[FShiwani]

Hello,
I am using a UCP on my VPS along with the working SA:MP server and a SQL database. The SA:MP server is working fine and can easily use the SQL database set up for it. Problem is that when the UCP tries to access the database, it can connect to it however no matter what I enter as Character Username and Password, even if they are correct, it will give me an error saying my details are invalid which I know are not as I checked in SQL database and noticed that they are the exact same. PHP file is fine as I used it before aswell, could it be a permissions issue?

VPS 1GB
Centos 6 64bit

[Riddy]

Ignore <- Misread..


But, look at Shcurman

[SchurmanCQC]

If you're using strcmp in PHP to check passwords, make sure the cAsE of the passwords are correct.

Whirlpool example:

73EFAFBCDC33B4ED05D233E0EBED165CEFF427316211795AEB 46980271FB9811408EA1A3A1D8D506E744D80BFB3A7099EAEB 8C22F89191DA3579A2BCBB38F5CE

is NOT the same as

73efafbcdc33b4ed05d233e0ebed165ceff427316211795aeb 46980271fb9811408ea1a3a1d8d506e744d80bfb3a7099eaeb 8c22f89191da3579a2bcbb38f5ce

and strcmp would not return 0 when these two strings are compared.

Try using strtoupper($str) on the conflicting lowercase string if this is what is going wrong.

[FShiwani]

Quote:

Originally Posted by SchurmanCQC If you're using strcmp in PHP to check passwords, make sure the cAsE of the passwords are correct. Whirlpool example: 73EFAFBCDC33B4ED05D233E0EBED165CEFF427316211795AEB 46980271FB9811408EA1A3A1D8D506E744D80BFB3A7099EAEB 8C22F89191DA3579A2BCBB38F5CE is NOT the same as 73efafbcdc33b4ed05d233e0ebed165ceff427316211795aeb 46980271fb9811408ea1a3a1d8d506e744d80bfb3a7099eaeb 8c22f89191da3579a2bcbb38f5ce and strcmp would not return 0 when these two strings are compared. Try using strtoupper($str) on the conflicting lowercase string if this is what is going wrong.

That's not the issue. I am using the account details that I used to register on the server with on the UCP.

[Riddy]

Quote:

Originally Posted by FShiwani That's not the issue. I am using the account details that I used to register on the server with on the UCP.

Are you able to provide the code for the logging in part?

[SchurmanCQC]

What I would usually do in this situation is debug my code.

First, find out exactly WHERE the script is returning "incorrect details".

If the script is failing during a password comparison,

Echo the two passwords being compared and make sure they are the same, ie. one is not cut off.

If the script is failing during an SQL query,

Add an error echo to find out the problem with the query.
example:

PHP код:

...
if (!$SQLResult) {
    echo("Error Message: ". $MySQLi->error);
} 


If the script is failing somewhere else, please give me info on what is happening where the fail occurs.

[FShiwani]

Quote:

Originally Posted by Riddy Are you able to provide the code for the logging in part?

The php file part of where error occurs:

Код:

else//check login part
{
	//checking wrong attempts today
	$query = "SELECT * FROM `attempts` WHERE `IP`='".GetIP()."' AND `Date`='".date('l \t\h\e jS')."'";
	$result = mysql_query($query);
	if(mysql_num_rows($result) > 29)
	{
		echo 'You have excited the limit of wrong attempts!<br>Try to login again tomorrow! <meta HTTP-EQUIV="REFRESH" content="2; url=index.php">';
		exit;
	}
	$query = "SELECT * FROM `players` WHERE `Name`= '".$_SESSION['Character']."' AND `Key`= '".$_SESSION['Key']."'";
	$result = mysql_query($query);
	if(mysql_num_rows($result) == 0)
	{	
		$query = "INSERT INTO `attempts` (`IP`,`Date`) VALUES ('".GetIP()."','".date('l \t\h\e jS')."')";
		$result = mysql_query($query);
		$query = "SELECT * FROM `attempts` WHERE `IP`='".GetIP()."' AND `Date`='".date('l \t\h\e jS')."'";
		$result = mysql_query($query);
		$wa = mysql_num_rows($result);
		unset ($_SESSION['Key'],$_SESSION['Character']);
		echo 'Username and password do not match!<br>Make sure that you wrote your character'."'".'s IG name with "_".<br>Wrong attempts today:'.$wa.'/30. When you reach 30, you will be banned from logging in again today!<meta HTTP-EQUIV="REFRESH" content="3; url=index.php">';
	}

Note there is code after this including a sucessful attempt response.

Error =

Код:

Username and password do not match!
Make sure that you wrote your character's IG name with "_".
Wrong attempts today:2/30(Changes). When you reach 30, you will be banned from logging in again today!

[SchurmanCQC]

PHP код:

else //check login part
{
    //checking wrong attempts today
    $query = "SELECT * FROM `attempts` WHERE `IP`='".GetIP()."' AND `Date`='".date('l \t\h\e jS')."'";
    $result = mysql_query($query);
    if(mysql_num_rows($result) > 29)
    {
        echo 'You have excited the limit of wrong attempts!<br>Try to login again tomorrow! <meta HTTP-EQUIV="REFRESH" content="2; url=index.php">';
        exit;
    }
    $query = "SELECT * FROM `players` WHERE `Name`= '".$_SESSION['Character']."' AND `Key`= '".$_SESSION['Key']."'";
    $result = mysql_query($query);
    if(mysql_num_rows($result) == 0)
    {    
        $query = "INSERT INTO `attempts` (`IP`,`Date`) VALUES ('".GetIP()."','".date('l \t\h\e jS')."')";
        $result = mysql_query($query);
        $query = "SELECT * FROM `attempts` WHERE `IP`='".GetIP()."' AND `Date`='".date('l \t\h\e jS')."'";
        $result = mysql_query($query);
        $wa = mysql_num_rows($result);
        unset ($_SESSION['Key'],$_SESSION['Character']);
        echo 'Username and password do not match!<br>Make sure that you wrote your character'."'".'s IG name with "_".<br>Wrong attempts today:'.$wa.'/30. When you reach 30, you will be banned from logging in again today!<meta HTTP-EQUIV="REFRESH" content="3; url=index.php">';
    } 


On line 4: I would suggest using a UNIX TIMESTAMP instead of a formatted time string.
On line 11: I hope you are escaping the vars stored in $_SESSION, or else you are vulnerable to SQL injection.

Please tell me what the value of $_SESSION[Key], and "Key" in the database is.

[FShiwani]

Bump