phpBB and login query
up vote
-1
down vote
favorite
I want to change my auth method from giving the username/password to giving the user ID/password.
I checked the auth.php file ( in /phpbb/auth/auth.php ) which includes the login() function. I've found a query :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
I've changed it into :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE user_id == ' . $user_id . '";
But I'm not able to log with my ID/password.
php sql phpbb
add a comment |
up vote
-1
down vote
favorite
I want to change my auth method from giving the username/password to giving the user ID/password.
I checked the auth.php file ( in /phpbb/auth/auth.php ) which includes the login() function. I've found a query :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
I've changed it into :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE user_id == ' . $user_id . '";
But I'm not able to log with my ID/password.
php sql phpbb
add a comment |
up vote
-1
down vote
favorite
up vote
-1
down vote
favorite
I want to change my auth method from giving the username/password to giving the user ID/password.
I checked the auth.php file ( in /phpbb/auth/auth.php ) which includes the login() function. I've found a query :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
I've changed it into :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE user_id == ' . $user_id . '";
But I'm not able to log with my ID/password.
php sql phpbb
I want to change my auth method from giving the username/password to giving the user ID/password.
I checked the auth.php file ( in /phpbb/auth/auth.php ) which includes the login() function. I've found a query :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
I've changed it into :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE user_id == ' . $user_id . '";
But I'm not able to log with my ID/password.
php sql phpbb
php sql phpbb
edited 17 hours ago
AS Mackay
1,6013816
1,6013816
asked 20 hours ago
Germain P
92
92
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
You are mixing up your ' and " signs which is inevitably breaking your query. Instead of $user_id
variable value being inserted into the query, it is literally inserting $user_id
.
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . ' WHERE user_id == ' . $user_id . ';
That would fix that issue. Even still I think you are only supposed to have a single '=' and there appears to be some more issues.
Also I assume $user_id
is an integer, but if it's a user-inputted string, then please sanitize it to prevent SQL Injection.
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
You are mixing up your ' and " signs which is inevitably breaking your query. Instead of $user_id
variable value being inserted into the query, it is literally inserting $user_id
.
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . ' WHERE user_id == ' . $user_id . ';
That would fix that issue. Even still I think you are only supposed to have a single '=' and there appears to be some more issues.
Also I assume $user_id
is an integer, but if it's a user-inputted string, then please sanitize it to prevent SQL Injection.
add a comment |
up vote
0
down vote
You are mixing up your ' and " signs which is inevitably breaking your query. Instead of $user_id
variable value being inserted into the query, it is literally inserting $user_id
.
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . ' WHERE user_id == ' . $user_id . ';
That would fix that issue. Even still I think you are only supposed to have a single '=' and there appears to be some more issues.
Also I assume $user_id
is an integer, but if it's a user-inputted string, then please sanitize it to prevent SQL Injection.
add a comment |
up vote
0
down vote
up vote
0
down vote
You are mixing up your ' and " signs which is inevitably breaking your query. Instead of $user_id
variable value being inserted into the query, it is literally inserting $user_id
.
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . ' WHERE user_id == ' . $user_id . ';
That would fix that issue. Even still I think you are only supposed to have a single '=' and there appears to be some more issues.
Also I assume $user_id
is an integer, but if it's a user-inputted string, then please sanitize it to prevent SQL Injection.
You are mixing up your ' and " signs which is inevitably breaking your query. Instead of $user_id
variable value being inserted into the query, it is literally inserting $user_id
.
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . ' WHERE user_id == ' . $user_id . ';
That would fix that issue. Even still I think you are only supposed to have a single '=' and there appears to be some more issues.
Also I assume $user_id
is an integer, but if it's a user-inputted string, then please sanitize it to prevent SQL Injection.
answered 17 hours ago
Cillian Collins
6477
6477
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53237784%2fphpbb-and-login-query%23new-answer', 'question_page');
}
);
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password