phpBB and login query
up vote
-1
down vote
favorite
I want to change my auth method from giving the username/password to giving the user ID/password.
I checked the auth.php file ( in /phpbb/auth/auth.php ) which includes the login() function. I've found a query :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
I've changed it into :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE user_id == ' . $user_id . '";
But I'm not able to log with my ID/password.
php sql phpbb
edited 17 hours ago
AS Mackay
1,6013816
asked 20 hours ago
Germain P
92
add a comment |
up vote
-1
down vote
favorite
I want to change my auth method from giving the username/password to giving the user ID/password.
I checked the auth.php file ( in /phpbb/auth/auth.php ) which includes the login() function. I've found a query :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
I've changed it into :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE user_id == ' . $user_id . '";
But I'm not able to log with my ID/password.
php sql phpbb
edited 17 hours ago
AS Mackay
1,6013816
asked 20 hours ago
Germain P
92
add a comment |
up vote
-1
down vote
favorite
up vote
-1
down vote
favorite
I want to change my auth method from giving the username/password to giving the user ID/password.
I checked the auth.php file ( in /phpbb/auth/auth.php ) which includes the login() function. I've found a query :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
I've changed it into :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE user_id == ' . $user_id . '";
But I'm not able to log with my ID/password.
php sql phpbb
edited 17 hours ago
AS Mackay
1,6013816
asked 20 hours ago
Germain P
92
I want to change my auth method from giving the username/password to giving the user ID/password.
I checked the auth.php file ( in /phpbb/auth/auth.php ) which includes the login() function. I've found a query :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
I've changed it into :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE user_id == ' . $user_id . '";
But I'm not able to log with my ID/password.
php sql phpbb
php sql phpbb
edited 17 hours ago
AS Mackay
1,6013816
asked 20 hours ago
Germain P
92
edited 17 hours ago
AS Mackay
1,6013816
asked 20 hours ago
Germain P
92
edited 17 hours ago
AS Mackay
1,6013816
edited 17 hours ago
AS Mackay
1,6013816
edited 17 hours ago
AS Mackay
1,6013816
1,6013816
asked 20 hours ago
Germain P
92
asked 20 hours ago
Germain P
92
asked 20 hours ago
Germain P
92
92
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
You are mixing up your ' and " signs which is inevitably breaking your query. Instead of $user_id variable value being inserted into the query, it is literally inserting $user_id.
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . ' WHERE user_id == ' . $user_id . ';
That would fix that issue. Even still I think you are only supposed to have a single '=' and there appears to be some more issues.
Also I assume $user_id is an integer, but if it's a user-inputted string, then please sanitize it to prevent SQL Injection.
answered 17 hours ago
Cillian Collins
6477
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
You are mixing up your ' and " signs which is inevitably breaking your query. Instead of $user_id variable value being inserted into the query, it is literally inserting $user_id.
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . ' WHERE user_id == ' . $user_id . ';
That would fix that issue. Even still I think you are only supposed to have a single '=' and there appears to be some more issues.
Also I assume $user_id is an integer, but if it's a user-inputted string, then please sanitize it to prevent SQL Injection.
answered 17 hours ago
Cillian Collins
6477
add a comment |
up vote
0
down vote
You are mixing up your ' and " signs which is inevitably breaking your query. Instead of $user_id variable value being inserted into the query, it is literally inserting $user_id.
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . ' WHERE user_id == ' . $user_id . ';
That would fix that issue. Even still I think you are only supposed to have a single '=' and there appears to be some more issues.
Also I assume $user_id is an integer, but if it's a user-inputted string, then please sanitize it to prevent SQL Injection.
answered 17 hours ago
Cillian Collins
6477
add a comment |
up vote
0
down vote
up vote
0
down vote
You are mixing up your ' and " signs which is inevitably breaking your query. Instead of $user_id variable value being inserted into the query, it is literally inserting $user_id.
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . ' WHERE user_id == ' . $user_id . ';
That would fix that issue. Even still I think you are only supposed to have a single '=' and there appears to be some more issues.
Also I assume $user_id is an integer, but if it's a user-inputted string, then please sanitize it to prevent SQL Injection.
answered 17 hours ago
Cillian Collins
6477
You are mixing up your ' and " signs which is inevitably breaking your query. Instead of $user_id variable value being inserted into the query, it is literally inserting $user_id.
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . ' WHERE user_id == ' . $user_id . ';
That would fix that issue. Even still I think you are only supposed to have a single '=' and there appears to be some more issues.
Also I assume $user_id is an integer, but if it's a user-inputted string, then please sanitize it to prevent SQL Injection.
answered 17 hours ago
Cillian Collins
6477
answered 17 hours ago
Cillian Collins
6477
answered 17 hours ago
Cillian Collins
6477
answered 17 hours ago
Cillian Collins
6477
6477
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53237784%2fphpbb-and-login-query%23new-answer', 'question_page');
}
);
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
