CODEWITHSUNDEEP
mysqlstored-procedures
Jjj
Jjj

Reputation: 155

MySQL stored procedure, strange invalid results

I have a stored procedure called UserLogin, here is the code.

The parameters:

username varchar(200), user_pass varchar(200), ip varchar(50)

The code:

BEGIN

# find user in the database by the username and user_pass parameters
select id_member, passwd into @user_id, @password
from smf_forummembers
where member_name = username and passwd = user_pass;

if @user_id is null or @password is null THEN
    select "mismatch" as result;
else
    # check the user is banned (returns a result with time)
    set @time = IsUserBannedSMF(@user_id);
    if @time is not null THEN
        select "banned" as result, @time as time;
    ELSE
        BEGIN
            # remove any old session
            delete from sessions
            where sess_usr_id = @user_id;

            # return the data
            select "auth" as result, @user_id as user_id, @password as pass, user_pass as pass1;
        end;
    end if;
end if;

END

I have a automated test program running to post do 3 jobs. These being 3 web calls, invalid, valid and the same invalid test as before.

First web call, invalid;

QUERY : CALL UserLogin('testUser1','1234','::ffff:127.0.0.1');
ROWS : [ { result: 'mismatch' } ]

Second web call, valid;

QUERY : CALL UserLogin('testUser1','2ff4b7ec337310be7828906c6862b48f95384f9f','::ffff:127.0.0.1');
ROWS : [ { result: 'auth',
    user_id: 28,
    pass: '2ff4b7ec337310be7828906c6862b48f95384f9f',
    pass1: '2ff4b7ec337310be7828906c6862b48f95384f9f' } ]

Third web call, same invalid test as one;

QUERY : CALL UserLogin('testUser1','1234','::ffff:127.0.0.1');
ROWS : [ { result: 'auth',
    user_id: 28,
    pass: '2ff4b7ec337310be7828906c6862b48f95384f9f',
    pass1: '1234' } ]

The third web call should fail, like the first web call, but returns a valid result from the query, I don't understand how this is happening. Does MySQL cache things?

I can fix this by doing a manual if statement to check the password but at the same time I don't want to ignore why this is failing.

Upvotes: 0

Views: 111

Answers (1)

seahawk
seahawk

Reputation: 1912

Make changes as suggested below:

Initialize both var just after begin:

BEGIN
set @user_id=null;
set @password=null;
# find user in the database by the username and user_pass parameters

In case of no rows found in first select statement, both variable contains previously assigned value.

Upvotes: 1

Related Questions