as for the credentials: i think i can check them with a script:
As you see, this form authenticates the user through check_user-pass.php. Well - It should look for those credentials on my database; if they exist, returns OK, else returns value NO.
So my question is: exactly what code should I include in check_user-pass.php?
I tried to add more code but couldn't do that as well! My current code is:
note: The name in you form is user_name but in your script you look for username
$username=$_POST['username'];
should be
$username=$_POST['user_name'];
EDIT:
If you use crypt to encrypt your password before you put them in the database, try this
$sql="SELECT * FROM $tbl_name WHERE username='$username'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
$row = mysql_fetch_assoc($result);
if (crypt($password, $row['password']) == $row['password']){
session_register("username");
session_register("password");
echo "Login Successful";
return true;
}
else {
echo "Wrong Username or Password";
return false;
}
}
else{
echo "Wrong Username or Password";
return false;
}
EDIT: myBB seems to use a crapload of md5 hashing for their passwords, try this
$sql="SELECT * FROM $tbl_name WHERE username='$username'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
$row = mysql_fetch_assoc($result);
if (md5(md5($row['salt']).md5($password)) == $row['password']){
session_register("username");
session_register("password");
echo "Login Successful";
return true;
}
else {
echo "Wrong Username or Password";
return false;
}
}
else{
echo "Wrong Username or Password";
return false;
}
ideas and questions
well i just want to verify a set of user-credentials:
- no encryption - what i want to do is just a check of a given set of credentials
- this is what i want to do and everything should be fine.
as for the credentials: i think i can check them with a script:
As you see, this form authenticates the user through check_user-pass.php.
_Idea:_ It looks for those credentials on my database; if they exist, returns OK, else returns value NO.
So my question is: exactly what code should I include in check_user-pass.php?
regards
update:
i can do this with a spimple test the connection script too:
error in establishing db bei dem Versuch ein Script zu installieren.
- mit einem Testconnection-Script versucht das weiterzuverfolgen:
<?php
if(function_exists('mysqli_connect')){if(!($link = mysqli_connect('localhost','username','password','my_db'))){die('could not connect: '. mysqli_error($link));}}else{die("don't have mysqli");}
echo 'connect successfully';
mysqli_close($link);
Question
tarifa
good dayx dear experts hello to everyone,
i have a php-scritp that does not log to the mysql-db. it throws errors all the time:
i am not sure what goes on - if
my guesses
- i use wrong credentials:
- Socket-Problems - i.e. with the sockets cf https://stackoverflow.com/questions/1435445/error-on-creating-connection-to-pdo-in-php
vgl pdo_mysql.default_socket=/opt/lampp/var/mysql/mysql.sock
as for the credentials: i think i can check them with a script:
As you see, this form authenticates the user through check_user-pass.php. Well - It should look for those credentials on my database; if they exist, returns OK, else returns value NO.
So my question is: exactly what code should I include in check_user-pass.php?
I tried to add more code but couldn't do that as well! My current code is:
note: The name in you form is user_name but in your script you look for username
$username=$_POST['username']; should be $username=$_POST['user_name']; EDIT: If you use crypt to encrypt your password before you put them in the database, try this $sql="SELECT * FROM $tbl_name WHERE username='$username'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ $row = mysql_fetch_assoc($result); if (crypt($password, $row['password']) == $row['password']){ session_register("username"); session_register("password"); echo "Login Successful"; return true; } else { echo "Wrong Username or Password"; return false; } } else{ echo "Wrong Username or Password"; return false; } EDIT: myBB seems to use a crapload of md5 hashing for their passwords, try this $sql="SELECT * FROM $tbl_name WHERE username='$username'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ $row = mysql_fetch_assoc($result); if (md5(md5($row['salt']).md5($password)) == $row['password']){ session_register("username"); session_register("password"); echo "Login Successful"; return true; } else { echo "Wrong Username or Password"; return false; } } else{ echo "Wrong Username or Password"; return false; }ideas and questions
well i just want to verify a set of user-credentials:
- no encryption - what i want to do is just a check of a given set of credentials
- this is what i want to do and everything should be fine.
as for the credentials: i think i can check them with a script:
As you see, this form authenticates the user through check_user-pass.php.
_Idea:_ It looks for those credentials on my database; if they exist, returns OK, else returns value NO.
So my question is: exactly what code should I include in check_user-pass.php?
regards
update:
i can do this with a spimple test the connection script too:
error in establishing db bei dem Versuch ein Script zu installieren.
- mit einem Testconnection-Script versucht das weiterzuverfolgen:
Edited by tarifaLink to comment
https://www.neowin.net/forum/topic/1387573-check-user-name-and-password-on-database-to-verify-the-dataset%C2%A0/Share on other sites
3 answers to this question
Recommended Posts