1

I am creating a login page through Objective c. When the user types in email and password, those two fields are sent to a php page and processed. If the email and password are correct, the page echoes yes otherwise it echoes no. The problem is that it is echoing Yes, but what is supposed to happen when it echoes Yes does not. Even when I create a NSLog of the received data, it says Yes. Here is my Objective c:

-(void) login{
NSString *post =[NSString stringWithFormat:@"email=%@&pass=%@",email.text, password.text];

NSString *hostStr = @"http://localhost/checkLogin.php?";
hostStr = [hostStr stringByAppendingString:post];
NSData *dataURL =  [NSData dataWithContentsOfURL: [ NSURL URLWithString: hostStr ]];
NSString *serverOutput = [[NSString alloc] initWithData:dataURL encoding: NSASCIIStringEncoding];
if([serverOutput isEqualToString:@"Yes"]){
    UIAlertView *alertsuccess = [[UIAlertView alloc] initWithTitle:@"" message:@"You are authorized"
                                                          delegate:self cancelButtonTitle:@"Ok" otherButtonTitles:nil];
    [alertsuccess show];

} else {
    UIAlertView *alertsuccess1 = [[UIAlertView alloc] initWithTitle:@"" message:@"Invalid Access"
                                                          delegate:self cancelButtonTitle:@"Ok" otherButtonTitles:nil];
    [alertsuccess1 show];
    NSLog(serverOutput);

}
}



-(IBAction)checkLogin:(id)sender{

[self.view endEditing:YES];
[self login];



}

Here is my php:

<?php

$db_connect = mysql_connect("localhost", "root", "") 
or die("Our servers are down at the moment");
mysql_select_db("Login Test") or die("Couldnt find db");

$email = $_GET['email'];

$pass = $_GET['pass'];

$query = mysql_query("SELECT * FROM Users WHERE Email='$email'");

    $numrows = mysql_num_rows($query);
    if($numrows!=0)
    {

    while ($row = mysql_fetch_assoc($query))
    {
    $dbemail = $row['Email'];
    $dbpassword = $row['Pass'];
    }

    if ($pass == $dbpassword && $email == $dbemail){
    echo "Yes";
    }
    else{
    echo "No";
    }
    }

  mysql_close();

?>
Ryan Tobin
  • 214
  • 2
  • 14
  • Please, [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Jun 03 '15 at 17:10
  • You should never put a plain text password in a query string. [Don't limit passwords](http://jayblanchard.net/security_fail_passwords.html) and [use the proper methods to hash passwords with PHP](http://jayblanchard.net/proper_password_hashing_with_PHP.html). – Jay Blanchard Jun 03 '15 at 17:10
  • I'm not trying to hash anything or create anything that I would release. I'm just trying to get familiar between communicating between iPhone and databases therefore there is no need to hash anything. I'm not actually going to release this otherwise I would hash it – Ryan Tobin Jun 03 '15 at 17:13

1 Answers1

0

I have figured out my problem. The php page was returning \n\nYes. All I needed to do was make that change in my code and now it works. 

-(void) login{
NSString *post =[NSString stringWithFormat:@"email=%@&pass=%@",email.text, password.text];

NSString *hostStr = @"http://localhost/Study_Solution/checkLogin.php?";
hostStr = [hostStr stringByAppendingString:post];
NSData *dataURL =  [NSData dataWithContentsOfURL: [ NSURL URLWithString: hostStr ]];
NSString *serverOutput = [[NSString alloc] initWithData:dataURL encoding: NSASCIIStringEncoding];
NSString *login = serverOutput;
if([login isEqualToString:@"\n\nYes"]){
    UIAlertView *alertsuccess = [[UIAlertView alloc] initWithTitle:@"" message:@"You are authorized"
                                                          delegate:self cancelButtonTitle:@"Ok" otherButtonTitles:nil];
    [alertsuccess show];

} else {
    UIAlertView *alertsuccess1 = [[UIAlertView alloc] initWithTitle:@"" message:@"Invalid Access"
                                                          delegate:self cancelButtonTitle:@"Ok" otherButtonTitles:nil];
    [alertsuccess1 show];

}
}
Ryan Tobin
  • 214
  • 2
  • 14