Jason Pruim wrote:
Hi everyone :)
So partly to get an answer, and partly to boost my post rankings for the
week I have a question.
I am attempting to write an authentication function which would query a
database, check the username/password and return true if it matches. If
it doesn't match, then it shouldn't return anything and they are denied
access.
Here is the code for the function:
<?PHP
function authentication(){
if($user && $pass) { // Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user = mysql_real_escape_string($_POST['user']);)
$loginQuery = "SELECT * FROM login WHERE user='".$user."'
AND Userpass='".$pass."' LIMIT 0,1;";
$loginResult = mysql_query($loginQuery) or die("Wrong data
supplied or database error" .mysql_error());
while($row1 = mysql_fetch_array($loginResult)) {
$_SESSION['user'] = $row1['User'];
$_SESSION['loggedin'] = "YES";
$authenticated = "true";
}
}
}return $authenticated;
?>
and here is the code that I am using to call it:
$authenticated = authentication($user, $pass);
but when ever I try and run it I get the following errors in my log
file, and the page doesn't load the info in the database.
Help me please!
My error log shows this:
[Fri Jan 25 14:55:14 2008] [error] PHP Notice: Undefined variable:
authenticated in
/Volumes/RAIDer/webserver/includes/oldbinc/function/authentication.func.php
on line 16
[Fri Jan 25 14:55:14 2008] [error] PHP Notice: Undefined variable: user
in
/Volumes/RAIDer/webserver/includes/oldbinc/function/authentication.func.php
on line 5
[Fri Jan 25 14:55:14 2008] [error] PHP Notice: Undefined variable: user
in
/Volumes/RAIDer/webserver/includes/oldbinc/function/authentication.func.php
on line 5
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424
www.raoset.com
japruim@xxxxxxxxxx
<?PHP
function authentication(){
// Per your example below, you need to call the escaping before your
// if () statement
// Do something like an if ( isset($_POST['user']) ) {..}
$user = mysql_real_escape_string(@$_POST['user']);
// Do something like an if ( isset($_POST['pass']) ) {..}
$pass = mysql_real_escape_string(@$_POST['pass']);
// Keep in mind, PASSWORD has meaning in MySQL
if($user && $pass) {
// Do your string sanitizing here
// (e.g. - $user = mysql_real_escape_string($_POST['user']);)
$loginQuery = "SELECT * FROM login WHERE user='".$user."' ".
" AND Userpass='".$pass."'";
// No need to end with a LIMIT clause
$loginResult = mysql_query($loginQuery) or
die("DB Error" .mysql_error());
// I do an if () statement because you should only get one result
// back. If you get more then one, then I think something is wrong
if ( mysql_num_row($loginResult) > 0 ) {
$row = mysql_fetch_assoc($loginResult);
$_SESSION['user'] = $row1['User'];
$_SESSION['loggedin'] = "YES";
$authenticated = "true";
}
}
// Make sure your return is inside the closing bracket
return $authenticated;
}
?>
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
