Re: Is this the best way?

[Jason Pruim <japruim@xxxxxxxxxx>]

On Mar 14, 2008, at 12:51 PM, TG wrote:

> I think the first thing I'd check is why you'd have more than one  
> row being
> returned.   Is this a problem with some other part of the system?   
> Bad data
> import?   Not checking for unique users when creating them?    
> Something
> like that.

The username's will be unique... Still need to make that change to the  
DB but they will be.

The main reason I'm doing it this way, is if I don't put in some kind  
of a check on the authentication then it pops up a mysql error saying  
that there is a problem with my syntax...  instead of NOT logging them  
in... So I thought if I checked to make sure that the query only  
returned 1 row, it would match up and I could do some error checking  
based on that...




> If you do everything you can to prevent the possibility of multiple  
> users,
> then you can still check for multiple results if you want, maybe  
> send an
> email to yourself, but for the sake of not frustrating your users,  
> just
> take the first result and compare the login to that.   The worst  
> that'll
> happen is they won't match and the user won't get logged in.   Best  
> case is
> they get logged in and you won't get an annoyed user calling you.


> -TG
>
> ----- Original Message -----
> From: Jason Pruim <japruim@xxxxxxxxxx>
> To: PHP General List <php-general@xxxxxxxxxxxxx>
> Date: Fri, 14 Mar 2008 12:12:56 -0400
> Subject:  Is this the best way?
>
> > Hi everyone,
> >
> > I am attempting to add a little error checking for a very simple  
> > login
> > system. The info is stored in a MySQL database, and I am using mysqli
> > to connect to it. I have it working with the solution provided below,
> > but I am wondering if this is the right way to do it or if there is a
> > better way?
> >
> > My thinking with this is if more then 1 record is returned from the
> > database, then there is a issue... If only  is returned then the
> > username/password matched and I can safely show them the info...
> >
> > $rowcnt = mysqli_num_rows($loginResult);
> > if($rowcnt !="1"){
> > 			echo "Auth failed";
> > 			die("Auth failed... Sorry");
> > 	
> > 			
> > 		
> > 		}else{
> > 			while($row1 = mysqli_fetch_array($loginResult)) {
> > 				$_SESSION['user'] = $row1['loginName'];
> > 				$_SESSION['loggedin'] = "YES";
> > 				$table = $row1['tableName'];
> > 				$adminLevel = $row1['adminLevel'];
> > 				$authenticated = "TRUE";
> > 				echo "<BR>authentication complete";
> > 		}
> > 			return Array($table, $authenticated, $adminLevel);

--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
japruim@xxxxxxxxxx




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php