Jump to content

Right way to go about logging in...


Aureole

Recommended Posts

Ok, basically, I taught myself PHP by reading tutorials and taking apart other people's code, not sure if other people have done the same, but anyway... No doubt, a lot of the code I used to taught myself was old and/or outdated.

 

When I'm approaching login, this is basically what I do.

 

<?php
$ln = md5( $_POST['login_name'] );
$pa = md5( $_POST['password'] );

$query = "SELECT * FROM `members` WHERE `login_name` = '{$ln}' AND `password` = '{$pa}'";
$result = mysql_query( $query );

if( $result )
{
    echo( 'Login successful.' );
}
else
{
    echo( 'Login unsuccessful.' );
}
?>

 

Now that's all fine and dandy and it has always worked for me, but now I've started to use classes and functions it doesn't work out.

 

<?php
$ln = md5( $_POST['login_name'] );
$pa = md5( $_POST['password'] );

$db->select( '*', 'members', array( 'mem_lname' => $ln, 'mem_pass' => $pa ) );
$db->exec_query();

/*
$exec_query performs mysql_query() on the query created with $db->select and returns it within $db->result

Now the problem is, the following statement always evaluates to true
*/

if( $db->result )
{
    echo( 'Login successful.' );
}
else
{
    echo( 'Login unsuccessful.' );
}

/*
If I get rid of the above statement and do this:

$db->fetch_assoc();
var_dump( $db->assoc );

...it works as expected, so my query is well formed and is being executed

echo( $db->result );

would produce a resource id, unless of course I enter incorrect details and $db->assoc contains all the data from the database, again, unless I enter incorrect details.
*/
?>

 

So what should I do to check if the login was successful, now that if( $db->result) doesn't work?

Link to comment
https://forums.phpfreaks.com/topic/97972-right-way-to-go-about-logging-in/
Share on other sites

This approuch is floored.

 

<?php
$ln = md5( $_POST['login_name'] );
$pa = md5( $_POST['password'] );

$query = "SELECT * FROM `members` WHERE `login_name` = '{$ln}' AND `password` = '{$pa}'";
$result = mysql_query( $query );

if( $result )
{
    echo( 'Login successful.' );
}
else
{
    echo( 'Login unsuccessful.' );
}
?>

 

mysql_query returns true if your query is successfull, not if it finds results. There is a difference.

 

You would need to use...

 

<?php

$ln = md5( $_POST['login_name'] );
$pa = md5( $_POST['password'] );

$query = "SELECT * FROM `members` WHERE `login_name` = '{$ln}' AND `password` = '{$pa}'";
if ($result = mysql_query( $query )) {
  if(mysql_num_rows($result)) {
    echo( 'Login successful.' );
  }
  else
  {
    echo( 'Login unsuccessful.' );
  }
}
?>

 

Other than that, theres not much we can help you with. Simply stating something doesn't work gives us nothing. We need to see the relevent code.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.