User Authorization CODING PROBLEM?

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
Akwebby
Forum Newbie
Posts: 15
Joined: Wed Sep 17, 2003 5:47 pm

User Authorization CODING PROBLEM?

Post by Akwebby »

function auth_user($userid, $password)
{
global $default_dbname, $user_tablename2;

$link_id = db_connect($default_dbname);
$query = "SELECT swgname FROM $user_tablename2 WHERE userid = \"$userid\" AND memberpassword = password('$password')";
$result = mysql_query($query);
if(!$result) die(error_message(sql_error()));
$query_data = mysql_fetch_row($result);

while($query_data = mysql_fetch_array($result))
{
$my_swg_name = $query_data["swgname"];
echo "$my_swg_name<BR><BR>";
return $my_swg_name;
}

return 0;
}


This is a complete function. This function always returns 0, and thus the user is never "logged in", can anyone tell me why it always returns 0? Thoughts appreciated.

Thanks in advance.
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Change your: \"$userid\"
To: '$userid'
In the query.

Are your register_globals on or off?
Akwebby
Forum Newbie
Posts: 15
Joined: Wed Sep 17, 2003 5:47 pm

Post by Akwebby »

Don't know exactly what you mean by "is register globals on/off"...

If you mean, can I type 'global <variable name>' and have it be seen even if the variable is not declared in the page, then yes it is on.

Otherwise I will require more explanation or the question.

I changed the 'userid' clasue like you said but log in still does not return anything but 0.

More help please :), everything is much appreciated.
User avatar
Heavy
Forum Contributor
Posts: 478
Joined: Sun Sep 22, 2002 7:36 am
Location: Viksjöfors, Hälsingland, Sweden
Contact:

Post by Heavy »

I browsed your posts and it came to my mind that you may want to tell the world what version of PHP you have.

Also, please read this if you haven't yet:
Before Post Read: Concerning Passing Variables in PHP 4.2+

Read about register globals...
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Yah, sorry that I was unclear. Heavy gave you some directions that is worth looking into. Prefereably the area regarding $_POST.
Akwebby
Forum Newbie
Posts: 15
Joined: Wed Sep 17, 2003 5:47 pm

Post by Akwebby »

I am attempting to code in PHP 4+ and the server has PHP version 4 something too.
Akwebby
Forum Newbie
Posts: 15
Joined: Wed Sep 17, 2003 5:47 pm

Post by Akwebby »

I will try the above about _POST and write back about it, I was unaware of this change since I am relatively new to PHP and basicly taught myself the language by an obviously outdated book. Thanks for your help, I will keep in touch.
unixchick
Forum Newbie
Posts: 11
Joined: Thu Sep 11, 2003 11:21 pm

Excuse the DUh!

Post by unixchick »

umm, smack me if im wrong but dosent the script have

Code: Select all

return 0
right in it?

anyways... your script has no clause that will define a given User Authorized
Akwebby
Forum Newbie
Posts: 15
Joined: Wed Sep 17, 2003 5:47 pm

Post by Akwebby »

umm, smack me if im wrong but dosent the script have

Code:
return 0


right in it?

anyways... your script has no clause that will define a given User Authorized
The code returns a name instead of a 0 if the user is authorized. Atleast that is what I intend it to do, then the value is stored and if it is not equal to 0 then the user is considered "logged in".
like_duh44
Forum Commoner
Posts: 63
Joined: Sat Jul 26, 2003 6:57 pm

Re: User Authorization CODING PROBLEM?

Post by like_duh44 »

Maybe you should have a query to get the password from the database, compare it to what the user entered, and store a value for the answer, then have it return $answer; and have page that called function to check if $answer is yes or no. Sry if its confusing, but its hard to explain
User avatar
Leviathan
Forum Commoner
Posts: 36
Joined: Tue Sep 23, 2003 7:00 pm
Location: Waterloo, ON (Currently in Vancouver, BC)

Post by Leviathan »

Here's your problem.

Before your while loop, you read a row out of the array, and then, at the top of the loop, you read a *second* row. Firstly, you don't need a loop; assuming you have any good controls on your code, you should have unique usernames. You don't actually need to loop through anything to verify that a user is logged in.

The reason that your code breaks is that your query only returns one row in the result set, but you try to get a second row. The row you get is empty, the comparison you have fails, and your code returns 0.

Here's what I'd do (apologies for any incorrect syntax, as I have wrappers for my database access)

Code: Select all

$query = ....
$result = mysql_query($query);
if (!$result) die (...);
if (mysql_num_rows($result) != 1) return 0;

$query_data = mysql_fetch_row($result);
return $query_data&#1111;"swgname"];
Cruzado_Mainfrm
Forum Contributor
Posts: 346
Joined: Sun Jun 15, 2003 11:22 pm
Location: Miami, FL

Post by Cruzado_Mainfrm »

Code: Select all

$query_data = mysql_fetch_row($result); 
return $query_data["swgname"];
doesn't mysql_fetch_row returns enumerated arrays rather than associativy arrays? it's easier, if u have only 1 AND ONLY 1 result to use mysql_result?

why not:

Code: Select all

return @mysql_result($result,0,"swgname");
?
User avatar
Leviathan
Forum Commoner
Posts: 36
Joined: Tue Sep 23, 2003 7:00 pm
Location: Waterloo, ON (Currently in Vancouver, BC)

Post by Leviathan »

I guess. As I mentioned, my database access is wrapped, so I haven't used the actual PHP calls in 2 years.
Post Reply