Log in form, almost working ,needs bit of work, but stuck
Posted: Tue Jun 22, 2010 4:08 am
Hello All,
I have a php script that i use along with a flex front end. I have become a little stuck with my script thou.
The code is as follows
Now at the moment my scirpt ignores the third field "level" and allows log in if their data is in the database "username" and "password". Now what i want to be able to do, is when the script returns the value <status>true</status> i would also like to return the value of the "level" field for that given user, could anyone help me out with this please?
I have a php script that i use along with a flex front end. I have become a little stuck with my script thou.
The code is as follows
My database has three fields, "username" "password" and "level"<?php
$hostname_conn = "localhost";
$username_conn = "";
$password_conn = "";
$conn = mysql_connect($hostname_conn, $username_conn, $password_conn);
mysql_select_db("videochat");
//mysql_real_escape_string POST'ed data for security purposes
$user = mysql_real_escape_string($_POST["user"]);
$pass = mysql_real_escape_string($_POST["pass"]);
//a little more security
$code_entities_match = array('--','"','!','@','#','$','%','^','&','*','(',')','_','+','{','}','|',':','"','<','>','?','[',']','\\',';',"'",',','.','/','*','+','~','`','=');
$user = str_replace($code_entities_match, "", $user);
$pass = str_replace($code_entities_match, "", $pass);
$query = "SELECT * FROM usernames WHERE username = '$user' AND password = '$pass'";
$result = mysql_query($query);
$logged = mysql_num_rows($result);
if ($logged == 1)
{
echo "<status>true</status>";
}
else
{
echo "<status>false</status>";
}
?>
Now at the moment my scirpt ignores the third field "level" and allows log in if their data is in the database "username" and "password". Now what i want to be able to do, is when the script returns the value <status>true</status> i would also like to return the value of the "level" field for that given user, could anyone help me out with this please?