This is how the code looks at the moment:
Code: Select all
$usernameInput = mysql_real_escape_string($_POST["username"]);
$passwordInput = mysql_real_escape_string($_POST["password"]);
$query = mysql_query("SELECT customerid, customerpassword
FROM customer
WHERE customerid = '$usernameInput'");
$NR = mysql_num_rows($query);
if ($NR > 1) {
mail("x", "x", "Function checkLogin() finding more than 1 row for username");
}
if (!$NR) {
echo "Unable to find username, please contact us<br>";
}
while ($res = mysql_fetch_array($query)) {
$usernameDatabase = stripslashes($res['customerid']);
$passwordDatabase = stripslashes($res['customerpassword']);
}
if ($usernameInput == $usernameDatabase && $passwordInput == $passwordDatabase) {
$_SESSION["authSuccess"];
}