[Ironboy500]

Hello, I am working on my webpage for my server and use a lot of Mysql. One of feature is login on webpage using your in-game username and password. Passwords are hashed in pawno using md5, and I guess it should be also in my php login sctipt. But how? I tried like this but it is still returning me Invalid password. Here is my PHP password:

Код:

<?php
/*session_start();*/
$username = $_POST['username'];
$password = $_POST['password'];

if($username&&$password)
{
$connect = mysql_connect("non", "non", "non") or die ("Couldn't connect!");
$selectdb = mysql_select_db("non") or die ("Couldn't select database!");
$query = mysql_query("SELECT * FROM users WHERE Username='$username'");
$numrows = mysql_num_rows($query);

if($numrows!=0)
{
  //check for login
  while($row = mysql_fetch_assoc($query))
  {
    $dbusername = $row['Username'];
    $dbpassword = $row['Password'];
  }
  //check if the match!
  if($username==$dbusername&&md5($password)==$dbpassword)
  {
     $_SESSION['username']=$username;
     echo $row['Username'];
     $query1 = mysql_query("SELECT * FROM users WHERE Username='$username'");
     $assoc = mysql_fetch_assoc($query1);
     echo "Welcome <b>".$assoc['Username']."</b>";
     echo "<p>";
     echo "<br>";
     echo "You currently have <b>".$assoc['Kills']."</b> kills and <b>".$assoc['Deaths']."</b> deaths.";
     echo "<br>";
     echo "<p>";
     if($assoc['Admin Level'] == 1)
     {        
       echo "You are <b>Moderator!</b>";
     }
     if($assoc['Admin Level'] == 2)
     {        
       echo "You are <b>Administrator!</b>";
     }
     if($assoc['Admin Level'] == 3)
     {
       echo "You are <b>Server Owner!</b>";
     }
     if($assoc['VIP'] == 1)
     {
       echo "<br>";
       echo "<p>";
       echo "You are <b>VIP Member!</b>";
     }
     echo "<br>";
     echo "<p>";
     echo "<a href='logout.php'>Logout!</a>";
     if($assoc['Admin Level'] == 0)
     {
       echo "<br>";
       echo "<p>";
       echo "<a href='ModeratorApplications.php'>Moderator Applications</a>";
     }
     if($assoc['Admin Level'] == 3)
     {
       echo "<br>";
       echo "<a href='modadmin.php'>Look For New Moderator Applications!</a>";
     }
     if($assoc['Admin Level'] == 2)
     {
       echo "You are <b>Server Owner!</b>";
       echo "<br>";
       echo "<a href='modadmin.php'>Look For New Moderator Applications!</a>";
     }
  }
  else
    echo "Incorrect password!";
}
else
  die("That user doesn't exist!");
}
else
  die("Please enter and username and password!");
?>

Anyone know how to fix log in and hashing passwords in PHP?

Thanks!

[mamorunl]

1. You cannot use the $row variable outside your loop
2. Why use a loop? If it is only a username, there should only be 1 match, so you can just use

Код:

$row = mysql_fetch_array($query);

I don't know what mysql_fetch_assoc does, but I am going to check that now because I have a test the day after tomorrow (mysql_fetch_assoc looks like mysql_fetch_array.. oh well.)

As for the rest, it looks all OK to me.

I did it like this:

Код:

$query = mysql_query("SELECT * FROM users WHERE username='$_POST[username]'");
if(mysql_num_rows($query) == 0)
{
  // no results
  die('Username not found');
} else {
  $fetch = mysql_fetch_array($query);
  if(md5($_POST['password'] === $fetch['password'])) 
  {
    // a result and log the user in by means of a session
    $_SESSION['username'] == $_POST['username'];
  } else {
    die('Wrong password');
  }
}

Code is only for educational purposes only. It should not be considered as working, even though it most probably will.

-Edit: Ah, so that is mysql_fetch_assoc(); Just looked it up

[Ironboy500]

Thanks! This worked!

[Ironboy500]

What is right usage of mysql_query, UPDATE. I got this error: 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'query4' at line 1.' with my code

Код:

$query4 = mysql_query("UPDATE users SET `Admin Level` = `1` WHERE `Username` = '$user'");
    if(!mysql_query(query4))
    {
     echo mysql_error();
    }

Thanks.

[GTA_Rules]

Uhm, I don't think you can have a space in the fieldname

[saiberfun]

Quote:

Originally Posted by Ironboy500 Код: $query4 = mysql_query("UPDATE users SET `Admin Level` = `1` WHERE `Username` = '$user'"); if(!mysql_query(query4)) { echo mysql_error(); }

I think simply just do
if(!mysql_query($query4))

instead of

if(!mysql_query(query4))

Код:

$query4 = mysql_query("UPDATE users SET `Admin Level` = `1` WHERE `Username` = '$user'");
    if(!mysql_query($query4))
    {
     echo mysql_error();
    }

[mamorunl]

Quote:

Originally Posted by Matthias_ Uhm, I don't think you can have a space in the fieldname

+1 on that, even though he has put everything in quotes. So that would've blocked it out. I would like to see the mysql_error() msg when it shows after what saiberfun did.

Quote:

Originally Posted by ┤ŞąiBЄЯҒПŋ├ Quote: Originally Posted by Ironboy500 Код: $query4 = mysql_query("UPDATE users SET `Admin Level` = `1` WHERE `Username` = '$user'"); if(!mysql_query(query4)) { echo mysql_error(); } I think simply just do if(!mysql_query($query4)) instead of if(!mysql_query(query4)) Код: $query4 = mysql_query("UPDATE users SET `Admin Level` = `1` WHERE `Username` = '$user'"); if(!mysql_query($query4)) { echo mysql_error(); }

Nicely noticed.

Also: You use single quotes and the `` together. I don't know what you call them, but they are next to the 1 key on your keyboard. I don't know if it matters, but I remember (not very good.. my mind isn't that good at remembering ) that it matters if you put single quotes and .. those weird quotes heh.. together.

[Silent314]

There cannot be spaces in field names as said above.

The proper syntax would be:

PHP код:

mysql_query('UPDATE `users` SET AdminLevel = "1" WHERE Username = "'.$user.'"'); 


And then the check would be:

Код:

$query4 = mysql_query('UPDATE `users` SET AdminLevel = "1" WHERE Username = "'.$user.'"');
if(!$query4)
{
  echo mysql_error();
}

or

Код:

if($query4 == 0)
{
  code
}

[Silent314]

Quote:

Originally Posted by Seif_ You can't use ` and ' in the same query, it will return an error.

For PHP, yes you can.

Quote:

Originally Posted by Seif_ Quote: Originally Posted by Gabe There cannot be spaces in field names as said above. The proper syntax would be: PHP код: mysql_query('UPDATE `users` SET AdminLevel = "1" WHERE Username = "'.$user.'"');  And then the check would be: Код: $query4 = mysql_query('UPDATE `users` SET AdminLevel = "1" WHERE Username = "'.$user.'"'); if(!mysql_query($query4)) { echo mysql_error(); } or Код: if(mysql_query($query4) == 0) { code } Why use mysql_query again? I think you can just do: PHP код: $query4 = mysql_query('UPDATE users SET AdminLevel = 1 WHERE Username = "'.$user.'"'); if (!$query4) {     echo mysql_error(); }

You can. I wasn't even paying attention to that. I was just going off of what was already typed.

Edited original post.

[Silent314]

Fixed.

And using pawn or PHP? I've never had an error in PHP and with my understanding of pawn mysql, it shouldn't happen with it either.