Search Unity

  1. Megacity Metro Demo now available. Download now.
    Dismiss Notice
  2. Unity support for visionOS is now available. Learn more in our blog post.
    Dismiss Notice

MySql & php not communicating properly

Discussion in 'Multiplayer' started by PianoMeow, May 15, 2017.

  1. PianoMeow

    PianoMeow

    Joined:
    Sep 26, 2015
    Posts:
    107
    hi, so i am using a sql server database for users in my game, mainly for logging in and saving data. i am using a php file to communicate between the sql server and unity.
    i have a php file for inserting a user in the database (username, password, email) and i have anouther php file thats is used to log in. It is supposed to check if the username and password match then continue, the problem i am having is that it checks if the user exists just fine but basically you can type anything for a password and it lets you log in, ass posed to the correct password that is in the database

    any insight to this problem would be greatly appreciated

    this is my script for unity
    Code (CSharp):
    1. using System.Collections;
    2. using System.Collections.Generic;
    3. using UnityEngine;
    4. using UnityEngine.UI;
    5.  
    6. public class Login : MonoBehaviour
    7. {
    8.     //public InputField _userInputUserName;
    9.     //public InputField _userInputPassword;
    10.  
    11.     public string inputUserName;
    12.     public string inputPassword;
    13.  
    14.     string LoginURL = "http://localhost/MeowMeowMeow/Login.php";
    15.  
    16.     // Use this for initialization
    17.     void Start ()
    18.     {
    19.      
    20.     }
    21.  
    22.  
    23.  
    24.     // Update is called once per frame
    25.     void Update ()
    26.     {
    27.         if (Input.GetKeyDown(KeyCode.L))
    28.         {
    29.             StartCoroutine( LoginToDB (inputUserName, inputPassword));
    30.         }
    31.     }
    32.  
    33.     //public void OnLogin()
    34.     //{
    35.         //inputUserName = _userInputUserName.text;
    36.         //inputPassword = _userInputPassword.text;
    37.         //StartCoroutine( LoginToDB (inputUserName, inputPassword));
    38.  
    39.     //}
    40.  
    41.     IEnumerator LoginToDB(string username, string password)
    42.     {
    43.         WWWForm form = new WWWForm();
    44.         form.AddField("usernamePost", username);
    45.         form.AddField ("passwordPost", password);
    46.  
    47.         WWW www = new WWW (LoginURL, form);
    48.  
    49.         //waits for result then returns
    50.         yield return www;
    51.  
    52.         Debug.Log (www.text);
    53.     }
    54. }
    55.  
    and this is my php file i am using
    Code (Boo):
    1. <?php
    2. {
    3.     $servername = "localhost";
    4.     $server_username = "root";
    5.     $server_password = "";
    6.     $dbName = "Tactics_Arena";
    7.  
    8.     $username = $_POST["usernamePost"];
    9.     $password = $_POST["passwordPost"];
    10.  
    11.  
    12.     //Make Connection
    13.     $conn = new mysqli($servername, $server_username, $server_password, $dbName);
    14.  
    15.     //Check Connecion
    16.     if(!$conn)
    17.     {
    18.         die("Connection Failed.".mysqli_connect_error());
    19.     }
    20.  
    21.     $sql = "SELECT password FROM users WHERE username = '".$username."'";
    22.     $result = mysqli_query($conn ,$sql);
    23.  
    24.     //get result and confirm login
    25.     if(mysqli_num_rows($result)>0)
    26.     {
    27.         //show data for eatch row
    28.         while ($row = mysqli_fetch_assoc($result))
    29.         {
    30.             if($row['password'] = $password)
    31.             {
    32.                 echo "login success";
    33.             }
    34.             else
    35.             {
    36.                 echo "password incorrect";
    37.             }
    38.         }
    39.      
    40.     }
    41.     else
    42.     {
    43.         echo "user not found";
    44.     }
    45.  
    46. }
    47.  
    48. ?>
     
    Last edited: May 15, 2017
  2. mgear

    mgear

    Joined:
    Aug 3, 2010
    Posts:
    9,350
    missing one extra = in
    Code (Boo):
    1.  if($row['password'] = $password)
     
  3. PianoMeow

    PianoMeow

    Joined:
    Sep 26, 2015
    Posts:
    107
    can you elaborate anymore, I'm not quite understanding what you are saying
    thanks
     
  4. PianoMeow

    PianoMeow

    Joined:
    Sep 26, 2015
    Posts:
    107
    ohhhhh S*** i feel so dumb, never mind i get it now. its always a stupid syntax thing that hangs me up for ever, thanks man/woman
     
  5. mgear

    mgear

    Joined:
    Aug 3, 2010
    Posts:
    9,350
    oh, actually it seems that php string comparison should be using: ===
     
  6. PianoMeow

    PianoMeow

    Joined:
    Sep 26, 2015
    Posts:
    107
    "==" did the trick
     
  7. mgear

    mgear

    Joined:
    Aug 3, 2010
    Posts:
    9,350
  8. PianoMeow

    PianoMeow

    Joined:
    Sep 26, 2015
    Posts:
    107
  9. dr4g0nsr

    dr4g0nsr

    Joined:
    Mar 16, 2014
    Posts:
    1
    When doing query never trust input data.
    Instead of:
    Code (CSharp):
    1. $sql = "SELECT password FROM users WHERE username = '".$username."'";
    Do this:
    Code (CSharp):
    1. $sql = "SELECT `password` FROM `users` WHERE `username` = '".mysqli_real_escape_string($username)."'";
    I suggest to use REST instead of plain text, and suppress errors/warning like @mysqli_query.
    Instead of superglobals ($_POST) use filter_input for cleaning data from unwanted characters.