Jump to content


Photo

Login Page, Code Advice


  • Please log in to reply
2 replies to this topic

#1 romio

romio
  • Members
  • PipPip
  • Member
  • 28 posts

Posted 18 September 2006 - 07:07 AM


This is my code which I use for my Login page, I would appreciate if anyone could tell me if its good enough, if not, then how can I improve it.
if ((isset($_POST['username'])) && (isset($_POST['username']))) 
{
  $loginUsername = mysql_escape_string($_POST['username']);
  $password = mysql_escape_string(md5($_POST['password']));

  $checkaccess = "SELECT username,password FROM login WHERE username = '$loginUsername' AND password = '$password'"; 
  $Login = mysql_query($checkaccess) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($Login);
	if ($loginFoundUser){
		setcookie('Logged', 'True', time()+60*60);
		header('Location: index.php');
		exit;
	}else{
	  	$errorMessage = true;
	}
}


#2 Zane

Zane
  • Administrators
  • Advanced Member
  • 4,134 posts

Posted 18 September 2006 - 07:12 AM

  $loginFoundUser = mysql_num_rows($Login);
	if ($loginFoundUser){
		setcookie('Logged', 'True', time()+60*60);
		header('Location: index.php');
		exit;
	}else{
	  	$errorMessage = true;
	}

mysql_num_rows return the number of rows in a result set on success, or FALSE on failure.


$loginFoundUser will only be false if the SQL statement has an error in it..
you'll have change you if statement to

if ($loginFoundUser == 1{

btn_donate_SM.gif Want to thank me? Contribute to my PayPal piggy-bank
 

172938.png

#3 romio

romio
  • Members
  • PipPip
  • Member
  • 28 posts

Posted 18 September 2006 - 07:48 AM

Thx zanus.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users