Session username and mySQL

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Terencentanio
Forum Commoner
Posts: 27
Joined: Mon Dec 06, 2004 10:32 am
Location: England

Post by Terencentanio »

Sorry. Should of included this.

Code: Select all

<?php

/* check login script, included in db_connect.php. */

session_start();

if (!isset($_SESSION&#1111;'username']) || !isset($_SESSION&#1111;'password'])) &#123;
        $logged_in = 0;
        return;
&#125; else &#123;

        // remember, $_SESSION&#1111;'password'] will be encrypted.

        if(!get_magic_quotes_gpc()) &#123;
                $_SESSION&#1111;'username'] = addslashes($_SESSION&#1111;'username']);
        &#125;


        // addslashes to session username before using in a query.
        $pass = $db_object->query("SELECT password FROM users WHERE username = '".$_SESSION&#1111;'username']."'");

        if(DB::isError($pass) || $pass->numRows() != 1) &#123;
                $logged_in = 0;
                unset($_SESSION&#1111;'username']);
                unset($_SESSION&#1111;'password']);
                // kill incorrect session variables.
        &#125;

        $db_pass = $pass->fetchRow();

        // now we have encrypted pass from DB in
        //$db_pass&#1111;'password'], stripslashes() just incase:

        $db_pass&#1111;'password'] = stripslashes($db_pass&#1111;'password']);
        $_SESSION&#1111;'password'] = stripslashes($_SESSION&#1111;'password']);



        //compare:



        if($_SESSION&#1111;'password'] == $db_pass&#1111;'password']) &#123;
                // valid password for username
                $logged_in = 1; // they have correct info
                                        // in session variables.
        &#125; else &#123;
                $logged_in = 0;
                unset($_SESSION&#1111;'username']);
                unset($_SESSION&#1111;'password']);
                // kill incorrect session variables.
        &#125;
&#125;


// clean up
unset($db_pass&#1111;'password']);

$_SESSION&#1111;'username'] = stripslashes($_SESSION&#1111;'username']);

?>
db_connect.php includes check_login.php, which has the session start shiz.


I'm thinking, if this doesn't work, maybe I could use something on index.php which takes their session username then adds it to a table on a database, then anything in the future which requires their username can take it from the database.... I just dunno how I could make it identify them unless I do it by IP.
Post Reply