Jump to content

Right way to go about logging in...

Aureole

By Aureole
in PHP Coding Help

 Share

Recommended Posts

Aureole Advanced Member

Aureole

Posted
Posted

Ok, basically, I taught myself PHP by reading tutorials and taking apart other people's code, not sure if other people have done the same, but anyway... No doubt, a lot of the code I used to taught myself was old and/or outdated.

 

When I'm approaching login, this is basically what I do.

 

<?php
$ln = md5( $_POST['login_name'] );
$pa = md5( $_POST['password'] );

$query = "SELECT * FROM `members` WHERE `login_name` = '{$ln}' AND `password` = '{$pa}'";
$result = mysql_query( $query );

if( $result )
{
    echo( 'Login successful.' );
}
else
{
    echo( 'Login unsuccessful.' );
}
?>

 

Now that's all fine and dandy and it has always worked for me, but now I've started to use classes and functions it doesn't work out.

 

<?php
$ln = md5( $_POST['login_name'] );
$pa = md5( $_POST['password'] );

$db->select( '*', 'members', array( 'mem_lname' => $ln, 'mem_pass' => $pa ) );
$db->exec_query();

/*
$exec_query performs mysql_query() on the query created with $db->select and returns it within $db->result

Now the problem is, the following statement always evaluates to true
*/

if( $db->result )
{
    echo( 'Login successful.' );
}
else
{
    echo( 'Login unsuccessful.' );
}

/*
If I get rid of the above statement and do this:

$db->fetch_assoc();
var_dump( $db->assoc );

...it works as expected, so my query is well formed and is being executed

echo( $db->result );

would produce a resource id, unless of course I enter incorrect details and $db->assoc contains all the data from the database, again, unless I enter incorrect details.
*/
?>

 

So what should I do to check if the login was successful, now that if( $db->result) doesn't work?

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

This approuch is floored.

 

<?php
$ln = md5( $_POST['login_name'] );
$pa = md5( $_POST['password'] );

$query = "SELECT * FROM `members` WHERE `login_name` = '{$ln}' AND `password` = '{$pa}'";
$result = mysql_query( $query );

if( $result )
{
    echo( 'Login successful.' );
}
else
{
    echo( 'Login unsuccessful.' );
}
?>

 

mysql_query returns true if your query is successfull, not if it finds results. There is a difference.

 

You would need to use...

 

<?php

$ln = md5( $_POST['login_name'] );
$pa = md5( $_POST['password'] );

$query = "SELECT * FROM `members` WHERE `login_name` = '{$ln}' AND `password` = '{$pa}'";
if ($result = mysql_query( $query )) {
  if(mysql_num_rows($result)) {
    echo( 'Login successful.' );
  }
  else
  {
    echo( 'Login unsuccessful.' );
  }
}
?>

 

Other than that, theres not much we can help you with. Simply stating something doesn't work gives us nothing. We need to see the relevent code.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.