time PHP Login

P: 1
Hey guys, I'm brand new to PHP (have been coding for about 2 days).

I made a simple form that pulls from a MySQL database, it worked fine and dandy. I tried to password protect it and it just keeps giving me the error message that I defined for a wrong password.

#1 Here's my code:
Expand|Select|Wrap|Line Numbers
  1.  
  2. <?php
  3.  
  4. include 'dbc.php';
  5.  
  6. $passfromhtml = $_POST["passhtml"];
  7. $emailfromhtml = $_POST["emailhtml"];
  8.  
  9. $password_select = mysql_query("SELECT pwd FROM client WHERE client_email = '$emailfromhtml'");
  10.  
  11. if($passfromhtml == $password_select) 
  12. {
  13.  
  14. $q=$_GET["q"];
  15.  
  16. $data_array = mysql_query("SELECT * FROM client WHERE client_email = '".$q."'");
  17. while($row = mysql_fetch_array($data_array))
  18. {
  19. $id = $row['id'];
  20. $full_name = $row['full_name'];
  21. $company_name = $row['company_name'];
  22. $client_email = $row['client_email'];
  23. $designer_email = $row['designer_email'];
  24. $user_level = $row['user_level'];
  25. $pwd = $row['pwd'];
  26. $address = $row['address'];
  27. $country = $row['country'];
  28. $tel = $row['tel'];
  29. $fax = $row['fax'];
  30. $website = $row['website'];
  31. $temp_website = $row['temp_website'];
  32. $price = $row['price'];
  33. $price_per_hour = $row['price_per_hour'];
  34. $percent_done = $row['percent_done'];
  35. $hours_worked = $row['hours_worked'];
  36. $services = $row['services'];
  37. $additional = $row['additional'];
  38. $status = $row['status'];
  39. }
  40.  
  41. $total_cost = $price_per_hour * $hours_worked ;
  42.  
  43. echo <<<HTML
  44.  
  45.  
  46. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  47. <html xmlns="http://www.w3.org/1999/xhtml">
  48. <head>
  49. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  50. <title>Admin Panel</title>
  51. <link href="css/admin.css" rel="stylesheet" type="text/css">
  52. <script type="text/javascript">
  53. function showUser(str)
  54. {
  55. if (str=="")
  56.   {
  57.   document.getElementById("panel").innerHTML="";
  58.   return;
  59.   } 
  60. if (window.XMLHttpRequest)
  61.   {// code for IE7+, Firefox, Chrome, Opera, Safari
  62.   xmlhttp=new XMLHttpRequest();
  63.   }
  64. else
  65.   {// code for IE6, IE5
  66.   xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
  67.   }
  68. xmlhttp.onreadystatechange=function()
  69.   {
  70.   if (xmlhttp.readyState==4 && xmlhttp.status==200)
  71.     {
  72.     document.getElementById("panel").innerHTML=xmlhttp.responseText;
  73.     }
  74.   }
  75. xmlhttp.open("GET","admin_cp.php?q="+str,true);
  76. xmlhttp.send();
  77. }
  78. </script>
  79. </head>
  80. <body>
  81. <div id="panel">
  82. <p>&nbsp;</p>
  83. <p>
  84. <form>
  85. <select name="users" onchange="showUser(this.value)">
  86. <option value="">Select a person:</option>
  87. <option value="biondizzle@gmail.com">Michael Biondi</option>
  88. <option value="saltolve@gmail.com">Salvatore Tolve</option>
  89. <option value="3">Glenn Quagmire</option>
  90. <option value="4">Joseph Swanson</option>
  91. </select>
  92. </form>
  93. $company_name | <a href=http://$temp_website target=_blank>My Websites progress</a> | Send Message to my designer |</p>
  94. <hr />
  95.  
  96. <ol>
  97.  
  98. <li>
  99. <div class="left">
  100. <p>
  101. <b>Client ID:</b> $id <br />
  102. <b>Company Name:</b> $company_name <br />
  103. <b>Email:</b> $client_email <br />
  104. <b>Website Price:</b> $price <br />
  105. <b>Price Per Hour:</b> $price_per_hour <br />
  106. <b>Percentage Done:</b> $percent_done <br />
  107. <b>Services:</b><br />
  108. $services<br />
  109. <b>Additional Comments:</b><br />
  110. $additional<br />
  111. <b>Hours Worked:</b> $hours_worked <b>Total Cost:</b> $total_cost
  112. </p>
  113. </div>
  114. </li>
  115.  
  116. <li>
  117. <div class="middle">
  118. <p>
  119. <h2>Status Update to Client:<h2><br />
  120. <textarea name="textarea" id="textarea" cols="25" rows="5"></textarea>
  121. </p>
  122. </div>
  123. </li>
  124.  
  125. <li>
  126. <div class="right">
  127. <p>
  128. <h2>Status:<h2><br />
  129. $status
  130. </p>
  131. </div>
  132. </li>
  133.  
  134. </ol>
  135. </div>
  136. </body>
  137. </html>
  138.  
  139.  
  140. HTML;
  141. }
  142. else
  143. {
  144. echo "Wrong password dipshit";
  145. }
  146. ?>
  147.  

and #2:
here's the link for you guys to see what I mean:

http://btdstudios.com/login.html
Try to log in as me:
<removed for your safety>

Like I said, I'm pretty new to PHP, so take it easy on me :) Thanks a bunch guys!
Jan 5 '12 #1
Share this Question
Share on Google+
2 Replies


Rabbit
Expert Mod 10K+
P: 12,366
You may want to take down your login info... Someone can do bad things with it.
Jan 5 '12 #2

Dormilich
Expert Mod 5K+
P: 8,639
I tried to password protect it and it just keeps giving me the error message that I defined for a wrong password.
thatís because you compare apples with pears. while $passfromhtml is indeed the password (a string) $password_select is a resource (a different data type). you either need to fetch the data from the mysql resource or (better) test inside mysql for a match.

ex. (this code may look like overkill, but this is necessary to prevent SQL Injection attacks. besides that is allows a graceful degadation, should your database fail (and you donít give out system details in case of an error))
Expand|Select|Wrap|Line Numbers
  1. try
  2. {
  3.   // connect
  4.   $pdo = new PDO("mysql:host=localhost;dbname=my_database", $login, $pass);
  5.   // enable error handling
  6.   $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  7.   // create a safe query
  8.   $ps = $pdo->prepare("SELECT COUNT(*) FROM client WHERE client_email = :mail AND pwd = :pass");
  9.   // submit user data
  10.   $ps->bindValue("mail", $_POST["emailhtml"], PDO::PARAM_STR);
  11.   $ps->bindValue("pass", $_POST["passhtml"], PDO::PARAM_STR);
  12.   // get result
  13.   $ps->execute();
  14.   $logged_in = (bool) $ps->fetchColumn();
  15. }
  16. catch (Exception $e)
  17. {
  18.   // apologise to users
  19.   echo "<p>Sorry, an error occurred</p>";
  20.   // send details to you
  21.   mail("admin@example.com", "error", $e->getMessage(), "From: noreply@example.com");
  22. }
  23.  
  24. // proceed
  25. if ($logged_in)
  26. {
  27.   // Ö
  28. }
Jan 5 '12 #3

Post your reply

Sign in to post your reply or Sign up for a free account.