I'd pull the addslashes() and use mysql_real_escape_string() instead. I'd also 
echo the query that's being sent to the database and compare to make sure 
it's doing what it should. 

-Micah 

On Thursday 10 November 2005 8:22 pm, JeRRy wrote:
> Hi,
>
> Well I tried this code but it fails, if I enter a correct User and Pass set
> in the db it just prompts for the user/pass again.  The error message that
> should apply if wrong three times appears but the sucessful message I can't
> get regardless of correct user pass or not, any help please?
>
> <?php
> function displayLogin() {
> header("WWW-Authenticate: Basic realm=\"My Website\"");
> header("HTTP/1.0 401 Unauthorized");
> echo "<h2>Authentication Failure</h2>";
> echo "The username and password provided did not work. Please reload this
> page and try again."; exit;
> }
> $db = mysql_connect('localhost','db_user',db_pass') or die("Couldn't
> connect to the database."); mysql_select_db('db_name') or die("Couldn't
> select the database"); if (!isset($PHP_AUTH_USER) || !isset($PHP_AUTH_PW))
> {
> // If username or password hasn't been set, display the login request.
> displayLogin();
> } else {
> // Escape both the password and username string to prevent users from
> inserting bogus data. $PHP_AUTH_USER = addslashes($PHP_AUTH_USER);
> $PHP_AUTH_PW = md5($PHP_AUTH_PW);
> // Check username and password agains the database.
> $result = mysql_query("SELECT count(id) FROM users WHERE
> password='$PHP_AUTH_PW' AND username='$PHP_AUTH_USER'") or die("Couldn't
> query the user-database."); $num = mysql_result($result, 0);
> if (!$num) {
> // If there were no matching users, show the login
> displayLogin();
> }
> }
> // All code/html below will only be displayed to authenticated users.
> echo "Congratulations! You're now authenticated.";
>
> ?>
>
>
> J
>
>
> ---------------------------------
> Do you Yahoo!?
>   Yahoo! News: Get the latest news via video today!

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to