Having trouble logging into a PHP Database program
in [General]
|
Prev: very very small CMS
Next: SESSIONS QUESTION
From: Jason Pruim on 18 Jul 2008 12:11 Here is my authentication function: <?PHP function authentication($user, $pass, $link1){ // Keep in mind, PASSWORD has meaning in MySQL // Do your string sanitizing here // (e.g. - $user = mysqli_real_escape_string($_POST['user']);) $user = mysqli_real_escape_string($link1, $_POST['user']); $pass = mysqli_real_escape_string($link1, $_POST['pass']); $salt = "salt"; $salt1 = $salt . $pass; //$salt1 .= $pass; $password = md5("$salt1"); $loginQuery = "SELECT * FROM current WHERE loginName='".$user."' AND loginPassword='".$password."' LIMIT 0,1;"; $loginResult = mysqli_query($link1, $loginQuery) or die("Wrong data supplied or database error" .mysqli_error($link1)); $row1 = mysqli_fetch_assoc($loginResult); if($row1['adminLevel'] == "5000000"){ foreach (array_keys($_SESSION) as $key) unset($_SESSION[$key]); die('account disabled'); } if($_SESSION['userInfo']['loggedin'] ==TRUE) { return TRUE; }else{ if(is_array($row1)){ $_SESSION['userInfo'] = array( "userName" => $row1['loginName'], "loggedin" => TRUE, "table" => $row1['tableName'], "adminLevel" => $row1['adminLevel'], "authUser" => $row1['loginName'], "authCompany" => $row1['customerBusiness'], "authCustName" => $row1['customerName']); } else { //$_SESSION['userInfo'] =array("loggedin" => FALSE); die('authentication failed'); } } return TRUE; } ?> And what is happening is sometimes, even though the username & password match what is stored in the database, It only sets the loggedin value... Nothing else. Can anyone see where my error is? Thanks for looking! -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 11287 James St Holland, MI 49424 www.raoset.com japruim(a)raoset.com
From: Shawn McKenzie on 18 Jul 2008 13:37 Jason Pruim wrote: > Here is my authentication function: > > <?PHP > > function authentication($user, $pass, $link1){ > > // Keep in mind, PASSWORD has meaning in MySQL > // Do your string sanitizing here > // (e.g. - $user = mysqli_real_escape_string($_POST['user']);) > $user = mysqli_real_escape_string($link1, $_POST['user']); > $pass = mysqli_real_escape_string($link1, $_POST['pass']); > > > > $salt = "salt"; > $salt1 = $salt . $pass; > //$salt1 .= $pass; > > $password = md5("$salt1"); > > $loginQuery = "SELECT * FROM current WHERE > loginName='".$user."' AND loginPassword='".$password."' LIMIT 0,1;"; > $loginResult = mysqli_query($link1, $loginQuery) or > die("Wrong data supplied or database error" .mysqli_error($link1)); > $row1 = mysqli_fetch_assoc($loginResult); > if($row1['adminLevel'] == "5000000"){ > foreach (array_keys($_SESSION) as $key) > unset($_SESSION[$key]); > > die('account disabled'); > } > // Why not move this before the query? Why query if we're already loggedin? > if($_SESSION['userInfo']['loggedin'] ==TRUE) { echo 'ALREADY LOGGEDIN (MAYBE THIS WAS SET IN TESTING OR SOMETHING, SO WE RETURN AND NO OTHER SESSION VARS ARE SET'; > return TRUE; > }else{ > > if(is_array($row1)){ > > > $_SESSION['userInfo'] = array( "userName" => > $row1['loginName'], "loggedin" => TRUE, "table" => $row1['tableName'], > "adminLevel" => $row1['adminLevel'], "authUser" => $row1['loginName'], > "authCompany" => $row1['customerBusiness'], "authCustName" => > $row1['customerName']); > > > } > > else > { > //$_SESSION['userInfo'] =array("loggedin" => FALSE); > die('authentication failed'); > > } > } > > > return TRUE; > > } > > ?> > > And what is happening is sometimes, even though the username & password > match what is stored in the database, It only sets the loggedin value... > Nothing else. Can anyone see where my error is? > > Thanks for looking! > > > -- > > Jason Pruim > Raoset Inc. > Technology Manager > MQC Specialist > 11287 James St > Holland, MI 49424 > www.raoset.com > japruim(a)raoset.com > > > > >
|
Pages: 1 Prev: very very small CMS Next: SESSIONS QUESTION |