does this code make sense?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
grudz
Forum Commoner
Posts: 68
Joined: Thu Dec 04, 2003 12:52 pm

does this code make sense?

Post by grudz »

Hi,

I basically have a page where users log in. And I would just like to know if how I did it is ok, or is there a flaw.

this is in my head

Code: Select all

<?php ob_start(); 
session_start(); 
$username = $_POST['username'];
$_SESSION['username'] = $username;
?> 
<?php require_once('Connections/marketbr.php'); ?>
<?php
//encrypte the password when user logs in to match the one in the database
$md5 = md5(md5($password));

mysql_select_db($database_marketbr, $marketbr);
$query_Login = "SELECT * FROM signup WHERE username = '$username' AND password = '$md5'";
$Login = mysql_query($query_Login, $marketbr) or die(mysql_error());
$row_Login = mysql_fetch_assoc($Login);
$totalRows_Login = mysql_num_rows($Login);
?>
and this is in my body

Code: Select all

<?php if ($totalRows_Login >= 1) {
						print 'show restricted information';
}else {
						header ('Location: error.php?login=No Login');
}
?>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

jumping in and out of php like that without needing to can create problems, or maintanence issues. You should probably run an escape routine over the username. If the query returns more than 1 row, then you have a hacking attempt or you have some duplicate users, either of which you shouldn't allow..

header Location, although isn't required for a lot of browsers, some older ones will require a full url in it.
grudz
Forum Commoner
Posts: 68
Joined: Thu Dec 04, 2003 12:52 pm

Post by grudz »

but is my if ($totalRows_Login >= 1) ok for what i'm trying to do (a members area). I honestly never saw that type of code, but it looks good to me, and it's pretty simple. However, there could be a flaw that i'm overlooking.

You should probably run an escape routine over the username
i don't understand that....an escape routine?
Something to make sure the proper username was put in?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I was suggesting something like [php_man]addslashes[/php_man]
Post Reply