[RESOLVED] Login Autentication? Not working

2gd-2be-2rue

Hi, i am havign a problem with login authentication.

Its part of a class practical and some of the code was given to us and the rest we had to fill in.

A username and password has been entred into the database, however when i enter the username and password into the prompt autentication box, it does not seem to do anything. I have included the relevant code below, if you could help me i would be really greatful, i have spent so much of my time trying to fix this.

<?php
    // Function to authenticate
    function authenticated($username, $password) {

    // Connect to Database Server

$Hostname = "2006";
$Username = "anon";
$Password = "mypas";

//open the connection

$conn = mysql_connect($Hostname,$Username, $Password);

    // Choose database

mysql_select_db("anon", $conn);

    // Build SQL query to:
        // find row in database with 
        // matching $username and $password
    // Execute query

$query = mysql_query( "SELECT * FROM blog_user WHERE name = '".$username."' AND password = '".$password."';", $conn);


        // IF number of rows is equal to one
        // return true

    if ($query == 1)
    {
    return true;
    }

    // ELSE return false
    else
    {
    return false;
    }

}


// Assign username and password from $_SERVER global array

$username = $_SERVER["PHP_AUTH_USER"];
$password = $_SERVER["PHP_AUTH_PW"];



// Decide whether to show blog entry form, or deny access
if (!authenticated($username, $password)) {

    // Credentials either:
        // not sent (1st time script is called)
        // credentials do not match database

    // Display HTTP Authentication Challenge

	header("WWW-Authenticate: Basic Realm=\"Blog Station\"");
	header("HTTP/1.1 401 Unauthorised");

    // Print a message about incorrect credentials

 echo " Incorrect credentials provided, please try again";
 echo ("<a href = \"index.php\"> Re-Enter");
     exit;
}

   else {
        // Correct credentials provided, print the blog entry form
	//using the echo as a check 
	echo " Authorised";
    }
?>

That is the code that challenged the user to enter their username and password. As i said before i have entered one valid user into the database, through inserting it into the database using mysql.

If you need anymore code let me know.

The index page is displayed, and when the user clicks on "addentry" - the addentryform script is called, that is the code above- and if all goes right then the addentry form redirects to the page to enter a new post. It seems that the code does not seem to compare the values entered with anything ?

Rahish

Try this code instead of yours and see if works.

mysql_select_db("anon", $conn); 

	// Build SQL query to:
	// find row in database with 
	// matching $username and $password 
	// Execute query 

	$query = mysql_query( "SELECT * FROM blog_user
          WHERE name = '".$username."' AND password = '".$password."';", $conn); 


	// IF number of rows is greater than 0
	// return true 

	$count = mysql_num_rows($query);

	if ($count > 0)
	{
		return true; 
	}

	// ELSE return false 
	else 
	{ 
	return false; 
	}

You needed to use the mysql_num_row() function to know how many rows where returned.

and there is no closing tag for the anchor tag in this line.

      // Print a message about incorrect credentials 

 echo " Incorrect credentials provided, please try again"; 
 echo ("<a href = \"index.php\"> Re-Enter</a>"); 
     exit;

2gd-2be-2rue

Thankyou so much! It worked.

Thankyou again - Really appreciate the help 😃