bogdaniel Posted September 22, 2008 Share Posted September 22, 2008 hi people i'm trying to do a user system by my own from scratch i've started with making the function that checks the user and password in the db can you please look a little on it and see if it's ok and what should i add from now on .. what should i set inside of this function. please. function confirm($username, $password, $id) { if (!get_magic_quotes_gpc()) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); } $sql = "SELECT * FROM `members` WHERE username = '$username' AND password = '$password'"; $result = mysql_query($sql); if (!$result || (mysql_numrows($result) < 1)) { return 1; // Username Failure } $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); if ($username == $dbarray['username']) { return; // Success! Username confirmed } else { return 2; // Indicates username failure } if ($password == $dbarray['password']) { return 0; //Success! Username and password confirmed } else { return 2; //Indicates password failure } } Link to comment https://forums.phpfreaks.com/topic/125329-user-sys-function-check-if-user-exists/ Share on other sites More sharing options...
Maq Posted September 22, 2008 Share Posted September 22, 2008 Do you have any specific problems/issues/errors? Link to comment https://forums.phpfreaks.com/topic/125329-user-sys-function-check-if-user-exists/#findComment-647841 Share on other sites More sharing options...
bogdaniel Posted September 22, 2008 Author Share Posted September 22, 2008 Do you have any specific problems/issues/errors? i dont't have any error but i'm not sure what should i do next.. Link to comment https://forums.phpfreaks.com/topic/125329-user-sys-function-check-if-user-exists/#findComment-647844 Share on other sites More sharing options...
Maq Posted September 22, 2008 Share Posted September 22, 2008 Why do you return 5 different times where multiple returns could be true? You don't need: if ($username == $dbarray['username']) { return; // Success! Username confirmed } else { return 2; // Indicates username failure } if ($password == $dbarray['password']) { return 0; //Success! Username and password confirmed } else { return 2; //Indicates password failure } Because your query already checks this. Think about it. The query is searching for the username and password that was entered from the $_POST vars. If your query returns at least one row then they exist in the database and have entered the correct password. So your function should return 0 or 1, true or false etc... to tell you in the login script that the user's credentials are correct. But you should use some htmlspecialcharacters/stripslashes/etc... functions to secure your script. Link to comment https://forums.phpfreaks.com/topic/125329-user-sys-function-check-if-user-exists/#findComment-647860 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.