[PHP] Login Script: mysql_num_rows(): supplied argument is not a valid MySQL result resource
The following script is supposed to validate a username and password in a mysql
db. When entering the username and password of a preregistered user, I get the
following errors:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /var/www/login.php on line 24
Warning: Cannot modify header information - headers already sent by (output
started at /var/www/login.php:24) in /var/www/login.php on line 26
On line 24 is:
if(!mysql_num_rows($login)) //if the username and pass are wrong
--The supplied argument is $login, which is previously defined as:
$login = mysql_query(SELECT * FROM 'userinfo' WHERE `user` = '$user' AND
`pass` = '$pass`);
--which is further defined above it as these values:
$user = $_POST['user']; //pulls the username from the form
$pw = $_POST['pass']; //pulls the pass from the form
$pass = md5($pw); //makes our password an md
So why is the sum of those previous definitions an invalid argument for the
mysql_query() to test for whether the username and md5 password values are
true/equivalent to each other?
Thanks for any help you may be able to provide, below is the full login.php
page.
David
This is the full login.php script, I'm pretty sure no other portions are needed
to show at this point for the current problem:
?php
$act = $_GET['act']; //retrives the page action
if(empty($act)) //if there is no action
{
echo('form action=login.php?act=auth method=post name=loginform
id=loginform
pUsername
input type=text name=user
/p
pPassword
input type=password name=pass
/p
p
input type=submit name=Submit value=Login
/p
/form');
}
elseif($act == auth) //if our page action = auth
{
$user = $_POST['user']; //pulls the username from the form
$pw = $_POST['pass']; //pulls the pass from the form
$pass = md5($pw); //makes our password an md5
include(connect.php); //connects to our mysql database
$login = mysql_query(SELECT * FROM `userinfo` WHERE `user` = '$user' AND
`pass` = '$pass`); //selects info from our table if the row has the same user
and pass that our form does
if(!mysql_num_rows($login)) //if the username and pass are wrong
{
header(Location: login.php); //redirects to our login page
die(); //stops the page from going any further
}
else
{
setcookie(user, $user, time()+3600);//sets our user cookie
setcookie(pass, $pass, time()+3600);//sets our pass cookie
header(Location: memprar.php);//instead of yourpage.php it
would be your protected page
}
}
?
Re: [PHP] Login Script: mysql_num_rows(): supplied argument is not a valid MySQL result resource
On Fri, 2010-02-19 at 00:30 -0800, David Hutto wrote:
The following script is supposed to validate a username and password in a
mysql db. When entering the username and password of a preregistered user, I
get the following errors:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /var/www/login.php on line 24
Warning: Cannot modify header information - headers already sent by (output
started at /var/www/login.php:24) in /var/www/login.php on line 26
On line 24 is:
if(!mysql_num_rows($login)) //if the username and pass are wrong
--The supplied argument is $login, which is previously defined as:
$login = mysql_query(SELECT * FROM 'userinfo' WHERE `user` = '$user' AND
`pass` = '$pass`);
--which is further defined above it as these values:
$user = $_POST['user']; //pulls the username from the form
$pw = $_POST['pass']; //pulls the pass from the form
$pass = md5($pw); //makes our password an md
So why is the sum of those previous definitions an invalid argument for the
mysql_query() to test for whether the username and md5 password values are
true/equivalent to each other?
Thanks for any help you may be able to provide, below is the full login.php
page.
David
This is the full login.php script, I'm pretty sure no other portions are
needed to show at this point for the current problem:
?php
$act = $_GET['act']; //retrives the page action
if(empty($act)) //if there is no action
{
echo('form action=login.php?act=auth method=post name=loginform
id=loginform
pUsername
input type=text name=user
/p
pPassword
input type=password name=pass
/p
p
input type=submit name=Submit value=Login
/p
/form');
}
elseif($act == auth) //if our page action = auth
{
$user = $_POST['user']; //pulls the username from the form
$pw = $_POST['pass']; //pulls the pass from the form
$pass = md5($pw); //makes our password an md5
include(connect.php); //connects to our mysql database
$login = mysql_query(SELECT * FROM `userinfo` WHERE `user` = '$user' AND
`pass` = '$pass`); //selects info from our table if the row has the same
user and pass that our form does
if(!mysql_num_rows($login)) //if the username and pass are wrong
{
header(Location: login.php); //redirects to our login page
die(); //stops the page from going any further
}
else
{
setcookie(user, $user, time()+3600);//sets our user cookie
setcookie(pass, $pass, time()+3600);//sets our pass cookie
header(Location: memprar.php);//instead of yourpage.php it
would be your protected page
}
}
?
First, please create a new email when sending to the list and don't just
reply to the last one, as those of us with email clients that group by
threads get confused when the subject line appears to change mid-thread!
On to your question, you've got an error with your query, so it will
never work:
SELECT * FROM `userinfo` WHERE `user` = '$user' AND `pass` =
'$pass`// change that last back tick after $pass!
Lastly; protect your queries! That $user variable is open to injection.
Replacing it with something like $user =
mysql_real_escape_string($_POST['user']); Your $pass is protected (I
believe) because of what you're doing with the hash, but I'm not an
expert in these things, so it could be that this may not be enough.
Thanks,
Ash
http://www.ashleysheridan.co.uk
Re: [PHP] Login Script: mysql_num_rows(): supplied argument is not a valid MySQL result resource
--- On Fri, 2/19/10, Ashley Sheridan a...@ashleysheridan.co.uk wrote:
From: Ashley Sheridan a...@ashleysheridan.co.uk
Subject: Re: [PHP] Login Script: mysql_num_rows(): supplied argument is not a
valid MySQL result resource
To: David Hutto dwightdhu...@yahoo.com
Cc: php-general@lists.php.net
Date: Friday, February 19, 2010, 5:34 AM
On Fri, 2010-02-19 at 00:30 -0800, David Hutto wrote:
The following script is supposed to validate a username and password in a mysql
db. When entering the username and password of a preregistered user, I get the
following errors:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /var/www/login.php on line 24
Warning: Cannot modify header information - headers already sent by (output
started at /var/www/login.php:24) in /var/www/login.php on line 26
On line 24 is:
if(!mysql_num_rows($login)) //if the username and pass are wrong
--The supplied argument is $login, which is previously defined as:
$login = mysql_query(SELECT * FROM 'userinfo' WHERE `user` = '$user' AND
`pass` = '$pass`);
--which is further defined above it as these values:
$user = $_POST['user']; //pulls the username from the form
$pw = $_POST['pass']; //pulls the pass from the form
$pass = md5($pw); //makes our password an md
So why is the sum of those previous definitions an invalid argument for the
mysql_query() to test for whether the username and md5 password values are
true/equivalent to each other?
Thanks for any help you may be able to provide, below is the full login.php
page.
David
This is the full login.php script, I'm pretty sure no other portions are needed
to show at this point for the current problem:
?php
$act = $_GET['act']; //retrives the page action
if(empty($act)) //if there is no action
{
echo('form action=login.php?act=auth method=post name=loginform
id=loginform
pUsername
input type=text name=user
/p
pPassword
input type=password name=pass
/p
p
input type=submit name=Submit value=Login
/p
/form');
}
elseif($act == auth) //if our page action = auth
{
$user = $_POST['user']; //pulls the username from the form
$pw = $_POST['pass']; //pulls the pass from the form
$pass = md5($pw); //makes our password an md5
include(connect.php); //connects to our mysql database
$login = mysql_query(SELECT * FROM `userinfo` WHERE `user` = '$user' AND
`pass` = '$pass`); //selects info from our table if the row has the same user
and pass that our form does
if(!mysql_num_rows($login)) //if the username and pass are wrong
{
header(Location: login.php); //redirects to our login page
die(); //stops the page from going any further
}
else
{
setcookie(user, $user, time()+3600);//sets our user cookie
setcookie(pass, $pass, time()+3600);//sets our pass cookie
header(Location: memprar.php);//instead of yourpage.php it
would be your protected page
}
}
?
First, please create a new email when sending to the list and don't just reply
to the last one, as those of us with email clients that group by threads get
confused when the subject line appears to change mid-thread!
On to your question, you've got an error with your query, so it will never work:
SELECT * FROM `userinfo` WHERE `user` = '$user' AND `pass` = '$pass` //
change that last back tick after $pass!
Lastly; protect your queries! That $user variable is open to injection.
Replacing it with something like $user =
mysql_real_escape_string($_POST['user']); Your $pass is protected (I believe)
because of what you're doing with the hash, but I'm not an expert in these
things, so it could be that this may not be enough.
Thanks,
Ash
http://www.ashleysheridan.co.uk
Apologies for hijacking the thread, I hit reply all in a randomly picked email
and deleted the info/subject line, guess that doesn't work.
Thanks for the advice, it's almost working right, all things considered.
David
Re: [PHP] Login script problem
On Jan 5, 2008 11:50 AM, Reese [EMAIL PROTECTED] wrote:
Daniel Brown wrote:
Do you expect the value of $key in this condition to be a literal zero?
$twoyears = array('alphanumeric_code1', 'alphanumeric_code2',
'alphanumeric_code3', 'alphanumeric_code4',
'alphanumeric_code5',
'alphanumeric_code6', 'alphanumeric_code7');
$key = in_array($sPromocode,$twoyears);
if($key=='0')
I changed
if($key=='0')
to
if(!isset($key=='1'))
to see what effect that change might make, the server threw an error
so I set it back to its original state:
Parse error: parse error, unexpected T_IS_EQUAL, expecting ',' or ')' in
/[PATH]/login.php on line 16
That's because isset() isn't able to eval() an expression. Remove
the !isset() part, or the =='1' part and that will remove the parse
error.
--
Daniel P. Brown
[Phone Numbers Go Here!]
[They're Hidden From View!]
If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script problem
Daniel Brown wrote: if(!isset($key=='1')) //caused parse error That's because isset() isn't able to eval() an expression. Got it, I see the mistake now. Remove the !isset() part, or the =='1' part and that will remove the parse error. I changed it to if(!isset($key)) and you were right, the parse error went away. This change seems to have no effect on access code logins (I'm able to log in, as expected) or IP-authenticated logins (I still cannot log in, even though my IP is in the MySQL db). Reese -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Login script problem
Greetings,
I've been lurking for several weeks, I thought I'd post to describe
a problem I've been having in the hope that a solution can be found.
And my thanks to Casey, for his offlist assistance with another,
unrelated issue earlier this week. :-)
I apologize up front, for what is probably too much information.
I know this will take some time to read and digest.
On a client's site (PHP4 environment, natch), two login methods are
used to control access to premium content. The first sets a cookie
when valid access codes are submitted via the login form, there are
no known problems with that method at this time.
The second method was grafted on top of the first by a 2nd programmer.
It is a link to the verification script (index1.php) that is supposed
to do IP lookups in a MySQL db table. The table is called getIPval
and has 4 Fields, which are named 'nIP','ipStart','ipEnd','nStatus'
All ipStart/ipEnd ranges have a status of 1, and can accommodate
the number of characters required for IPv6 addresses but to the best
of my knowledge, no IPv6 addresses are listed at this time (there are
a couple thousand line items).
The script(s) is supposed to check rows in the table and if the
requesting IP is = ipStart AND = ipEnd on a given row, grant
access to the requesting IP [load the page identified by the rYear
(decade) year (actual year) variables called out in the navigation
link] - the default page after login is /1940s/1949.php . If the
requesting IP is not found, the user is to be bounced to the login
page [index.php]. Outside of these two scripts, the 'rYear'and 'year'
values are passed via GET in the navigation links, the key is not
passed by the navigation links. To repair emergent problems with the
1st access method while getting the 2nd access method to work, the
key was introduced but it is not included in the navigation links.
An example nav link looks something like this:
http://[domain][path]index1.php?rYear=value1year=value2
Or at least, that is how it is all supposed to work, per my
understanding of the programmer's description and my own understanding
after reviewing the code myself.
The Problem
A growing number of what are supposed to be authorized, IP-authenticated
users have reported an inability to navigate away from the initial
premium content page, 1949.php, after the script checks their IP and
lets them in that far. Access code users do not report difficulties.
I've been over this with the programmer, he says he cannot find
anything wrong with the PHP scripts. I've checked some of the affected
IP-range entries in the MySQL db table, our best guess to date has
been that a cache server is misbehaving somewhere. Neither of us is
able to duplicate the reported error of not being able to navigate
away from the 1949 page.
What I have observed recently however, with my own IP listed in the
db table as part of a range, sometimes the script will randomly either
let me in or not let me in. Whichever state it is in, persists, until
new changes are made when it will then either let me in or not.
It always lets me in if I list my specific IP (not as part of a range).
So as the number of users who report the navigation difficulty grows,
I am beginning to wonder if there might really be a problem in the
script that the programmer isn't seeing for whatever reason. Does
anyone see anything obviously wrong in the code below?
I've obscured the actual server domain name, login, passwords, and some
path statements. Watch for line wraps.
Reese
--
?php
//
//login script, invoked by all premium content pages via GET
//file name index1.php
//
$link = mysql_connect('mysql_server_url', 'login_id', 'login_password');
if (!$link) {
die('Not connected : ' . mysql_error());
}
// make mrfsql_db1 the current db
$db_selected = mysql_select_db('login_id', $link);
if (!$db_selected) {
die ('Can\'t use foo : ' . mysql_error());
}
$domain = GetHostByName($REMOTE_ADDR); // users IP//
if(!empty($_REQUEST['rYear']))
{
$yrs = $_REQUEST['rYear'].'s';
$yr = $_REQUEST['year'];
}
function getIP($cdomain)
{
$sql= SELECT nStatus FROM getIPval WHERE ipStart ='.$cdomain.'
;
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
return $row['nStatus'];
}
$row = getIP($domain);
if(!empty($_COOKIE[monthcode]))
{
$pcode = $_COOKIE[monthcode];
}
if($row == '1' || $pcode!='')
{
header(Location: decade/$yrs/$yr.php?key=1);
}
else
{
$sdomain = explode(.,$domain);
$cdomain = $sdomain['0'].'.'.$sdomain['1'].'.'.'0'.'.'.'0';
$row = getIP($cdomain);
if($row == '1' $sdomain['3'] 256)
{
header('Location: decade/1940s/1949.php?key=1');
}
else
{
header('Location: index.php');
}
}
?
EOF
Below, the check script that is used on all other premium pages.
Its intended function is to verify that the user is authorized
Re: [PHP] Login script problem
On Jan 4, 2008 9:54 AM, Reese [EMAIL PROTECTED] wrote:
Greetings,
I've been lurking for several weeks, I thought I'd post to describe
a problem I've been having in the hope that a solution can be found.
And my thanks to Casey, for his offlist assistance with another,
unrelated issue earlier this week. :-)
[snip=all]
Reese,
While I noticed several areas for improvement in the code (such as
being sure to exit; after calling header(Location: ); ), two
things primarily come to mind:
Do you expect the value of $key in this condition to be a literal zero?
$twoyears = array('alphanumeric_code1', 'alphanumeric_code2',
'alphanumeric_code3', 'alphanumeric_code4', 'alphanumeric_code5',
'alphanumeric_code6', 'alphanumeric_code7');
$key = in_array($sPromocode,$twoyears);
if($key=='0')
Also, what about ISPs such as AOHell who use fully-dynamic IP
proxies that change on location, at time intervals, and are
interspersed with random changes? Even putting that into a range
won't help, as it's likely the IP will only have the network prefix
(and perhaps the same Class B slot).
--
Daniel P. Brown
[Phone Numbers Go Here!]
[They're Hidden From View!]
If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script problem
Web Design Company wrote: Someone? Me31!1!1ONE Please, if you do not need amplifying information or if you do not intend to pose a suggestion, it is better to remain silent. I wasn't helped by your Someone? post, no one else was either. Reese -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script problem
Someone? - http://ooyes.net Web design company | http://ooyes.net Graphic design company | http://ooyes.net Outsourcing company -- View this message in context: http://www.nabble.com/Login-script-problem-tp14618073p14618942.html Sent from the PHP - General mailing list archive at Nabble.com. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script problem
Daniel Brown wrote:
[snip=all]
Reese,
While I noticed several areas for improvement in the code (such as
being sure to exit; after calling header(Location: ); ), two
things primarily come to mind:
Do you expect the value of $key in this condition to be a literal zero?
$twoyears = array('alphanumeric_code1', 'alphanumeric_code2',
'alphanumeric_code3', 'alphanumeric_code4', 'alphanumeric_code5',
'alphanumeric_code6', 'alphanumeric_code7');
$key = in_array($sPromocode,$twoyears);
if($key=='0')
No, it should either be 1 if set or NULL(?) if not set, there is
nothing to set that value to 0 - only this check to see if it is
== to 0. Is this another area, like the one Casey helped with
earlier, where '!empty' was being used instead of 'isset'?
The programmer is aware that improvement is possible and we've had
some discussions in that regard, but owing to this being a for a
friend item and his currently declared job demands, either he is
truly swamped or he is brushing me off. I'm willing to give him
benefit of the doubt, until I'm confronted with evidence to the
contrary.
Also, what about ISPs such as AOHell who use fully-dynamic IP
proxies that change on location, at time intervals, and are
interspersed with random changes? Even putting that into a range
won't help, as it's likely the IP will only have the network prefix
(and perhaps the same Class B slot).
That's an area where I left detail out, my apologies. The dual login
mechanisms are geared towards accommodating this, AOHell users will
tend to be individual entities and the 'access code' mechanism is
geared towards them. Meanwhile, entities with static, assigned IP
addresses such as libraries on city networks are meant to be given
IP-based access, hence the other login validation method (which
isn't working quite right).
Reese
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script problem
On Jan 4, 2008 11:55 AM, Reese [EMAIL PROTECTED] wrote: Web Design Company wrote: Someone? Me31!1!1ONE Please, if you do not need amplifying information or if you do not intend to pose a suggestion, it is better to remain silent. I wasn't helped by your Someone? post, no one else was either. It's just some jackass who's replying to random posts to SPAM the links in his/her signature, I'm sure. Ridiculous posts have been made in other threads from Web Design Company as well. -- Daniel P. Brown [Phone Numbers Go Here!] [They're Hidden From View!] If at first you don't succeed, stick to what you know best so that you can make enough money to pay someone else to do it for you. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php Login script issue
Hi,
Its just a login and password validation that I am trying to achieve. If the
username is correct then the person is able to view certain page, if
incorrect then he is directed elsewhere.
?
$userid=mysql_real_escape_string($userid);
$password=mysql_real_escape_string($password);
if($rec=mysql_fetch_array(mysql_query(SELECT * FROM tablename WHERE
userName='$userName' AND password = '$password'))){
if(($rec['userName']==$userName)($rec['password']==$password)){
include ../include/newsession.php;
echo p class=data centerSuccessfully,Logged inbrbr
logout.php Log OUT brbr welcome.php Click here if your browser is not
redirecting automatically or you don't want to wait. br/center;
print script;
print self.location='submit-store-details.php';; // Comment this
line if you don't want to redirect
print /script;
}
}
else {
session_unset();
echo Wrong Login. Use your correct Userid and Password and Try
brcenterinput type='button' value='Retry'
onClick='history.go(-1)'/center;
}
?
I am getting this error when I am using this code:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in thispage.php on line 37
Wrong Login. Use your correct Userid and Password and Try
Why does it show up everytime and whats wrong with mysql_fetch_array().
Please advice also if there is some other way available please help me try
that.
Thanks,
Chris
--
View this message in context:
http://www.nabble.com/php-Login-script-issue-tf4450691.html#a12698139
Sent from the PHP - General mailing list archive at Nabble.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php Login script issue
On 9/16/07, Chris Carter [EMAIL PROTECTED] wrote:
Hi,
Its just a login and password validation that I am trying to achieve. If the
username is correct then the person is able to view certain page, if
incorrect then he is directed elsewhere.
?
$userid=mysql_real_escape_string($userid);
Here you call it $userid
$password=mysql_real_escape_string($password);
if($rec=mysql_fetch_array(mysql_query(SELECT * FROM tablename WHERE
userName='$userName' AND password = '$password'))){
and here you call it $userName. If this is the full code, $userName is
not set here, and it would result in query userName='' and mysql_query
will return FALSE, which isn't a valid mysql resource for
mysql_fetch_array.
if(($rec['userName']==$userName)($rec['password']==$password)){
include ../include/newsession.php;
echo p class=data centerSuccessfully,Logged inbrbr
logout.php Log OUT brbr welcome.php Click here if your browser is not
redirecting automatically or you don't want to wait. br/center;
print script;
print self.location='submit-store-details.php';; // Comment this
line if you don't want to redirect
print /script;
}
}
else {
session_unset();
echo Wrong Login. Use your correct Userid and Password and Try
brcenterinput type='button' value='Retry'
onClick='history.go(-1)'/center;
}
?
I am getting this error when I am using this code:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in thispage.php on line 37
Wrong Login. Use your correct Userid and Password and Try
Why does it show up everytime and whats wrong with mysql_fetch_array().
Please advice also if there is some other way available please help me try
that.
Thanks,
Chris
I advice you to split the code up in 2 seperate actions, and check for errors.
if($rec=mysql_fetch_array(mysql_query(SELECT * FROM tablename WHERE
userName='$userName' AND password = '$password'))){
would become:
$result = mysql_query(SELECT * FROM tablename WHERE
userName='$userName' AND password = '$password') or die
(mysql_error());
// You could also add some checks here with mysql_num_rows for example...
if($rec=mysql_fetch_array($result)){
Tijnema
--
If this is a mailing list: DO NOT TOP POST! why?:
http://www.caliburn.nl/topposting.html
Vote for PHP Color Coding (aka Syntax Highlighting) in Gmail! -
http://gpcc.tijnema.info
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php Login script issue
Hi,
$result = mysql_query(SELECT * FROM tablename WHERE
userName='$userName' AND password = '$password');
if($rec = mysql_fetch_array($result)){
//your code
}
Try like this it may solve. It may solve your problem
Don't try to fetch the result from one single line code.
Warm Regards,
Sanjeev
http://www.sanchanworld.com/
http://webdirectory.sanchanworld.com - Submit your website URL
http://webhosting.sanchanworld.com - Choose your best web hosting plan
-Original Message-
From: Chris Carter [mailto:[EMAIL PROTECTED]
Sent: Sunday, September 16, 2007 3:10 PM
To: php-general@lists.php.net
Subject: [PHP] php Login script issue
Hi,
Its just a login and password validation that I am trying to achieve. If the
username is correct then the person is able to view certain page, if
incorrect then he is directed elsewhere.
?
$userid=mysql_real_escape_string($userid);
$password=mysql_real_escape_string($password);
if($rec=mysql_fetch_array(mysql_query(SELECT * FROM tablename WHERE
userName='$userName' AND password = '$password'))){
if(($rec['userName']==$userName)($rec['password']==$password)){
include ../include/newsession.php;
echo p class=data centerSuccessfully,Logged inbrbr
logout.php Log OUT brbr welcome.php Click here if your browser is not
redirecting automatically or you don't want to wait. br/center;
print script;
print self.location='submit-store-details.php';; // Comment this
line if you don't want to redirect
print /script;
}
}
else {
session_unset();
echo Wrong Login. Use your correct Userid and Password and Try
brcenterinput type='button' value='Retry'
onClick='history.go(-1)'/center;
}
?
I am getting this error when I am using this code:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in thispage.php on line 37
Wrong Login. Use your correct Userid and Password and Try
Why does it show up everytime and whats wrong with mysql_fetch_array().
Please advice also if there is some other way available please help me try
that.
Thanks,
Chris
--
View this message in context:
http://www.nabble.com/php-Login-script-issue-tf4450691.html#a12698139
Sent from the PHP - General mailing list archive at Nabble.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php Login script issue
argh! hotmail sucks
I don't see in the script where you are using $_POST / $_GET / $_REQUEST to
access tha data from the form. Its likely that the example you are following is
old and uses 'register_globals'. Since register_globals is a huge security hole
and is not active in any new installations of PHP you need to change your
script to use the above methods to get the form data. The error you are getting
is due to the fact that you are not passing in the values to the sql and not
getting a valid result
Note that the below example fixes your issue but DOES NOT do any validation,
which you really should do before passing your data to the sql...
$userid=mysql_real_escape_string($_POST['userid']);
$password=mysql_real_escape_string($_POST['password']);
if($rec=mysql_fetch_array(mysql_query(SELECT * FROM tablename WHERE
userName='$userName' AND password = '$password'))){
if(($rec['userName']==$userName)($rec['password']==$password))
bastien
Date: Sun, 16 Sep 2007 02:39:57
-0700 From: [EMAIL PROTECTED] To: php-general@lists.php.net Subject: [PHP]
php Login script issue Hi, Its just a login and password validation that I
am trying to achieve. If the username is correct then the person is able to
view certain page, if incorrect then he is directed elsewhere.
$userid=mysql_real_escape_string($userid);
$password=mysql_real_escape_string($password);
if($rec=mysql_fetch_array(mysql_query(SELECT * FROM tablename WHERE
userName='$userName' AND password = '$password'))){
if(($rec['userName']==$userName)($rec['password']==$password)){ include
../include/newsession.php; echo Successfully,Logged in logout.php Log OUT
welcome.php Click here if your browser is not redirecting automatically or
you don't want to wait. ; print ; } } else { session_unset(); echo
Wrong Login. Use your correct Userid and Password and Try
onClick='history.go(-1)'; } ? I am getting this error when I am using
this code: Warning: mysql_fetch_array(): supplied argument is not a valid
MySQL result resource in thispage.php on line 37 Wrong Login. Use your
correct Userid and Password and Try Why does it show up everytime and whats
wrong with mysql_fetch_array(). Please advice also if there is some other way
available please help me try that. Thanks, Chris -- View this message in
context: http://www.nabble.com/php-Login-script-issue-tf4450691.html#a12698139
Sent from the PHP - General mailing list archive at Nabble.com. -- PHP
General Mailing List (http://www.php.net/) To unsubscribe, visit:
http://www.php.net/unsub.php
_
Connect to the next generation of MSN Messenger
http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-ussource=wlmailtagline
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Login script login
Hi All, Having a grey brain moment here and need some advise on the logic of this, should be simple, login script. I am checking validity of customer number customer email customer password (md5 in mysql) So i have my form with relevant fields Now i am getting problems with either sql or how i am handling , and showing, and errors. I think what i am asking is this If someone just hits the login button show error All fields must be entered If customer number dose not excist show relevant error If customer number ok but email not show error If customer number ok but email ok but password is not show error If all is ok set sessions, got this ok, and proceed. Any help with with this is very much appreciated. Kind Regards Dave C -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script login
- Original Message - From: Dave Carrera [EMAIL PROTECTED] Hi All, Having a grey brain moment here and need some advise on the logic of this, should be simple, login script. I am checking validity of customer number customer email customer password (md5 in mysql) So i have my form with relevant fields Now i am getting problems with either sql or how i am handling , and showing, and errors. I think what i am asking is this If someone just hits the login button show error All fields must be entered If customer number dose not excist show relevant error If customer number ok but email not show error If customer number ok but email ok but password is not show error In login scripts you usually don't tell which part of the login is wrong, otherwise, you are hinting at what is right. Once the customer is logged in, you are right to be as helpful as possible, but until the customer proves who he/she is, you don't give away anything. Satyam If all is ok set sessions, got this ok, and proceed. Any help with with this is very much appreciated. Kind Regards Dave C -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script login
Dave Carrera wrote:
Hi All,
Having a grey brain moment here and need some advise on the logic of
this, should be simple, login script.
I am checking validity of
customer number
customer email
customer password (md5 in mysql)
So i have my form with relevant fields
Now i am getting problems with either sql or how i am handling , and
showing, and errors.
I think what i am asking is this
If someone just hits the login button show error All fields must be
entered
If customer number dose not excist show relevant error
If customer number ok but email not show error
If customer number ok but email ok but password is not show error
If all is ok set sessions, got this ok, and proceed.
Any help with with this is very much appreciated.
Kind Regards
Dave C
I'm not totally clear what the question was in there. Personally I keep
this simple...
?php
$_POST['number'] =
(isset($_POST['number']) ? trim($_POST['number']) : '');
$_POST['email'] =
(isset($_POST['email']) ? trim($_POST['email']) : '');
if (empty($_POST['number']) or
empty($_POST['email']) or
empty($_POST['password']))
{
die('All fields must be entered');
}
// Find the customer/user/whatever you need from the given details
if (not found)
{
die('Unable to locate customer/user/whatever');
}
// Set up the session here, or however you're tracking the
// current customer/user/whatever
header('Location: /somewhere_else');
?
Hope that helps.
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script login
Hi Stut,
I think i have found where i am going wrong.
Its in the comparison login for the db result.
So i select * from jfjfjfjf where custno=$_POST[number]
But now i am getting messed up with if cust no not found then all i get
is a blank page but hoping for an error
And i dont think i am comparing the db result with the $_POST correctly
Struggling here a bit :-(
Dave C
Stut wrote:
Dave Carrera wrote:
Hi All,
Having a grey brain moment here and need some advise on the logic of
this, should be simple, login script.
I am checking validity of
customer number
customer email
customer password (md5 in mysql)
So i have my form with relevant fields
Now i am getting problems with either sql or how i am handling , and
showing, and errors.
I think what i am asking is this
If someone just hits the login button show error All fields must be
entered
If customer number dose not excist show relevant error
If customer number ok but email not show error
If customer number ok but email ok but password is not show error
If all is ok set sessions, got this ok, and proceed.
Any help with with this is very much appreciated.
Kind Regards
Dave C
I'm not totally clear what the question was in there. Personally I
keep this simple...
?php
$_POST['number'] =
(isset($_POST['number']) ? trim($_POST['number']) : '');
$_POST['email'] =
(isset($_POST['email']) ? trim($_POST['email']) : '');
if (empty($_POST['number']) or
empty($_POST['email']) or
empty($_POST['password']))
{
die('All fields must be entered');
}
// Find the customer/user/whatever you need from the given details
if (not found)
{
die('Unable to locate customer/user/whatever');
}
// Set up the session here, or however you're tracking the
// current customer/user/whatever
header('Location: /somewhere_else');
?
Hope that helps.
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script login
On p, 2007-02-02 at 12:10 +, Dave Carrera wrote:
Hi Stut,
I think i have found where i am going wrong.
Its in the comparison login for the db result.
So i select * from jfjfjfjf where custno=$_POST[number]
But now i am getting messed up with if cust no not found then all i get
is a blank page but hoping for an error
because you get an empty result set if no match is found
so check it like
if ($row = mysql_fetch_array($result)) {
// ok, found
} else {
// not found, error
}
or whatever sql you use
hope that helps
Zoltán Németh
And i dont think i am comparing the db result with the $_POST correctly
Struggling here a bit :-(
Dave C
Stut wrote:
Dave Carrera wrote:
Hi All,
Having a grey brain moment here and need some advise on the logic of
this, should be simple, login script.
I am checking validity of
customer number
customer email
customer password (md5 in mysql)
So i have my form with relevant fields
Now i am getting problems with either sql or how i am handling , and
showing, and errors.
I think what i am asking is this
If someone just hits the login button show error All fields must be
entered
If customer number dose not excist show relevant error
If customer number ok but email not show error
If customer number ok but email ok but password is not show error
If all is ok set sessions, got this ok, and proceed.
Any help with with this is very much appreciated.
Kind Regards
Dave C
I'm not totally clear what the question was in there. Personally I
keep this simple...
?php
$_POST['number'] =
(isset($_POST['number']) ? trim($_POST['number']) : '');
$_POST['email'] =
(isset($_POST['email']) ? trim($_POST['email']) : '');
if (empty($_POST['number']) or
empty($_POST['email']) or
empty($_POST['password']))
{
die('All fields must be entered');
}
// Find the customer/user/whatever you need from the given details
if (not found)
{
die('Unable to locate customer/user/whatever');
}
// Set up the session here, or however you're tracking the
// current customer/user/whatever
header('Location: /somewhere_else');
?
Hope that helps.
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script login
Stut wrote:
I'm not totally clear what the question was in there. Personally I keep
this simple...
?php
$_POST['number'] =
(isset($_POST['number']) ? trim($_POST['number']) : '');
$_POST['email'] =
(isset($_POST['email']) ? trim($_POST['email']) : '');
if (empty($_POST['number']) or
empty($_POST['email']) or
empty($_POST['password']))
{
die('All fields must be entered');
}
// Find the customer/user/whatever you need from the given details
if (not found)
{
die('Unable to locate customer/user/whatever');
}
// Set up the session here, or however you're tracking the
// current customer/user/whatever
header('Location: /somewhere_else');
?
Hope that helps.
-Stut
be aware that you need a session_write_close(); before header('Location...
or the session data might not be written to disk!
just my 2 cent
--
View this message in context:
http://www.nabble.com/Login-script-login-tf3160341.html#a8766588
Sent from the PHP - General mailing list archive at Nabble.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script login
On Fri, February 2, 2007 5:19 am, Dave Carrera wrote:
Having a grey brain moment here and need some advise on the logic of
this, should be simple, login script.
I am checking validity of
customer number
customer email
customer password (md5 in mysql)
So i have my form with relevant fields
Now i am getting problems with either sql or how i am handling , and
showing, and errors.
I think what i am asking is this
If someone just hits the login button show error All fields must be
entered
$customer_number = (int) (isset($_POST['customer_number']) ?
$_POST['customer_number'] : 0);
$customer_email = isset($_POST['customer_email']) ?
$_POST['customer_email'] : '';
$customer_password = isset($_POST['customer_password']) ?
$_POST['customer_password'] : '';
if (!$customer_number || !strlen($customer_email) ||
!strlen($customer_password)){
$messages[] = All fields are required;
}
else{
$customer_number_sql = mysql_real_escape_string($customer_number);
$customer_email_sql = mysql_real_escape_string($customer_email);
$customer_password_sql = mysql_real_escape_string($customer_password);
$query = select ;
$query .=email = '$customer_email_sql' as email_ok
$query .= , password = md5('$customer_password_sql') as password_ok
$query .= FROM customer ;
$query .= WHERE customer_number = $customer_number_sql ;
$customer_info = mysql_query($query) or die(mysql_error());
if (!mysql_num_rows($customer_info)){
$messages[] = Invalid Customer Number;
}
else{
list($email_ok, $password_ok) = mysql_fetch_row($customer_info);
if (!$email_ok) $messages[] = Invalid Email;
elseif (!$password_ok) $messages[] = Invalid Password;
}
}
if count($messages)) echo div class=\errorp,
implode(/p\np, $messages), /p/div\n;
else require 'proceed.inc';
--
Some people have a gift link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script login
On Fri, February 2, 2007 5:33 am, Satyam wrote: In login scripts you usually don't tell which part of the login is wrong, otherwise, you are hinting at what is right. Once the customer is logged in, you are right to be as helpful as possible, but until the customer proves who he/she is, you don't give away anything. Satyam is correct: It's more secure to not indicate when the username was incorrect differently from an incorrect password. But it's definitely also (very much) less user-friendly. For example, in seldom-used applications where the user is very likely to forget their username, such as 99% of the stupid websites that require me to register for something that needs no security in the first place, it's a royal pain in the ass. :-) You have to balance Security against Usability and make an informed intelligent decision. I also wondered why you have an ID number that somebody is supposed to remember, and an email, when either one should be sufficient for most applications, but it was easier to type out an answer than to get you to re-think your design decisions. :-) -- Some people have a gift link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script login
If you are splicing $_POST directly into your SQL, you are DEFINITELY
doing it wrong, but not in the way that you think.
Start reading here:
http://phpsec.org
On Fri, February 2, 2007 6:10 am, Dave Carrera wrote:
Hi Stut,
I think i have found where i am going wrong.
Its in the comparison login for the db result.
So i select * from jfjfjfjf where custno=$_POST[number]
But now i am getting messed up with if cust no not found then all i
get
is a blank page but hoping for an error
And i dont think i am comparing the db result with the $_POST
correctly
Struggling here a bit :-(
Dave C
Stut wrote:
Dave Carrera wrote:
Hi All,
Having a grey brain moment here and need some advise on the logic
of
this, should be simple, login script.
I am checking validity of
customer number
customer email
customer password (md5 in mysql)
So i have my form with relevant fields
Now i am getting problems with either sql or how i am handling ,
and
showing, and errors.
I think what i am asking is this
If someone just hits the login button show error All fields must
be
entered
If customer number dose not excist show relevant error
If customer number ok but email not show error
If customer number ok but email ok but password is not show error
If all is ok set sessions, got this ok, and proceed.
Any help with with this is very much appreciated.
Kind Regards
Dave C
I'm not totally clear what the question was in there. Personally I
keep this simple...
?php
$_POST['number'] =
(isset($_POST['number']) ? trim($_POST['number']) : '');
$_POST['email'] =
(isset($_POST['email']) ? trim($_POST['email']) : '');
if (empty($_POST['number']) or
empty($_POST['email']) or
empty($_POST['password']))
{
die('All fields must be entered');
}
// Find the customer/user/whatever you need from the given details
if (not found)
{
die('Unable to locate customer/user/whatever');
}
// Set up the session here, or however you're tracking the
// current customer/user/whatever
header('Location: /somewhere_else');
?
Hope that helps.
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Some people have a gift link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script login
On Fri, February 2, 2007 7:05 am, Jürgen Wind wrote:
// Set up the session here, or however you're tracking the
// current customer/user/whatever
header('Location: /somewhere_else');
?
Hope that helps.
-Stut
be aware that you need a session_write_close(); before
header('Location...
or the session data might not be written to disk!
If we're gonna get picuyane...
The Location header technically requires a full URL.
And using a re-direct instead of an include is a shocking waste of
HTTP resources imho, but that may not matter if traffic is low.
--
Some people have a gift link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login script login
Richard Lynch wrote: And using a re-direct instead of an include is a shocking waste of HTTP resources imho, but that may not matter if traffic is low. I generally redirect there because on occasion the login process does stuff like clear out potentially pre-existing session data from another part of the site. Having it happen again because of the user refreshing the page needs to be avoided. The redirect accomplishes this. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] login script
Hello,
I have a couple of questions
first how do I check two tables is it?
$sql = SELECT * FROM mytable, mytable2 WHERE username = '$username' AND
userpass = '$userpass';
Secondly my table just sends and returns straight values from the db but I
expect some kind of encription is required. What is a simple, secure method.
md5() or another method. Do I store an encypted file on the server and just
decrypt it at the php page.
my auth script at present
?php
session_start();
$auth = false; // Assume user is not authenticated
$username= $_REQUEST['username'];
$userpass= $_REQUEST['userpass'];
if (isset($username) isset($userpass)) {
$sql = SELECT * FROM mytable WHERE
username = '$username' AND
userpass = '$userpass';
// Execute the query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num_rows = mysql_num_rows($result);
if($num_rows == 0) {
}
else {
$_SESSION['username']= $username;
$_SESSION['userpass']= $userpass;
header(Location: disclaimer.php);
$auth = true;
}
}
Thanks.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] login script
Ross wrote:
first how do I check two tables is it?
$sql = SELECT * FROM mytable, mytable2 WHERE username = '$username' AND
userpass = '$userpass';
That depends on what you are trying to achieve. Your example makes no
sense at all. What are you trying to get from each table? How are they
linked? etc! However, since this is a PHP list I suggest you try
Googling for an introductory SQL tutorial or a SQL mailing list.
Secondly my table just sends and returns straight values from the db but I
expect some kind of encription is required. What is a simple, secure method.
md5() or another method. Do I store an encypted file on the server and just
decrypt it at the php page.
my auth script at present
?php
session_start();
$auth = false; // Assume user is not authenticated
$username= $_REQUEST['username'];
$userpass= $_REQUEST['userpass'];
if (isset($username) isset($userpass)) {
$sql = SELECT * FROM mytable WHERE
username = '$username' AND
userpass = '$userpass';
// Execute the query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num_rows = mysql_num_rows($result);
if($num_rows == 0) {
}
else {
$_SESSION['username']= $username;
$_SESSION['userpass']= $userpass;
header(Location: disclaimer.php);
$auth = true;
}
}
If that's your login script you have bigger problems than securing the
passwords in the database. There is no escaping applied to the username
and password you get from the browser - this is a massive security hole.
See http://php.net/mysql_real_escape_string about that one.
As far as securing the password goes, the most common approach is to
store the MD5 hash in the DB. What you want is something like this...
?php
session_start();
$auth = false; // Assume user is not authenticated
$username = $_REQUEST['username'];
$userpass = $_REQUEST['userpass'];
if (!empty($username) !empty($userpass))
{
$sql = SELECT * FROM mytable WHERE
username =
'.mysql_real_escape_string($username).' AND
userpass =
md5('.mysql_real_escape_string($userpass).');
// Execute the query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
if (mysql_num_rows($result) == 0)
{
// Login failed, blah blah blah
}
else
{
$_SESSION['username']= $username;
$_SESSION['userpass']= $userpass;
header(Location: disclaimer.php);
$auth = true;
}
}
?
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] login script
On 15/08/06, Ross [EMAIL PROTECTED] wrote:
Hello,
I have a couple of questions
first how do I check two tables is it?
$sql = SELECT * FROM mytable, mytable2 WHERE username = '$username' AND
userpass = '$userpass';
Secondly my table just sends and returns straight values from the db but I
expect some kind of encription is required. What is a simple, secure
method.
md5() or another method. Do I store an encypted file on the server and
just
decrypt it at the php page.
my auth script at present
?php
session_start();
$auth = false; // Assume user is not authenticated
$username= $_REQUEST['username'];
$userpass= $_REQUEST['userpass'];
if (isset($username) isset($userpass)) {
$sql = SELECT * FROM mytable WHERE
username = '$username' AND
userpass = '$userpass';
// Execute the query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num_rows = mysql_num_rows($result);
if($num_rows == 0) {
}
else {
$_SESSION['username']= $username;
$_SESSION['userpass']= $userpass;
header(Location: disclaimer.php);
$auth = true;
}
}
Question 1 - you are doing a join so there has to be a linking index
between the two table ie select * from table1, table2 where table1.id =
table2.userid (for example). Question 2 - md5 is sufficient, depends on
what your are storing (ie credit card numbers may require a stronger
encyption method. To check:
$pass = md5(password);
select * from table 1 where password = '$pass';
I think the php and mysql md5 functions differ but I may be wrong!
--
http://www.web-buddha.co.uk
http://www.projectkarma.co.uk
Re: [PHP] login script
I would hope that MD5 hashing is MD5 hashing no matter where it originates. However, I think it's better to use the database server's implementation. I believe it is less likely to be changed in future versions, and it removes some processing time from the front end. Additionally, if you ever move away from PHP, you have one less line of platform-specific code to change. On 8/15/06, Dave Goodchild [EMAIL PROTECTED] wrote: $pass = md5(password); select * from table 1 where password = '$pass'; I think the php and mysql md5 functions differ but I may be wrong! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] login script
On Tue, August 15, 2006 5:37 am, Ross wrote:
I have a couple of questions
first how do I check two tables is it?
You probably should not have 2 tables at all.
Both username and password would normally be stored in a single record
in the same table
CREATE TABLE user (
user_id int(11) auto_increment unique not null primary key,
username text,
password text
);
/* You'd probably have other fields like name, address, email, etc */
$sql = SELECT * FROM mytable, mytable2 WHERE username = '$username'
AND
userpass = '$userpass';
So it would just be:
FROM user WHERE username = '$username' AND password = '$userpass'
Second, SELECT * is Evil, for various reasons. You can Google and
find the debates about it.
Secondly my table just sends and returns straight values from the db
but I
expect some kind of encription is required. What is a simple, secure
method.
md5() or another method. Do I store an encypted file on the server and
just
decrypt it at the php page.
You never ever ever actually decrypt it.
But wait, you way, how can that work?!
It's quite simple, really.
The whole purpose of a one-way encryption is that you only store the
ENCRYPTED result.
Later, the user then has to put in the correct password, and you
one-way encrypt that, and you compare the ENCRYPTED values.
Either the encrypted values match, or the password is wrong.
You can almost think of the ENCRYPTED value as being like a lock to
which there is only one key that fits -- the password.
To test if the key fits the lock, you don't make another copy of the
key -- You just encrypt it, and see if it matches the shape of the
lock.
MD5 would be a perfectly reasonable one-way encryption scheme.
So if the password was 'foo', then your MD5-encrypted value would be:
acbd18db4cc2f85cedef654fccc4a4d8
Your database would have 'acbd18db4cc2f85cedef654fccc4a4d8' stored in it.
When they login, you do:
SELECT user_id, username
FROM user
WHERE username = '$username'
AND password = md5('$userpass')
Either the MD5 of their input ('foo') is the correct value you have
stored: acbd18db4cc2f85cedef654fccc4a4d8 or they have the wrong
password/key, and you should not let them in.
?php
session_start();
$auth = false; // Assume user is not authenticated
$username= $_REQUEST['username'];
$userpass= $_REQUEST['userpass'];
if (isset($username) isset($userpass)) {
$sql = SELECT * FROM mytable WHERE
username = '$username' AND
userpass = '$userpass';
Yikes!
You REALLY need to read about SQL-injection here:
http://phpsec.org/
and start using this function:
http://php.net/mysql_real_escape_string
Also, your $username and $userpass should be constrained at all times
to very specific validation rules.
Can't be blank.
Must be at least X characters. (you pick a nice X)
Passwords should probably contain at least one non-alpha character.
// Execute the query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
or die() is a great simple way to demonstrate the basics of code.
It's not something you would really really want to use on a production
server, unless you are 100% sure that you've turned off display-errors
and are logging your errors and you have a process in place to examine
the logs...
Something like http://php.net/set_error_handler and
http://php.net/trigger_error would be more appropriate for real
code.
// Get number of rows in $result.
$num_rows = mysql_num_rows($result);
if($num_rows == 0) {
}
else {
$_SESSION['username']= $username;
$_SESSION['userpass']= $userpass;
header(Location: disclaimer.php);
Instead of a header(Location:) which has some issues involved, you
could just do:
require 'disclaimer.php';
exit;
$auth = true;
This doesn't do anything, at least not with your current code, nor
with anything I've suggested here...
}
}
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] login script
On Tue, August 15, 2006 5:51 am, Dave Goodchild wrote: I think the php and mysql md5 functions differ but I may be wrong! You are wrong. :-) The whole point of MD5 is that MD5 is MD5, no matter where you go. Even ASP MD5 is the same as PHP MD5. Except it probably sucks for being too slow or you have to pay for it or something. :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Login Script
Could anyone let me know or point me to where I could find out how to setup a login for my php site. I've been looking around and found plenty of stuff for PHP/Apache, but nothing for just PHP. Any help or info about this would be appreciated. Thanks, Chuck -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Login Script
Chuck wrote: Could anyone let me know or point me to where I could find out how to setup a login for my php site. I've been looking around and found plenty of stuff for PHP/Apache, but nothing for just PHP. You need to store user information somewhere and apache .htpasswd files and mysql databases are popular choices. Shamless plug: I can direct you to a php and mysql login system at http://www.radinks.net/user/ Any help or info about this would be appreciated. Thanks, Chuck -- Raditha Dissanayake. http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader Graphical User Inteface. Just 128 KB | with progress bar. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP Login Script
Chuck [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Could anyone let me know or point me to where I could find out how to setup a login for my php site. I've been looking around and found plenty of stuff for PHP/Apache, but nothing for just PHP. Any help or info about this would be appreciated. Thanks, Chuck Hi Chuck, you could try those two PEAR packages: http://pear.php.net/package/Auth http://pear.php.net/package/LiveUser If you have any questions about those packages that the docs and the source code can't answer there is the PEAR general mailing list to help ;) Best regards, Torsten Roehr -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login Script
Hey Brian,
how about something like this, just change the session info to cookies
if you want?
?
session_start();
## get db connection
Require_once('../conf/Systemconfig.inc.php');
## Disable DOS Attacks
if ($_SERVER['HTTP_USER_AGENT'] == || $_SERVER['HTTP_USER_AGENT'] ==
-) {
die();
}
// If no Post Dont Process Page
If ([EMAIL PROTECTED]){
@header(HTTP/1.0 404 Not Found);
$error = 1;
// Error No Post
die();
}
## Process Login
## Run security Checks
if (!get_magic_quotes_gpc()) {
$User = addslashes($_POST['Username']);
$Password = addslashes($_POST['Password']);
} else {
$User = $_POST['Username'];
$Password = $_POST['Password'];
}
$Result = mysql_query(SELECT * From `site_users` WHERE Username='$User'
AND Password='$Password' AND Visible='1');
if($GetRes=mysql_fetch_array($Result));
{
## Create Session vars and redirect
$_SESSION['AuthUser'] = TRUE;
$_SESSION['AuthName'] = $User;
$_SESSION['AdminID'] = $GetRes['UserID'];
$_SESSION['FirstName'] = $GetRes['FirstName'];
}
else {
$_SESSION['FAILURE'] = TRUE;
}
## Redirect to Main page
@header('Location: index.php');
exit();
?
hth
On Mon, 2004-07-19 at 21:01, Brian Krausz wrote:
[snip]
a. do not reply off-list unless asked, your question may not receive the
attention it needs
[/snip]
Sorry, I got the email before the board post so I assumed you were only
replying off-list.
[snip]
2. You do know basic PHP, correct? Create a page that accepts a username
and password. Have the un and pw checked against the db. If it is good,
set a cookie and check for the cookie with each page, if not redirect to
the proper location.
[/snip]
My 2 main concern are security and user-friendlyness. I would like
anyone (regardless of cookies being allowed or not) to be able to use my
service, but I would still like it to be secure.
But I guess I'll try making my own script...worth a shot.
Re: [PHP] Login Script
Thanks for all the suggestions guys, I took your advice and currently have a working login script (hopefully :) ). If I have any more problems I'll be sure to ask you, it's nice to know that there's a place I can always go for questions. Thanks, Brian -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Login Script
While I know there are many scripts out there, and have spent many hours looking through them, I am having trouble finding a login script that fits my needs. I am looking for the following: A MySQL-based login system that doesn't use Pear :: DB. All I would like is for it to support cookies and all those things that would make it more secure. I have had trouble finding this...any suggestions? Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Login Script
[snip] While I know there are many scripts out there, and have spent many hours looking through them, I am having trouble finding a login script that fits my needs. I am looking for the following: A MySQL-based login system that doesn't use Pear :: DB. All I would like is for it to support cookies and all those things that would make it more secure. I have had trouble finding this...any suggestions? [/snip] Do you mean a login script where the username and password are stored in a MySQL database table? One where if the login is good a cookie is set? Nope. :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login Script
Well I already have a db with username/password fields, etc. I'm just looking for code for a login page and a file to include at the top of each page for auth. Jay Blanchard wrote: [snip] While I know there are many scripts out there, and have spent many hours looking through them, I am having trouble finding a login script that fits my needs. I am looking for the following: A MySQL-based login system that doesn't use Pear :: DB. All I would like is for it to support cookies and all those things that would make it more secure. I have had trouble finding this...any suggestions? [/snip] Do you mean a login script where the username and password are stored in a MySQL database table? One where if the login is good a cookie is set? Nope. :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Login Script
[snip] Well I already have a db with username/password fields, etc. I'm just looking for code for a login page and a file to include at the top of each page for auth. [/snip] a. do not reply off-list unless asked, your question may not receive the attention it needs 2. You do know basic PHP, correct? Create a page that accepts a username and password. Have the un and pw checked against the db. If it is good, set a cookie and check for the cookie with each page, if not redirect to the proper location. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login Script
Hello Brian,
Take a look at setcookie() in the PHP manual. The algorithm is pretty
simple. Once the user submits the form, you compare form data with the
data in the database. If the password matches, then set a cookie with
the username (using setcookie()). Then you'll just have to check if the
cookie is set - if(isset($_COOKIE['username'])) {...} - and if it's set,
proceed to user page; if not, display the login form again.
--
Best regards,
Cosmin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login Script
[snip] a. do not reply off-list unless asked, your question may not receive the attention it needs [/snip] Sorry, I got the email before the board post so I assumed you were only replying off-list. [snip] 2. You do know basic PHP, correct? Create a page that accepts a username and password. Have the un and pw checked against the db. If it is good, set a cookie and check for the cookie with each page, if not redirect to the proper location. [/snip] My 2 main concern are security and user-friendlyness. I would like anyone (regardless of cookies being allowed or not) to be able to use my service, but I would still like it to be secure. But I guess I'll try making my own script...worth a shot. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login Script
Brian Krausz [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] [snip] a. do not reply off-list unless asked, your question may not receive the attention it needs [/snip] Sorry, I got the email before the board post so I assumed you were only replying off-list. [snip] 2. You do know basic PHP, correct? Create a page that accepts a username and password. Have the un and pw checked against the db. If it is good, set a cookie and check for the cookie with each page, if not redirect to the proper location. [/snip] My 2 main concern are security and user-friendlyness. I would like anyone (regardless of cookies being allowed or not) to be able to use my service, but I would still like it to be secure. But I guess I'll try making my own script...worth a shot. Hi Brian, if you want to be independent of the user's browser cookie settings you have to pass the session id from page to page via POST (e.g. as a hidden field in a form) or GET: a href=page2.php?php= SID ?link/a I would recommend searching the mailing list archives. You will find LOADS of useful information on sessions. Regards, Torsten Roehr -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login Script
[snip] a. do not reply off-list unless asked, your question may not receive the attention it needs [/snip] Sorry, I got the email before the board post so I assumed you were only replying off-list. [snip] 2. You do know basic PHP, correct? Create a page that accepts a username and password. Have the un and pw checked against the db. If it is good, set a cookie and check for the cookie with each page, if not redirect to the proper location. [/snip] My 2 main concern are security and user-friendlyness. I would like anyone (regardless of cookies being allowed or not) to be able to use my service, but I would still like it to be secure. If security is in mind, adding SSL to your website is a great start. --Matthew Sims --http://killermookie.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login Script
On Tuesday 20 July 2004 03:24, Brian Krausz wrote: While I know there are many scripts out there, and have spent many hours looking through them, I am having trouble finding a login script that fits my needs. I am looking for the following: A MySQL-based login system that doesn't use Pear :: DB. All I would like is for it to support cookies and all those things that would make it more secure. I have had trouble finding this...any suggestions? I find it hard to believe that there is nothing out there that suits your purpose. But anyway, it would be helpful if you listed what packages you've tried that didn't meet your requirements so people don't recommend those. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Life is both difficult and time consuming. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP login script
I'm looking for some good, secure login code, and found the following article: http://www.devshed.com/c/a/PHP/Creating-a-Secure-PHP-Login-Script/ Not being much of a security expert, I was wondering if anyone here could say whether this code is any good? Or if there's a better one elsewhere? (I'm developing with MySQL, and do not know object-oriented PHP or PEARwhich this samplel uses.) ...Rene -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Login Script and Global Registering Things
Hay people.
This is my code below ...
?php
requireconfig.php;
// IS THERE A USERNAME AND PASSWORD?
if (!$siteUserName || !$sitePassword) {
// NO INFO FOUND!
header(Location: /undercover.php?startWeb=error_401sid=$siteSession);
end;
} else {
//CHECK IF USER AND PASS MATCH.
$siteMdPassword = md5($sitePassword);
$sql = SELECT * FROM members WHERE mUserName='$siteUserName' AND
mPassWord='$siteMdPassword';
$sql_result = mysql_query($sql, $connection) or die (Could not get Query);
$row = mysql_fetch_array($sql_result);
$num = mysql_num_rows($sql_result);
$mActive = $row[mActive];
if ($num == 1 AND $mActive == Y) {
// PROCESS LOGIN RETURN!
$logoncheck=$logoncode;
$siteUserId = $row[mUserId];
$siteAccessLevel = $row[mAccessLevel];
session_name('crushme');
session_register('siteUserId','siteUserName','logoncheck','siteAccessLevel');
$proxy_ip=$HTTP_X_FORWARDED_FOR;
$proxy_dns=gethostbyaddr($proxy_ip);
header(Location: /undercover.php?startWeb=mainpagesid=$siteSession);
exit;
} else {
// USER NOT LOGED IN.
header(Location: /undercover.php?startWeb=error_401sid=$siteSession);
exit;
}
} // END
?
I have been using this for ages, but would like to know if there is a better way to
process a login ...
Is HTTP auth better than HTML?
/ Mark
Re: [PHP] Login Script and Global Registering Things
--- Master Mark [EMAIL PROTECTED] wrote: Is HTTP auth better than HTML? In my opinion, no. Handling authentication in your application is a much better choice for numerous reasons (although HTTP authentication has its place and can be very useful). Chris = Become a better Web developer with the HTTP Developer's Handbook http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Login Script and Global Registering Things
Sounds good (o; I find it easyer to work with HTML auth anyway. / Mark - Original Message - From: Chris Shiflett [EMAIL PROTECTED] To: [EMAIL PROTECTED]; PHP [EMAIL PROTECTED] Sent: Thursday, July 24, 2003 4:06 PM Subject: Re: [PHP] Login Script and Global Registering Things --- Master Mark [EMAIL PROTECTED] wrote: Is HTTP auth better than HTML? In my opinion, no. Handling authentication in your application is a much better choice for numerous reasons (although HTTP authentication has its place and can be very useful). Chris = Become a better Web developer with the HTTP Developer's Handbook http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] login script fix help needed
hey guys, I was wondering if you can see why i cant insert the info into a table, right now its Warning: Cannot add header information - headers already sent by (output started at /home/virtual/site12/fst/var/www/html/Create_Account.php:8) in /home/virtual/site12/fst/var/www/html/Create_Account.php on line 10 http://www.ultimatefootballleague.com/Create_Account.phps can anyone help me get this working thanks. and let me know what i did wrong. Karl IncrediMail - Email has finally evolved - Click Here
RE: [PHP] login script fix help needed
Move this below to after your php logic: html head titleAdd a User/title meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 /head body Timothy Hitchens (HiTCHO) Open Source Consulting e-mail: [EMAIL PROTECTED] -Original Message- From: Karl James [mailto:[EMAIL PROTECTED]] Sent: Monday, 20 January 2003 1:59 PM To: php Subject: [PHP] login script fix help needed hey guys, I was wondering if you can see why i cant insert the info into a table, right now its Warning: Cannot add header information - headers already sent by (output started at /home/virtual/site12/fst/var/www/html/Create_Account.php:8) in /home/virtual/site12/fst/var/www/html/Create_Account.php on line 10 http://www.ultimatefootballleague.com/Create_Account.phps can anyone help me get this working thanks. and let me know what i did wrong. Karl IncrediMail - Email has finally evolved - Click Here -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] login script fix help needed
--- Karl James [EMAIL PROTECTED] wrote: Warning: Cannot add header information - headers already sent by (output started at /home/virtual/site12/fst/var/www/html/Create_Account.php:8) in /home/virtual/site12/fst/var/www/html/Create_Account.php on line 10 This means you have something on line 10 of Create_account.php that sends headers, but PHP cannot because you have something on line 8 that causes output. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Login script, session problem (I think)
I made a simple login script which uses MySQL for username and password retrieval and that stores the username in a session, the problem is that this script only works locally, e.g. I can only login from this computer but not from any other, I have session.use_cookies = 1 and I also have another session on the page that stores a counted var so the counter doesn't jump up everytime someone changes page. The thing confusing me is that the counter session works global but the login only works local.. Does anyone have an idea how I should solve this? I'm not so good with php yet so I might have missed something, but i think it's wierd anyway... :p please reply as soon as possible. :) Hawk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Login script, session problem (I think)
More information is needed... what version of PHP are your running? I bit of sample code on how you set up your sessions would also be helpful... /dkm - Original Message - From: Hawk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 15, 2002 11:19 AM Subject: [PHP] Login script, session problem (I think) I made a simple login script which uses MySQL for username and password retrieval and that stores the username in a session, the problem is that this script only works locally, e.g. I can only login from this computer but not from any other, I have session.use_cookies = 1 and I also have another session on the page that stores a counted var so the counter doesn't jump up everytime someone changes page. The thing confusing me is that the counter session works global but the login only works local.. Does anyone have an idea how I should solve this? I'm not so good with php yet so I might have missed something, but i think it's wierd anyway... :p please reply as soon as possible. :) Hawk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Login Script
Lo all,
I am trying to get the following script to work..
?
if ($HTTP_POST_VARS[action] == 1)
{
checklogin($HTTP_POST_VARS[user_name], $HTTP_POST_VARS[password]);
exit;
}
function checklogin($user, $pass)
{
$sid (login($user, $pass));
if ($sid != -1)
{
header(Location: http://localhost/hq.php?sid=$sid;);
}
else
{
header(Location: http://localhost/error.php;);
}
}
function login($user, $pass)
{
$db = zoner2;
$SQL = SELECT * FROM users WHERE user_name='.$user.' AND
password='.$pass.';
$connection = db_connect();
$query = mysql_db_query($db, $SQL, $connection);
if (mysql_num_rows($query) != 1)
{
return -1;
}
$row = mysql_fetch_array($query);
$user_id = $row[user_id];
$sid = md5(blah blah.$user_id.$time());
$remip = REMOTE_ADDR();
$ttime = date(YmdHis);
$SQL2 = INSERT INTO details ;
$SQL2 = $SQL2 . (user_id, sid, ttime, remip) VALUES ;
$SQL2 = $SQL2 . ('$user_id','$sid','$ttime','$remip') ;
###
$result2 = mysql_db_query($db,$SQL2,$connection);
if (!$result2) { echo(ERROR: . mysql_error() . \n$SQL\n);
mysql_close($cid); exit; }
###
SetCookie(TheLoginCookie, $user_id:$sid:$ip, time()+3600);
return $sid;
}
?
But every time I open the login page and try to login I get the following
error.
Fatal error: Call to undefined function: () in d:\htdocs\web\login1.inc on
line 10
Can anyone explain why this is??
Thankyou.
Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Login Script
Line 10 is?
$sid (login($user, $pass)); --- missing =
-Original Message-
From: Necro [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 21, 2001 1:40 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Login Script
Lo all,
I am trying to get the following script to work..
?
if ($HTTP_POST_VARS[action] == 1)
{
checklogin($HTTP_POST_VARS[user_name],
$HTTP_POST_VARS[password]);
exit;
}
function checklogin($user, $pass)
{
$sid (login($user, $pass));
if ($sid != -1)
{
header(Location: http://localhost/hq.php?sid=$sid;);
}
else
{
header(Location: http://localhost/error.php;);
}
}
function login($user, $pass)
{
$db = zoner2;
$SQL = SELECT * FROM users WHERE user_name='.$user.' AND
password='.$pass.';
$connection = db_connect();
$query = mysql_db_query($db, $SQL, $connection);
if (mysql_num_rows($query) != 1)
{
return -1;
}
$row = mysql_fetch_array($query);
$user_id = $row[user_id];
$sid = md5(blah blah.$user_id.$time());
$remip = REMOTE_ADDR();
$ttime = date(YmdHis);
$SQL2 = INSERT INTO details ;
$SQL2 = $SQL2 . (user_id, sid, ttime, remip) VALUES ;
$SQL2 = $SQL2 . ('$user_id','$sid','$ttime','$remip') ;
###
$result2 = mysql_db_query($db,$SQL2,$connection);
if (!$result2) { echo(ERROR: . mysql_error() . \n$SQL\n);
mysql_close($cid); exit; }
###
SetCookie(TheLoginCookie, $user_id:$sid:$ip, time()+3600);
return $sid;
}
?
But every time I open the login page and try to login I get the following
error.
Fatal error: Call to undefined function: () in d:\htdocs\web\login1.inc on
line 10
Can anyone explain why this is??
Thankyou.
Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
The information contained in this email is confidential and
may be legally privileged. It is intended solely for the
addressee. Access to this email by anyone else is
unauthorized. If you are not the intended recipient, any
form of disclosure, production, distribution or any action
taken or refrained from in reliance on it, is prohibited and
may be unlawful. Please notify the sender immediately.
The content of the email is not legally binding unless
confirmed by letter bearing two authorized signatures.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Login Script
This is your problem -- what do you expect this line to do? $sid (login($user, $pass)); Bogdan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
