Well, strip the brackets from around the hash value.
Miles
At 03:41 AM 1/11/2002 +1100, Necro wrote:
>On further investigation it appears to get the correct MD5 value the correct
>synatx is:
>
>$passhash = MD5("$username.$password");   <<--- needs the "
>
>The the error resulting from this is:
>
>select password, 1 as auth from acl where (username='andrewd' and
>password=(163e06103a371fd95b21b4a849bb4b91))1064 : You have an error in your
>SQL syntax near 'a371fd95b21b4a849bb4b91))' at line 1
>
>Does that help give any idea at all as to what the problem is?
>
>Andrew
>
>-----Original Message-----
>From: Necro [mailto:[EMAIL PROTECTED]]
>Sent: Friday, 11 January 2002 3:35 AM
>To: [EMAIL PROTECTED]
>Subject: RE: [PHP-DB] MySQL Result Resource
>
>
>Miles,
>
>You must MD5 the value outside of mysql for it to evaluate it, from the
>error I just got.
>i have tried
>$passhash = MD5($username.$password);
>$arg = "select password, 1 as auth from acl where (username='andrewd' and
>password=($passhash))";
>
>And get the following error...
>select password, 1 as auth from acl where (username='andrewd' and
>password=(c59d088cd3d873af5239cfac1234f370))1054 : Unknown column
>'c59d088cd3d873af5239cfac1234f370' in 'where clause'
>
>So at least the MD5 is now evaluated. But there is still and error in there.
>
>Andrew
>
>
>-----Original Message-----
>From: Miles Thompson [mailto:[EMAIL PROTECTED]]
>Sent: Friday, 11 January 2002 3:29 AM
>To: Necro; [EMAIL PROTECTED]
>Subject: RE: [PHP-DB] MySQL Result Resource
>
>
>
>LIGHT just came on!!! Why does ittake so long.
>
>MD5(andrew.madonna) - I think you're goint to have to do this
>$passhash = $username . $password
>
>and use MD5($passhash).
>
>MySQL is looking for a table "andrewd" with the field "madonna" in the way
>the MD5() is presently structured.
>
>Go to it - Miles
>
>At 03:09 AM 1/11/2002 +1100, Necro wrote:
> >Yep,
> >
> >andrewd is the username im trying to get this script to work with, its an
> >authentication script..
> >
> >The result of echo $arg is the following:
> >
> >select password, 1 as auth from acl where username='andrewd' and
> >password=MD5(andrewd.madonna)1109 : Unknown table 'andrewd' in where clause
> >
> >Andrew
> >
> >-----Original Message-----
> >From: Miles Thompson [mailto:[EMAIL PROTECTED]]
> >Sent: Friday, 11 January 2002 3:08 AM
> >To: Necro; [EMAIL PROTECTED]
> >Subject: RE: [PHP-DB] MySQL Result Resource
> >
> >
> >Can you try this puppy at the MySQL console? I'd dearly love to know where
> >"andrewd" is coming from, it sounds like your username.
> >
> >Before executing mysql_query(), echo $arg and see what it prints.
> >
> >This is strange, but better than what we had - Miles Thompson
> >
> >At 02:54 AM 1/11/2002 +1100, Necro wrote:
> > >Ok,
> > >I have tried a few things now. I finally got it to echo the errors,
>firstly
> > >there was still a prob with MD5 values being in the apostrophes.
> > >Then next error was no db was selected. So i added a mysql_select_db
> > >statement.
> > >Now i get this:
> > >
> > >1109 : Unknown table 'andrewd' in where clause
> > >
> > >andrewd being the username I am trying to get it to accept.
> > >
> > >Following lines are the current bit:
> > >         $arg = "select password, 1 as auth from acl where
> > > username='$username' and
> > >password=MD5($username.$password)";
> > >         $result = mysql_query( $arg ) or die(mysql_errno()." : ".
> > > mysql_error() );
> > >         $row = mysql_fetch_array($result);
> > >
> > >Andrew
> > >
> > >-----Original Message-----
> > >From: Miles Thompson [mailto:[EMAIL PROTECTED]]
> > >Sent: Friday, 11 January 2002 2:36 AM
> > >To: [EMAIL PROTECTED]
> > >Subject: RE: [PHP-DB] MySQL Result Resource
> > >
> > >
> > >Break up the code.
> > >
> > >I assume you are connecting to the database with mysql_connect()  or
> > >mysql_pconnect(). If not, do that.
> > >
> > >Echo your query so that you know it contains valid values.
> > >
> > >Break $row = mysql_fetch_array(mysql_db_query( DATABASE, $arg ));
> > >into
> > >$result = mysql_query( $arg ) or die(mysql_errno()." : ".
>mysql_error() );
> > >$row = mysql_fetch_array($result) )
> > >then do whatever processing you need with the array $row.
> > >
> > >Miles
> > >
> > >PS Just reply to the list, if you reply directly to me I have one more
> > >message to delete. <g> /mt
> > >
> > >At 02:10 AM 1/11/2002 +1100, Necro wrote:
> > > >Yeh, I notice now the MD5 was wrong.
> > > >
> > > >But I still get the same error on line 104. If I try and replace it
>with
> > >the
> > > >current query function then I get two errors.
> > > >
> > > >e.g.
> > > >Warning: Supplied argument is not a valid MySQL-Link resource in
> > > >d:\htdocs\infekt\packages\auth.inc on line 104
> > > >
> > > >Warning: Supplied argument is not a valid MySQL result resource in
> > > >d:\htdocs\infekt\packages\auth.inc on line 104
> > > >
> > > >Andrew
> > > >
> > > >
> > > >-----Original Message-----
> > > >From: Miles Thompson [mailto:[EMAIL PROTECTED]]
> > > >Sent: Friday, 11 January 2002 2:05 AM
> > > >To: Necro; [EMAIL PROTECTED]
> > > >Subject: Re: [PHP-DB] MySQL Result Resource
> > > >
> > > >
> > > >
> > > >The use of the MD5 function in the query doesn't look quite right.
> > > >Shouldn't it be MD5('$password')  or MD5('$username'.'$password') if
> > > >concatenating?
> > > >
> > > >Also, mysql_db_query() has been a deprecated function for some time
>now,
> > > >mysql_query() is recommended.
> > > >
> > > >Hope this gets you going - Miles Thompson
> > > >
> > > >At 01:33 AM 1/11/2002 +1100, Necro wrote:
> > > > >Lo all,
> > > > >
> > > > >Slight problem on an auth script...
> > > > >
> > > > >
> > > > >Warning: Supplied argument is not a valid MySQL result resource in
> > > > >d:\htdocs\infekt\packages\auth.inc on line 104
> > > > >
> > > > >
> > > > >Line 26:  define( "DATABASE", "imanager" );
> > > > >Line 103: $arg = "select password, 1 as auth from acl where
> > > > >username='$username' and password=MD5('$username','$password')";
> > > > >Line 104: $row = mysql_fetch_array(mysql_db_query( DATABASE, $arg ));
> > > > >
> > > > >
> > > > >Can anyone help get this to work??
> > > > >
> > > > >Thankyou.
> > > > >
> > > > >Andrew
> > > > >
> > > > >
> > > > >--
> > > > >PHP Database Mailing List (http://www.php.net/)
> > > > >To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > >For additional commands, e-mail: [EMAIL PROTECTED]
> > > > >To contact the list administrators, e-mail:
> >[EMAIL PROTECTED]
> > >
> > >
> > >--
> > >PHP Database Mailing List (http://www.php.net/)
> > >To unsubscribe, e-mail: [EMAIL PROTECTED]
> > >For additional commands, e-mail: [EMAIL PROTECTED]
> > >To contact the list administrators, e-mail: [EMAIL PROTECTED]
> > >
> > >
> > >--
> > >PHP Database Mailing List (http://www.php.net/)
> > >To unsubscribe, e-mail: [EMAIL PROTECTED]
> > >For additional commands, e-mail: [EMAIL PROTECTED]
> > >To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
> >
> >--
> >PHP Database Mailing List (http://www.php.net/)
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> >To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
>--
>PHP Database Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
>--
>PHP Database Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to