Hi,
Sunday, November 9, 2003, 12:48:17 AM, you wrote:
ST> Sorry for the long post--and the cross-posting to a MySQL list, for
ST> those of you seeing this a second time--but I'm using with difficulty
ST> the 2nd edition of Welling/Thomson's PHP and MySQL Web Development as a
ST> textbook for self-teaching (and I'm at the end of my rope).
ST> After being pleased to work my way thru to Chapter 14, not memorizing
ST> the earlier material, but having some success basically understanding
ST> it--I get to the first "meaty" topic that I was really looking forward
ST> to getting into: the business of authentication.
ST> So I went into MySQL and created the database auth and the table auth,
ST> using the following script:
ST> create database auth;
ST> use auth;
ST> create table auth (
ST> name varchar(10) not null,
ST> pass varchar(30) not null,
ST> primary key (name)
ST> );
ST> insert into auth values
ST> ('user', 'pass');
ST> insert into auth values
ST> ( 'testuser', password('test123') );
ST> grant select, insert, update, delete
ST> on auth.*
ST> to [EMAIL PROTECTED]
ST> identified by 'rivet';
ST> I used my username that I log into the computer I'm working on--an
ST> offline Powerbook--at the bottom, 'stevet', as well as the password that
ST> belongs to that username, 'rivet'. Since I'm using the test server
ST> 'localhost' on the Powerbook, I used that in the code, as well. These
ST> have worked when called for in previous PHP/MySQL exercises, so it's not
ST> something new I invented just for this batch of tutorials.
ST> Next I opened listing 14.2, secretdb.php--placed properly at the root
ST> level for accessing in my test server--in my browser. Here's secretdb.php:
ST> <?php
ST> if(!isset($_POST['name'])&&!isset($_POST['password']))
ST> {
ST> //Visitor needs to enter a name and password
?>>
ST> <h1>Please Log In</h1>
ST> This page is secret.
ST> <form method="post" action="secretdb.php">
ST> <table border="1">
ST> <tr>
ST> <th> Username </th>
ST> <td> <input type="text" name="name"> </td>
ST> </tr>
ST> <tr>
ST> <th> Password </th>
ST> <td> <input type="password" name="password"> </td>
ST> </tr>
ST> <tr>
ST> <td colspan="2" align="center">
ST> <input type="submit" value="Log In">
ST> </td>
ST> </tr>
ST> </table>
ST> </form>
ST> <?php
ST> }
ST> else
ST> {
ST> // connect to mysql
ST> $mysql = mysql_connect( 'localhost', 'stevet', 'rivet' );
ST> if(!$mysql)
ST> {
ST> echo 'Cannot connect to database.';
ST> exit;
ST> }
ST> // select the appropriate database
ST> $mysql = mysql_select_db( 'auth' );
ST> if(!$mysql)
ST> {
ST> echo 'Cannot select database.';
ST> exit;
ST> }
ST> // query the database to see if there is a record which matches
ST> $query = "select count(*) from auth where
ST> name = '$name' and
ST> pass = '$password'";
ST> $result = mysql_query( $query );
ST> if(!$result)
ST> {
ST> echo 'Cannot run query.';
ST> exit;
ST> }
ST> $count = mysql_result( $result, 0, 0 );
ST> if ( $count > 0 )
ST> {
ST> // visitor's name and password combination are correct
ST> echo '<h1>Here it is!</h1>';
ST> echo 'I bet you are glad you can see this secret page.';
ST> }
ST> else
ST> {
ST> // visitor's name and password combination are not correct
ST> echo '<h1>Go Away!</h1>';
ST> echo 'You are not authorized to view this resource.';
ST> }
ST> }
?>>
ST> I was greeted by the Please Log In screen. I used 'user' as username and
ST> 'pass' as the password, as that was one of the two combinations the
ST> first bit of code above inserted into the table auth. After submitting,
ST> I got the customized error message: "Go Away! You are not authorized to
ST> view this resource."
ST> Just to make certain, I substituted 'root' and my root password in both
ST> pieces of code for 'stevet' and 'rivet', and got the same error screen.
ST> I don't understand why either of those username/password combinations
ST> don't work. I mean, they're in the authorization table. And I'm
ST> obviously connecting to the database, as I'm getting past that stage of
ST> the code. Can anyone tell me what I'm too dense to see?
ST> Thanks very much.
ST> Steve Tiano
looks like you need to use $_POST['name'] and $_POST['pass'] in the query or
assign those values to $name and $pass first.
--
regards,
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
