Jump to content

User sys - function check if user exists....

bogdaniel

By bogdaniel
in PHP Coding Help

 Share

Recommended Posts

bogdaniel Member

bogdaniel

Posted
Posted

hi people i'm trying to do a user system by my own from scratch i've started with making the function that checks the user and password in the db can you please look a little on it and see if it's ok and what should i add from now on .. what should i set inside of this function. please.

 

 

 

function confirm($username, $password, $id)
{
    if (!get_magic_quotes_gpc()) {
        $username = mysql_real_escape_string($_POST['username']);
        $password = mysql_real_escape_string($_POST['password']);
    }


    $sql = "SELECT * FROM `members` WHERE username = '$username' AND password = '$password'";
    $result = mysql_query($sql);
    if (!$result || (mysql_numrows($result) < 1)) {

        return 1; // Username Failure
    }
    $dbarray = mysql_fetch_array($result);
    $dbarray['password'] = stripslashes($dbarray['password']);
    $password = stripslashes($password);
    $dbarray['password'] = stripslashes($dbarray['password']);
    $password = stripslashes($password);
    if ($username == $dbarray['username']) {
        return; // Success! Username confirmed
    } else {
        return 2; // Indicates username failure
    }

    if ($password == $dbarray['password']) {
        return 0; //Success! Username and password confirmed
    } else {
        return 2; //Indicates password failure
    }
}

Link to comment
https://forums.phpfreaks.com/topic/125329-user-sys-function-check-if-user-exists/
Share on other sites
Maq Prolific Member

Maq

Posted
Posted

Why do you return 5 different times where multiple returns could be true?

 

You don't need:

 

if ($username == $dbarray['username']) {
        return; // Success! Username confirmed
    } else {
        return 2; // Indicates username failure
    }

    if ($password == $dbarray['password']) {
        return 0; //Success! Username and password confirmed
    } else {
        return 2; //Indicates password failure
    }

 

Because your query already checks this.  Think about it.  The query is searching for the username and password that was entered from the $_POST vars.  If your query returns at least one row then they exist in the database and have entered the correct password.  So your function should return 0 or 1, true or false etc... to tell you in the login script that the user's credentials are correct.  But you should use some htmlspecialcharacters/stripslashes/etc... functions to secure your script.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.