phpBB and login query
up vote
-1
down vote
favorite
I want to change my auth method from giving the username/password to giving the user ID/password.
I checked the auth.php file ( in /phpbb/auth/auth.php ) which includes the login() function. I've found a query :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
I've changed it into :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE user_id == ' . $user_id . '";
But I'm not able to log with my ID/password.
php sql phpbb
edited Nov 10 at 12:49
AS Mackay
1,7853816
asked Nov 10 at 9:50
Germain P
93
add a comment |
up vote
-1
down vote
favorite
I want to change my auth method from giving the username/password to giving the user ID/password.
I checked the auth.php file ( in /phpbb/auth/auth.php ) which includes the login() function. I've found a query :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
I've changed it into :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE user_id == ' . $user_id . '";
But I'm not able to log with my ID/password.
php sql phpbb
edited Nov 10 at 12:49
AS Mackay
1,7853816
asked Nov 10 at 9:50
Germain P
93
add a comment |
up vote
-1
down vote
favorite
up vote
-1
down vote
favorite
I want to change my auth method from giving the username/password to giving the user ID/password.
I checked the auth.php file ( in /phpbb/auth/auth.php ) which includes the login() function. I've found a query :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
I've changed it into :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE user_id == ' . $user_id . '";
But I'm not able to log with my ID/password.
php sql phpbb
edited Nov 10 at 12:49
AS Mackay
1,7853816
asked Nov 10 at 9:50
Germain P
93
I want to change my auth method from giving the username/password to giving the user ID/password.
I checked the auth.php file ( in /phpbb/auth/auth.php ) which includes the login() function. I've found a query :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
I've changed it into :
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE user_id == ' . $user_id . '";
But I'm not able to log with my ID/password.
php sql phpbb
php sql phpbb
edited Nov 10 at 12:49
AS Mackay
1,7853816
asked Nov 10 at 9:50
Germain P
93
edited Nov 10 at 12:49
AS Mackay
1,7853816
asked Nov 10 at 9:50
Germain P
93
edited Nov 10 at 12:49
AS Mackay
1,7853816
edited Nov 10 at 12:49
AS Mackay
1,7853816
edited Nov 10 at 12:49
AS Mackay
1,7853816
1,7853816
asked Nov 10 at 9:50
Germain P
93
asked Nov 10 at 9:50
Germain P
93
asked Nov 10 at 9:50
Germain P
93
93
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
You are mixing up your ' and " signs which is inevitably breaking your query. Instead of $user_id variable value being inserted into the query, it is literally inserting $user_id.
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . ' WHERE user_id == ' . $user_id . ';
That would fix that issue. Even still I think you are only supposed to have a single '=' and there appears to be some more issues.
Also I assume $user_id is an integer, but if it's a user-inputted string, then please sanitize it to prevent SQL Injection.
answered Nov 10 at 12:57
Cillian Collins
6477
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
You are mixing up your ' and " signs which is inevitably breaking your query. Instead of $user_id variable value being inserted into the query, it is literally inserting $user_id.
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . ' WHERE user_id == ' . $user_id . ';
That would fix that issue. Even still I think you are only supposed to have a single '=' and there appears to be some more issues.
Also I assume $user_id is an integer, but if it's a user-inputted string, then please sanitize it to prevent SQL Injection.
answered Nov 10 at 12:57
Cillian Collins
6477
add a comment |
up vote
0
down vote
You are mixing up your ' and " signs which is inevitably breaking your query. Instead of $user_id variable value being inserted into the query, it is literally inserting $user_id.
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . ' WHERE user_id == ' . $user_id . ';
That would fix that issue. Even still I think you are only supposed to have a single '=' and there appears to be some more issues.
Also I assume $user_id is an integer, but if it's a user-inputted string, then please sanitize it to prevent SQL Injection.
answered Nov 10 at 12:57
Cillian Collins
6477
add a comment |
up vote
0
down vote
up vote
0
down vote
You are mixing up your ' and " signs which is inevitably breaking your query. Instead of $user_id variable value being inserted into the query, it is literally inserting $user_id.
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . ' WHERE user_id == ' . $user_id . ';
That would fix that issue. Even still I think you are only supposed to have a single '=' and there appears to be some more issues.
Also I assume $user_id is an integer, but if it's a user-inputted string, then please sanitize it to prevent SQL Injection.
answered Nov 10 at 12:57
Cillian Collins
6477
You are mixing up your ' and " signs which is inevitably breaking your query. Instead of $user_id variable value being inserted into the query, it is literally inserting $user_id.
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . ' WHERE user_id == ' . $user_id . ';
That would fix that issue. Even still I think you are only supposed to have a single '=' and there appears to be some more issues.
Also I assume $user_id is an integer, but if it's a user-inputted string, then please sanitize it to prevent SQL Injection.
answered Nov 10 at 12:57
Cillian Collins
6477
answered Nov 10 at 12:57
Cillian Collins
6477
answered Nov 10 at 12:57
Cillian Collins
6477
answered Nov 10 at 12:57
Cillian Collins
6477
6477
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53237784%2fphpbb-and-login-query%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
