Usage Of Php

heres my code on the server, pass not real

<?php
$user="a7255804_IDS";
$password="somepass";
$db="a7255804_IDS";
$host="mysql16.000webhost.com";
$name=hash("sha256",urldecode($_GET["name"]),false);
$pass=hash("sha256",urldecode($_GET["pass"]),false);
$con=mysqli_connect($host,$user,$password,$db) or die ("Cant connect");
if(mysqli_connect_errno($con))
{
  $sqluser="SELECT 'name' FROM 'ids' WHERE 'name'='$name' AND 'password'='$pass'";
		$sqluser_run=mysqli_query($con,$sqluser);
		if (mysqli_num_rows($sqluser_run)==1)
		{
		   echo "ok";
		}
		else
		{
		 echo "No user in system!";
		}
}
?>

heres the computer, url beginning not real

os.loadAPI("Apis/DesignUtil")
os.loadAPI("Apis/AccountSytem")
os.loadAPI("Apis/windowSystem")
DesignUtil.setDesign("whiteLightGray")
local background,topBar =DesignUtil.getDesign()
local window =windowSystem.createWindow("xxxxxxxxx",2,2,48,16,false)

function identify(name,pass)
local auth=http.get("http://somesite.com/folder/auth.php?name="..textutils.urlEncode(name).."?pass="..textutils.urlEncode(pass))
local response=auth.readAll()
auth.close()
print(response)
end

while true do
paintutils.drawImage(background,1,1)
windowSystem.drawWindow(window)
term.setBackgroundColor(colors.white)
term.setCursorPos(48/2-6,5)
print("xxxxxxxxxx name:")
term.setCursorPos(48/2-10,7)
print("xxxxxx password:")
term.setTextColor(colors.white)
term.setBackgroundColor(colors.gray)
term.setCursorPos(48/2+8,5)
print("		")
term.setCursorPos(48/2+8,7)
print("		")
term.setCursorPos(48/2+8,5)
local enteredName= read()
term.setCursorPos(48/2+8,7)
local enteredPass= read("*")
identify(enteredName,enteredPass)
end

so, its supposed to look in the db and see if theres a field with matching name and pass, if is, return the ok statement(wont return currently, since table is empty) if there isnt, it will return the other statement. Not working, nothing wont be printed on the computer side.

could the only issue really be that the table is empty at this point?

local auth=http.get("http://somesite.com/folder/auth.php?name="..textutils.urlEncode(name).."?pass="..textutils.urlEncode(pass))

This line is incorrect. It should say:

local auth=http.get("http://somesite.com/folder/auth.php?name="..textutils.urlEncode(name).."&pass="..textutils.urlEncode(pass))

not working, have the actual url in here aswell

os.loadAPI("Apis/DesignUtil")
os.loadAPI("Apis/AccountSytem")
os.loadAPI("Apis/windowSystem")
DesignUtil.setDesign("whiteLightGray")
local background,topBar =DesignUtil.getDesign()
local window =windowSystem.createWindow("Enter OSOne ID information",2,2,48,16,false)

function identify(name,pass)
local auth=http.get("http://osone.uphero.com/serverside/auth.php?name="..textutils.urlEncode(name).."&pass="..textutils.urlEncode(pass))
local response=auth.readAll()
auth.close()
error(response)
end

while true do
paintutils.drawImage(background,1,1)
windowSystem.drawWindow(window)
term.setBackgroundColor(colors.white)
term.setCursorPos(48/2-6,5)
print("OSOne ID name:")
term.setCursorPos(48/2-10,7)
print("OSOne ID password:")
term.setTextColor(colors.white)
term.setBackgroundColor(colors.gray)
term.setCursorPos(48/2+8,5)
print("	    ")
term.setCursorPos(48/2+8,7)
print("	    ")
term.setCursorPos(48/2+8,5)
local enteredName= read()
term.setCursorPos(48/2+8,7)
local enteredPass= read("*")
identify(enteredName,enteredPass)
end

latest code:

server

<?php
$user="a7255804_IDS";
$password="LIMPA112";
$db="a7255804_IDS";
$host="mysql16.000webhost.com";
$name=urldecode($_GET["name"]);
$pass=hash("sha256",urldecode($_GET["pass"]),false);
$con=mysqli_connect($host,$user,$password,$db) or die ("Cant connect");
if(mysqli_connect_errno($con))
{
$sqluser="SELECT 'name' FROM 'ids' WHERE 'name'='$name' AND 'password'='$pass'";
        $sqluser_run=mysqli_query($con,$sqluser);
        if (mysqli_num_rows($sqluser_run)==1)
        {
           echo("ok");
        }
        else
        {
         echo("No user in system!");
        }
}

?>

comp:

os.loadAPI("Apis/DesignUtil")
os.loadAPI("Apis/AccountSytem")
os.loadAPI("Apis/windowSystem")
DesignUtil.setDesign("whiteLightGray")
local background,topBar =DesignUtil.getDesign()
local window =windowSystem.createWindow("Enter OSOne ID information",2,2,48,16,false)

function identify(name,pass)
local auth=http.get("http://osone.uphero.com/serverside/auth.php?name="..textutils.urlEncode(name).."&pass="..textutils.urlEncode(pass))
local response=auth.readAll()
auth.close()
error(response)
end

while true do
paintutils.drawImage(background,1,1)
windowSystem.drawWindow(window)
term.setBackgroundColor(colors.white)
term.setCursorPos(48/2-6,5)
print("OSOne ID name:")
term.setCursorPos(48/2-10,7)
print("OSOne ID password:")
term.setTextColor(colors.white)
term.setBackgroundColor(colors.gray)
term.setCursorPos(48/2+8,5)
print("	    ")
term.setCursorPos(48/2+8,7)
print("	    ")
term.setCursorPos(48/2+8,5)
local enteredName= read()
term.setCursorPos(48/2+8,7)
local enteredPass= read("*")
identify(enteredName,enteredPass)
end

makerimages, on 21 September 2013 - 10:16 AM said:

latest code:
-code snip-

Are you posting the code as in you got it to work? or does it still have a problem?

In either case you really, really, really need to look into prepared statements so you're not open to SQL injection!

it still has a problem-it wont work

Heres what i have now on servers side, I now get some 000webhost code back, but no query result

<?php
$user="a7255804_IDS";
$password="LIMPA112";
$db="a7255804_IDS";
$host="mysql16.000webhost.com";
$name=$_GET["name"];
$pass=hash("sha256",$_GET["pass"],false);
$con=mysqli_connect($host,$user,$password,$db) or die ("Cant connect");
mysqli_select_db($con,$db);

$sqluser="SELECT 'name' FROM 'ids' WHERE 'name'='$name' AND 'password'='$pass'";

        if(mysqli_connect_errno())
        {
         echo"Whoops! something aint right!";
        }
        else
        {
        $sqluser_run=mysqli_query($con,$sqluser) ;


       if ($sqluser_run)
        {
         if(mysqli_num_rows($sqluser_run)==1)
         {
         echo("Passed.Verified");
         }
             else
          {
         echo("No user in system!");
        }
    }
}

?>

edit: current

makerimages, on 21 September 2013 - 11:21 AM said:

Heres what i have now on servers side, I now get some 000webhost code back, but no query result

What do you actually get back from the query?

currently? nothing, i presume…nothin gbut this

<!-- Start Of Analytics Code -->
<script type="text/javascript" src="http://stats.hosting24.com/count.php"></script>
<!-- End Of Analytics Code -->

Ok give this code a try. Personally I've always had issues with PHP and databases in any other way than what I've done in the code below. It's commented to tell you what's going on, but still ask questions if you have any.

<?php
    // if the name or password is missing, don't bother running through the script
    if (!(isset($_GET['name']) &amp;&amp; isset($_GET['pass']))) {
        die("Missing login details!");
    }

    // Prefixed with input_ so you know they're from the client program
    $input_name=$_GET["name"];
    $input_pass=hash("sha256",$_GET["pass"],false);

    // Prefixed variables with db_ so you know they're for the database
    $db_user="a7255804_IDS";
    $db_password="LIMPA112";
    $db_name="a7255804_IDS";
    $db_host="mysql16.000webhost.com";

    // Created a new mysqli object for the connection
    $con = new mysqli($db_host, $db_user, $db_pass, $db_name);

    // There has been an error in the connection
    if (mysqli_connect_error()) {
        die("Could not connect to the database");
    }

    // Now if I'm going to be making code, I'm going to be doing it right, we're going to use prepared statements

    // Create the prepared statement - we tell the DBMS here to return us a count of the entries
    $query = "SELECT count(name) FROM ids WHERE name = ? AND password = ?";
    $stmt = $con->prepare($query);

    // fill in the blanks with the data, each value replaces a ? from left to right
    // "s" means string, other letters mean other types, I'm assuming you're using varchar2 in the db for these values
    // there need to be 2 "s" because there are 2 "?" in the prepared statement
    $stmt->bind_param("ss", $input_name, $input_pass)

    // execute the statement
    if (!$stmt->execute()) {
        die("An error occured while contacting the database");
    }

    // get the result of the query and place it in a variable
    $stmt->bind_result($numResults);
    $stmt->fetch();

    // check the count returned from the database and output the success
    if ($numResults != 1) {
        echo("Invalid login details!");
    } else {
        echo("Passed.Verified");
    }

    // It's always a good idea to perform cleanup, I know in PHP you don't have to with DB connections, but best to anyway!
    $stmt->close();
    $con->close();
?>

As for the analytics code being added to the page, you may have to see if you can disable that on your host, if not you'll have to remove it when you receive the webpage on the Lua end.

did actually manage to get this working earlier. Thanks to the folks over at the IRC!

Ok, its good that you got it working. Still though use prepared statements, if you don't you will have people doing SQL injections on your database within minutes of you releasing your program.