Access denied for user & A link to the server could not...Errors

netpumber

Good morning..

This is my php code :

<?php

ini_set ('display_errors',1);
error_reporting (E_ALL & ~E_NOTICE);

if (isset ($_POST['submit'])){
        if ($dbc = @mysql_connect('localhost','web','p@ss'))
                {
                        if (!@mysql_select_db ('web_site'))
                        {
                                die('<p> Could not select the database brcause:<b>'. mysql_error() .'</b></p>');
                        }
                }else{
                        die('<p>Could not connect to MYSQL because:<b>' . mysql_error() . '</b></p>');
                        }
}

$query =  'select * from users where user_name = "'.$_POST['username'].'" and password = "'.md5($_POST['password'].'"');
$select_user = mysql_query($query);

if (mysql_num_rows($select_user) != 0)
{
    session_start();
    session_register('authorized');
    $_SESSION['authorized'] = true;

header("Location: admin.php");
exit;
}
else
{
    header("Location: login_form.php");
   exit;
}


?>

Its a part from a login page . When i type password and username and press submit button it returns these tow errors:

Warning: mysql_query() [function.mysql-query]: Access denied for user 'www-data'@'localhost' (using password: NO) in /var/www/login/login.php on line 19

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /var/www/login/login.php on line 19

I search in google for them but they say that occurs from a wrong connection with database through mysql_connect. I don't think that the username and password that i put in mysql_connect function are wrong ..:s Also i have change some things in mysql_query function but nothing happens..

What is your opinion ?

NogDog

Looks like it's because the code that does the mysql_query() is outside of the first IF block, so it's being executed even when the if condition fails ($_POST['submit'] is not set) and thus no database connection has been done.

netpumber

So you said me to make it like this ? :

<?php

ini_set ('display_errors',1);
error_reporting (E_ALL & ~E_NOTICE);

if (isset ($_POST['submit'])){
        if ($dbc = @mysql_connect('localhost','web','p@ss'))
                {
                        if (!@mysql_select_db ('web_site'))
                        {
                                die('<p> Could not select the database brcause:<b>'. mysql_error() .'</b></p>');
                        }
                }else{
                        die('<p>Could not connect to MYSQL because:<b>' . mysql_error() . '</b></p>');
                        }

$query =  'select * from users where user_name = "'.$_POST['username'].'" and password = "'.md5($_POST['password'].'"');
$select_user = mysql_query($query);

}



if (mysql_num_rows($select_user) != 0)
{
    session_start();
    session_register('authorized');
    $_SESSION['authorized'] = true;

header("Location: admin.php");
exit;
}
else
{
    header("Location: login_form.php");
   exit;
}


?>

netpumber

hmm ok .. i forgot to put name="submit" in html form... Thanks for this....

But now another prob occurs .. :s

I type the username and password but it doesnt redirect me in admin.php and its stays in login.php which is a blank page because it runs only the php script.

Is there any problem with headers ??

What you think ?

netpumber

Ok... the above prob solved . I just uncomment some lines that i had comment before :p

Anyway..now it makes connection with mysql but it has problem with mysql_num_rows() and headers ...

Here are the errors :

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/www/login/login.php on line 22

Warning: Cannot modify header information - headers already sent by (output started at /var/www/login/login.php:22) in /var/www/login/login.php on line 33

and here is the php script :

<?php

ini_set ('display_errors',1);
error_reporting (E_ALL & ~E_NOTICE);

if (isset ($_POST['submit'])){
        if ($dbc = @mysql_connect('localhost','web','@qwerty@'))
                {
                        if (!@mysql_select_db ('web_site'))
                        {
                                die('<p> Could not select the database brcause:<b>'. mysql_error() .'</b></p>');
                        }
                }else{
                        die('<p>Could not connect to MYSQL because:<b>' . mysql_error() . '</b></p>');
                        }


    $query =  'select * from users where user_name = "'.$_POST['username'].'" and password = "'.md5($_POST['password'].'"');
    $select_user = mysql_query($query);
}

if (mysql_num_rows($select_user) != 0)
{
    session_start();
    session_register('authorized');
    $_SESSION['authorized'] = true;

header("Location: admin.php");
exit;
}
else
{
    header("Location: login_form.php");
    exit;
}


?>

NogDog

You may want to move that last part of the code up into the IF block as well. You should also check the result of the mysql_query(), and if it's false, do some error logging -- such as with mysql_error() -- to find out why the query failed.

netpumber

NogDog you mean something like this ? To put the last if block into the first ? Or you mean something else?

<?php

ini_set ('display_errors',1);
error_reporting (E_ALL & ~E_NOTICE);

if (isset ($_POST['submit'])){
        if ($dbc = @mysql_connect('localhost','web','@qwerty@'))
                {
                        if (!@mysql_select_db ('web_site'))
                        {
                                die('<p> Could not select the database brcause:<b>'. mysql_error() .'</b></p>');
                        }
                }else{
                        die('<p>Could not connect to MYSQL because:<b>' . mysql_error() . '</b></p>');
                        }


    $query =  'select * from users where user_name = "'.$_POST['username'].'" and password = "'.md5($_POST['password'].'"');
    $select_user = mysql_query($query);


if (mysql_num_rows($select_user) != 0)
{
    session_start();
    session_register('authorized');
    $_SESSION['authorized'] = true;

header("Location: admin.php");
exit;
}
else
{
    header("Location: login_form.php");
    exit;
}

}

?>

I try this.. and errors still there..

johanafm

As for the error message about headers allready sent, this is due to the fact that you somewhere in your script output something, which means that headers need to be sent, and are. After that, you can no longer set the headers to send.

 <?php
/* If this is the contents of a file, it sends output twice. Once before the opening php tag
    and once after. If you are using include/require on the file, you can leave out the closing
    php tag, and PHP will treat it as if there was one at the very end of the file.
    Another option is to explicitly end your includes/requires with return true.
*/
?>

But in your case, perhaps you are actually using echo or similar to send data somewhere.

netpumber

But in your case, perhaps you are actually using echo or similar to send data somewhere.

Yes but... only this is the code i have and nowhere there is an echo command..

Just in index.php i use print command to print the data from mysql...

Weedpacket

johanafm wrote:
this is due to the fact that you somewhere in your script output something

In this case that "something" is the first error message 🙂.

netpumber

Weedpacket;10931422 wrote:
In this case that "something" is the first error message 🙂.

aha.... hmmm now i understand... So i have to find what is the problem with mysql_num_rows() function...

netpumber

So... i add this in code :

echo $query

and returns me back this in the error page :

select * from users where user_name = "admin" and password = "passInMd5

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/www/login/login.php on line 23

Warning: Cannot modify header information - headers already sent by (output started at /var/www/login/login.php:21) in /var/www/login/login.php on line 34

As you can see there is no " in the end of the query... What you say..? Maybe is this the problem ?

johanafm

Well spotted Weedpacket 🙂

As NogDog suggested, check for SQL errors

$query =  'select * from users where user_name = "'.
		$_POST['username'].'" and password = "'.md5($_POST['password'].'"');
// This is either a result set resource, or boolean false in case of an error
$select_user = mysql_query($query);

// boolean false can't be used with mysql_num_rows etc
if (!$select_user) {
	echo mysql_errno() . ': ' . mysql_error();
	// possibly exit(); or use die() instead of echo above if you don't want the scrip to continue
}

I noticed you are using double quotes in your SQL query, which is non-standard. The error output should tell you if this is the problem. Perhaps MySQL handles that, but it still doesn't hurt getting into the habit of using single quotes.

netpumber

this is the error :

1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"345fe74a42.......................51fa' at line 1
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/www/login/login.php on line 26

Warning: Cannot modify header information - headers already sent by (output started at /var/www/login/login.php:21) in /var/www/login/login.php on line 37

What you say...? I thing something with quotes ....:s eh?

Weedpacket

md5($_POST['password'].'"')

Typo here; you're appending the '"' to the password and it's going into the hash as well. Hash, then append!

netpumber

Yes and what it needs to change?

and password = "'.md5($_POST['password'].'"');

make it like this :

and password = "'.md5($_POST['password'].)'"';

Weedpacket

Don't forget to move the '.', too.

netpumber

Hmm yeah ok.... now query its ok and no errors returned but i thing that something is going wrong with this piece of code cuz it redirect the user in login_form again and not in admin.php


if (mysql_num_rows($select_user) != 0)
{
    session_start();
    session_register('authorized');
    $_SESSION['authorized'] = true;

header("Location: admin.php");
exit;
}
else
{
    header("Location: login_form.php");
    exit;
}

}
?>

i have check if the admin.php is in the same directory and it is...:S...

What you thing about this one ?

This is the code that i have in admin.php

<?php
if ($_SESSION['authorized'] != true)
{
    header("Location: login_form.php");
    exit;
}
?>