[PHP-DB] username/password db query

Sun, 30 Sep 2001 16:34:17 -0700 

Hi. i'm new to PHP, and i can't seem to find out what i'm doing wrong
with the following code:

client posts username/password via SSL to this file, login.php,
where i want to check the username/password combo against what is listed
in the db
if the entries are blank, it goes to a page that sends email and syslog 
alerts about a failed login attempt.
if the entry is bad, it also goes to this badlogin.php
while if it matches, they get cookies set and go to the goodlogin.php

<?php
$username = $HTTP_POST_VARS['username'];
$password = $HTTP_POST_VARS['password'];
if ($username == "" or $password == "") {
header ("Location: http://www.some.com/secure/badlogin.php";);
} else {
$db = pg_connect("dbname=some_com user=some_com");
$query = "SELECT * FROM userinfo";
$result = pg_exec($db, $query);
$numrows = pg_numrows($result);
};
do {
    $myrow = pg_fetch_row ($result,$row);
    if ($username==$myrow[0] && $password==$myrow[2]) {
    mt_srand((double)microtime()*1000000);
    $random_cookiename = mt_rand();
    $random_cookievalue = mt_rand();
    setcookie ($random_cookiename, $random_cookievalue, time()+900);
    setcookie (ClientAddress, $REMOTE_ADDR, time()+900);
                                pg_close($db);
    header ("Location: https://www.some.com/secure/goodlogin.php";);
   }
                $row++;
   } while($row < $numrows);
pg_close($db);
header ("Location: http://www.some.com/secure/badlogin.php";);
?>

the specified user has db rights.
if i put
echo $myrow[0];
in the loop (and remove the redirect to the badlogin.php file , it will 
print out all the users in the db (the first column)
but my comparison operation is not successfully telling when the entered
data properly matches the db entry (is it a datatype problem? the username 
is kept in the postgresql db as type char)

any constructive help would be very appreciated.

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to