close ad
WARNING: Do Not Install the DREAMWEAVER CC 2017 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

MySQLi Login User allowing login with blank fields! :(

Thread began 12/17/2014 6:26 am by Nathon Jones Web Design | Last modified 9/17/2015 9:14 pm by Ray Borduin | 587 views | 6 replies |

Nathon Jones Web Design

MySQLi Login User allowing login with blank fields! :(

We've set up and installed the MySQLi Log in User behaviour on the following page:
http://www.stranraermusictown.org.uk/smtadmin/index.php

We were using an e-mail address and password to log in, to test, and it worked fine so we didn't think any more of it.
Today however I happening to click on the Sign In button without entering any information and, to my horror, it logged us straight in!
I've double checked the behaviour and nothing seems out of place. Hope you can resolve this swiftly for us. Page attached.

Thank you
NJ

Sign in to reply to this post

Jason ByrnesWebAssist

My first guess would be a blank record in the users table.

Does the registration form use validation?

Both the registration and login page should have server side validation in place to prevent submitting a blank email address or password.

to troubleshoot further than that, I'll need to troubleshoot directly, see the private message section.

Sign in to reply to this post

Nathon Jones Web Design

Blank record...thanks Jason.
Have set Server Validation to prevent that happening again.
Much appreciated.
NJ

Sign in to reply to this post

Jason ByrnesWebAssist

you're welcome.

Sign in to reply to this post

Dave W

Hi Jason,
I am having the same problem, only worse.
You can log in with a blank username and password, but you can also use a username and password that isn't in the database and it will still log you in.
Is there a bug in this MySQLi user authentication module?
I have attached the page for you to look at.

Sign in to reply to this post

Ray BorduinWebAssist

In the filter tab of the UI you should be filtering the username column with the value from the form... and you shouldn't have a recordset on the page at all.

You have a recordset returning the user information and then you are logging in with the field from that recordset, which of course is always valid since it is coming from the database directly.

Delete the recordset from the page.

Update the Authenticate Server behavior and on the filter tab filter the authenticate based on both the username and password columns, getting their values from the submitted form.

Sign in to reply to this post

Dave W

Thanks Ray,
That worked. It's fine now.
As I was new to MySQLi I used Kate Ford's Tutorial to set this up, and if you read it it tells you to set up a recordset and then select your username etc from that, (see the section marked "General Tab" and the illustration that goes with it), I think it should be amended.
Anyway, thanks once again for your (very) quick help.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...