Page 1 of 1

Log in form, almost working ,needs bit of work, but stuck

Posted: Tue Jun 22, 2010 4:08 am
by davidhopkins
Hello All,

I have a php script that i use along with a flex front end. I have become a little stuck with my script thou.

The code is as follows
<?php
$hostname_conn = "localhost";
$username_conn = "";
$password_conn = "";

$conn = mysql_connect($hostname_conn, $username_conn, $password_conn);

mysql_select_db("videochat");

//mysql_real_escape_string POST'ed data for security purposes
$user = mysql_real_escape_string($_POST["user"]);
$pass = mysql_real_escape_string($_POST["pass"]);

//a little more security
$code_entities_match = array('--','"','!','@','#','$','%','^','&','*','(',')','_','+','{','}','|',':','"','<','>','?','[',']','\\',';',"'",',','.','/','*','+','~','`','=');
$user = str_replace($code_entities_match, "", $user);
$pass = str_replace($code_entities_match, "", $pass);

$query = "SELECT * FROM usernames WHERE username = '$user' AND password = '$pass'";

$result = mysql_query($query);

$logged = mysql_num_rows($result);

if ($logged == 1)
{
echo "<status>true</status>";
}
else
{
echo "<status>false</status>";
}
?>
My database has three fields, "username" "password" and "level"

Now at the moment my scirpt ignores the third field "level" and allows log in if their data is in the database "username" and "password". Now what i want to be able to do, is when the script returns the value <status>true</status> i would also like to return the value of the "level" field for that given user, could anyone help me out with this please?

Re: Log in form, almost working ,needs bit of work, but stuc

Posted: Tue Jun 22, 2010 6:32 am
by internet-solution
Please use php syntax tag (not quote) when posting code.

Try this -

Code: Select all

if ($logged == 1)
{
$row=mysql_fetch_array($result);
$level = $row['level'];
echo "<status>true. User level is $level</status>";
}

Re: Log in form, almost working ,needs bit of work, but stuc

Posted: Tue Jun 22, 2010 7:03 am
by davidhopkins
Hi, thanks for the reply, and sorry about the php code quote . .

I have tried to implment what yo had, but because i am using flex as the front end, i need to return the value of "level" inside the <level> </level> tags.

THis is what i have tried

Code: Select all

	if ($logged == 1)
	{
	    $row=mysql_fetch_array($result);
        $level = $row['level'];
		echo "<status>true</status>";
        echo "<level>'$level'</level>";
	}
But it isnt returning the level value . .

Re: Log in form, almost working ,needs bit of work, but stuc

Posted: Tue Jun 22, 2010 7:07 am
by internet-solution
remove single quotes around $level