decpariem Posted March 12, 2010 Share Posted March 12, 2010 hi. i am trying to make a simple login system in flash php mysql.I have the database table users and the user is either admin or simple user. i want a php form that will check the role entry and return different result to process it in flash. i have the code for admin login without role which works: <?php include_once("settings.inc.php"); include_once("functions.inc.php"); $password = MD5($_GET['userPassword']); // md5() $query = "SELECT * FROM user WHERE username = '" . $_GET['userName'] . "' AND password = '$password'"; $result = @mysql_query($query); if($result){ if(mysql_num_rows($result) == 1){ echo "status=ok"; } else{ fail("The user name and password could not be validated."); } }else{ fail("There was an error getting information on the user.", mysql_error()); } ?> i guess a line is missing to check the roles but i can't think of it!!!! help please. Quote Link to comment Share on other sites More sharing options...
cs.punk Posted March 12, 2010 Share Posted March 12, 2010 hi. i am trying to make a simple login system in flash php mysql.I have the database table users and the user is either admin or simple user. i want a php form that will check the role entry and return different result to process it in flash. i have the code for admin login without role which works: <?php include_once("settings.inc.php"); include_once("functions.inc.php"); $password = MD5($_GET['userPassword']); // md5() $query = "SELECT * FROM user WHERE username = '" . $_GET['userName'] . "' AND password = '$password'"; $result = @mysql_query($query); if($result){ if(mysql_num_rows($result) == 1){ echo "status=ok"; } else{ fail("The user name and password could not be validated."); } }else{ fail("There was an error getting information on the user.", mysql_error()); } ?> i guess a line is missing to check the roles but i can't think of it!!!! help please. Firstly use POST rather than GET. It is more secure. Look into mysql_real_escape_string to make your inputs database safe... Consider if I typed in "test"; die;".. You might have magic quotes turned on though. This automatically escapes all POST/GET data. Oh i forget! I would add a 'rank' column to your table. And do something like this: <?php include_once("settings.inc.php"); include_once("functions.inc.php"); $password = MD5($_GET['userPassword']); // md5() $query = "SELECT * FROM user WHERE username = '" . $_GET['userName'] . "' AND password = '$password'"; $result = @mysql_query($query); if($result){ if(mysql_num_rows($result) == 1){ echo "status=ok"; $row = mysql_fetch_row($result); echo "status=ok Rank={$row['3']}"; // Which ever is the colunm your rank is starting from 0,1,2,3 etc } else{ fail("The user name and password could not be validated."); } }else{ fail("There was an error getting information on the user.", mysql_error()); } ?> Quote Link to comment Share on other sites More sharing options...
decpariem Posted March 12, 2010 Author Share Posted March 12, 2010 the code i posted works fine. i just want to check if the user is admin or simple user. thanks for the advice though, Quote Link to comment Share on other sites More sharing options...
cs.punk Posted March 12, 2010 Share Posted March 12, 2010 the code i posted works fine. i just want to check if the user is admin or simple user. thanks for the advice though, But it might not be secure Quote Link to comment Share on other sites More sharing options...
decpariem Posted March 12, 2010 Author Share Posted March 12, 2010 the truth is i don't seem to get your point. while i have a flash application as interface i have something like this code into flash to check php. if status=="ok" then do this. i don't get the line echo status=ok rank=["3"]. say i have a column role which is 0 if the user is admin and1 if the user is simple. i want a diffirent status for each case. thank you. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.