Here is my authentication function:
<?PHP
function authentication($user, $pass, $link1){
// Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user = mysqli_real_escape_string($_POST['user']);)
$user = mysqli_real_escape_string($link1, $_POST['user']);
$pass = mysqli_real_escape_string($link1, $_POST['pass']);
$salt = "salt";
$salt1 = $salt . $pass;
//$salt1 .= $pass;
$password = md5("$salt1");
$loginQuery = "SELECT * FROM current WHERE loginName='".$user."'
AND loginPassword='".$password."' LIMIT 0,1;";
$loginResult = mysqli_query($link1, $loginQuery) or die("Wrong data
supplied or database error" .mysqli_error($link1));
$row1 = mysqli_fetch_assoc($loginResult);
if($row1['adminLevel'] == "5000000"){
foreach (array_keys($_SESSION) as $key)
unset($_SESSION[$key]);
die('account disabled');
}
if($_SESSION['userInfo']['loggedin'] ==TRUE) {
return TRUE;
}else{
if(is_array($row1)){
$_SESSION['userInfo'] = array( "userName" => $row1['loginName'],
"loggedin" => TRUE, "table" => $row1['tableName'], "adminLevel" =>
$row1['adminLevel'], "authUser" => $row1['loginName'], "authCompany"
=> $row1['customerBusiness'], "authCustName" => $row1['customerName']);
}
else
{
//$_SESSION['userInfo'] =array("loggedin" => FALSE);
die('authentication failed');
}
}
return TRUE;
}
?>
And what is happening is sometimes, even though the username &
password match what is stored in the database, It only sets the
loggedin value... Nothing else. Can anyone see where my error is?
Thanks for looking!
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
11287 James St
Holland, MI 49424
www.raoset.com
japruim@xxxxxxxxxx
