Page 1 of 1

User Authorization CODING PROBLEM?

Posted: Thu Sep 18, 2003 1:10 pm
by Akwebby
function auth_user($userid, $password)
{
global $default_dbname, $user_tablename2;

$link_id = db_connect($default_dbname);
$query = "SELECT swgname FROM $user_tablename2 WHERE userid = \"$userid\" AND memberpassword = password('$password')";
$result = mysql_query($query);
if(!$result) die(error_message(sql_error()));
$query_data = mysql_fetch_row($result);

while($query_data = mysql_fetch_array($result))
{
$my_swg_name = $query_data["swgname"];
echo "$my_swg_name<BR><BR>";
return $my_swg_name;
}

return 0;
}


This is a complete function. This function always returns 0, and thus the user is never "logged in", can anyone tell me why it always returns 0? Thoughts appreciated.

Thanks in advance.

Posted: Thu Sep 18, 2003 1:17 pm
by JAM
Change your: \"$userid\"
To: '$userid'
In the query.

Are your register_globals on or off?

Posted: Thu Sep 18, 2003 3:08 pm
by Akwebby
Don't know exactly what you mean by "is register globals on/off"...

If you mean, can I type 'global <variable name>' and have it be seen even if the variable is not declared in the page, then yes it is on.

Otherwise I will require more explanation or the question.

I changed the 'userid' clasue like you said but log in still does not return anything but 0.

More help please :), everything is much appreciated.

Posted: Thu Sep 18, 2003 5:17 pm
by Heavy
I browsed your posts and it came to my mind that you may want to tell the world what version of PHP you have.

Also, please read this if you haven't yet:
Before Post Read: Concerning Passing Variables in PHP 4.2+

Read about register globals...

Posted: Thu Sep 18, 2003 5:43 pm
by JAM
Yah, sorry that I was unclear. Heavy gave you some directions that is worth looking into. Prefereably the area regarding $_POST.

Posted: Fri Sep 19, 2003 1:20 am
by Akwebby
I am attempting to code in PHP 4+ and the server has PHP version 4 something too.

Posted: Fri Sep 19, 2003 1:22 am
by Akwebby
I will try the above about _POST and write back about it, I was unaware of this change since I am relatively new to PHP and basicly taught myself the language by an obviously outdated book. Thanks for your help, I will keep in touch.

Excuse the DUh!

Posted: Fri Sep 19, 2003 10:51 pm
by unixchick
umm, smack me if im wrong but dosent the script have

Code: Select all

return 0
right in it?

anyways... your script has no clause that will define a given User Authorized

Posted: Sun Sep 21, 2003 6:23 pm
by Akwebby
umm, smack me if im wrong but dosent the script have

Code:
return 0


right in it?

anyways... your script has no clause that will define a given User Authorized
The code returns a name instead of a 0 if the user is authorized. Atleast that is what I intend it to do, then the value is stored and if it is not equal to 0 then the user is considered "logged in".

Re: User Authorization CODING PROBLEM?

Posted: Sun Sep 21, 2003 6:53 pm
by like_duh44
Maybe you should have a query to get the password from the database, compare it to what the user entered, and store a value for the answer, then have it return $answer; and have page that called function to check if $answer is yes or no. Sry if its confusing, but its hard to explain

Posted: Tue Sep 23, 2003 7:00 pm
by Leviathan
Here's your problem.

Before your while loop, you read a row out of the array, and then, at the top of the loop, you read a *second* row. Firstly, you don't need a loop; assuming you have any good controls on your code, you should have unique usernames. You don't actually need to loop through anything to verify that a user is logged in.

The reason that your code breaks is that your query only returns one row in the result set, but you try to get a second row. The row you get is empty, the comparison you have fails, and your code returns 0.

Here's what I'd do (apologies for any incorrect syntax, as I have wrappers for my database access)

Code: Select all

$query = ....
$result = mysql_query($query);
if (!$result) die (...);
if (mysql_num_rows($result) != 1) return 0;

$query_data = mysql_fetch_row($result);
return $query_data&#1111;"swgname"];

Posted: Tue Sep 23, 2003 9:36 pm
by Cruzado_Mainfrm

Code: Select all

$query_data = mysql_fetch_row($result); 
return $query_data["swgname"];
doesn't mysql_fetch_row returns enumerated arrays rather than associativy arrays? it's easier, if u have only 1 AND ONLY 1 result to use mysql_result?

why not:

Code: Select all

return @mysql_result($result,0,"swgname");
?

Posted: Tue Sep 23, 2003 10:56 pm
by Leviathan
I guess. As I mentioned, my database access is wrapped, so I haven't used the actual PHP calls in 2 years.