On Wed, Feb 27, 2008 at 5:12 PM, Daniel Brown <parasane@xxxxxxxxx> wrote:
> On Wed, Feb 27, 2008 at 4:55 PM, Jason Pruim <japruim@xxxxxxxxxx> wrote:
> > So I was supposed to go home a half hour ago but that didn't happen...
> > I hate deadlines! :P
>
> You whine like a mule.
>
> [snip!]
>
> > function authentication($user, $pass, $authenticated, $table){
> >
> > // Keep in mind, PASSWORD has meaning in MySQL
> > // Do your string sanitizing here
> > // (e.g. - $user = mysql_real_escape_string($_POST['user']);)
> > $salt = "salt";
> > $salt1 = $salt;
> > $salt1 .= $pass;
> >
> > $password = md5("$salt1");
> > $loginQuery = "SELECT * FROM current WHERE loginName='".$user."'
> > AND loginPassword='".$password."' LIMIT 0,1;";
> > $loginResult = mysql_query($loginQuery) or die("Wrong data supplied
> > or database error" .mysql_error());
> > while($row1 = mysql_fetch_array($loginResult)) {
> > $_SESSION['user'] = $row1['loginName'];
> > $_SESSION['loggedin'] = "YES";
> > $authenticated = "true";
> > $table = $row1['tableName'];
> >
> > }
> > return $table;
> > return $authenticated;
> > } \
>
> I recognize that code, Jason! At least the base of it (and the
> comments). ;-P
>
> See in the first block how you're using $_SESSION? That's why
> you're able to read it later.... because you have two return $xxx
> lines in each function.
>
> As soon as a function reaches a `return` statement, it returns
> that data and exits, so the second `return` is never processed.
>
> --
> </Dan>
>
> Daniel P. Brown
> Senior Unix Geek
> <? while(1) { $me = $mind--; sleep(86400); } ?>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Guess all your posts stating to sanitize data just really don't have
an impact, huh? Perhaps you should stop posting code that doesn't
validate/escape as it will be copied and pasted as I've told you
before.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
