1

I've run into a strange issue. I'm developing a web interface for a MySQL database, and trying to fetch information from it using PHP. In short, I'm able to retrieve information just fine from some databases while I am not with others.

$userList = mysql_query("SELECT * FROM myTable");
while ($userInfo = mysql_fetch_array($userList) )
{
    echo "<p>Name = " . $userInfo["name"] . ". Password = " . $userInfo["password"] . ".</p>";
}

That part is just a test, and it works fine. I get the name and password of everyone in the database. But when I try to do it this way, I run into errors. Consider that 

while ( ($userInfo = mysql_fetch_array($userList) ) && (!$found) )
{
    echo "The current username is " . $userInfo["name"] . ". <ul>";
    if ($username == $userInfo["name"])
    {
        $found = true;
        if ($password == $userInfo['password'])
        {
            echo "The password you entered, " . $userInfo['password'] . " was correct!";

            //things which we do once the account is confirmed
        }
        else //the username is right but the password is wrong.
        {
            "The password didn't match, though!";
        }
    }
    else //this username isn't the right one.
    {
        echo "<p>$username does not match " . $userInfo['name'] . ".";
    }
    echo "</ul>";
}

To be specific, the $userInfo["name"] and $userInfo["password"] characters return absolutely nothing in the second block of code, while in the first block of code they seem to work just fine. I don't understand why there is a difference between the two.

Any help or advice I could receive would be greatly appreciated.

EDIT: For those who want the full code, here it is. 

<head>
<title>My Web Interface</title>
</head>

<?php
if (!($_POST["go"]))
{
?><h1>Hello World!</h1>
<form action="test.php" method="post">
    Username: <input type="text" name="username" /> <br />
Password: <input type="text" name="password" /> <br />
<input type="submit" name="go" />
</form>
<?php
}
else //the user has submitted: in which case, we check if the details match any user info in the database
{

$username = $_POST["username"];
$password = $_POST["password"];

//the database info variables
$hostname = "myhostname";
$dbUsername = "myusername";
$dbPassword = "mypassword";

echo "<p>You entered the username and password combo of '$username' and '$password'.</p>";

$connect = mysql_connect($hostname, $dbUsername, $dbPassword) or die ("Unable to connect to MySQL");

//test for the connection's presence. Every time so far it's returned True.
if ($connect)
{
    echo "Got it!";
}
else
{
    echo "Don't got it!";
}

//echo "<p>My username is " . $dbUsername ", my hostname is " . $hostname . " and my password is " . $dbPassword . ".</p>";

$selected = mysql_select_db("myDatabase",$connect)
or die("Could not select examples");

$userList = mysql_query("SELECT * FROM testUsers;");

/****
* This part tests to show a connection between the user and the database.
* It should return a list of users and the rights they have.
***
*/
$found = false; //how we terminate the loop.

//echo "<ul>";
while ($userInfo = mysql_fetch_array($userList) )
{
    echo "<p>Name = " . $userInfo["name"] . ". Password = " . $userInfo["password"] . ".</p>";
    if ($userInfo["password"] == $password)
    {
        echo "<p>The passwords match and are both $password!</p>";
    }
    else
    {
        echo "<p>$password does not match with " . $userInfo["password"] . "!</p>";
    }
}

while ( ($userInfo = mysql_fetch_array($userList) ) && (!($found)) )
{
    echo "The current username is " . $userInfo["name"] . ". <ul>";
    if ($username == $userInfo["name"])
    {
        $found = true;
        echo "<p>We found you in the database, " . $userInfo['name'] . ". Now to test your password.</p>";
        if ($password == $userInfo['password'])
        {
            echo "<p>The password you entered, " . $userInfo['password'] . " was correct!</p>";
            //now show the table's contents
            $register = mysql_query("SELECT * FROM myTable;");
            while ($col = mysql_fetch_array($register) )
            {
                echo "<li>Tag: " . $col['service_tag'] . "</li>";
            }
        }
        else //the username is right but the password is wrong.
        {
            echo "The password didn't match, though!";
        }
    }
    else //this username isn't the right one.
    {
        echo "<p>$username does not match " . $userInfo['name'] . ".";
    }
    echo "</ul>";
}

/*
*Test code: trying to output the testUsers info without the conditions.
*/

if (!$found)
{
    echo "<p>We could not find you in the database. Did you enter your username correctly?</p>";
}
echo "</ul>"; 

mysql_close($connect);
}
?>

EDIT #2: Some people have noted that this presentation is very insecure with passwords, and I would agree - this isn't intended to be the final code of the website at all. I just thought I'd test the connection as I went and ran into this issue.

Improve this question
10
  • 1
    Quick note, you're not echoing "The password didn't match, though!"; which will throw an error, if it's not a typo. Commented Nov 20, 2013 at 15:31
  • 2
    echo "The password you entered, " . $userInfo['password'] . " was correct!"; - Words can not express how horrible of an idea this is. 1) Never store passwords in plain text. 2) Never display passwords. (Note: If you follow step 1, you automatically get step 2.) Additionally, if the login fails, just tell the user that the login failed. You're giving them too much information. "Username doesn't match", "password doesn't match", this is too much error information. Commented Nov 20, 2013 at 15:32
  • 1
    You really should be using a where clause in your query, so you only return matching rows in the first place. Imagine if google had this login system, and had to output 2 billion "didn't match" rows and one SINGLE row where your login info actually succeeded. Commented Nov 20, 2013 at 15:32
  • 2
    Where are you getting $username and $password? Also, mysql_query is deprecated. Look into mySQLi or PDO. I echo the concerns of other comments as well. Why are you even displaying a password or storing it as plaintext? You can just do all that IN the query with a WHERE clause. WHERE username = $username AND password = $password If the result is nil, there was no match. Commented Nov 20, 2013 at 15:35
  • Well, in addition to the points the other comments already mentioned: What does $userInfo contain? Commented Nov 20, 2013 at 15:41

3 Answers 3

Reset to default
1

Once you have finished the first block the cursor is at the end of the $userList. So in the second block there is nothing more to read with 

$userInfo = mysql_fetch_array($userList)

Try to include the following statement before the second block, to move the cursor back to the first item: 

mysql_data_seek($userList, 0);

or better: 

if (!mysql_data_seek($userList, 0))   
{  
    echo "You can't go back (seek): " . mysql_error() . "\n";  
}   
else  
{  
   // Block 2  
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I actually tried removing the first block yesterday night and it worked out! I'm thankful for this workaround, though; it might be handy later on in the project!
0

I think you show us not the full code. Somewhere you have to set the credentials for the database, is this before or after you put an value to $username? Perhaps you use the $username for the database connection too?

Improve this answer

Comments

0

It is because of (!($found) in your while loop. the final state of that must be true for the loop to take action however it comes out false all the time because you are asking it to be not false but it is. There fore it will not work because the conditions are not met. Try removing the ! from it and test it. If you cannot do it this way try using this:

do {
//your code here to motion
}
while()// your conditions

in this case as long as the states are true in while, do will keep working.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.