MSSQL - PHP Login Problem

  • (2 Pages)
  • +
  • 1
  • 2

16 Replies - 1086 Views - Last Post: 06 January 2016 - 11:05 AM Rate Topic: -----

#1 akishadv   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 9
  • Joined: 06-October 15

MSSQL - PHP Login Problem

Posted 02 January 2016 - 03:20 PM

I'm new to PHP, and i'm making a login page where the username and passwords are in a database. DB is mssql (2014) and my php's version is 5.4. when i put in the correct username and password, it won't redirect to the page where it is intended to land on (cport_custmain.html) and it just sort of refreshes. here's what i have (i know my password is not hashed and this will have security issues, please forgive me on that. when i get to solve this little issue of mine i will try to make security stuff)

here's a part of the html form:

<form name="form1" method="post" action="login.php">
    <p>Enter your username and password. In case you forgot your username or password, please contact SeaOil. <br><br>
      <label for="textfield">Username:</label> 
      <input type="text" name="login1" required class="login1" size="30%"><br><br>
      <label for="password">Password: </label>
      <input type="password" name="login2" required class="login1" size="30%">
      <br>
    </p>
    <p>
      <input type="submit" name="submit" id="submit" value="Submit">
      <input type="reset" name="reset" id="reset" value="Reset">
      <br>
    </p>
  
  </form>



here is login.php
<?php
session_start();
include "connection.php";
$name = $_POST['login1'];
$ssn  = $_POST['login2'];
$query = "SELECT * FROM client WHERE emailaddress = '$name' AND password='$ssn'";
$result = sqlsrv_query($query,$conn);
$num = sqlsrv_num_rows($result);
if ($num === FALSE) {
header('Location: cport_index.html');
die();
}
else{
$_SESSION['login1'] = $name;
header('Location: cport_custmain.html'); 
die(); 
}
 

?>



and here's connection.php
<?php
$serverName = '(localdb)\MyInstance';
$databaseName = "SOMS"; 
$connectionInfo = array("Database"=>$databaseName); 

$conn = sqlsrv_connect( $serverName, $connectionInfo);
if($conn) {
     echo "Connection established.<br />";
}else{
     echo "Connection could not be established.<br />";
     die( print_r( sqlsrv_errors(), true));
}
?>



* yes i have installed drivers.
* i have xampp.

Thank you in advance!

Is This A Good Question/Topic? 0
  • +

Replies To: MSSQL - PHP Login Problem

#2 andrewsw   User is offline

  • quantum multiprover
  • member icon

Reputation: 6776
  • View blog
  • Posts: 27,942
  • Joined: 12-December 12

Re: MSSQL - PHP Login Problem

Posted 02 January 2016 - 03:29 PM

Quote

and it just sort of refreshes.

What happens exactly? Does it redirect to cport_index.html?

You can remove the two die() statements.

Add the following to the top of your PHP to display all errors:
error_reporting(E_ALL);
ini_set('display_errors', '1');

then start by printing out the content of the post array, print_r($_POST).

Consider this tutorial, Progressive Testing.
Was This Post Helpful? 0
  • +
  • -

#3 akishadv   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 9
  • Joined: 06-October 15

Re: MSSQL - PHP Login Problem

Posted 03 January 2016 - 08:27 AM

View Postandrewsw, on 02 January 2016 - 03:29 PM, said:

Quote

and it just sort of refreshes.

What happens exactly? Does it redirect to cport_index.html?


Thank you for your reply. Yes, it just redirects to cport_index.html.


andrewsw said:

then start by printing out the content of the post array, print_r($_POST).


if it isn't too much to ask, where will i put this?


Also, i tried taking off the headers and die syntax and put echo $num, this is what happened (please see attached screenshot).

Attached image(s)

  • Attached Image

Was This Post Helpful? 0
  • +
  • -

#4 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 2791
  • View blog
  • Posts: 11,005
  • Joined: 03-December 12

Re: MSSQL - PHP Login Problem

Posted 03 January 2016 - 08:36 AM

I honestly, would move towards using PDO.

The resource is going to be the connection, which should be $conn.And it needs to be the first parameter, not the second.
Was This Post Helpful? 0
  • +
  • -

#5 andrewsw   User is offline

  • quantum multiprover
  • member icon

Reputation: 6776
  • View blog
  • Posts: 27,942
  • Joined: 12-December 12

Re: MSSQL - PHP Login Problem

Posted 03 January 2016 - 08:44 AM

Quote

if it isn't too much to ask, where will i put this?

Early on.

When you see an error message like "..expects parameter x to be.." check the docs for the correct parameters and their order.



(Also, for next time, when there is an error copy and paste it directly here, and not just as a screenshot.)

This post has been edited by andrewsw: 03 January 2016 - 08:45 AM

Was This Post Helpful? 0
  • +
  • -

#6 akishadv   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 9
  • Joined: 06-October 15

Re: MSSQL - PHP Login Problem

Posted 03 January 2016 - 09:19 AM

Thank you very much for your replies. I put $conn before $query in sqlsrv_query. Then in the if statement I have $num == 0.This is what I have so far in login.php:

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
print_r($_POST)

?>

<?php
session_start();
include "connection.php";
$name = $_POST['login1'];
$ssn  = $_POST['login2'];
$query = "SELECT * FROM client WHERE emailaddress = '$name' AND password='$ssn'";
$result = sqlsrv_query($conn,$query);
$num = sqlsrv_num_rows($result);
if ($num == 0) {
$_SESSION['login1'] = $name;
header('Location: cport_custmain.html');
}
else{ 
header('Location: cport_index.html');
}
 

?>




Now if I put a username that matches the password I redirect in cport_custmain.html which is what I intend. But the problem now is, if i put a wrong password or a wrong username I still redirect in cport_custmain.html.
Was This Post Helpful? 0
  • +
  • -

#7 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 2791
  • View blog
  • Posts: 11,005
  • Joined: 03-December 12

Re: MSSQL - PHP Login Problem

Posted 03 January 2016 - 09:24 AM

Have you looked at the docs for sqlsrv_num_rows, and what it returns? I doubt you want it returning 0 if it found a user.

And you are susceptible to sql injection. You need to use prepared statements.
Was This Post Helpful? 2
  • +
  • -

#8 akishadv   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 9
  • Joined: 06-October 15

Re: MSSQL - PHP Login Problem

Posted 03 January 2016 - 09:46 AM

Even if I put $num > 0 in the if statement it will just make me redirect in cport_index.html even if i put the right username and password. i also tried putting 1 and then an else if $num == FALSE and it's still doing the same.
Was This Post Helpful? 0
  • +
  • -

#9 andrewsw   User is offline

  • quantum multiprover
  • member icon

Reputation: 6776
  • View blog
  • Posts: 27,942
  • Joined: 12-December 12

Re: MSSQL - PHP Login Problem

Posted 03 January 2016 - 09:54 AM

Did you look at the docs, as suggested? sqlsrv_num_rows

Quote

Retrieves the number of rows in a result set. This function requires that the statment resource be created with a static or keyset cursor. For more information, see sqlsrv_query(), sqlsrv_prepare(), or » Specifying a Cursor Type and Selecting Rows in the Microsoft SQLSRV documentation.

Return Values

Returns the number of rows retrieved on success and FALSE if an error occurred. If a forward cursor (the default) or dynamic cursor is used, FALSE is returned.


Consider sqlsrv_has_rows

This post has been edited by andrewsw: 03 January 2016 - 09:55 AM

Was This Post Helpful? 1
  • +
  • -

#10 akishadv   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 9
  • Joined: 06-October 15

Re: MSSQL - PHP Login Problem

Posted 03 January 2016 - 10:16 AM

okay with this hazy brain i read for nth time sqlsrv_num_rows and finally figured out what you guys were saying XD i'm using the wrong syntax all along. was suppose to look at sqlsrv_has_rows until andrew pointed me to sqlsrv_has_rows. finally saw differences. learned a lot today. thank you guys for the help and patience. code works now.


View Postastonecipher, on 03 January 2016 - 09:24 AM, said:

And you are susceptible to sql injection. You need to use prepared statements.


mhm, so i'm going to work on this now.
Was This Post Helpful? 0
  • +
  • -

#11 CTphpnwb   User is offline

  • D.I.C Lover
  • member icon

Reputation: 3813
  • View blog
  • Posts: 13,857
  • Joined: 08-August 08

Re: MSSQL - PHP Login Problem

Posted 05 January 2016 - 06:06 AM

View Postakishadv, on 03 January 2016 - 12:16 PM, said:

View Postastonecipher, on 03 January 2016 - 09:24 AM, said:

And you are susceptible to sql injection. You need to use prepared statements.


mhm, so i'm going to work on this now.

http://php.net/manua...f.pdo-dblib.php
Was This Post Helpful? 1
  • +
  • -

#12 akishadv   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 9
  • Joined: 06-October 15

Re: MSSQL - PHP Login Problem

Posted 05 January 2016 - 05:01 PM

But I am using windows, and php 5.4...and it says that PDO is not supported / available in Php 5.3 and later.
Was This Post Helpful? 0
  • +
  • -

#13 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 2791
  • View blog
  • Posts: 11,005
  • Joined: 03-December 12

Re: MSSQL - PHP Login Problem

Posted 05 January 2016 - 05:12 PM

Are you running this on IIS or Apache?
Was This Post Helpful? 0
  • +
  • -

#14 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2247
  • View blog
  • Posts: 6,858
  • Joined: 15-January 14

Re: MSSQL - PHP Login Problem

Posted 05 January 2016 - 05:27 PM

Like the manual says, you can use this instead:

http://php.net/manua...ef.pdo-odbc.php
Was This Post Helpful? 1
  • +
  • -

#15 akishadv   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 9
  • Joined: 06-October 15

Re: MSSQL - PHP Login Problem

Posted 06 January 2016 - 08:53 AM

View Postastonecipher, on 05 January 2016 - 05:12 PM, said:

Are you running this on IIS or Apache?


I am running this on Apache.


View PostArtificialSoldier, on 05 January 2016 - 05:27 PM, said:

Like the manual says, you can use this instead:

http://php.net/manua...ef.pdo-odbc.php


Okay, so if i understand it correctly it's already installed so i don't have to install it anymore, and then proceed in using it already?

Thank you for your replies and for your patience in trying to make me understand this (even if I admit half of what is in the link / manual about pdo_odbc confused me / have quite a hard time to understand).
Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2