#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2009
    Posts
    49
    Rep Power
    6

    Wrote a function, it's working but don't know how to use it?


    Hi Everyone,

    I wrote a function for a login script. I tested the function and it's working but when I include it on my website it's not working. I'm not sure what I'm doing wrong. What do you guys think?

    Thanks Everyone.

    syntax for function

    PHP Code:
    function loggeduser($name$password){ 

      
    $name mysql_real_escape_string($name); 
      
    $password mysql_real_escape_string($password); 
       
      
    $password sha1($password); 
       
        
    // getting the ID here 
         
    $sql_id mysql_query("SELECT * FROM practice WHERE name='$name' AND password='$password'");   
         while(
    $row mysql_fetch_array($sql_id)){ 
         
    $id $row["id"]; 
        }  

         
    $sql = ("SELECT id FROM practice WHERE name='$name' AND password='$password'"); 
         
    $result mysql_query($sql) or die(mysql_error()); 
          
         
    $countmysql_num_rows($result); 
          
         if (
    $count == 1){ 
         
    $_SESSION['authorized'] = true
         
    $_SESSION['id']; // <-- not sure if I need this?  
         
    $_SESSION['password'] = $password
         
    $_SESSION['name'] = $name
          
        
    header("location:userspage.php"); 
          
         } else { 
           echo 
    "Wrong username and password <br>";  
         }  

    login script

    PHP Code:
    <?php 
    session_start
    (); 
    include
    "connect_to_mysql3.php"
    $loggedinuser $_SESSION["id"]; 
    $name $_SESSION["name"]; 
        
    // include 'edit-car-function-for-login.php'; 
       
     
    if (isset( $_POST['name'], $_POST['password'] )){ 

        
    $name $_POST['name']; 
        
    $password $_POST['password']; 
         
        
    $password sha1($password); 
         
        
    $name mysql_real_escape_string($name); 
        
    $password mysql_real_escape_string($password); 
         
        
    $sql_id mysql_query("SELECT * FROM practice WHERE name='$name' AND password='$password'");   
        while(
    $row mysql_fetch_array($sql_id)){ 
        
    $id $row["id"]; 
        }  
         
        
    $sql = ("SELECT id FROM practice WHERE name='$name' AND password='$password'"); 

        
    $result mysql_query($sql); 
         
        
    $count=mysql_num_rows($result); 
         
        if(
    $count==1){ 


        
    $_SESSION["name"] = $name
        
    $_SESSION["id"] = $id

       
    header("location:userspage.php"); 
        

       } else { 
       echo 
    "Wrong Username and Password.";  
      }  
    }
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    what does "not work" mean? Do you get an error message? Does your computer crash?

    Apart from that, I don't get what you're trying to do. OK, you have a function. But you don't use this function in your login script and instead write down some similar (but different) code. Um, is this another try?

    The code itself also has several oddities. What's the point of repeating the same query twice? Why do you need a "while" loop to fetch a single row?

    Also you must not store the password hash in the session. This is extremely unsecure and completely pointless (what do you need the hash for when the user is already logged in?). The password hash is supposed to be stored in exactly one column in the database and nowhere else. Not in the session, not in a cookie.

IMN logo majestic logo threadwatch logo seochat tools logo