After being pleased to work my way thru to Chapter 14, not memorizing the earlier material, but having some success basically understanding it--I get to the first "meaty" topic that I was really looking forward to getting into: the business of authentication.
So I went into MySQL and created the database auth and the table auth, using the following script:
create database auth;
use auth;
create table auth (
name varchar(10) not null,
pass varchar(30) not null,
primary key (name)
);insert into auth values
('user', 'pass');insert into auth values
( 'testuser', password('test123') );grant select, insert, update, delete on auth.* to [EMAIL PROTECTED] identified by 'rivet';
I used my username that I log into the computer I'm working on--an offline Powerbook--at the bottom, 'stevet', as well as the password that belongs to that username, 'rivet'. Since I'm using the test server 'localhost' on the Powerbook, I used that in the code, as well. These have worked when called for in previous PHP/MySQL exercises, so it's not something new I invented just for this batch of tutorials.
Next I opened listing 14.2, secretdb.php--placed properly at the root level for accessing in my test server--in my browser. Here's secretdb.php:
<?php
if(!isset($_POST['name'])&&!isset($_POST['password']))
{
//Visitor needs to enter a name and password
?>
<h1>Please Log In</h1>
This page is secret.
<form method="post" action="secretdb.php">
<table border="1">
<tr>
<th> Username </th>
<td> <input type="text" name="name"> </td>
</tr>
<tr>
<th> Password </th>
<td> <input type="password" name="password"> </td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Log In">
</td>
</tr>
</table>
</form>
<?php
}
else
{
// connect to mysql
$mysql = mysql_connect( 'localhost', 'stevet', 'rivet' );
if(!$mysql)
{
echo 'Cannot connect to database.';
exit;
}
// select the appropriate database
$mysql = mysql_select_db( 'auth' );
if(!$mysql)
{
echo 'Cannot select database.';
exit;
} // query the database to see if there is a record which matches
$query = "select count(*) from auth where
name = '$name' and
pass = '$password'"; $result = mysql_query( $query );
if(!$result)
{
echo 'Cannot run query.';
exit;
}$count = mysql_result( $result, 0, 0 );
if ( $count > 0 )
{
// visitor's name and password combination are correct
echo '<h1>Here it is!</h1>';
echo 'I bet you are glad you can see this secret page.';
}
else
{
// visitor's name and password combination are not correct
echo '<h1>Go Away!</h1>';
echo 'You are not authorized to view this resource.';
}
}
?>I was greeted by the Please Log In screen. I used 'user' as username and 'pass' as the password, as that was one of the two combinations the first bit of code above inserted into the table auth. After submitting, I got the customized error message: "Go Away! You are not authorized to view this resource."
Just to make certain, I substituted 'root' and my root password in both pieces of code for 'stevet' and 'rivet', and got the same error screen.
I don't understand why either of those username/password combinations don't work. I mean, they're in the authorization table. And I'm obviously connecting to the database, as I'm getting past that stage of the code. Can anyone tell me what I'm too dense to see?
Thanks very much.
Steve Tiano
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
