0

I have an server with mysql database and a table named Login with the columns: id, username, password, user_deleted, last_login. And I have a php script like this:

<?php

$_db_host = "localhost";           
$_db_database = "login";
$_db_username = "root";
$_db_passwort = "1234";

SESSION_START();

$link = mysqli_connect($_db_host, $_db_username, $_db_passwort, $_db_database);

if (!$link)
{
    die(mysqli_error());
}

if (!empty($_GET["submit"]))
    {

    $_username = mysqli_real_escape_string($_GET["username"]);
    $_passwort = mysqli_real_escape_string(md5($_GET["passwort"]));

    $_sql = "SELECT * FROM table WHERE
                Username='$_username' AND
                Passwort='$_passwort' AND
                user_deleted=0
            LIMIT 1";

    $_res = mysqli_query($link,$sql);
    $_anzahl = @mysqli_num_rows($_res);

    if ($_anzahl > 0)
        {
        echo "Login succeed";

        $_SESSION["login"] = 1;

        $_SESSION["user"] = mysqli_fetch_array($_res, MYSQL_ASSOC);

        $_sql = "UPDATE table SET last_login=NOW()
                 WHERE id=".$_SESSION["user"]["id"];
        mysqli_query($_link, $_sql);
        }
    else
        {
        echo "Error with your username or passwort";
        }
    }

mysqli_close($link);
?>

Now I make a HTTP-Request with my Windows Phone App. As result of this request there comes with correct username and passwort the message "Login succeed". But when I do:

if(e.result.ToString() == "Login succeed")
{
    NavigationService.Navigate(new Uri("/hey.xaml", UriKind.Relative));
}
else {  MessageBox.Show(e.result.ToString());  }

And after every request there comes the MessageBox and not the navigation to the other page. But in the MessageBox stand "Login succeed". Have you any help?

user3493797
  • 63
  • 7
  • 1
    I deleted my answer due to your update. Have you checked in a debugger to see if there are any strange characters? I would recommend returning json or XML from your PHP script that you can deserialise into a proper type so you do not come up against the vagaries of differently encoded strings. – Ben Robinson Aug 26 '14 at 14:15
  • I try it later with a post request and post query data and receive a string from the php script, maybe this works. – user3493797 Aug 26 '14 at 14:19
  • Ok, I try it with JSON and not with text. Because that could be right, I can't see anything except 'Login succeed' but I believe there are html tags or something. I test it with Json. – user3493797 Aug 26 '14 at 14:36
  • 1
    Although not an answer to your question, but your code is open for sql injection. In this day and age you should not create sql statements like than. [Protect yourself](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – venerik Aug 26 '14 at 22:31

0 Answers0