jeudi 26 mars 2015

String comparison issue in PHP

That's a ridiculous question but I am trying to figure out watch going one already for some time. I have the following PHP code in which actually I do a simple string comparison but it doesn't work:



$db = new PDO('pgsql:dbname=login;user=postgres;password=postgres;host=localhost;port=5432');
if ($db) {

// hash the password
$hashed_password = md5($pword);
//echo($hashed_password);
//AND password =:password
$stmt = $db->prepare("SELECT * FROM members WHERE username =:username AND password =:password ");

$stmt->bindParam('username', $uname,PDO::PARAM_INT); // bind $uname to parameter
$stmt->bindParam('password', $hashed_password,PDO::PARAM_INT); // bind $uname to parameter
$stmt->execute();

$result = $stmt->fetch();
$rights = $result['userRights'];
//====================================================
// CHECK TO SEE IF THE $result VARIABLE IS TRUE
//====================================================
if ($result) {
//echo($rights);
$num_rows = sizeof($result);

if ($num_rows > 0) {
//echo($rights);
if($rights=="write"){
echo $rights;
//echo("write");
//header('Location: http://www.google.com/');

}
//if($result['userRights']=="write") {
//echo("write");

//session_start();
//$_SESSION['login'] = "1";

//header ("Location: indexx.php");
//}
}
else {
$errorMessage = "Error logging on";
}
}
else {
$errorMessage = "Error logging on";
}
}

else {
$errorMessage = "Error logging on";
}


}


Note: What I try to do is to implement a simple login/logout application. I know that some of the techniques I use are not best practices (e.g. MD5 hashing).


Aucun commentaire:

Enregistrer un commentaire