On Fri, Jan 30, 2009 at 5:44 PM, Shawn McKenzie <nospam@xxxxxxxxxxxxx>wrote:
> Terion Miller wrote:
> > Well I changed it because it's not a post since its not coming from a
> form
> > is this closer?
> >
> > if (!empty($UserName)) {
> >
>
> Why are you doing this? Only to see if > 0 rows are returned? You can
> use the results you know.
> > $sql = "SELECT `AdminID`,`UserName` FROM `admin` WHERE
> > `UserName`='$UserName' and `Password`='$Password'";
> > $result = mysql_query ($sql);
> > $row = mysql_fetch_object ($result);
>
> Do you maybe mean $row['AdminID']? Well you're using objects now so
> $row->AdminID?
> > $AdminId = $_SESSION['AdminID'];
> >
>
> What in the hell are you doing here? If it's set then set it again to
> equal itself?
> > if(isset($_SESSION['AdminID']))
> > $_SESSION['AdminID'] = $_SESSION['AdminID'];
> > else
> > $_SESSION['AdminID'] = $AdminID;
> >
> > If (mysql_num_rows($result) > 0) {
> > $_SESSION['AdminLogin'] = true;
> > $_SESSION['user']=$UserName;
> > $_SESSION['AdminID']=$AdminID;
> >
> > header ('Location: Main.php');
> > exit;
> > } else {
>
> You either need to get a good PHP book or pay much closer attention to
> what you're doing. Many more problems, but those seem to cause your
> issue. This is not complete but seems to be the structure you need:
>
> session_start();
> include("inc/dbconn_open.php");
>
> if (!empty($_POST['UserName']) && !empty($_POST['Password'])) {
> $UserName = $_POST['UserName'];
> $Password = $_POST['Password'];
>
> $sql = "SELECT `AdminID`,`UserName` FROM `admin` WHERE
> `UserName`='$UserName' and `Password`='$Password'";
> $result = mysql_query ($sql);
> $row = mysql_fetch_object ($result);
>
> If (mysql_num_rows($result) > 0) {
> $_SESSION['AdminLogin'] = true;
> $_SESSION['user'] = $UserName;
> $_SESSION['AdminID'] = $row->AdminID;
>
> header ('Location: Main.php');
> exit;
> } else {
>
>
> --
> Thanks!
> -Shawn
> http://www.spidean.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
> yep I had actually tried your way my first try because it seemed to be what
exactly it should do, but I get a blank page....no errors just a blank page,
so I was suggested by someone else it was that the AdminID is not set, so
that is why I was attempting to set it
And for the record I have two O'reilly books on php...programming php, and
web database applications with php, and the sessions section pretty much
includes:
session_start()
and the oh so helpful $_SESSION($BLAH) = 'BLAH'
I couldn't find anything about how to pull a result from the db and then use
it to set a session, well anything past what seem to be common sense, to
just put it after the query...and it does not pick up the adminID, and I've
also tried another suggestion and also get a blank page, should I be setting
the AdminID session on the page after the login?
Here was the other way I tried :
$UserName = (isset($_POST['UserName'])) ? mysql_real_escape_string($_POST[
'UserName']) : '';
$Password = (isset($_POST['Password'])) ? mysql_real_escape_string($_POST[
'Password']) : '';
if (!empty($UserName)) {
$sql = "SELECT `AdminID`,`UserName`,`Password` FROM `admin` WHERE
`UserName`='$UserName'";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
//If hashed passwords match proceed login
if (sha1($Password) == $row['Password']) { //granted the password was
sha1() before insertion into db
$_SESSION['AdminID'] = (isset($_SESSION['AdminID'])) ? $_SESSION[
'AdminID'] : $row['id'];
$_SESSION['AdminLogin'] = true;
$_SESSION['user'] = $UserName;
header ('Location: Main.php');
}
}
