PHP/Mysql authentication script getting NULL result from query -

-

i working on test project, trying learn more php , mysql , not. have decided build authentication engine test website having issues query.

basically, if run...

select * users name="tester" , passwd=md5('pass');

from mysql console, get...

+--------+---------------+----------------------------------+ | name   | email         | passwd                           | +--------+---------------+----------------------------------+ | tester | test@test.com | 1a1dc91c907325c69271ddf0c944bc72 | +--------+---------------+----------------------------------+ 1 row in set (0.00 sec)

however,when issue same query (at least think same) php code (see below) appear getting null result, authentication fails.

<?php     include 'db_connect.php';      $username = $_post['username'];     $passwd = $_post['passwd'];      // protect mysql injection (more detail mysql injection)     //$username = stripslashes($username);     //$passwd = stripslashes($passwd);     //$username = mysql_real_escape_string($username);     //$passwd = mysql_real_escape_string($passwd);      //encrypted password     $secpasswd = md5($passwd);      $sql="select * users name='$username' , passwd = $secpasswd";      $result=mysql_query($dbconnect,$sql);     var_dump($result);      // mysql_num_row counting table row     $count=mysql_num_rows($result);     //var_dump($count);      // if result matched $myusername , $mypassword, table row must 1 row     if($count==1){          // register $myusername, $mypassword , redirect file "login_success.php"         session_register("username");         session_register("passwd");          header("location:login_success.php");         }     else {         echo "wrong username or password";         }     ob_end_flush(); ?>

there s lot of problems code.

  • you sql query format wrong
  • you don't fetch values query result
  • your hashing weak
  • you aren't using prepared statements
  • you using outdated session functions

here how have 

<?php include 'db_connect.php';  //encrypted password $secpasswd = sha512($_post['passwd'].$_post['username']);  $sql = "select * users name = ? , passwd = ?"; $stm = $pdo->prepare($sql); $stm->execute(array($_post['username'], $secpasswd)); $row = $stm->fetch();  if($row){     $_session["username"] = $row[username];     header("location:login_success.php");     exit; } else {     echo "wrong username or password"; }

note code using pdo database interaction


Comments

Post a Comment

Popular posts from this blog

c++ - Creating new partition disk winapi -

-
i'am trying create new partition , mount volume new, thought createfile let me this, code : lpctstr lpfilename=l"\\\\.\\device\\harddisk0\\partition3"; handle handl=createfile( lpfilename, generic_read | generic_write, file_share_read | file_share_write, null, create_always, file_attribute_normal, null ); if (handl==invalid_handle_value) { qdebug()<<"handl invalid"<<" error"<<getlasterror();} bool success = definedosdevice(ddd_raw_target_path,l"i:",l"\\device\\harddisk0\\partition3"); if(!success) qdebug()<<" definedosdevice failed "<<getlasterror(); bflag = getvolumenameforvolumemountpoint( l"i:\\", // input volume mount point or directory /** u in dir
Read more

Android Prevent Bluetooth Pairing Dialog -

-
i'm developing internal application uses bluetooth printing. want bluetooth pairing occur without user input. have managed working trapping android.bluetooth.device.action.pairing_request broadcast. in broadcast receiver call setpin method, , pairing works ok, bluetoothpairingdialog displayed second or two, disappears - see link below. https://github.com/android/platform_packages_apps_settings/blob/master/src/com/android/settings/bluetooth/bluetoothpairingdialog.java since broadcast non-ordered, can't call abortbroadcast() , , wondering if there other way prevent pairing dialog appearing. can hook window manager in way? i haven't been able come way without modifying sdk. if you're oem, it's easy (i'm on 4.3): in packages/apps/settings/androidmanifest.xml, comment intent filter pairing dialog: <activity android:name=".bluetooth.bluetoothpairingdialog" android:label="@string/bluetooth_pairing_request"
Read more

VBA function to include CDATA -

-
i have following function include cdata: function cdatasection() dim objdom domdocument dim objkmlrootelement ikmldomelement dim objkmlelement ikmldomelement dim cdata ikmldomcdatasection set objdom = new domdocument set objkmlrootelement = objdom.createelement("balloonstyle") objdom.appendchild objkmlrootelement set objkmlelement = objdom.createelement("text") objkmlrootelement.appendchild objkmlelement set cdata = objdom.createcdatasection("text") cdata.data = "<![cdata[<b>latitude = $[latitude]</b>?]]>;" end function when run above, getting error "user defined data type not found" function. yes ripster says find library reference. vba window tools>references for list of relevant references see... http://msdn.microsoft.com/en-us/library/windows/desktop/ms763701%28v=vs.85%29.aspx however, if have hard time tracking down reference, replace dim sta
Read more