PHP and MYSQL, haven't a clue what i'm doing

[lee101]

As the title says i am getting myself more and more confused, i am trying to create a login script that will give access to an admin panel, it needs to check that the user and password are correct, then see if the admin_rights for that column is 1, which sounds fine, but i just keep getting more and more confused with more and more lines of code.

This is the code i currently have:

<?php
include('../config.php');
//get variables
$action=$_POST['action'];
$user=$_POST['user'];
$pass=$_POST['pass'];
$md5_pass=md5($pass);
$user='user';
//perform login
if($action == "login"){
    mysql_connect($cfg_db_host,$cfg_db_user,$cfg_db_pass);
    @mysql_select_db($cfg_db_name) or die("Unable To Write Tables, Please Check Settings");
    #$query_login="SELECT * FROM $cfg_db_prefix$user WHERE username='$user'";
    $query_login="SELECT COUNT(*) FROM $cfg_db_prefix$user WHERE password=`$md5_pass` AND username=`$user` AND admin_rights=`1`";
    $aaa=mysql_query($query_login);
    $login_user=mysql_result($aaa,0);
    echo $login_user;
    echo mysql_error();
    mysql_close();
} else{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Install</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<?php 
include('header.inc.php');
?>
<div id="mainbody" style="width:300px;">
  <h3>Administrator Login</h3>
  <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
  <input type="hidden" name="action" value="login" />
  <table border="0" align="center" cellpadding="2" cellspacing="1">
    <tr>
      <td>Username</td>
      <td><input type="text" name="user" /></td>
    </tr>
    <tr>
      <td>Password</td>
      <td><input type="text" name="pass" /></td>
    </tr>
    <tr>
      <td></td>
      <td><input type="submit" value="Login" /></td>
    </tr>
  </table>
  </form>
</div>
</body>
</html>
<?php
}
?>

It is mainly the top 20-30 lines that i can't get working
and this is the error i get:

Warning: mysql_result(): supplied argument is not a valid MySQL result resource in c:\web\htdocs\tutorial_management_system\admin\index.php on line 16
Unknown column 'b07805d5ce7b71f5e3c7cd03124a081c' in 'where clause'

This is really confusing me, it is the first time i have used mysql, and everything seemed to be going well, the tutorial i am following tries to explain how to do this, but i cannot make any sense from it, and nothing like this seems to be anywhere on the web

Thanks, Lee

 

[dragon2309]

i believe it is because you are trying to filter records based on the "md5 pass", not the "pass". Unless the passwords in your database are pre encoded with md5 then the value you are looking up wont actaully exist

dragon

 

[lee101]

in the database the passwords are stored as md5, surely that shouldn't amke any difference if i am trying to get them to compare to the password that is entered md5'ed, if that makes any sense

Lee

 

[dragon2309]

hmmm, ok, are there any records in the db that actually match your query entries..??

 

[MaKa]

HMM sorry posting on a computer forum for what a webmaster forum would be able to help you with lol

 

[dragon2309]

excuse me....!!! are you spamming??? and insulting our expertise at the same time, its people liek you who shouldnt be allowed to use computers, do us ll a favour and sod off you retard

 

[MaKa]

excuse me....!!! are you spamming??? and insulting our expertise at the same time, its people liek you who shouldnt be allowed to use computers, do us ll a favour and sod off you retard

wow wow wow I dont spam mate I own a pc biz in the uk and joined here to day to help people, I was just giving a thought thats all I wasn't insulting any one, i just think that the op of this thread might have gotton quicker help from a webmaster forum as it is PHP and mySQL that the question is about. you want to watch how you say things as I could be what you class as a retard.

sorry to the others that thought I was a spammer

but I dam right am not a spammer and know where near one, people like you should be looking out for the spammers as I have alreday reported one on this forum to help, so why dont you just sod off as people like you shouldnt be on these forums as I find forums should be for nice people that know what there on about

 

[dragon2309]

i have PM'd you, this is not for discussion on someones thread

 

[MaKa]

hmm I got no pm mate

 

[dragon2309]

now

 

[lee101]

and are we back on topic yet?

hmmm, ok, are there any records in the db that actually match your query entries..??

yes, there is currently one entry that matches the query, i am wondering wheather to start it again though, as i kinda rushed it

Lee

 

[dragon2309]

yup yup, back on topic, everything is sorted now, sorry lee.... i think you may need to PM people liek apj101, cromewell and mgoldb2, they know php well, infact i dont know why they havent punced on this thread yet

dragon

 

[lee101]

lol, i'll pm them tomorrow if i can't get it sorted, i would expect ti to be relaitvely simple though, i will try to read more about it tomorrow, but for now i need sleep, my eyes are going all blurry

Lee

 

[apj101]

i've noted this thread, I will look into it tomorrow.

(but busy at the mo)

 

[apj101]

$query_login="SELECT COUNT(*) FROM $cfg_db_prefix$user WHERE password=`$md5_pass` AND username=`$user` AND admin_rights=`1`";

are you sure this query is correct, are we sure that the table name is correct? looks like you have a seperate table for each user... which cant be correct
also dont user count, thats silly. Just return the whom row with select *

also scrap the
$login_user=mysql_result($aaa,0);
it is really slow

and use
$row = @ mysql_fetch_array($aaa)

you login users will be int he $row hash, under $row['username'] which you can evaluate to see if its true.

 

[lee101]

ahh, thanks apj, i have just seen that i have 2 of the same variables, the first one needs changing so it can access the table, then i will do what you suggested when i can get onto my computer

Thanks!!! lee

 

[jbrown456]

but I dam right am not a spammer and know where near one, people like you should be looking out for the spammers as I have alreday reported one on this forum to help, so why dont you just sod off as people like you shouldnt be on these forums as I find forums should be for nice people that know what there on about

Dragon is like one of the most important people here at CF as far as I can see! He helps pretty much everyone!

So anyways .... I have no clue about this stuff, so, go on someone else .

 

[lee101]

Thanks soo much everyone, it's now working!!
i sorted out the table names
then got rid of the count part - I hadn't a clue what that was, I just copied and pasted it
an error was coming up because i was using ` instead of '
and this is what i have got it to now:

    mysql_connect($cfg_db_host,$cfg_db_user,$cfg_db_pass);
    @mysql_select_db($cfg_db_name) or die("Unable To Open Database, Please Check Settings");
    $query_login="SELECT * FROM $cfg_db_prefix$user_db WHERE username='$user'";
    $fetch_details=mysql_query($query_login);
    $row=@mysql_fetch_array($fetch_details);
    echo mysql_error();
    mysql_close();
    if($user == $row['username'] && $md5_pass == $row['password'] && $row['admin_rights'] == "1"){
    echo "allow login";
    } else{
    echo "deny login";
    }

It probably isn't the most efficient way, but it works

Once again Thank you soo much everyone, it is so much easier to do it with mysql rather than flat file

Thanks, Lee

 

[apj101]

just to note your going to need to use sessions to monitor if the user has logged on, otherwise they will need to enter the user name and password every new page when they are moving around the admin panel

 

[lee101]

I'm not sure about sessions, so i have set a cookie once the password and username are verified a cookie is set then each page of the admin panel checks for it, if it isn't there then an error page will displayed asking for the user to login again

Lee