Page 1 of 1

query

Posted: Sat Jan 10, 2009 2:30 pm
by chris_s_22
this is part of my login i want to add a query that checks the registered feild if 1 allow to login anything else to be refused
im guessing it gonna be somthing like this

Code: Select all

 
     $query = "select registered from user where username='$username' limit 1";
     $result = mysql_query($query);
 

this is my login function how/where do i add the query above obviously i need the proper finished query

Code: Select all

 
function user_login($username, $password)
{
     // Try and get the salt from the database using the username
     $query = "select salt from user where username='$username' limit 1";
     $result = mysql_query($query);
     $user = mysql_fetch_array($result);
 
     // Using the salt, encrypt the given password to see if it 
     // matches the one in the database
     $encrypted_pass = md5(md5($password).$user['salt']);
 
     // Try and get the user using the username & encrypted pass
     $query = "select userid, username from user where username='$username' and password='$encrypted_pass'";
     $result = mysql_query($query);
     $user = mysql_fetch_array($result);
     $numrows = mysql_num_rows($result);
     
     // Now encrypt the data to be stored in the session
     $encrypted_id = md5($user['userid']);
     $encrypted_name = md5($user['username']);
 
     // Store the data in the session
     $_SESSION['userid'] = $userid;
     $_SESSION['username'] = $username;
     $_SESSION['encrypted_id'] = $encrypted_id;
     $_SESSION['encrypted_name'] = $encrypted_name;
 
 
    if ($numrows == 1)
    {
        return 'Correct';
    }
    else
    {
        return false;
    }
}
 

Re: query

Posted: Sat Jan 10, 2009 2:41 pm
by watson516
You want to perform the registered check before the user can log in so I would say put that check at the top of the login function, no?

Re: query

Posted: Tue Jan 13, 2009 2:08 am
by paqman
Yes, set your session variables inside the if($numrows == 1) condition. That way, if they have the correct username/password combo it will log them in.