1

I'm trying to program a Login-System for Android (in Eclipse) and have to get the data from an external MySQL-DB.

Source I took the code for it: Connecting to MySQL Database

The Website I'm trying to fetch the data from is here.(I know there are some safety issues, blabla, this is not my problem right now^^)

The Problem I have, is when I try to run the Application, The Error "No Password found". This Error is catched within this Code:

ArrayList<String> passwort = new ArrayList<String>();
ArrayList<String> benutzer = new ArrayList<String>();
try{
  jArray = new JSONArray(result);
  JSONObject json_data=null;
  for(int i=0;i<jArray.length();i++){
         json_data = jArray.getJSONObject(i);
         passwort.add(json_data.getString("pw"));
         benutzer.add(json_data.getString("benutzer"));

     }
  Intent intent = new Intent(this, MainActivity.class);
  intent.putExtra("arrayBenutzerExtra", benutzer);
  intent.putExtra("arrayPasswortExtra", passwort);
  startActivity(intent);

    }
    catch(JSONException e1){
      Toast.makeText(getBaseContext(), "No Password found" ,Toast.LENGTH_LONG).show();
    } catch (ParseException e1) {
        e1.printStackTrace();
}

As addition, here is the code where I connect with the website, but it doesn't seem to be the problem, though I don't get an error message about that!

try{
 HttpClient httpclient = new DefaultHttpClient();
 HttpPost httppost = new HttpPost("http://winklermarkus.at/appconnection.php");
 httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
 HttpResponse response = httpclient.execute(httppost);
 HttpEntity entity = response.getEntity();
 is = entity.getContent();
   }catch(Exception e){
     Log.e("log_tag", "Error in http connection"+e.toString());
   }

The Code of the .php file is here: 

$sql_pw = "SELECT ". "Passwort ". "FROM ". "benutzerdaten ";
    $result_pw = mysql_query ($sql_pw); 
    $data_pw = mysql_fetch_array ($result_pw);
    $pw = $data_pw["Passwort"];

    $sql_benutzer = "SELECT ". "Email ". "FROM ". "benutzerdaten ";
    $result_benutzer = mysql_query ($sql_benutzer); 
    $data_benutzer = mysql_fetch_array ($result_benutzer);
    $benutzer = $data_benutzer["Email"];

print(json_encode($pw));
print(json_encode($benutzer));

mysql_close();
?>

as Perception mentioned, I don't get valid JSON output, could this possibly be in relation with me, trying to transmit 2 strings at once?

Improve this question
11
  • Can you paste the json response you are trying to parse? Commented Dec 10, 2012 at 12:23
  • you found JSON String after HttpPost. please check it. may be problem is here? Commented Dec 10, 2012 at 12:27
  • Always check the status code of your HTTP request before processing the response data. More on topic, the service you linked in your question does not return valid JSON. Commented Dec 10, 2012 at 12:29
  • @Perception Oh, OK, this could be the real problem, i will add the php Code to my Question! Commented Dec 10, 2012 at 12:35
  • I doubt that the php result is a valid JSON array Commented Dec 10, 2012 at 12:47

1 Answer 1

Reset to default
2

Your PHP code is not doing what you think it's doing. I cannot recommend a fix to it as you've created a significant security hole.

As an alternative strategy, instead of sending all the passwords and all the emails to the client (in an unassociated fashion no less), send the clients hashed password and email to the service (over SSL). Then on the service side query if you have the combination of email/pass in the database. If you do return login success, otherwise return login failed.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.