Wrote a function, it's working but don't know how to use it?

Dev Shed Forums Sponsor:

November 13th, 2012, 12:09 AM

scm22ri

Contributing User

Join Date: Aug 2009

Posts: 49

Time spent in forums: 5 h 34 m 35 sec
Reputation Power: 4

Wrote a function, it's working but don't know how to use it?

Hi Everyone,

I wrote a function for a login script. I tested the function and it's working but when I include it on my website it's not working. I'm not sure what I'm doing wrong. What do you guys think?

Thanks Everyone.

syntax for function

PHP Code:


		
			
function loggeduser($name, $password){ 



  $name = mysql_real_escape_string($name); 

  $password = mysql_real_escape_string($password); 

   

  $password = sha1($password); 

   

    // getting the ID here 

     $sql_id = mysql_query("SELECT * FROM practice WHERE name='$name' AND password='$password'");   

     while($row = mysql_fetch_array($sql_id)){ 

     $id = $row["id"]; 

    }  



     $sql = ("SELECT id FROM practice WHERE name='$name' AND password='$password'"); 

     $result = mysql_query($sql) or die(mysql_error()); 

      

     $count= mysql_num_rows($result); 

      

     if ($count == 1){ 

     $_SESSION['authorized'] = true; 

     $_SESSION['id']; // <-- not sure if I need this?  

     $_SESSION['password'] = $password; 

     $_SESSION['name'] = $name; 

      

    header("location:userspage.php"); 

      

     } else { 

       echo "Wrong username and password <br>";  

     }  

}

login script

PHP Code:


		
			
<?php 

session_start(); 

include"connect_to_mysql3.php"; 

$loggedinuser = $_SESSION["id"]; 

$name = $_SESSION["name"]; 

    

// include 'edit-car-function-for-login.php'; 

   

 if (isset( $_POST['name'], $_POST['password'] )){ 



    $name = $_POST['name']; 

    $password = $_POST['password']; 

     

    $password = sha1($password); 

     

    $name = mysql_real_escape_string($name); 

    $password = mysql_real_escape_string($password); 

     

    $sql_id = mysql_query("SELECT * FROM practice WHERE name='$name' AND password='$password'");   

    while($row = mysql_fetch_array($sql_id)){ 

    $id = $row["id"]; 

    }  

     

    $sql = ("SELECT id FROM practice WHERE name='$name' AND password='$password'"); 



    $result = mysql_query($sql); 

     

    $count=mysql_num_rows($result); 

     

    if($count==1){ 





    $_SESSION["name"] = $name; 

    $_SESSION["id"] = $id; 



   header("location:userspage.php"); 

    



   } else { 

   echo "Wrong Username and Password.";  

  }  

}

November 13th, 2012, 12:37 AM

Jacques1

pollyanna

Join Date: Jul 2012

Location: Germany

Posts: 1,855

Time spent in forums: 1 Month 2 Weeks 1 Day 16 h 5 m 43 sec
Reputation Power: 813

Hi,

what does "not work" mean? Do you get an error message? Does your computer crash?

Apart from that, I don't get what you're trying to do. OK, you have a function. But you don't use this function in your login script and instead write down some similar (but different) code. Um, is this another try?

The code itself also has several oddities. What's the point of repeating the same query twice? Why do you need a "while" loop to fetch a single row?

Also you must not store the password hash in the session. This is extremely unsecure and completely pointless (what do you need the hash for when the user is already logged in?). The password hash is supposed to be stored in exactly one column in the database and nowhere else. Not in the session, not in a cookie.

Wrote a function, it's working but don't know how to use it?

Developer Shed Advertisers and Affiliates