Jason Pruim wrote:
Here is my authentication function:
<?PHP
function authentication($user, $pass, $link1){
// Keep in mind, PASSWORD has meaning in MySQL
// Do your string sanitizing here
// (e.g. - $user = mysqli_real_escape_string($_POST['user']);)
$user = mysqli_real_escape_string($link1, $_POST['user']);
$pass = mysqli_real_escape_string($link1, $_POST['pass']);
$salt = "salt";
$salt1 = $salt . $pass;
//$salt1 .= $pass;
$password = md5("$salt1");
$loginQuery = "SELECT * FROM current WHERE
loginName='".$user."' AND loginPassword='".$password."' LIMIT 0,1;";
$loginResult = mysqli_query($link1, $loginQuery) or
die("Wrong data supplied or database error" .mysqli_error($link1));
$row1 = mysqli_fetch_assoc($loginResult);
if($row1['adminLevel'] == "5000000"){
foreach (array_keys($_SESSION) as $key)
unset($_SESSION[$key]);
die('account disabled');
}
// Why not move this before the query? Why query if we're already
loggedin?
if($_SESSION['userInfo']['loggedin'] ==TRUE) {
echo 'ALREADY LOGGEDIN (MAYBE THIS WAS SET IN TESTING OR SOMETHING, SO
WE RETURN AND NO OTHER SESSION VARS ARE SET';
return TRUE;
}else{
if(is_array($row1)){
$_SESSION['userInfo'] = array( "userName" =>
$row1['loginName'], "loggedin" => TRUE, "table" => $row1['tableName'],
"adminLevel" => $row1['adminLevel'], "authUser" => $row1['loginName'],
"authCompany" => $row1['customerBusiness'], "authCustName" =>
$row1['customerName']);
}
else
{
//$_SESSION['userInfo'] =array("loggedin" => FALSE);
die('authentication failed');
}
}
return TRUE;
}
?>
And what is happening is sometimes, even though the username & password
match what is stored in the database, It only sets the loggedin value...
Nothing else. Can anyone see where my error is?
Thanks for looking!
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
11287 James St
Holland, MI 49424
www.raoset.com
japruim@xxxxxxxxxx
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
