Unity PHP login always returning true

Question

Hello, I have a semi-working c# code that sends the user credentials to a php file which then sends the credentials to a database and returns a response. For some reason, it always returns login okay. Even if I purposely type in the wrong combo. Any help would be greatly appreciated.

C# File:

 using UnityEngine;
 using System.Collections;
 
 public class Login : MonoBehaviour {
 
  public Texture LoginBackground;
  public Texture2D stylebackground;
  public GUIStyle LoginStyle;
  public GUIStyle LoginTextBox;
  public GUIStyle LoginButton;
  public string Username;
  public string Password;
  public float transparent;
  private string url;
  public WWW w;
  public WWWForm loginform;
  // Use this for initialization
  void Start () {
  LoginStyle.fontSize = 72;
  LoginStyle.alignment = TextAnchor.MiddleCenter;
  LoginTextBox.fontSize = 20;
  LoginTextBox.alignment = TextAnchor.MiddleCenter;
  LoginTextBox.normal.background = stylebackground;
  LoginButton.fontSize = 30;
  LoginButton.alignment = TextAnchor.MiddleCenter;
  url = "http://redlightlife.tk/scripts/checklogin.php";
  loginform = new WWWForm();
  }
  
  // Update is called once per frame
  void Update () {
  
  }
  
  void OnGUI() {
  GUI.backgroundColor = Color.black;
  GUI.DrawTexture(new Rect(0,0,Screen.width,Screen.height),LoginBackground,ScaleMode.StretchToFill, false, 0.0f);
  GUI.Label(new Rect(Screen.width/2-250,Screen.height/2-250,500,250),"Username:", LoginStyle);
  Username = GUI.TextField(new Rect(Screen.width/2-250,Screen.height/2-80,500,50), Username, 10, LoginTextBox);
  GUI.Label(new Rect(Screen.width/2-250,Screen.height/2-50,500,250),"Password:", LoginStyle);
  Password = GUI.TextField(new Rect(Screen.width/2-250,Screen.height/2+120,500,50), Password, 10, LoginTextBox);
  if (GUI.Button(new Rect(Screen.width/2-150,Screen.height/2+200,300,50),"Login:", LoginButton))
  {
  //CheckLogin();
  StartCoroutine(CheckLogin());
  }
  }
  
  IEnumerator CheckLogin()
  {
  loginform.AddField("username", Username);
  loginform.AddField("password", Password);
  w = new WWW(url,loginform);
  yield return w;
  Debug.Log("Downloaded");
  if (w.error != null)
  {
  print(w.error);
  }
  else
  {
  print("Login Okay");
  string formText = w.text;
  w.Dispose();
  Debug.Log(formText);
  }
  }
 }

PHP File: bondsolutionsnjcom.fatcowmysql.com', 'lightswitch', 'password'); if (!$link) { die('Could not connect: ' . mysql_error()); } echo 'Connected successfully'; mysql_select_db(red_light_life_accounts1);

 // This could be supplied by a user, for example
 $username;
 $password;
 
 if(!$username || !$password) {
 
     echo "Login or password cant be empty.";
 
 } else {
 
     $SQL = "SELECT username,password FROM accounts WHERE username = '" . $username . "' & password = '" . $password . '"';
 
         $result_id = @mysql_query($SQL) or die("DATABASE ERROR!");
 
         $total = mysql_num_rows($result_id);
 
         if($total) {
 
             $datas = @mysql_fetch_array($result_id);
 
             if(!strcmp($pass, $datas["password"])) {
 
                 echo "Success";
 
             } else {
 
                 echo "Username or password is wrong.";
 
             }
 
         } else {
 
             echo "Data invalid - cant find username.";
 
         }
 
     }
  }
 
 // Close mySQL Connection
  
 mysql_close();
 ?>

Answer 1

Answer by N1nja · Jul 14, 2012 at 02:11 AM

it would appear the that you have is w.error = false ; login was succeful, what u should do is if w.error = false; does w.data contain "Success" ; as success is what u write if everything went well, otherwise display message that was replied such as "data invalid";

so what u want is if(w.error ...) { ... } else { if(w.text.Contains("Success")) { Debug.Log(" LOgIN WAS GEWED"); } else { DEBUG.LOG(w.text); } }

that should fix the problem, sory, just some peusdo logic not actually gonna do everything for u.. btw, the reason im checking if w.text contains success, is because in ur Php u have if mysql_num_rows > 0; login was good, and u echo "Success";

otherwise u echo failure messages..

Add comment · Show 1 · Share

kmccmk9 · Jul 14, 2012 at 07:10 PM 0

Share

Thank you I've made your corrections but it still doesn't work. Please see new code below as separate answer. It return fetching data but that is all. And I receive this error

Warning: mysql_close(): no $$anonymous$$ySQL-Link resource supplied in /hermes/waloraweb097/b516/moo.bondsolutionsnjcom/RedLightLife/scripts/checklogin.php on line 55

Answer 2

Answer by tw1st3d · Jul 14, 2012 at 02:17 AM

 mysql_select_db(red _ light _ life _ accounts1);

Absolutely HAS to be

 mysql_select_db('red _ light _ life _ accounts1');

This

 $SQL = "SELECT username,password FROM accounts WHERE username = '" . $username . "' & password = '" . $password . '"';

Needs to be(Well, should be, to be properly formatted.)

 $SQL = "SELECT * FROM accounts WHERE username = '$username' AND password = '$password';

This doesn't make sense.

 $total = mysql_num_rows($result_id);
 
         if($total) {

You're saying "If num_rows is true" which isn't a valid conditional. It needs to be

 $total = mysql_num_rows($result_id);
 
         if($total >= 1) {

Or you could take the opposite approach,

 $total = mysql_num_rows($result_id);
 
         if($total !== 0) {

This one's kind of close, but still missing something.

 if(!strcmp($pass, $datas["password"])) {
 
                 echo "Success";
 
             }

You're saying "If userinput varchar is greater than pulled varchar" this needs to be

 $datas = @mysql_fetch_array($result_id);
 
  $count = strlen($password);
  $count2 = strlen($datas['password']);
  
             if(!strcmp($count, $count2) {
 
                 echo "Success";
 
             }

As for your programming, I can't tell you what's wrong, if anything.

Add comment · Show 2 · Share

N1nja · Jul 14, 2012 at 02:21 AM 0

Share

definitely a lot of flaw in his code, and also dont forget $username = mysql_real_escape_string($username) to prevent sql injections, next to magick quotes being turned on

kmccmk9 · Jul 14, 2012 at 07:10 PM 0

Share

Thank you I've made your corrections but it still doesn't work. Please see new code below as separate answer. It return fetching data but that is all. And I receive this error

Warning: mysql_close(): no $$anonymous$$ySQL-Link resource supplied in /hermes/waloraweb097/b516/moo.bondsolutionsnjcom/RedLightLife/scripts/checklogin.php on line 55

Answer 3

Answer by kmccmk9 · Jul 14, 2012 at 07:14 PM

Here is my updated code. It still does not work. Any help would be greatly appreciated. To make it easier I linked to paste bin.

Unity Code: Pastebin Link for Unity Code PHP Code: Pastebin Link for PHP Code

Add comment · Show 4 · Share

tw1st3d · Jul 21, 2012 at 02:48 PM 0

Share

http://pastebin.com/wcCWyiDF This is your new php script. I don't really know C#, so I can't help there.

kmccmk9 · Jul 23, 2012 at 09:47 PM 0

Share

I'm sorry but even with that code, it still doesn't work. Using your code it returns nothing and gives an error about the connection close.

ramonfr · Jul 23, 2012 at 10:08 PM 0

Share

I never use the WWW form, I like to use the simple WWW with the GET method and then read the text of the page with the WWW.text.

The PHP page prints "true" if the user is found or something else if the user can't be found.

Example:

goToPage = WWW("mypage.com/login.php?username=" + username + "&password=" + password ); yield goToPage;

if (goToPage.text.Contains("true")) print("Login Sucessfull");

else print("Login Failed")

kmccmk9 · Jul 23, 2012 at 11:03 PM 0

Share

Well its not the c# problem that isn't working I don't think. I think the problem is with the php because all echos from php are working.

Unity PHP login always returning true

3 Replies

Your answer

Follow this Question

Related Questions