1

Starting out with php, I have written a basic authentication script which prints out a list of database on a mysql server if a userid (supplied by user) exists in the user table of "test" database.

The problem is that this script outputs database list even if the userid does not exist in the database. I am not sure what's wrong with the script. pls look through the script and help me understand as to why the db list is being outputted even though the userid does not exist in the db. Here is the script:

<?php

if(isset($_POST['submitted']))
{
  $userid=$_POST['userid'];
  $userpassword=$_POST['userpassword'];
  $link_id=mysql_connect("localhost","root","pass");
  $result_db_list=mysql_list_dbs($link_id);
  mysql_select_db("test",$link_id);
  if(!($result_ptr=mysql_query("Select userid from user where Userid='$userid'",$link_id))) die ("Please enter correct userid");
     while($test=mysql_fetch_row($result_db_list))
      {
       echo $test[0]."<br>";
      } 

}
else
{
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Authentication Script</title>
<style type="text/css" >
  #header{
  padding-top:0px;
  margin:0px;
  background-color:#CCCCCC;
  }
  .container{
  width:950px;
  margin:0 auto;
  border:1px solid red;
  }
 .authbox {
 padding-top:100px;
 margin:0 auto;
 }
  #footer{
  background-color:#666666;
  color:white;
}
</style>
</head>

<body>
<div id="header">

<div class="container">

<form action="authentication script.php" method="post">
<div class="authbox">UserName: <input type="text" name="userid" /><br/>
Password: <input type="password" name="userpassword" /><br/>
<input type="hidden" name="submitted" value="true" />
<input type="submit" value="Submit" />
</div>
</form>


</div>

</div>

<div id="footer">
Copywright 2010 NT Technologies. 
</div>

</body>
</html>

<?php
}
?>

Thanks rseni.

Improve this question
4
  • recheck your sql query, why are you not checking both the user id and password? Commented Jun 1, 2011 at 15:46
  • 1
    Your script is vulnerable to SQL Injection: en.wikipedia.org/wiki/SQL_injection Commented Jun 1, 2011 at 15:47
  • Not necessarily related to your problem, but you should not be using variables in your SQL statements. If possible, use MySQLi (us3.php.net/manual/en/book.mysqli.php) and statements. If that's not available, make sure to use functions like mysql_real_escape_string (us3.php.net/manual/en/function.mysql-real-escape-string.php). The script above is vulnerable to SQL injection. I realize it's a test script, perhaps, but it's best to get into the habit of using these methods. Commented Jun 1, 2011 at 15:50
  • Coding-Freak. Well next time I will keep that in mind, however the script should not output db list even if only the userid check is in the script. Commented Jun 1, 2011 at 15:51

2 Answers 2

Reset to default
3

Your script is full of errors. (I hope at least you have magic_quotes on otherwise you are in very big problem. Notice you should avoid anyway magic_quotes and use Prepared Statement)

That's happen because of

  if(!($result_ptr=mysql_query("Select userid from user where Userid='$userid'",$link_id))) 
     die ("Please enter correct userid");

That's query doesn't return FALSE if it doesn't select nothing.

You should change it to:

$result = mysql_query("SELECT COUNT(*) as countUser [etc]");
$r = mysql_fetch_assoc($result);
if ($r['countUser']==0) 
  die('Denied');
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Appu - yes123 is correct. Take a look at the documentation on php.net for the mysql_query function - You will see that it returns a resource identifier on success and a FALSE on error. Error here does not mean no rows returned - but rather an error such as you attempt to run this query against a table that does not exist.

Improve this answer

1 Comment

thanks the support but your answer was way better if you posted it as a comment :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.