Hi,
from what I see the problem is that you add the authentification passwords to the
database via password('password')
but then your script checks for entries in the database where username= username &
password = password
which cannot work.
You have to make it
where username = username & password = password('password')
exactly:
"
// query the database to see if there is a record which matches
$query = "select count(*) from auth where
name = '$name' and
pass = password('$password')";
"
Regards,
Hendrik
Stephen Tiano wrote:
Sorry for the long post--and the cross-posting to a MySQL list, for those of you
seeing this a second time--but I'm using with difficulty the 2nd edition of
Welling/Thomson's PHP and MySQL Web Development as a textbook for self-teaching (and
I'm at the end of my rope).
After being pleased to work my way thru to Chapter 14, not memorizing the earlier
material, but having some success basically understanding it--I get to the first
"meaty" topic that I was really looking forward to getting into: the business of
authentication.
So I went into MySQL and created the database auth and the table auth, using the
following script:
create database auth;
use auth;
create table auth (
name varchar(10) not null,
pass varchar(30) not null,
primary key (name)
);
insert into auth values
('user', 'pass');
insert into auth values
( 'testuser', password('test123') );
grant select, insert, update, delete
on auth.*
to [EMAIL PROTECTED]
identified by 'rivet';
I used my username that I log into the computer I'm working on--an offline
Powerbook--at the bottom, 'stevet', as well as the password that belongs to that
username, 'rivet'. Since I'm using the test server 'localhost' on the Powerbook, I
used that in the code, as well. These have worked when called for in previous
PHP/MySQL exercises, so it's not something new I invented just for this batch of
tutorials.
Next I opened listing 14.2, secretdb.php--placed properly at the root level for
accessing in my test server--in my browser. Here's secretdb.php:
<?php
if(!isset($_POST['name'])&&!isset($_POST['password']))
{
//Visitor needs to enter a name and password
?>
<h1>Please Log In</h1>
This page is secret.
<form method="post" action="secretdb.php">
<table border="1">
<tr>
<th> Username </th>
<td> <input type="text" name="name"> </td>
</tr>
<tr>
<th> Password </th>
<td> <input type="password" name="password"> </td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Log In">
</td>
</tr>
</table>
</form>
<?php
}
else
{
// connect to mysql
$mysql = mysql_connect( 'localhost', 'stevet', 'rivet' );
if(!$mysql)
{
echo 'Cannot connect to database.';
exit;
}
// select the appropriate database
$mysql = mysql_select_db( 'auth' );
if(!$mysql)
{
echo 'Cannot select database.';
exit;
}
// query the database to see if there is a record which matches
$query = "select count(*) from auth where
name = '$name' and
pass = '$password'";
$result = mysql_query( $query );
if(!$result)
{
echo 'Cannot run query.';
exit;
}
$count = mysql_result( $result, 0, 0 );
if ( $count > 0 )
{
// visitor's name and password combination are correct
echo '<h1>Here it is!</h1>';
echo 'I bet you are glad you can see this secret page.';
}
else
{
// visitor's name and password combination are not correct
echo '<h1>Go Away!</h1>';
echo 'You are not authorized to view this resource.';
}
}
?>
I was greeted by the Please Log In screen. I used 'user' as username and 'pass' as
the password, as that was one of the two combinations the first bit of code above
inserted into the table auth. After submitting, I got the customized error message:
"Go Away! You are not authorized to view this resource."
Just to make certain, I substituted 'root' and my root password in both pieces of
code for 'stevet' and 'rivet', and got the same error screen.
I don't understand why either of those username/password combinations don't work. I
mean, they're in the authorization table. And I'm obviously connecting to the
database, as I'm getting past that stage of the code. Can anyone tell me what I'm too
dense to see?
Thanks very much.
Steve Tiano
