Re: [PHP] session password problems.

Sun, 17 Feb 2002 19:30:54 -0800 

> I have a php user authorise script.
>
> I have 2 fields in a mysql database. user_name and user_password. Password
> is encrypted with the mysql password('$password') function.
>
> This is my PHP authorise section of the script.
>
> $sql_authorisation = "SELECT * FROM account_details WHERE
> account_name='$login_username' AND
> account_password=PASSWORD('$login_password');
> $sql_authorisation_result = mysql_query($sql_authorisation);
>
> if (!$sql_authorisation_result) {
> error("A Database Error Occurred while trying to authorise login
details");
> }
>
> if (mysql_num_rows($sql_authorisation_result) == 0) {
> session_unregister("login_username");
> session_unregister("login_password");
> ?>
>
> <HTML>
> <HEAD>
> <TITLE> Access Denied </TITLE>
> </HEAD>
> <BODY BGCOLOR=white>
> <H1> Access Denied </H1>
> <P> Your user ID and Password could not be verified. This could be an
> incorrect username or password, or you are not a registered user on this
> site. Try logging in again checking your details, or enter the signup
> process to join us</P>
> </BODY>
> </HTML>
> <?php
>
> exit;
> }
>
> ?>
>
> This script does NOT work.
>
> However if I change the sql function $sql_authorisation to
>
> $sql_authorisation = "SELECT * FROM account_details WHERE
> account_name='$login_username' );
>
> so that is only selects the username - it works. there for there is a
> problem with me selecting and comparing the password'd user_password.
>
> Any suggestions.

You have to use the query with mysql_num_rows(), not the result of the
query, try:

if (mysql_num_rows($sql_authorisation) == 0) {

And it woudl be better to test for a single row, not the fact that no rows
returned.  I would use:

if (mysql_num_rows($sql_authorisation) == 1) {
  $user_array = mysql_fetch_array($sql_authorisation_result);
  $login_username = $user_array[account_name];
  session_register("login_username");
}


------------------------------------------------------------------------
Greg Donald - http://destiney.com/
http://phprated.com/ | http://phplinks.org/ | http://phptopsites.com/
------------------------------------------------------------------------



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to