• PHP if statement problem
    17 replies, posted
I made a script which checks a password which has been inserted to make sure it is correct and it says go back to retry. this works but after that is runs a part of the script which isn't inside the if statement like this if(password2 !== password){ echo "Go back and try again"; else here is where the rest of the script runs if the password information is correct and the first function is $con = mysql_connect("localhost","root",""); if (!$con) { die('Could not connect: ' . mysql_error()); } so it displays "Could not connect" after the password incorrect part. help?
How about you show us the whole script not just horrible interpreted snippets.
[QUOTE=compwhiziitothemax;18974673]How about you show us the whole script not just horrible interpreted snippets.[/QUOTE] You don't need the whole script to debug a MySQL connection error. From the looks of it the script's running on a local server; OP is MySQL running at all? If you're using XAMPP, check the Control Panel.
Use a correct set of credentials to authenticate with your MySQL server.
Like this. [code] mysql_connect("host", "dbuser", "dbpass") or die("ER#1"); mysql_select_db("db_name") or die("ER#2"); [/code]
[QUOTE=Wipmuck;18985081]Like this. [code] mysql_connect("host", "dbuser", "dbpass") or die("ER#1"); mysql_select_db("db_name") or die("ER#2"); [/code][/QUOTE] Try descriptive error messages?
[QUOTE=turby;18985241]Try descriptive error messages?[/QUOTE] If you're the only who needs to see it, or know about it, why have something that could alert others that you fucked up? :P
[QUOTE=andersonmat;18985497]If you're the only who needs to see it, or know about it, why have something that could alert others that you fucked up? :P[/QUOTE] Saying something cryptic like ER#2 still alerts the user that you fucked up
[QUOTE=turby;18986196]Saying something cryptic like ER#2 still alerts the user that you fucked up[/QUOTE] But the user won't know where it fucked up, or why, yet you can relate to it when the user tells you that they've gotten that error. It's a lot more simple for a user to remember ER#2 than "Error with connecting to the MySQL database and running a select statement along with join statements". That's very over the top, true, but if it's for security reasons or user understanding, it helps with short error messages.
[QUOTE=smidge146;18973925](password2 !== password) [/QUOTE] Shouldn't it be something like this? if($password2 != "password")
yeh it should.
[QUOTE=fille87;18986921]Shouldn't it be something like this? if($password2 != "password") ?[/QUOTE] Depends, I'm not really sure what he's doing, but yes he would need a $ in front of password if it is a variable. If he has already put the password from the database into a variable then he'd just need to check it again the other password. [code]if ($dbpass != $inputpass) { echo "Passwords don't match" }[/code] If you storing passwords in a database make sure they are encrypted, and to check to see if they are the same just encrypt the inputpass as well. MD5 is probably the easiest encryption method.
[QUOTE=h2ooooooo;18986356]but if it's for security reasons[/QUOTE] How is 'couldn't connect to database' an attack vector?
[QUOTE=turby;18996352]How is 'couldn't connect to database' an attack vector?[/QUOTE] It's not, but if you start to even it out, it is. Use another way of thinking. You log in somewhere. Correct user is "user" and "password" Site 1: name: user pass: err Error: Wrong password name: usr pass: nothing Error: Wrong username Site 2: name: user pass: err Error: Wrong username or password name: usr pass: nothing Error: Wrong username or password Do you see which one is most secure?
Well what if your stupid, and you cant tell which is wrong.
[QUOTE=Wipmuck;19009802]Well what if your stupid, and you cant tell which is wrong.[/QUOTE] Then you need to get off the internet.
[QUOTE=compwhiziitothemax;19013862]Then you need to get off the internet.[/QUOTE] You dont play gmod servers other than your own?
[QUOTE=Wipmuck;19009802]Well what if your stupid, and you cant tell which is wrong.[/QUOTE] You may not want to specify what is wrong with the login detail. It's like if you had the form Login Name Password Security Question and you entered one of the fields in wrong, you wouldn't want to specify what field it was because then you'd be telling whoever what they had right. For example, if it just told them that the Security Question was wrong then whoever would know that they had the Login Name and Password right. The solution to this is not specifying what is wrong and instead just be general. With a login like facepunch it doesn't really matter because your login name is also your username. But with facebook and other sites your login name is something like your email and it is not your username. So with facebook, not even telling whoever what they got wrong in the login makes it more secure. Rereading and I'm not sure if this is coherent.
Sorry, you need to Log In to post a reply to this thread.