Re: Trying to understand sessions and using them to authenticate...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Daniel Brown schreef:
<?
session_start();
if(!$_SESSION['user']) {
    if($_POST['user'] && $_POST['pass']) { // Keep in mind, PASSWORD
has meaning in MySQL
        // Do your string sanitizing here
        // (e.g. - $user = mysql_real_escape_string($_POST['user']);)
        $sql = "SELECT * FROM users WHERE user='".$user."' AND
pass='".$pass."' LIMIT 0,1;";
        $result = mysql_query($sql) or die("Wrong data supplied or
database error");
        while($row = mysql_fetch_array($result)) {
            $_SESSION['user'] = $row['user'];
            // Do whatever else you need to do here....
        }
    } else {
        // Show your login form here.
    }
} else {
    // The user is authenticated and logged in already.
}
?>

    Keep in mind that, as always, this hasn't been bug-checked,
re-read, or otherwise validated.
A warrant about your example not being validated, will most likely not stop the OP from using this code as is, thereby subjecting himself to SQL injection.
And all it needed was mysql_real_escape_string() in there.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux