Indie-Resource.com

Were Back!
http://indie-resource.com/forums/

Browser MMO Video #5

http://indie-resource.com/forums/viewtopic.php?t=223

Page 18 of 35

Re: Video#5

Posted: Wed May 12, 2010 5:32 pm
by Jony
Hi. I have one question regarding to this video.

In this code:

Code: Select all

$query="select name,password from players where name= '$player' and '$password'";
you used $query=".... and '$password'";

Shouldn't it be: $query="... and password='$password'";
like in this code:

Code: Select all

$query="select name,password from players where name= '$player' and password='$password'";
I'd like to why you wrote the code like that and what is the difference in effect between the 2 codes.

Regards.

EDITED:
I just looked a few pages back and found out the correct code.
I was wondering about this because when I wrote this .php file i used the 2nd CODE and it worked. In your video, it seemed to have worked with the first code too.

PPS. So far so good. All the tuts worked for me. I learned practically a lot of things that i only knew theoretically before. Great site!

Re: Video#5

Posted: Wed May 12, 2010 6:47 pm
by hallsofvallhalla
thanks and yes the second code is the correct way, it was a mistake on my part :)

Re: Video#5

Posted: Wed May 12, 2010 11:19 pm
by Jackolantern
hallsofvallhalla wrote:thanks and yes the second code is the correct way, it was a mistake on my part :)
Although I have never tried it the original way myself, I have seen plenty of people post that in their code samples and it is not causing errors. Is that query only logging people in based on their username, instead of username and password?

Re: Video#5

Posted: Wed May 12, 2010 11:38 pm
by hallsofvallhalla
it is different on different hosts and browsers, like so many other issues I run into....

Re: Video#5

Posted: Thu May 13, 2010 3:19 am
by Jackolantern
What I was thinking, is that the "and '$password'" would be interpreted as a concatenated statement. In which case, it would have no meaning, and it would evaluate to no effect, leaving just "SELECT * FROM players WHERE name='$name'"....scary... lol

Re: Video#5

Posted: Sun May 16, 2010 7:17 am
by jpoisson
While testing it out the issue i ran into is that any user can log into any account. All they need is the right user name then enter what ever for a password. Since it is only checking against the user name and not validating for a password.

Re: Video#5

Posted: Sun May 16, 2010 8:44 am
by PaxBritannia
Here is my login script which works:

From straight from Impedimenta:

Code: Select all

#Set Variables
		$name = $_POST['name'];
		$password = $_POST['password'];
	  
		#Prevent XSS Attacks
		$name=htmlentities($name);
		$name=strip_tags($name);
	  
		#Encrypt Password
		$passwordencrypted=hash('!!!Not Telling What Hash I used - Insert Hash Here!!!', $password);
		
		#Search Database for name
		$userselect="SELECT * from player where name='$name'";
		$userraw=mysql_query($userselect) or die('Your internet connection expired.  Please refresh the page. ');
		$user=mysql_fetch_array($userraw);	
		
		#DEGUGING SCRIPT!!! DO NOT DE-QUOTE!!!
		#echo "user:" .$name;
		#echo "password:" .$password;
		#echo "password encrypted:" .$passwordencrypted;
		#echo "password in db:" .$user['password'];
		#DEGUGING SCRIPT!!! DO NOT DE-QUOTE!!!
		
		if ($user['password']==$passwordencrypted){
		goto pass1;
		} else {
		goto fail1;
		}
You can probably read through it and understand: I have a tendency to comment everything I do even if no-one is going to read it - helps a lot with debugging and team-projects.

If you used MD5 hashing, the hash part will be slightly different. There are other ways to authenticate which include counting lines, etc. But this is the most robust.

Pax.

Re: Video#5

Posted: Sun May 16, 2010 2:33 pm
by hardtime81
1 <?php
2 include_once 'connect.php';
3 session_start();
4
5 if (isset($_POST['submit']))
6 (
7 $player=$_POST['player']; <<<<<<<Phare Error>>>>>><<<<what is it asking us?>>>>>>>
8 $password=$_POST['password'];
9 $player=strip_tags($player);
10 $password=strip_tags($password);
11 $password=md5($password);
12
13 $query = "select name, password from players where name='$player' and 'password'";
14 $result = mysql_query($query) or die("Could not query players");
15 $reslt2 = mysql_fetch_array($result);
16 if ($result2)
17 (
18 $_SESSION['player']=$player;
19
20 echo "<big>Logged in successfully<br>";
21 echo "<a href='battle.php>Continue</a></big>";
22 )
23 else
24 (
25 echo "<big>Wrong username or password.<a herf='login.php'>Try Again</a></big>";
26 )
27 )
28 ?>

Note: {Parse error: parse error in C:\wamp\www\tutorial\authenicate.php on line 7}
Regards,
Hardtime81

Re: Video#5

Posted: Sun May 16, 2010 3:03 pm
by hallsofvallhalla
you have ( instead of { at line 6

same with ) needs to be }

your if statements are fin if(blah blah) but then it should be
{

}

Re: Video#5

Posted: Fri May 21, 2010 5:06 am
by hardtime81
Halls whats the differenace between the two?
( {
) }
I thought it would read the script either way.
Regards,

Hardtime81
All times are UTC
Page 18 of 35

Powered by phpBB® Forum Software © phpBB Limited