I have this script here:
//Tell the requester to output response as JSON
//header('Content-Type: application/json;charset=utf-8');
//POST information.
$name = $_POST['username'];
$pass = $_POST['password'];
$mysql_server = 'localhost';
$mysql_user = 'root';
$mysql_pass = '';
$mysql_dbname = 'test';
//Set up variables needed for middle-end
$return_code = 0;
$error_message = '';
//Connect to the Database
$conn = new mysqli($mysql_server, $mysql_user, $mysql_pass, $mysql_dbname);
if ($conn->connect_error)
{
//Return an error (in JSON format) that MySQL server wont connect
$return_code = -1;
$error_message = 'Failed to connect to MySQL: ' . $conn->connect_error;
}
else
{
//Query for a User/Pass match
$sqlquery = "SELECT ucid FROM test WHERE ucid = '" . $name . "' AND password = '" . hash('sha256', $pass) . "'";
$result = mysqli_query($conn, $sqlquery);
if (mysqli_num_rows($result) > 0)
{
//On Successful User/Pass
$return_code = 1;
}
elseif(mysqli_num_rows($result) == 0)
{
//On Failed User/Pass
$return_code = 0;
$error_message = 'Incorrect Username or Password';
}
else
{
//Something went wrong
$return_code = -1;
$error_message = 'You messed something up real good.';
}
}
if($return_code == 1)
{
$jsonResults = array('return_code' => $return_code);
}
elseif ($return_code == (0 || -1))
{
$jsonResults = array('return_code' => $return_code, 'error_message' => $error_message);
}
$echoJSON = json_encode($jsonResults, 1);
echo $echoJSON;
echo '
';
echo 'return code = ' . $return_code . ' and message: ' . $error_message;
echo '
Query Passed: ' . $sqlquery;
echo 'Username passed was: ' . $name . 'and Password passed was: ' . $pass;
?>
Basically put, you pass it a username & password, the script then connects to a MySQL server and does a SQL query of the username + the password after its been sha256 hashed. The point of the query is to see if the username + password is valid combination. If one of them is wrong, the query should show 0 results, thus resulting in an 'Incorrect username or password' message
However, when I run the script and echo the results, apparently nothing is getting passed:
Notice: Undefined variable: jsonResults in C:\xampp\htdocs\alpha-test\db.php on line 62
null
return code = 0 and message: Incorrect Username or Password
Query Passed: SELECT ucid FROM test WHERE ucid = '' AND password = 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'Username passed was: and Password passed was:
I do not know what I am doing wrong.
Answer
The problem seems to be something to do with postman ( I've never used that ). The best way to test this is to create a form on a new page and actually post the data and make sure that is working.
1) When I can't figure out why something doesn't work, I simplify the problem and reduce the possibility of other errors causing problems. So change your php script by adding these lines.
$name = $_POST['username'];
echo $name;
exit;
You need to make sure $name is getting set.
2) Create a form that posts to this page.
Submit the form and make sure you are capturing $_POST['username'] and $_POST['password'] before you worry about mysql or other issues.
3) Just so you know, I tried this locally and I had no problems posting that form and then having $name be set correctly. So the problem must be something to do with how you setup postman.
GL
No comments:
Post a Comment