Archive: Check a UserID and PW within a SQL DB
Check a UserID and PW within a SQL DB
Hey guys.
I would like to prompt a user to enter a username and password, then pass those to a mysql db, and find out if that is a valid name or not. I checked the Archive, and don't see any functions/plugins that can do that.
Any help would be much appreciated, thanks!
Here is some more information. During the installation, if the user is missing some files, I want to download them for the user, automatically. However before downloading the files, I want to check that the user is a current customer, hence I’ll ask them for their username and password. I then want to pass those credentials to the mysql db that is on the back end of our website. So the sql db is not local to the user, but I want to connect to it over the internet, make sense? Thanks for your help.
It'd be much simpler to make a HTTP interface and access it using NSISdl or InetLoad. Writing a PHP page to do this kind of a test should be simpler than accessing a remote SQL server.
I'll check into that, thanks!
From a PM from dimatorFirst I created a php page called vChecker.php that takes a username and password from the url, and returns a page with only 'LoggedIn' on it if the credential are good. I used the following code for that <Stuff between these you must fill in for yourself>:
Hi,
I'm just curious if you ever found a way to prompt the user for a username and password dialog, you were looking for?
Thanks,
DImi
Then in NSIS, I made a custom page that asked the user for a username and password that they would use on our website. Here is that code:<?php'Could not connect to database');
$name= $_GET***91;'name'***93;;
>$pwd = $_GET***91;'pwd'***93;;
{
mysql_connect('mysql.<yourserver>.com', '<username>', '<password>') or
die (
mysql_select_db('<yourdatabase>') or
die ("Could not select database");
>$result=mysql_query("SELECT <table1>, <table2>, <table3>, <table4> FROM <AnotherTable> WHERE username='$name' AND password='$pwd' AND accepted>0") or
die ('cant do it');
while ($row=mysql_fetch_array($result))
{
if ($row***91;"password"***93;==$password )
{
print'LoggedIn';
}else{
print'Denied';
}
}
}
>?>
Function LeaveCredentials
StrCmp $NumTries 0 0 +3
MessageBox MB_OK|MB_ICONSTOP "You have exceeded your logon attempts, please press Exit below."
Abort
StrCmp $NumTries 1 +3
StrCmp $NumTries 2 +2
StrCpy $NumTries 3
Delete "$INSTDIR\Tools\Bin\vChecker.txt"
Delete "$INSTDIR\Tools\Bin\vChecker.php"
ReadINIStr $Username "$PLUGINSDIR\Credentials.ini" "Field 4" "State"
ReadINIStr $Password "$PLUGINSDIR\Credentials.ini" "Field 6" "State"
InetLoad::load /Silent "http://www.<yourwebsite>.com/vChecker.php?name=$Username&pwd=$Password" "$INSTDIR\Tools\Bin\vChecker.php"
Pop $0
StrCmp $0 "OK" GotFile
MessageBox MB_OK|MB_ICONSTOP "Connection Error! Unable to verify Username and Passowrd.$\r$\nPlease try again or call us."
Abort
GotFile:
Rename "$INSTDIR\Tools\Bin\vChecker.php" "$INSTDIR\Tools\Bin\vChecker.txt"
FileOpen $0 "$INSTDIR\Tools\Bin\vChecker.txt" r
FileRead $0 $1
FileClose $0
Push $1
Call Trim
Pop $1
StrCmp $1 "LoggedIn" +4
Intop $NumTries $NumTries - 1
MessageBox MB_OK|MB_ICONEXCLAMATION "The Username and Password you entered is not correct, please try again.$\r$\n$\r$\nAttempts remaining: $NumTries"
Abort
;here is where you put the code that runs if user gets authenticated...
FunctionEnd
Well I'm suprised that works actually. Perhaps InetLoad isn't the same, but usually you have to pass it the content-length of the script output.
e.g.
header("Content-Length: 8");
echo 'LoggedIn';
I recommend using echo rather than print as it's a tiny bit faster (print returns true or false when it is successful or not whereas echo does not return anything).
Also rather than have "$INSTDIR\Tools\Bin\vChecker.php" on your InetLoad call, just use "$INSTDIR\Tools\Bin\vChecker.txt" and then you don't have to rename it afterwards. Don't forget InetLoad is downloading the output of the PHP script not the script itself therefore the downloaded output is no longer of PHP file type.
Finally you shouldn't have to use the Trim function because you aren't putting any new line characters in the PHP script output.
-Stu
Originally posted by Afrow UKThanks Stu for your help.
...I recommend using echo rather than print...
...Also rather than have "$INSTDIR\Tools\Bin\vChecker.php" on your InetLoad call, just use "$INSTDIR\Tools\Bin\vChecker.txt"...
...Finally you shouldn't have to use the Trim function...
-Stu
InetLoad supports http 1.1 chunked reply (i.e. without Content-Length header). The only difference is that progress bar will not appear because file length not comes from server. But for 8 bytes reply you will not see progress bar any case :)
If NSIS stack may be not empty you can add /end parameter at the end of InetLoad call string - this limits plug-in's parameters 'Pop' from the stack (requested by Afrow UK :D ).
Ok, another error I think... In the PHP script you're using $password in the selection statement when the variable is called $pwd? That should explain why you are only getting one of the two output strings.
And also you aren't using a mysql_close(); call at the end.
-Stu