Re: Sometimes I wonder why I even started programming...

[Jason Pruim <japruim@xxxxxxxxxx>]

On Feb 28, 2008, at 11:28 AM, Eric Butera wrote:

> On Wed, Feb 27, 2008 at 5:12 PM, Daniel Brown <parasane@xxxxxxxxx>  
> wrote:
> > On Wed, Feb 27, 2008 at 4:55 PM, Jason Pruim <japruim@xxxxxxxxxx>  
> > wrote:
> > > So I was supposed to go home a half hour ago but that didn't  
> > > happen...
> > > I hate deadlines! :P
> >
> >    You whine like a mule.
> >
> > [snip!]
> >
> > >        function authentication($user, $pass, $authenticated,  
> > > $table){
> > >
> > >                        // Keep in mind, PASSWORD has meaning in  
> > > MySQL
> > >                        // Do your string sanitizing here
> > >                        // (e.g. - $user =  
> > > mysql_real_escape_string($_POST['user']);)
> > >                        $salt = "salt";
> > >                        $salt1 = $salt;
> > >                        $salt1 .= $pass;
> > >
> > >                        $password = md5("$salt1");
> > >                        $loginQuery = "SELECT * FROM current WHERE  
> > > loginName='".$user."'
> > > AND loginPassword='".$password."' LIMIT 0,1;";
> > >                        $loginResult = mysql_query($loginQuery) or  
> > > die("Wrong data supplied
> > > or database error"  .mysql_error());
> > >                        while($row1 =  
> > > mysql_fetch_array($loginResult)) {
> > >                                $_SESSION['user'] =  
> > > $row1['loginName'];
> > >                                $_SESSION['loggedin'] = "YES";
> > >                                $authenticated = "true";
> > >                                $table = $row1['tableName'];
> > >
> > >                        }
> > >                return $table;
> > >                return $authenticated;
> > >        }       \
> >
> >    I recognize that code, Jason!  At least the base of it (and the
> > comments).  ;-P
> >
> >    See in the first block how you're using $_SESSION?  That's why
> > you're able to read it later.... because you have two return $xxx
> > lines in each function.
> >
> >    As soon as a function reaches a `return` statement, it returns
> > that data and exits, so the second `return` is never processed.
> >
> > --
> > </Dan>
> >
> > Daniel P. Brown
> > Senior Unix Geek
> > <? while(1) { $me = $mind--; sleep(86400); } ?>
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
>
> Guess all your posts stating to sanitize data just really don't have
> an impact, huh?  Perhaps you should stop posting code that doesn't
> validate/escape as it will be copied and pasted as I've told you
> before.

The code for escaping and sanitizing the input is in a different  
module of the program. I actually do it right before sending it to my  
authentication function.  I didn't see the need to post it since it  
wasn't related to the problem :)

And the comments were from Mr. Brown who gave me the code originally  
that has now been adapted to use in a different program :)
>



--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
japruim@xxxxxxxxxx

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php