PHP Login

activeradio

New Member
Messages
18
Reaction score
0
Points
0
I have a PHP login script that I made. My previous version was made in mySQL, but now I am converting to POD for various reasons. This has already happened several times, DO NOT get yourself confused!

It runs by posting to a file called access.php. I tried to implement some debugging, but it returns nothing.
Code:
<?php
try {
    $host = 'localhost';
    $port = 3306;
    $database = 'members';
    $db_username = 'stencil_access';
    $db_password = '';

    $DSN = new PDO("mysql:host=$host;port=$port;dbname=$database", $db_username, $db_password);
} catch (PDOException $e) {
    echo $e->getMessage();
}
date_default_timezone_set('Europe/London');
 
date('Y-m-d H:i:s');
 
$username = $_POST['username'];
$password = sha1(sha1($_POST['username']) . sha1($_POST['password']));

$STH = $DSN->prepare("SELECT * FROM members WHERE username = $username AND password = $password AND expiry > NOW() OR type > 0 LIMIT 1"); //Line 20
$STH->execute(array($username,$password));

//Debugging
echo "<pre>";
var_dump($STH);
echo "</pre>";
//End

if ($STH->fetchColumn() == false) {
        header("location:invalid.php");
} else {
        session_start();
 
        $_SESSION['username'] = $username;
        $_SESSION['password'] = $password;
 
        header("Location:main.php");
        die();
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
</html>

After sending my username, and password, it results in this:
SQLSTATE[28000] [1045] Access denied for user 'stencil_access'@'int.web6.vital.x10hosting.com' (using password: NO)
Fatal error: Call to a member function prepare() on a non-object in access.php on line 20
 
Last edited:

MaestroFX1

Community Advocate
Community Support
Messages
1,577
Reaction score
60
Points
0
Change:
PHP:
$db_username = 'cpanelusername_database-username'; //not stencil_access
$db_password = 'database-username_pwd';
 

activeradio

New Member
Messages
18
Reaction score
0
Points
0
I hope this is what you are looking for. My cPanel username is stencil and the username is admin. My database name is access and my table name is members.

$db_username = 'stencil_access-admin';
$db_password = 'access-admin_<censored>';

Here are the new errors:
SQLSTATE[28000] [1045] Access denied for user 'stencil_access-a'@'int.web6.vital.x10hosting.com' (using password: YES)
Fatal error: Call to a member function prepare() on a non-object in /home/stencil/public_html/access.php on line 20
 

Condenzationator

New Member
Messages
5
Reaction score
0
Points
0
I believe it should be:

$database = 'stencil_access';
$db_username = 'stencil_admin';
$db_password = '<censored>';

You won't need the table name when connecting to the database.

You are still connecting to a MySQL database; however, what I think you meant to say was that you are using the PDO functions instead of the mysql functions. :)
 

activeradio

New Member
Messages
18
Reaction score
0
Points
0
This is the problem that I am frustrated with. Condenzationator, that is exactly what I had before... After changing it to what MaestroFX1 said, similar errors. People who didn't know PDO tired to help me, but only to take me back to mySQL.
 

essellar

Community Advocate
Community Support
Messages
3,295
Reaction score
227
Points
63
The problem seems to me to be that $DSN doesn't exist outside the try block in the code you posted (it's effectively created inside the block), so the $DSN you're trying to execute the prepare() statement against isn't the same $DSN that you assigned a PDO object to.
 

Condenzationator

New Member
Messages
5
Reaction score
0
Points
0
I understand, but your first post shows
$database = 'members';
when it should be
$database = 'stencil_access';
I'm assuming you have tried this, however then.

Here is what I have for my (pdo connection) login script, which works without a problem:

<edited out due to no need now>

It is worth pointing out however, this script is rather old, and there are many things that could be improved, seeing as this was one of my first, and no longer in use. As said above, I have had no problems with it, regardless of how ill-formed and done.

Use it as you wish (if need be), I have left it unchanged from the original code, with the exception of the connection details, so it still contains all of the other meaningless (to you) info.

As a side note, it also seems it is a problem with the object being created, since the prepare statement is receiving an error saying the object doesn't exist. In this case, the entire problem could just be a variable scope problem. This was solved in my script by sticking the connection and the queries into the try statement. There may be a better method than this however, so perhaps some of the veterans could offer some helpful insight into the variable scoping part.

Edit:
Oops, it looks like essellar beat me to it (by 14 minutes too!). Took me too long to write all that out, sorry. =P
 
Last edited:

activeradio

New Member
Messages
18
Reaction score
0
Points
0
Eselllar, even if I put $DSN outside of the try block, it still results in the same errors. I did fix the database error: changed members to stencil_access. I got the same errors there as well.
 

essellar

Community Advocate
Community Support
Messages
3,295
Reaction score
227
Points
63
There's nothing magical about PDO -- it issues the same commands to the database using the same credentials as MySQL/MySQLi. The error statement you received at the beginning of all of this was that you were trying to issue a prepare() statement against an object that doesn't exist. For testing purposes, you can test the $DSN variable at various points in your code using the instanceof operator. If ($DSN instanceof PDO) returns true after your construction (new) statement but false elsewhere, you know that your problem is variable scope. If it's false after your construction statement, the problem lies in making the connection.
 

activeradio

New Member
Messages
18
Reaction score
0
Points
0
I just talked to someone about the error, and it appears that it's a connection problem. I am not sure what to do now.
 

essellar

Community Advocate
Community Support
Messages
3,295
Reaction score
227
Points
63
Just to make sure -- you've gone back to using the name and password that worked in your old version? And checked to see whether you have a valid PDO object immediately after creating it?
 

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
PHP:
<?php
try {
    $host = 'localhost';
    $port = 3306;
    $database = 'members';
    $db_username = 'stencil_access';
    $db_password = '';

    $DSN = new PDO("mysql:host=$host;port=$port;dbname=$database", $db_username, $db_password);
} catch (PDOException $e) {
    echo $e->getMessage();
}

echo "Done";

?>


Open another file. Use just the first part of your script, like above.

If you get an error, post the exact message and the exact script (minus any password) you ran.
 

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
PHP doesn't have block scope (you enter a new local scope only on function invocation), so scope isn't an issue.

MySQL authentication is based on three pieces of information which need to match what's on the server, so an "access denied" error has four potential causes:
  • Wrong username.
  • Wrong password.
  • The client computer isn't allowed.
  • Wrong server.

If you're sure of the first two ("localhost" is correct for the fourth), then it's the third. Log in to cPanel, go to "Remote Database Access Hosts" and make sure the following are listed:
  • int.web6.vital.x10hosting.com (based on the error message)
  • int.vital.x10hosting.com
  • int.starka.x10hosting.com
  • int.mysql.x10hosting.com
  • 10.33.249.7 (internal IP for Starka–retrieved by performing a DNS query for "int.starka.x10hosting.com")
  • 10.33.249.% (internal IP block for Starka)
  • 10.33.248.% (internal IP block for int.vital.x10hosting.com)
  • 192.168.1.%
  • 69.175.120.122 (external IP for starka)

Not all of the above may be necessary, but neither should they cause problems. From my account, I also see a "69.162.70.130", but I suspect this is an old IP for one of the hosts I've been on.

Once you've taken care of the above so the connection attempt succeeds, then $DSN will get assigned a value, so the call to PDO::prepare won't generate an error. However, there are a few other things that need attention.

PHP:
<?php
try {
    $host = 'localhost';
    $port = 3306;
    ...
    $DSN = new PDO("mysql:host=$host;port=$port;dbname=$database", $db_username, $db_password);
Note that specifying the MySQL port is only necessary if the MySQL server is bound on a non-default port and the client configuration isn't set to use the non-default port. Neither of these is true on X10, so it's better to leave off the "port" option and let the host-wide configuration hold sway.

"DSN" means "database source name" or "data source name", and is thus a poor choice for the name of a variable that holds a database connection. $db or $dbConnection (or some variant) would be clearer.

PHP:
$STH = $DSN->prepare("SELECT * FROM members WHERE username = $username AND password = $password AND expiry > NOW() OR type > 0 LIMIT 1"); //Line 20
$STH->execute(array($username,$password));
By interpolating the $username value directly, you're opening this query to SQL injection. Use parameters, named or positional (but not both):
PHP:
$memberQuery = $db->prepare("SELECT * FROM members WHERE username=? AND password=? AND expiry > NOW() OR type > 0 LIMIT 1");
$memberQuery->execute(array($username,$password));

// OR

$memberQuery = $db->prepare("SELECT * FROM members WHERE username=:username AND password=:password AND expiry > NOW() OR type > 0 LIMIT 1");
$memberQuery->execute(array(':username' => $username, ':password' => $password));

Because the various DB methods (prepare, &c) should only be executed if the connection object ($DSN, $db in the examples) is defined, either test the connection object variable before the rest of the DB access or place the rest within the try block:

PHP:
<?php
...
try {
    $db = new PDO(...);
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMOD_EXCEPTION);
    $memberQuery = $db->prepare(...);
    $memberQuery->execute(...);
} catch (PDOException $exc) {
    ?><p class="error">Couldn't authenticate user, due to a database error.</p><?php
    // log the exception
    ...
}

Note: the
PHP:
 tag is more appropriate for PHP code and gives you syntax coloring. For HTML, there's [html]. [code] is for generic code blocks and [c] (it's new) is for inline code.
 
Last edited:

activeradio

New Member
Messages
18
Reaction score
0
Points
0
Descalzo, so this is what happens when I use your script. I am not sure what I did, but everything is working now except for...

Code:
$database = 'stencil_access';
$db_username = 'stencil_admin';
$db_password = '<censored>';

This, but I will look over what Misson said, and edit my post in a few minuites
Code:
Fatal error:  Call to undefined method PDO::execute() in access.php on line 20

Misson, when I log into cPanel, I do not see "Remote Database Access Hosts" anywhere. I even searched for it.
 

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
If you do not put your new code out each time, it is useless for us to try to figure out what you might have done.

You apparently have at least gotten connected to the database.

The error now seems to be that you are trying to execute() something that is not a PDO statement object.

The code. From line 1 to line 22.
 

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
everything is working now except for [...] This, but I will look over what Misson said, and edit my post in a few minuites
Fatal error: Call to undefined method PDO::execute() in access.php on line 20
This error message is spot on: there is no PDO::execute(), only a PDOStatement::execute. You're calling execute on the database connection object, rather than the prepared statement.

Again,
Code:
 is an inappropriate tag. Error messages aren't code. [quote] is more appropriate, since you're quoting output.

[quote="activeradio, post: 826320"]Misson, when I log into cPanel, I do not see "Remote Database Access Hosts" anywhere. I even searched for it.[/QUOTE]
If the connection succeeds, it scarcely matters. Checking the remote hosts was only if the username and password were incorrect. The full name is visible when opened; in the Databases panel, it shows up as "Remote MySQL". It's covered in more detail in the X10 wiki article on [url=http://x10hosting.com/wiki/MySQL_Connection_Errors]MySQL connection errors[/url] (though the X10 wiki is currently down, so you can't read the article at the present).
 
Messages
89
Reaction score
0
Points
6
Sorry for interrupting, but will someone give me a brief info on this "PDO" thingy? What is it? And what it is used for..?
 

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
  1. Don't threadjack. Start your own thread.
  2. Search first. There's plenty on these forums and the web at large to get you started with PDO.
 
Top