Authentication by SSN. Simple? hopefully?

[Moron]

Okay, I want two fields on the opening page of my Leave Management form: Employee Number and Password. Password will be their Social Security Number. Therefore, the SSN they enter as password must match the Employee Number. Both are in the same database table.

Is there a simple way to do this?

I seriously don't need any encryption or anything fancy like that or any dealings with an htaccess file or whatever. This field must match that one. That's all.

[harleydude]

sure, just be sure that the ssn field in the database is a character field or else passwords like '012345678' will come out as '12345678'.

A simple validation sql will do the trick: select uid from users where uid = loginid and pw = loginpw

If recordcount == 1 then they are good to go!!

[Moron]

[quote author=harleydude link=topic=106380.msg425366#msg425366 date=1157032602]
sure, just be sure that the ssn field in the database is a character field or else passwords like '012345678' will come out as '12345678'.

A simple validation sql will do the trick: select uid from users where uid = loginid and pw = loginpw

If recordcount == 1 then they are good to go!!
[/quote]

The first part is already in place. They enter their employee number and the records pull from there.

So just to be clear..... I adapt the query by adding a condition that (employee number recordcount == 1 AND password (SSN) recordcount == 1)  ?? Is that right?

[Moron]

Update: It now works [b]somewhat.[/b]    ::)

If I enter my employee number and correct SSN, it works like a charm. If I enter the wrong SSN, it gives me the intended page with this near the top:

[quote][b]Warning:[/b] mssql_data_seek() [function.mssql-data-seek]: Bad row offset in [b]E:\User\Inetpub\wwwroot\PHPLeaveTime\leaveprocess.php[/b] on line [b]476[/b]
[/quote]

What I want it to do in case of a mismatch is not give a database error, but instead come back and say "Invalid password" or whatever.

Ideas?

[redarrow]

post your sql statement as it is now please.

[Moron]

[quote author=redarrow link=topic=106380.msg425443#msg425443 date=1157039881]
post your sql statement as it is now please.

[/quote]

I can do that, but the query does exactly what I want. The only thing is, I want to stop the user and give a warning if the SSN and employee number don't match.

EDIT: If you think it might help, here you go:

[code]$RESULTDS=mssql_query("SELECT DISTINCT LH.[Employee Number], LH.[Lmo], LH.[Lda], LH.[LYR], LH.[Hours], LH.[Leave Code], M2.[HRYRAT], M2.[EMPNO], M2.[MANLAP], M2.[MANLAC], M2.[MANLTC], M2.[MSKLAB], M2.[MSKLTC], M2.[MSKLAB], M2.[MSKLTC], M2.[NAMEMI], M2.[NAMEL], M2.[NAMEF] FROM LEAVHST LH INNER JOIN MASTERL2 M2 ON LH.[Employee Number]=M2.EMPNO WHERE M2.[EMPNO] = '".$_POST['employeenumber']."' and
M2.[MSSNO] = '".$_POST['password']."' and (LH.[LYR] = '$last' AND LH.[Lmo] >= '07') OR (LH.[LYR] = '$last' + 1  AND LH.[Lmo] < '07')  ORDER BY LH.[LYR] desc, LH.[Lmo] desc, LH.[Lda] desc");
$RESULT=mssql_fetch_assoc($RESULTDS);[/code]

Thanks!