I'd pull the addslashes() and use mysql_real_escape_string() instead. I'd also
echo the query that's being sent to the database and compare to make sure
it's doing what it should.
-Micah
On Thursday 10 November 2005 8:22 pm, JeRRy wrote:
Hi,
Well I tried this code but it fails, if I enter a correct User and Pass set
in the db it just prompts for the user/pass again. The error message that
should apply if wrong three times appears but the sucessful message I can't
get regardless of correct user pass or not, any help please?
?php
function displayLogin() {
header(WWW-Authenticate: Basic realm=\My Website\);
header(HTTP/1.0 401 Unauthorized);
echo h2Authentication Failure/h2;
echo The username and password provided did not work. Please reload this
page and try again.; exit;
}
$db = mysql_connect('localhost','db_user',db_pass') or die(Couldn't
connect to the database.); mysql_select_db('db_name') or die(Couldn't
select the database); if (!isset($PHP_AUTH_USER) || !isset($PHP_AUTH_PW))
{
// If username or password hasn't been set, display the login request.
displayLogin();
} else {
// Escape both the password and username string to prevent users from
inserting bogus data. $PHP_AUTH_USER = addslashes($PHP_AUTH_USER);
$PHP_AUTH_PW = md5($PHP_AUTH_PW);
// Check username and password agains the database.
$result = mysql_query(SELECT count(id) FROM users WHERE
password='$PHP_AUTH_PW' AND username='$PHP_AUTH_USER') or die(Couldn't
query the user-database.); $num = mysql_result($result, 0);
if (!$num) {
// If there were no matching users, show the login
displayLogin();
}
}
// All code/html below will only be displayed to authenticated users.
echo Congratulations! You're now authenticated.;
?
J
-
Do you Yahoo!?
Yahoo! News: Get the latest news via video today!
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php