egghelp.org community Forum Index
[ egghelp.org home | forum home ]		 egghelp.org community
Discussion of eggdrop bots, shell accounts and tcl scripts.
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

SQL error

 
Post new topic   Reply to topic    egghelp.org community Forum Index -> Scripting Help
View previous topic :: View next topic  
Author Message
kwnds
Voice


Joined: 15 Mar 2007
Posts: 21
PostPosted: Thu Mar 22, 2007 6:33 pm    Post subject: SQL error Reply with quote
I have on code on php that connect to a mysql database and check if the username and password are correct and that code works fine.
The code of php is this:
Code:
$connect_db
$banco = mysql_select_db('$bd_name');
   
    $username= $_POST['username'];
    $q_user = mysql_query("SELECT * FROM info WHERE username='$username'");
 
    if(mysql_num_rows($q_user) == 1) {
   
        $query = mysql_query("SELECT * FROM info WHERE username='$username'");
        $dados = mysql_fetch_array($query);
        if($_POST['password'] == $dados['password']) {
            session_register("username");


And now i want to creat a tcl code that make the same effect that this does, but, i make /msg eggdrop-name auth username login and he check if its correct or no.
The code of tcl is this:
Code:
bind msg - auth catch:info

proc catch:info {nick uhost hand arg} {
   set username [lindex [split $arg] 0]
   set password [lindex [split $arg] 1]
   set db [mysqlconnect -host www.lusopixel.com -user kwnds -password bmy-password -db kwnds]
   set resultado "SELECT * FROM info WHERE username='$username'"
   set linhas mysql_num_rows($resultado)
   if {$linhas == "0"} {
      putquick "privmsg $nick : Username wrong"
   } else {
      set resultado1 "select * from info where password = '$password'"
      set linhas1 mysql_num_rows($resultado1);

      if {$linhas1 == "0"} {
         putquick "privmsg $nick :Username wrong"
      } else {
         putquick "privmsg $nick :Username and Password correct"
      }
   }
}


But this code isnt working.
The hostname of my database is diferent of the hostname of my shell.
If someone want to try to fix this error, i give the information of the hosting of my database for he try to fix this on PM.
Thanks
Back to top
View user's profile Send private message
De Kus
Revered One


Joined: 15 Dec 2002
Posts: 1361
Location: Germany
PostPosted: Sat Mar 24, 2007 11:13 am    Post subject: Reply with quote
first off, you should hash the passwords in your DB ^-^.

I wonder why you post your PHP SQL query, if you take a little diffrent way to match the passwords. You compare the password in PHP on the script side and in TCL on the SQL side. Also your TCL variant doesn't seem to use proper escaping to prevent SQL injection. In the case you match against a md5 hashed checksum you can forget about SQL injection, because a md5 hash will never be able to have characters you didn't expect Smile. But beware, PHP and eggdrop might not return the same md5 hash Smile.

The only guess I have is let you write the content of $_POST to a file and open it with a text editor (try to load the file as binary, not ASCII). Maybe it doesn't contain what you expected it does. It could also be a character encoding/recoding issue. Since POST data can have it's own character encoding it might also not have the same bytes as the bot receives (which simply uses iso-8859-1 with no recoding by default). You can exclude this stuff, if your password consits of only alpha-numeric characters.
_________________
De Kus
StarZ|De_Kus, De_Kus or DeKus on IRC
Copyright © 2005-2009 by De Kus - published under The MIT License
Love hurts, love strengthens...
Back to top
View user's profile Send private message MSN Messenger
kwnds
Voice


Joined: 15 Mar 2007
Posts: 21
PostPosted: Sat Mar 24, 2007 1:04 pm    Post subject: Reply with quote
Where is the error on this code?
Code:
bind msg - auth catch:info

package ifneeded mysqltcl 3.02 [list loadmysqltcl usr\home\dekapa\eggdrops\lib]

proc catch:info {nick uhost hand arg} {

   set username [lindex [split $arg] 0]
   set password [lindex [split $arg] 1]
   set db_handle [mysqlconnect -host www.lusopixel.com -user kwnds -password my-password -db kwnds_info]
set sql "INSERT INTO info (username, password) VALUES ('$nick','$password)"
set result [mysqlexec $db_handle $sql]
if {$result != 1} {
putlog "SQL - Error"
} else {
puthelp "PRIVMSG $nick: Username added to db"
}
}

The password will be: a-z. 1-9, _ and -
Thanks
Back to top
View user's profile Send private message
nml375
Revered One


Joined: 04 Aug 2006
Posts: 2857
PostPosted: Sat Mar 24, 2007 1:36 pm    Post subject: Reply with quote
Seems like you're missing a ' in this line (right after $password):
Code:
set sql "INSERT INTO info (username, password) VALUES ('$nick','$password)"

_________________
NML_375, idling at #eggdrop@IrcNET
Back to top
View user's profile Send private message
kwnds
Voice


Joined: 15 Mar 2007
Posts: 21
PostPosted: Sat Mar 24, 2007 2:20 pm    Post subject: Reply with quote
I had fix that and it keep dont work.
I think that can be of the connection to the database, how can i check if the egg is connecting without errors?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    egghelp.org community Forum Index -> Scripting Help All times are GMT - 4 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Forum hosting provided by Reverse.net

Powered by phpBB © 2001, 2005 phpBB Group
subGreen style by ktauber