简体   繁体   English


[英]Chatting authentication of password and username to get IP and port

Can you guys check this?I have a problem with this code i don't know which part but i think it's on the function authenticateUser. 你们能检查一下吗?这段代码有问题,我不知道哪一部分,但我认为它在功能authenticateUser上。 I just need to log in using this PHP in my android and when the user have logged in it will update the authenticationTime, IP and port but in my app i can only login and the table are not updated. 我只需要在我的android中使用此PHP登录,当用户登录时它将更新authenticationTime,IP和端口,但是在我的应用程序中,我只能登录并且表未更新。

This is what happened it my table: 这是我的桌子发生的事情:

14 || rona       || aTzImAs21dN4fUersYiYXCA0WFE2ZGY1   ||   6df57d141e  ||  0000-00-00 00:00:00     ||  0   ||  0000-00-00 00:00:00     ||   ||       || 0||

This is what supposed to happen 这是应该发生的

14 || rona       || aTzImAs21dN4fUersYiYXCA0WFE2ZGY1   ||   6df57d141e  ||  0000-00-00 00:00:00     ||  0   ||  0000-00-00 00:00:00     ||   (user key here) || ||    15145

now this is my PHP code please check! 现在这是我的PHP代码,请检查!

*       Server of Android IM Application
*       Author: ahmet oguz mermerkaya
*       Email: ahmetmermerkaya@hotmail.com
*       Editor: Dominik Pirngruber
*       Email: d.pirngruber@gmail.com
*       Date: Jun, 25, 2013     
*       Supported actions: 
*           1.  authenticateUser
*               if user is authentiated return friend list
*           2.  signUpUser
*           3.  addNewFriend
*           4.  responseOfFriendReqs
*           5.  testWebAPI

//TODO:  show error off


$dbHost = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName = "healthhelp";

$db = new MySQL($dbHost,$dbUsername,$dbPassword,$dbName);

// if operation is failed by unknown reason
define("FAILED", 0);

define("SUCCESSFUL", 1);
// when  signing up, if username is already taken, return this error
// when add new friend request, if friend is not found, return this error 

// TIME_INTERVAL_FOR_USER_STATUS: if last authentication time of user is older 
// than NOW - TIME_INTERVAL_FOR_USER_STATUS, then user is considered offline

define("USER_APPROVED", 1);
define("USER_UNAPPROVED", 0);

$username = (isset($_REQUEST['username']) && count($_REQUEST['username']) > 0) 
                            ? $_REQUEST['username'] 
                            : NULL;
$password = isset($_REQUEST['password']) ? md5($_REQUEST['password']) : NULL;
$port = isset($_REQUEST['port']) ? $_REQUEST['port'] : NULL;

$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : NULL;
if ($action == "testWebAPI")
    if ($db->testconnection()){
    echo SUCCESSFUL;
    echo FAILED;

if ($username == NULL || $password == NULL)  
    echo FAILED;

$out = NULL;

error_log($action."\r\n", 3, "error.log");

    case "authenticateUser":

        if ($userId = authenticateUser($db, $username, $password)) 

            // providerId and requestId is Id of  a friend pair,
            // providerId is the Id of making first friend request
            // requestId is the Id of the friend approved the friend request made by providerId

            // fetching friends, 
            // left join expression is a bit different, 
            //      it is required to fetch the friend, not the users itself

            $sql = "select u.Id, u.username, (NOW()-u.authenticationTime) as authenticateTimeDifference, u.IP, 
                                        f.providerId, f.requestId, f.status, u.port 
                            from friends f
                            left join users u on 
                                        u.Id = if ( f.providerId = ".$userId.", f.requestId, f.providerId ) 
                            where (f.providerId = ".$userId." and f.status=".USER_APPROVED.")  or 
                                         f.requestId = ".$userId." ";

            //$sqlmessage = "SELECT * FROM `messages` WHERE `touid` = ".$userId." AND `read` = 0 LIMIT 0, 30 ";

            $sqlmessage = "SELECT m.id, m.fromuid, m.touid, m.sentdt, m.read, m.readdt, m.messagetext, u.username from messages m \n"
    . "left join users u on u.Id = m.fromuid WHERE `touid` = ".$userId." AND `read` = 0 LIMIT 0, 30 ";

            if ($result = $db->query($sql))         
                    $out .= "<data>"; 
                    $out .= "<user userKey='".$userId."' />";
                    while ($row = $db->fetchObject($result))
                        $status = "offline";
                        if (((int)$row->status) == USER_UNAPPROVED)
                            $status = "unApproved";
                        else if (((int)$row->authenticateTimeDifference) < TIME_INTERVAL_FOR_USER_STATUS)
                            $status = "online";

                        $out .= "<friend  username = '".$row->username."'  status='".$status."' IP='".$row->IP."' userKey = '".$row->Id."'  port='".$row->port."'/>";

                                                // to increase security, we need to change userKey periodically and pay more attention
                                                // receiving message and sending message 

                        if ($resultmessage = $db->query($sqlmessage))           
                            while ($rowmessage = $db->fetchObject($resultmessage))
                                $out .= "<message  from='".$rowmessage->username."'  sendt='".$rowmessage->sentdt."' text='".$rowmessage->messagetext."' />";
                                $sqlendmsg = "UPDATE `messages` SET `read` = 1, `readdt` = '".DATE("Y-m-d H:i")."' WHERE `messages`.`id` = ".$rowmessage->id.";";
                    $out .= "</data>";
                $out = FAILED;
                // exit application if not authenticated user
                $out = FAILED;


    case "signUpUser":
        if (isset($_REQUEST['email']))
             $email = $_REQUEST['email'];       

             $sql = "select Id from  users 
                            where username = '".$username."' limit 1";

             if ($result = $db->query($sql))
                    if ($db->numRows($result) == 0) 
                            $sql = "insert into users(username, password, email)
                                values ('".$username."', '".$password."', '".$email."') ";                          

                                error_log("$sql", 3 , "error_log");
                            if ($db->query($sql))   
                                    $out = SUCCESSFUL;
                            else {
                                    $out = FAILED;
                        $out = SIGN_UP_USERNAME_CRASHED;
            $out = FAILED;

    case "sendMessage":
    if ($userId = authenticateUser($db, $username, $password)) 
        if (isset($_REQUEST['to']))
             $tousername = $_REQUEST['to']; 
             $message = $_REQUEST['message'];   

             $sqlto = "select Id from  users where username = '".$tousername."' limit 1";

                    if ($resultto = $db->query($sqlto))         
                        while ($rowto = $db->fetchObject($resultto))
                            $uto = $rowto->Id;
                        $sql22 = "INSERT INTO `messages` (`fromuid`, `touid`, `sentdt`, `messagetext`) VALUES ('".$userId."', '".$uto."', '".DATE("Y-m-d H:i")."', '".$message."');";                       

                                error_log("$sql22", 3 , "error_log");
                            if ($db->query($sql22)) 
                                    $out = SUCCESSFUL;
                            else {
                                    $out = FAILED;
                        $resultto = NULL;

        $sqlto = NULL;
            $out = FAILED;

    case "addNewFriend":
        $userId = authenticateUser($db, $username, $password);
        if ($userId != NULL)

            if (isset($_REQUEST['friendUserName']))         
                 $friendUserName = $_REQUEST['friendUserName'];

                 $sql = "select Id from users 
                                 where username='".$friendUserName."' 
                                 limit 1";
                 if ($result = $db->query($sql))
                        if ($row = $db->fetchObject($result))
                             $requestId = $row->Id;

                             if ($row->Id != $userId)
                                     $sql = "insert into friends(providerId, requestId, status)
                                         values(".$userId.", ".$requestId.", ".USER_UNAPPROVED.")";

                                     if ($db->query($sql))
                                            $out = SUCCESSFUL;
                                            $out = FAILED;
                                $out = FAILED;  // user add itself as a friend
                            $out = FAILED;                      
                        $out = FAILED;
                    $out = FAILED;
            $out = FAILED;

    case "responseOfFriendReqs":
        $userId = authenticateUser($db, $username, $password);
        if ($userId != NULL)
            $sqlApprove = NULL;
            $sqlDiscard = NULL;
            if (isset($_REQUEST['approvedFriends']))
                  $friendNames = split(",", $_REQUEST['approvedFriends']);
                  $friendCount = count($friendNames);
                  $friendNamesQueryPart = NULL;
                  for ($i = 0; $i < $friendCount; $i++)
                    if (strlen($friendNames[$i]) > 0)
                        if ($i > 0 )
                            $friendNamesQueryPart .= ",";

                        $friendNamesQueryPart .= "'".$friendNames[$i]."'";


                  if ($friendNamesQueryPart != NULL)
                    $sqlApprove = "update friends set status = ".USER_APPROVED."
                                    where requestId = ".$userId." and 
                                                providerId in (select Id from users where username in (".$friendNamesQueryPart."));

            if (isset($_REQUEST['discardedFriends']))
                    $friendNames = split(",", $_REQUEST['discardedFriends']);
                  $friendCount = count($friendNames);
                  $friendNamesQueryPart = NULL;
                  for ($i = 0; $i < $friendCount; $i++)
                    if (strlen($friendNames[$i]) > 0)
                        if ($i > 0 )
                            $friendNamesQueryPart .= ",";

                        $friendNamesQueryPart .= "'".$friendNames[$i]."'";

                  if ($friendNamesQueryPart != NULL)
                    $sqlDiscard = "delete from friends 
                                        where requestId = ".$userId." and 
                                                    providerId in (select Id from users where username in (".$friendNamesQueryPart."));
            if (  ($sqlApprove != NULL ? $db->query($sqlApprove) : true) &&
                        ($sqlDiscard != NULL ? $db->query($sqlDiscard) : true) 
                $out = SUCCESSFUL;
                $out = FAILED;
            $out = FAILED;

        $out = FAILED;      

echo $out;

function authenticateUser($db, $username, $password)

    $sql22 = "select * from users 
                    where username = '".$username."' and password = '".$password."' 
                    limit 1";

     $no_of_rows = mysql_num_rows($sql22);
        if ($no_of_rows > 0) {
            $sql22 = mysql_fetch_array($sql22);
            $salt = $sql22['salt'];
            $encrypted_password = $sql22['encrypted_password'];
            $hash = $this->checkhashSSHA($salt, $password);
            // check for password equality
            if ($encrypted_password == $hash) {
                // user authentication details are correct
                return $sql22;
        } else {
            // user not found
            return false;

    $out = NULL;
    if ($result22 = $db->query($sql22))
        if ($row22 = $db->fetchObject($result22))
                $out = $row22->Id;

                $sql22 = "update users set authenticationTime = NOW(), 
                                                                 IP = '".$_SERVER["REMOTE_ADDR"]."' ,
                                                                 port = 15145 
                                where Id = ".$row22->Id."
                                limit 1";



    return $out;

    function checkhashSSHA($salt, $password) {

        $hash = base64_encode(sha1($password . $salt, true) . $salt);

        return $hash;


The signUp part is not used already coz in my own application i register it with other feild such as fname,lname and password is encrypted. 在我自己的应用程序中,signUp部分尚未使用,因为我已将其注册到其他领域,例如fname,lname和密码已加密。 I just found this php on web and i just want this to implement in my project. 我刚刚在网上找到了这个php,我只想在我的项目中实现它。 Please help me. 请帮我。


function authenticateUser($db, $username, $password)

    $sql22 = "select * from users 
                    where username = '".$username."' and password = '".$password."' 
                    limit 1";

//$sql11 =  mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());

    $no_of_rows = mysql_num_rows($db->query($sql22));
        if ($no_of_rows > 0) {
            $sql22 = mysql_fetch_array($sql22);
            $salt = $sql22['salt'];
            $encrypted_password = $sql22['encrypted_password'];
            $hash = $this->checkhashSSHA($salt, $password);
            // check for password equality
            if ($encrypted_password == $hash) {
                // user authentication details are correct
                return $sql22;
        } else {
            // user not found
            return false;

    $out = NULL;
    $result22 = $db->query($sql22);
 if ($result22)
        while($row22 = $db->fetchObject($result22))
            $out = $row22->Id;

            $sql22 = "update users set authenticationTime = NOW(),
                                                                 IP = '".$_SERVER["REMOTE_ADDR"]."' ,
                                                                 port = 15145
                                where Id = ".$row22->Id."
                                limit 1";




mysql.class.php mysql.class.php

*   File Name:   mysql.php
*   Begin:       Sunday, Dec, 23, 2005
*   Author:      ahmet oðuz mermerkaya  
*   Email:       ahmetmermerkaya@hotmail.com
*   Description: Class to connect mysql database
*   Edit :       Sunday, Nov, 18, 2007
*   Version:     1.1

class MySQL
    private $dbLink;
    private $dbHost;
    private $dbUsername;
        private $dbPassword;
    private $dbName;
    public  $queryCount;

    function MySQL($dbHost,$dbUsername,$dbPassword,$dbName)
        $this->dbHost = $dbHost;
        $this->dbUsername = $dbUsername;
        $this->dbPassword = $dbPassword;
        $this->dbName = $dbName;    
        $this->queryCount = 0;      
    function __destruct()
    //connect to database
    private function connect() {    
        $this->dbLink = mysql_connect($this->dbHost, $this->dbUsername, $this->dbPassword);     
        if (!$this->dbLink) {           
            return false;
        else if (!mysql_select_db($this->dbName,$this->dbLink)) {
            return false;
        else {
            mysql_query("set names latin5",$this->dbLink);
            return true;
        unset ($this->dbHost, $this->dbUsername, $this->dbPassword, $this->dbName);     
     * Method to close connection *
    function close()
     * Checks for MySQL Errors
     * If error exists show it and return false
     * else return true  
    function ShowError()
        $error = mysql_error();
        //echo $error;      
     * Method to run SQL queries
    function  query($sql)
        if (!$this->dbLink) 

        if (! $result = mysql_query($sql,$this->dbLink)) {
            return false;
        return $result;
    * Method to fetch values*
    function fetchObject($result)
        if (!$Object=mysql_fetch_object($result))
            return false;
            return $Object;
    * Method to number of rows
    function numRows($result)
        if (false === ($num = mysql_num_rows($result))) {
            return -1;
        return $num;        
     * Method to safely escape strings
    function escapeString($string)
        if (get_magic_quotes_gpc()) 
            return $string;
            $string = mysql_escape_string($string);
            return $string;

    function free($result)
        if (mysql_free_result($result)) {
            return false;
        return true;

    function lastInsertId()
        return mysql_insert_id($this->dbLink);

    function getUniqueField($sql)
        $row = mysql_fetch_row($this->query($sql));

        return $row[0];
    function testconnection() { 
        $this->dbLink = mysql_connect($this->dbHost, $this->dbUsername, $this->dbPassword);     
        if (!$this->dbLink) {           
            return false;
        else if (!mysql_select_db($this->dbName,$this->dbLink)) {
            return false;
        else {
            mysql_query("set names latin5",$this->dbLink);
            return true;
        unset ($this->dbHost, $this->dbUsername, $this->dbPassword, $this->dbName);     

You are doing something seriously wrong here on your authenticateUser() 您在authenticateUser()上做的事情很严重

function authenticateUser($db, $username, $password)

    $sql22 = "select * from users 
                    where username = '".$username."' and password = '".$password."' 
                    limit 1";
    $no_of_rows = mysql_num_rows($sql22);// <-------- You are passing a string here instead of a resource !

Also, the if statement doesn't look right. 另外, if语句看起来也不正确。

if ($row22 = $db->fetchObject($result22))

The Mistakes 错误

  • You are not at all executing the query. 您根本不执行查询。
  • You are passing a string to the mysql_num_rows() 您正在将字符串传递给mysql_num_rows()

Rewrite like this. 像这样重写。

 $result22 = $db->query($sql22);
 if ($result22)
        while($row22 = $db->fetchObject($result22))
            $out = $row22->Id;

            $sql22 = "update users set authenticationTime = NOW(),
                                                                 IP = '".$_SERVER["REMOTE_ADDR"]."' ,
                                                                 port = 15145
                                where Id = ".$row22->Id."
                                limit 1";



声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

粤ICP备18138465号  © 2020-2024 STACKOOM.COM