开发者

Simple authentication script in PHP not working

问答 作者:

Starting out with php, I have written a basic authentication script which prints out a list of database on a mysql server if a userid (supplied by user) exists in the user table of "test" database.

The problem is that this script outputs database list even if the userid does not exist in the database. I am not sure what's wrong with the script. pls look through the script and help me understand as to why the db list is being outputted even though the userid does not exist in the db. Here is the script:

<?php

if(isset($_POST['submitted']))
{
  $userid=$_POST['userid'];
  $userpassword=$_POST['userpassword'];
  $link_id=mysql_connect("localhost","root","pass");
  $result_db_list=mysql_list_dbs($link_id);
  mysql_select_db("test",$link_id);
  if(!($result_ptr=mysql_query("Select userid from user where Userid='$userid'",$link_id))) die ("Please enter correct userid");
     while($test=mysql_fetch_row($result_db_list))
      {
       echo $test[0]."<br>";
      } 

}
else
{
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Authentication Script</title>
<style type="text/css" >
  #header{
  padding-top:0px;
  margin:0px;
  background-color:#CCCCCC;
  }
  .container{
  width:950px;
  margin:0 auto;
  border:1px solid red;
  }
 .authbox {
 padding-top:100px;
 margin:0 auto;
 }
  #footer{
  background-color:#666666;
  color:white;
}
</style>
</head>

<body>
<div id="header">

<div class="container">

<form action="authentication script.php" method="post">
<div class="authbox">UserName: <input type="text" name="userid" />开发者_StackOverflow中文版;<br/>
Password: <input type="password" name="userpassword" /><br/>
<input type="hidden" name="submitted" value="true" />
<input type="submit" value="Submit" />
</div>
</form>


</div>

</div>

<div id="footer">
Copywright 2010 NT Technologies. 
</div>

</body>
</html>

<?php
}
?>

Thanks rseni.

Your script is full of errors. (I hope at least you have magic_quotes on otherwise you are in very big problem. Notice you should avoid anyway magic_quotes and use Prepared Statement)

That's happen because of

  if(!($result_ptr=mysql_query("Select userid from user where Userid='$userid'",$link_id))) 
     die ("Please enter correct userid");

That's query doesn't return FALSE if it doesn't select nothing.

You should change it to:

$result = mysql_query("SELECT COUNT(*) as countUser [etc]");
$r = mysql_fetch_assoc($result);
if ($r['countUser']==0) 
  die('Denied');

Appu - yes123 is correct. Take a look at the documentation on php.net for the mysql_query function - You will see that it returns a resource identifier on success and a FALSE on error. Error here does not mean no rows returned - but rather an error such as you attempt to run this query against a table that does not exist.

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9