I have a php login script which connects to a MySQL Database and my else statement doesn't run -


this question has answer here:

here end login page first checks username against database if user exists if checks password against user in data base if match log in if don't don't log in. , part works fine if username not exist (and wrote supposed catch that) blank white page not intended result. can point out code breaking??

<?php  /*  handles login requests   */  define('db_host', 'localhost'); define('db_name', 'sec_usr'); define('db_user', 'sec_usr'); define('db_pass', 'n89tzah2w3uf4guu');  $con=mysql_connect(db_host,db_user,db_pass) or die("failed connect mysql: " . mysql_error()); $db=mysql_select_db(db_name, $con) or die("failed connect mysql: " . mysql_error());  /*  $id=$_post['user'];  $password = $_post['pass']; */  function login() {      session_start();     if(!empty($_post['user']) && !empty($_post['pass']))      {         $query = mysql_query("select * username username = '$_post[user]'") or die(mysql_error());         $row = mysql_fetch_array($query) or die(mysql_error());         if(!empty($row['username']))         {             if($row['userpass'] === $_post['pass'])             {                 echo"success"; /* works */             }             else             {                 echo"wrong pass"; /* works */             }         }         else         {             echo"wrong user"; /* not work */         }     }       }  if(isset($_post['submit'])) {     login(); }  ?>

i had added piece question after had asked initial question how use mysqli original question have reverted question had nothing using mysqli had figured if people telling me use mysqli may ask same people how use not how use them together.

as pointed out on comments, problem in part:

$row = mysql_fetch_array($query) or die(mysql_error());

the php function mysql_fetch_array() returns false if there no rows found. when user doesn't exist, query return false, , php execute part after or. problem there no error mysql_error() display, since query executed successfully, that's why empty page.

to fix it, do:

$row = mysql_fetch_array($query); if($row) {     if($row['userpass'] === $_post['pass'])     {         echo "success";     }     else     {         echo "wrong pass";     } } else {     echo "wrong user"; }

to on safe side, in case don't receive either user or pass variable, can add exception in previous if:

if(!empty($_post['user']) && !empty($_post['pass']))  {     // query database... } else {     // code not reach here.     throw new exception("form submitted user/pass not received."); }

also, aware mysql_query("select * username username = '$_post[user]'") open sql injection attack, must escape username before using inside sql query. can read more on mysql_real_escape_string page. can done (taken page):

$query = sprintf("select * username username = '%s'",     mysql_real_escape_string($_post[user]) ); mysql_fetch_array($query);

and last, original mysql api deprecated of php 5.5.0, it's recommended use mysqli or pdo_mysql extension.


Comments

Post a Comment

Popular posts from this blog

powershell Start-Process exit code -1073741502 when used with Credential from a windows service environment -

i'm running strange behavior powershell start-process call. here call: $process = start-process ` "c:\somepath\mybinary.exe" ` -passthru ` -credential $defaultcredential ` -wait ` -workingdirectory "c:\somepath" ` -loaduserprofile if ($process.exitcode -ne 0) { #do } this call return exit code - 1073741502 . after quick search, exit code seems related generic error when program not load required dll (aka. status_dll_init_failed ). when run without -credential $credential program runs correctly. in order isolate problem, manually launched some.exe in prompt target credential , runs smoothly. so problem seems come way start-process cmdlet launch process. i found potential solutions problem tried apply no luck : link , link . would have idea of what's going on here ? edit 1: run proc mon monitoring program activities when launched directly or via powershell script. problem seems occur when loading kernelbase
Read more

twig - Using Twigbridge in a Laravel 5.1 Package -

i'm trying create laravel 5.1 package uses twigbridge instead of .php views. can normal .php views display fine, when try make use of .twig templates i'm met error. possible use twigbridge templates when creating views laravel package or pretty stuck blade , php ? edit 1: loading twig template without extending works. it's when start using {% extends 'file' %} error comes out. i error error loading /virtual/laravel/packages/username/mypackage/src/views/sample.twig: template "templates.master" not defined () in "/virtual/laravel/packages/username/mypackage/src/views/sample.twig" @ line 1. my folders username |_ mypackage |_ src |_ controllers - samplecontroller.php |_ views |_ templates - master.twig - sample.twig twig template sample.twig {% extends 'templates.master' %} {% block content %} {{ parent()
Read more

c# - LINQ join Entities from HashSet's, Join vs Dictionary vs HashSet performance -

i have hashset's each stores t, have written test application compares different relation algorithms can think of, i'm not pleased results getting. does there exist more efficient ways of achieving object relations, once testing? using system; using system.collections.generic; using system.linq; using system.text; using system.threading.tasks; using system.diagnostics; namespace linqtests { class program { static void main(string[] args) { hashset<user> usertable = new hashset<user>(); hashset<userproperty> userpropertytable = new hashset<userproperty>(); #region lets create dummy data. console.writeline("please wait while creating dummy data, can take while..."); console.writeline(""); int rows = 1000000; for(int x = 0; x < rows; x++) { random rnd = new random(); // ad
Read more