sub@xxxxxxxxx wrote:
I think this is the way I need to write my if statement.
if ( $min && $user[ "min" ] == $min && $user[ "pin" ] == $pin || $pin == 'allow')
try a couple paretheses to make your intension explicit. your if statement might
work the way you want it but I have no idea - and I'm way to lazy to go and look
up the operator precedence to work it out....
if ($min && $user[ "min" ] == $min && ($user[ "pin" ] == $pin || $pin == 'allow')) {
// you are okay to login
}
$min login name entered by the customer at the form.
$user[min] is the login name from my sql db that matches $min
$user[pin] is the password from mysql db that matches $min
$pin is the password that is entered by the user
There's 4 checks
1) $min must have a value
2) $user[ "min" ] must equal $min
3) $user[ "pin" ] must equal $pin
4) $pin == 'allow'
check 4 seems a little absurd - anyone who knows it will be able to login
as anyone on your app. also checking whether $user['min'] is equal to $min
_seems_ pointless because I assume that you had to extract the data from the
database somehow - usually this means using the login (i.e. $min) entered by
the user to do the look up.
lots of good reading here on security: http://www.phpsec.org/
I want it so that both 1 and 2 must be true and either 3 or 4 must be true. Will this if statement work?
Andrew Darrow
Kronos1 Productions
www.pudlz.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
