Jump to content
  • Advertisement

Archived

This topic is now archived and is closed to further replies.

demonrealms

PHP and Mysql problem

This topic is 5575 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hey, I can''t figure out what''s wrong with this code. Could you tell me please.
<html>
<head>
<script>
document.title="Demon Realms Studios->Login";
window.status="Demon Realms Studios->Login";
</script>
<title>Demon Realms Studios->Login</title>
</head>

<body bgcolor="#FFFFFF">
<?php
if($submit) {
$dbh=mysql_connect ("localhost", "demonrea_admin", "demon45gars") or die (''I cannot connect to the database because: '' . mysql_error());
mysql_select_db ("demonrea_user");
$sql = "SELECT auth_level FROM auth WHERE username =''$username''
AND password = ''$password''
";
$result = mysql_query($sql, $dbh);
while ($row = mysql_fetch_array($result)) { 
        $auth_level = $row["auth_level"]; 
    }
if (!mysql_num_rows($result)) {         
        echo "You are not Authorized for access.";
}else {
setcookie(''username'', $_POST[''username''], (time()+2592000), ''/'', '''', 0); 
setcookie(''auth_level'', $_POST[''auth_level''], (time()+2592000), ''/'', '''', 0); 
        }
if ($auth_level == "1") { 
         
            echo "You are logged in as a Guest.<br /> 
<a href=''next.php''>Click here for options</a> 
"; 
         
    } elseif ($auth_level == "2") { 
         
            echo "You have Member level access.<br /> 
<a href=''next.php''>Click here for options</a> 
"; 
         
        } elseif ($auth_level == "3") { 
         
            echo "You have Editor level access.<br /> 
<a href=''next.php''>Click here for options</a> 
"; 
         
        } elseif ($auth_level == "4") { 
         
            echo "You have Administrative access.<br /> 
<a href=''next.php''>Click here for options</a> 
"; 
        }
?>
<form method="POST" action="<?php echo $GLOBALS [''PHP_SELF''];?>"> 
Name:<input type="text" name="username"><br /> 
Password: <input type="password" name="password"><br /> 
<input type="submit" name="submit" value="Login"> 
</form> 
</body>
</html>
Thanks, Demonrealms

Share this post


Link to post
Share on other sites
Advertisement
Well, without any details as to what is (not) happening it''s hard to say. But, I do notice that you are using the post variables differently in different parts of the script. In the form you access them with the $_POST superglobal array which seems to indicate that register_globals is set to false in your server''s php.ini file, while at the top of your code you don''t use the superglobal array to get the username and password when you build your sql query. If register_globals is sett to false then you are effectively using local variables in your sql query that will never hold anything. Also, auth_level is a local variable that you fill with the results of your sql query, while you try to set a cookie with the $_POST array which does not have an ''auth_level'' entry. Same thing as before only the other way around.

peace and (trance) out

Mage

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
I''m guess Mage2k is right

But I''m going to quote "You are pending for a bending".

Firstly I hope that you have changed from dbase password after this post!

Secondly you have to be damn careful with SQL injection, into your user database!!

Share this post


Link to post
Share on other sites
Sorry, it is kind of hard to look at a problem if I don''t give you one, sorry again. Heres the error it comes up with:

Parse error: parse error, unexpected $ in /home/demonrea/public_html/jimbob/Auth.php on line 61

I can''t find out what it is even though I''ve stood here trying to figure it out for....almost 5 hours.

Share this post


Link to post
Share on other sites
Well, I can''t tell which line is 61, but that sounds like a simple syntax error. Probably something to do with some quotes somewhere...

peace and (trance) out

Mage

Share this post


Link to post
Share on other sites
You are missing the } for if($submit)

Secondly, turn of register globals, and always use $_POST and $_GET to access those variables, otherwise there are huge security risks...

There's also a second bug, the second setcookie call is wrong. You don't post the variable auth_level from your form, so remove the $_POST

And the most important thing Change your sql password and username . And in the future don't give out that in any source code.

[edited by - fredizzimo on June 17, 2003 6:11:57 AM]

Share this post


Link to post
Share on other sites
For more information about security risks with register globals, read this http://www.php.net/manual/en/security.registerglobals.php

Share this post


Link to post
Share on other sites
tried it at home the actual error msg was

Parse error: parse error, unexpected $end in C:\htdocs\1.php on line 65


hmm that was easy...
better check your indenting style (the one you posted was really messy)

try to close the if you started at the beginning of the php block

(yea /me ran into the same prob quite often...)

mfg Phreak
--
"Input... need input!" - Johnny Five, Short Circuit.

Share this post


Link to post
Share on other sites
quote:
Original post by Anonymous Poster
Secondly you have to be damn careful with SQL injection, into your user database!!


Yeah. The original poster would do well to look up the ''mysql_escape_string'' function and to wrap things like $username in that.

LousyPhreak, what version of PHP do you have? Mine just gives out the ''parse error'' without the more useful detail such as ''unexpected $end''.


[ MSVC Fixes | STL Docs | SDL | Game AI | Sockets | C++ Faq Lite | Boost
Asking Questions | Organising code files | My stuff | Tiny XML | STLPort]

Share this post


Link to post
Share on other sites

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!