From: <will
Date: March 29 2007 8:34pm
Subject: Update- Strange results when Inserting Passwords into MYSQL Database
List-Archive: http://lists.mysql.com/php/9
Message-Id: <019e01c77241$9c7eb9e0$4201a8c0@MoneyMaker>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_019B_01C77217.B34953D0"

------=_NextPart_000_019B_01C77217.B34953D0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

It turns out that the last un & pw inserted into `live` from `staging`,  =
in my example the 10th row, will automatically  allow access to the site =
while the first 9 un & pw rows inserted into `live` will not allow =
access.

Oh, and I apologize for the last line being in All Caps.  I was told =
that's improper etiquete..

Original Email below-=20

Hello

Following is the process I am doing to insert usernames and passwords =
into a MYSQL database.
The username and passwords are used to log into our website by people =
who have purchased access.

1.  I generate 10 username and password combinations using a password =
generator
2.  I export the generated un & pw to a csv file on my local hard drive, =
called infile.csv.
3.  I upload  infile.csv to our dedicated server hosted by an outside =
company.
4.  I manually execute a php file called Insert.php which Inserts the un =
& pw into "staging" table in MYSQL.
Here is the code:
<?php

/**
 * Reads in the Diplodeck Username/Password file
 * Converts and adds data to match the columns in codes_staging
 * After the codes_staging table is reviewed it will be=20
 * manaully inserted into the codes table.
 */

=20
/* Open file */
 $infile =3D file("infile.csv");


=20
/* Read in each record */=20
 foreach ($infile as $record) {
  list($password, $username) =3D explode(",", $record);

/* Create All the columns to insert a record into codes_staging */ =20
/* Replace - in username with z */
        $login =3D str_replace ("-", "z", $username);
   =20
/* Convert password to hash password */
  $password =3D md5($password);
/* Hardcode $type 24H, 3D, 10D, or 30D */
  $type =3D "30D";
/* Hardcode $serialno this is always equal to the last 4 digits of the =
password.  This ensures no username/pw combos will ever be recreated */
  $serialno =3D "MNTK";
/* The remaining column variables are always the same.  No modifications =
are required for them */
  $startdate =3D 0;
  $logged =3D 0;
  $ip =3D 0;
  $ipcounter =3D 0;
  $active =3D 1;
  $passhash =3D $password;
  $pass =3D " ";
 =20
  mysql_connect("localhost", "xxxxxxxx", "pwpwpwpwpw") or =
die(mysql_error());
  mysql_select_db("database_database") or die(mysql_error());
 =20
 =20
    mysql_query("INSERT INTO staging=20
    (login, password, type, startdate, logged, serialno, ip, ipcounter, =
active, passhash, pass) =20
    VALUES
    =
('".$login."','".$password."','".$type."','".$startdate."','".$logged."',=
'".$serialno."',=20
     =
'".$ip."','".$ipcounter."','".$active."','".$passhash."','".$pass."' ) =
")
     or die(mysql_error());
  =20
  mysql_close();
    =20
/* Test Check  uncomment code when testing. Comment out when running =
live */
  echo $login," ",$password," ",$type," ",$stardate," ",$logged," =
",$serialno," ",$ip," ",$ipcounter," "   ,$ipcounter," ",$active," =
",$passhash," ",$pass,"<br>";=20
 =20
 =20
 }
=20
 fclose($infile);
=20

=20
?>

5.  I verify the data is there and correct in the `staging` table.  It =
always is....
6.  I manually run the following command in the MYSQL SQL window to get =
the new un & pw combinations into the "Live" table
INSERT INTO `live`
(SELECT * FROM 'staging`)

7. The new un & pw combinations should now allow access to our =
site....It doesn't.
What's strange is if I select the edit pencil next to the un & pw row in =
the `live` table and NOT EDIT ANYTHING and then hit the GO button, the =
same un & pw that wouldn't allow access, now does.  I didn't change =
anything!!

-Also if I use Insert.php to insert 1 un & pw at a time the un & pw will =
grant access once it's been inserted into the `live` table. =20

I plan on inserting thousands of rows at a time and it's not logical to =
physically edit each row or run Insert.php thousands of time.

IF ANYONE KNOWS HOW TO RESOLVE THIS, IT WILL BE GREATLY APPRECIATED?
------=_NextPart_000_019B_01C77217.B34953D0--