Re: Having trouble logging into a PHP Database program

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jason Pruim wrote:
Here is my authentication function:

<?PHP

     function authentication($user, $pass, $link1){
// Keep in mind, PASSWORD has meaning in MySQL
        // Do your string sanitizing here
        // (e.g. - $user = mysqli_real_escape_string($_POST['user']);)
        $user = mysqli_real_escape_string($link1, $_POST['user']);
        $pass = mysqli_real_escape_string($link1, $_POST['pass']);

        $salt = "salt";
            $salt1 = $salt . $pass;
            //$salt1 .= $pass;

        $password = md5("$salt1");
$loginQuery = "SELECT * FROM current WHERE loginName='".$user."' AND loginPassword='".$password."' LIMIT 0,1;"; $loginResult = mysqli_query($link1, $loginQuery) or die("Wrong data supplied or database error" .mysqli_error($link1));
            $row1 = mysqli_fetch_assoc($loginResult);
                if($row1['adminLevel'] == "5000000"){
                    foreach (array_keys($_SESSION) as $key)
                    unset($_SESSION[$key]);
die('account disabled');
                }

// Why not move this before the query? Why query if we're already loggedin?

        if($_SESSION['userInfo']['loggedin'] ==TRUE) {


echo 'ALREADY LOGGEDIN (MAYBE THIS WAS SET IN TESTING OR SOMETHING, SO WE RETURN AND NO OTHER SESSION VARS ARE SET';


            return TRUE;
        }else{
if(is_array($row1)){ $_SESSION['userInfo'] = array( "userName" => $row1['loginName'], "loggedin" => TRUE, "table" => $row1['tableName'], "adminLevel" => $row1['adminLevel'], "authUser" => $row1['loginName'], "authCompany" => $row1['customerBusiness'], "authCustName" => $row1['customerName']); } else
            {
                //$_SESSION['userInfo'] =array("loggedin" => FALSE);
                die('authentication failed');
}
        }
return TRUE;

    }

?>

And what is happening is sometimes, even though the username & password match what is stored in the database, It only sets the loggedin value... Nothing else. Can anyone see where my error is?

Thanks for looking!


--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
11287 James St
Holland, MI 49424
www.raoset.com
japruim@xxxxxxxxxx






--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux