Re: [PHP] Is this the best way?

---

• From: tg-php@xxxxxxxxxxxxxxxxxxxxxx ("TG")
• Date: Fri, 14 Mar 2008 12:51:31 -0400

---

I think the first thing I'd check is why you'd have more than one row being
returned. Is this a problem with some other part of the system? Bad data
import? Not checking for unique users when creating them? Something
like that.

If you do everything you can to prevent the possibility of multiple users,
then you can still check for multiple results if you want, maybe send an
email to yourself, but for the sake of not frustrating your users, just
take the first result and compare the login to that. The worst that'll
happen is they won't match and the user won't get logged in. Best case is
they get logged in and you won't get an annoyed user calling you.

-TG

----- Original Message -----
From: Jason Pruim <japruim@xxxxxxxxxx>
To: PHP General List <php-general@xxxxxxxxxxxxx>
Date: Fri, 14 Mar 2008 12:12:56 -0400
Subject: [PHP] Is this the best way?

Hi everyone,

I am attempting to add a little error checking for a very simple login
system. The info is stored in a MySQL database, and I am using mysqli
to connect to it. I have it working with the solution provided below,
but I am wondering if this is the right way to do it or if there is a
better way?

My thinking with this is if more then 1 record is returned from the
database, then there is a issue... If only is returned then the
username/password matched and I can safely show them the info...

$rowcnt = mysqli_num_rows($loginResult);
if($rowcnt !="1"){
echo "Auth failed";
die("Auth failed... Sorry");



}else{
while($row1 = mysqli_fetch_array($loginResult)) {
$_SESSION['user'] = $row1['loginName'];
$_SESSION['loggedin'] = "YES";
$table = $row1['tableName'];
$adminLevel = $row1['adminLevel'];
$authenticated = "TRUE";
echo "<BR>authentication complete";
}
return Array($table, $authenticated, $adminLevel);

.

---

• Follow-Ups:
  • Re: [PHP] Is this the best way?
    • From: Jason Pruim

• Prev by Date: Re: [PHP] Last Friday of every month
• Next by Date: Re: [PHP] Is this the best way?
• Previous by thread: Is this the best way?
• Next by thread: Re: [PHP] Is this the best way?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [PHP] Is this the best way? ... Not checking for unique users when creating them? ... If you do everything you can to prevent the possibility of multiple users, ... I am attempting to add a little error checking for a very simple login ... The info is stored in a MySQL database, ... (php.general) Re: NEWBIE: PHP login security ... > mySQL database which includes a table for username/password which is ... > checked by a PHP script when someone attempts to login. ... > login attempt is made the PHP script sends to user to a certain HTML ... (comp.lang.php) NEWBIE: PHP login security ... I'm using PHP and mySQL to create a website. ... mySQL database which includes a table for username/password which is ... login attempt is made the PHP script sends to user to a certain HTML ... (comp.lang.php) Re: Terminal Service ... allow multiple users to login through Terminal Services? ... "termserv.dll" in your google keywords. ... (microsoft.public.windowsxp.general) Re: Password encryption or not! ... search the MySQL database for the entered email ... For added security, the login name is ... intercepted, the intercepting party only has a password, but not the ... The second possibility is to have one or more security questions. ... (alt.php)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)