<?PHP
/// initialize the return variable
$authenticated = false;
function authentication(){
if(!isset($user) || !isset($pass)) { return false; } /// <--
i would do it a bit nicer than this, but you get the idea
if($user && $pass) { // Keep in mind, PASSWORD has meaning in
MySQL
// Do your string sanitizing here
// (e.g. - $user = mysql_real_escape_string($
_POST['user']);)
$loginQuery = "SELECT * FROM login WHERE
user='".$user."' AND
Userpass='".$pass."' LIMIT 0,1;";
$loginResult = mysql_query($loginQuery) or die("Wrong
data supplied
or database error" .mysql_error());
while($row1 = mysql_fetch_array($loginResult)) {
$_SESSION['user'] = $row1['User'];
$_SESSION['loggedin'] = "YES";
$authenticated = "true";
}
}
}return $authenticated;
?>
-nathan
