WampServer

Hi, WAMP going well.

I'm having a small problem with a verification script. When i moved dbase to WAMP setup it contained a table called passcheck hich simple holds usernames and password. When i set table up I used PASSWORD function to encrypt passwords.

Now it seems the PASSWORD uses a different encryption in MYSQL.

I've put the passwords in again and used PASSWORD.

I query dbase with:

$query = "SELECT count(*) FROM passcheck WHERE

username = '$user' AND

user_password = password('$password') ";

This did work ok on previous phptriad setup but doesn't (seem to) work now.

It does work live on my hosting server.

any ideas? Should i be using OLD_PASSWORD? ie

user_password = old_password('$password') ";

TIA

R.

I'm not quite sure about that, but guess different mysql might use different encryption, so you might have to redo for all users, better check mysql sites for more info

Have fun,

FREE One A Day
FREE Photo
FREE Games
FREE Websites
FREE Portable GPS
FREE WAMP Guides

Well I've done some more investigation. it is actually reading the dbase ok and getting user and user_password.

However it it then looping back to the log in form instead of actioning the rest of the commands.

Apache error log and php error logs show nothing.

If i may I'll put the code here to see if anyone can see a problem. To re-iterate, this code works ok on my hosting server and also worked on a phptriad setup... so frustrating.

Here's the code (I have short_tags enabled):


<html>
<head>

<title>Update Mill Page</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<STYLE TYPE="text/css" MEDIA=screen>

<!--

BODY { font:arial,verdana }

fieldset {font-family:verdana;
font-size:10pt;
color:#0000FF;
width:350px;
margin-top:10;
margin-left:10;
}
form{font-family:verdana;
font-size:10pt;
}

-->

</STYLE>
</head>

<body bgcolor="#FFFFFF" text="#000000" STYLE="font-family: 'Arial', 'sans serif'">

<?

if(!isset($user)&&!isset($password))
//if( (isset($_SERVER['PHP_AUTH_USER']) AND isset($_SERVER['PHP_AUTH_PW']))

{

//Visitor needs to enter a name and password

?>

<fieldset><legend>Please enter your Username and Password</legend>

<form method = post action = "pass_addtopic.php">//NAME OF THIS FILE
<br/>

Username:&nbsp;<input type = text name = user><br /><br />

Password: <input type = password name = password><br /><br />

<input type = submit value = "Log In">

</form>
</fieldset>

<?

}

else

{

// connect to mysql
require_once('mysql_connect.php');//THIS WORKS OK


if(!$db)

{

echo 'Cannot connect to database.';

exit;

}

// select the appropriate database

if(!$db)

{

echo 'Cannot select database.';

exit;
}

// query the database to see if there is a record which matches

$query = "SELECT count(*) FROM passcheck WHERE

username = '$user' AND

user_password = password('$password') ";

$result = mysql_query( $query );

if(!$result)

{

echo 'Cannot run query.';

exit;

}
$count = mysql_result( $result, 0, 0 );


echo $count;
if ( $count > 0)

{

// visitor's name and password combination are correct

require_once('../secure/mysql_connect.php');
$data="SELECT * FROM barender WHERE id=1";

$result = mysql_query($data,$db);
$insert=mysql_fetch_array($result);
$default= stripslashes($insert[body]);


mysql_close();


$form ="<form action=\"add_topic.php\" method=\"post\">";

$form.="Body text:<textarea name=\"body\"";

$form.="rows =\"25\" cols=\"60\"value=\"$body\">$default</textarea><br><br>";

$form.="<input type=\"submit\" name=\"sent\" value=\"update page\">";

$form.="<input type=\"reset\" name=\"reset\" value=\"Reset\">";

$form.="</form>";

echo $form;


echo "<h4>Upload Images</h4>";
$formupload ="<form action=\"uploader_topic.php\" method=\"post\" enctype=\"multipart/form-data\"><input size=\"50\" name=\"file\" type=\"file\" > <br><br>
<input name=\"submit\" type=\"submit\" value=\"Upload file\"></form>";
echo $formupload;

echo "\n";
}
else

{

// visitor's name and password combination are not correct

echo "<h1>Go Away!</h1>";

echo "You are not authorized to view this resource.";

echo $count;

}

}

?>
</p>
<p>&nbsp;</p>
</body>

</html>

<bump>

Sorry Guys and girls but I'm in a fix here, need to sort what the problem is..

R.

Quote

I'm not quite sure about that, but guess different mysql might use different encryption, so you might have to redo for all users, better check mysql sites for more info

Did you at least create a new test user w/ same type of encryption; then, use the code above to access it?

Have fun,

FREE One A Day
FREE Photo
FREE Games
FREE Websites
FREE Portable GPS
FREE WAMP Guides

I've tried most things

I used another form using http authentication - read user and user_password ok from the same database. Uses $_SERVER['PHP_AUTH_USER'] and ($_SERVER['PHP_AUTH_PW'] and works ok. and I can get it to 'echo' id, name and password to screen.

However I shy away from http authentication.

I've also checked the COUNT query using phpadmin and it returns a 1 i.e. username and password recognised.

So,.. my own code is looping and going no further that displaying the login form. It works on my hosting server but obviously I need it to work on my testing server i..e. WAMP2.

I'll have another later today, but to be honest I've read and re-read code and error logs and don't know where to go next.

R.



Edited 2 time(s). Last edit at 12/15/2007 03:32PM by thered.

Just run across an article mentioned about this

Quote

Note: Using MySQL's password() function in your own applications isn't recommended - the algorithm used has changed over time and prior to 4.1 was particularly weak.

Have fun,

FREE One A Day
FREE Photo
FREE Games
FREE Websites
FREE Portable GPS
FREE WAMP Guides

I don't know, or can't think of any other way to do it...

Removing password() for test purposes doesn't help, code still won't run. Got to be something silly!!!


Aaaaargh... annoying

Quote

Removing password() for test purposes doesn't help, code still won't run. Got to be something silly!!!

It doesn't work since the passwords for users already encrypted when created, so just make another user/pass w/o encryption and try again

Have fun,

FREE One A Day
FREE Photo
FREE Games
FREE Websites
FREE Portable GPS
FREE WAMP Guides

Nope, tried that, set up new user password w/o encryptionand even deleted old one.

Also set up another file without the authentication and it displays the form and contents ok:


<?
require_once('mysql_connect.php');
$data="SELECT * FROM barender WHERE id=1";

$result = mysql_query($data,$db);
$insert=mysql_fetch_array($result);
$default= stripslashes($insert[body]);

mysql_close();


$form ="<form action=\"add_topic.php\" method=\"post\">";

$form.="Body text:<textarea name=\"body\"";

$form.="rows =\"25\" cols=\"60\"value=\"$body\">$default</textarea><br><br>";

$form.="<input type=\"submit\" name=\"sent\" value=\"update page\">";

$form.="<input type=\"reset\" name=\"reset\" value=\"Reset\">";

$form.="</form>";

echo $form;


echo "<h4>Upload Images</h4>";
$formupload ="<form action=\"uploader_topic.php\" method=\"post\" enctype=\"multipart/form-data\"><input size=\"50\" name=\"file\" type=\"file\" > <br><br>
<input name=\"submit\" type=\"submit\" value=\"Upload file\"></form>";
echo $formupload;

echo "\n";
?>

So know I don't know what to do. Some how it's not discarding the login form...

thanks for your help up to now BTW,

R.



Edited 1 time(s). Last edit at 12/15/2007 07:04PM by thered.

OK sorted...

It wasn't an encryption or authentication problem.

It was the fact that Global variables needed switching to on in php.ini

this was not allowing <form> to send info to form handler.