That's a ridiculous question but I am trying to figure out watch going one already for some time. I have the following PHP code in which actually I do a simple string comparison but it doesn't work:
$db = new PDO('pgsql:dbname=login;user=postgres;password=postgres;host=localhost;port=5432');
if ($db) {
// hash the password
$hashed_password = md5($pword);
//echo($hashed_password);
//AND password =:password
$stmt = $db->prepare("SELECT * FROM members WHERE username =:username AND password =:password ");
$stmt->bindParam('username', $uname,PDO::PARAM_INT); // bind $uname to parameter
$stmt->bindParam('password', $hashed_password,PDO::PARAM_INT); // bind $uname to parameter
$stmt->execute();
$result = $stmt->fetch();
$rights = $result['userRights'];
//====================================================
// CHECK TO SEE IF THE $result VARIABLE IS TRUE
//====================================================
if ($result) {
//echo($rights);
$num_rows = sizeof($result);
if ($num_rows > 0) {
//echo($rights);
if($rights=="write"){
echo $rights;
//echo("write");
//header('Location: http://www.google.com/');
}
//if($result['userRights']=="write") {
//echo("write");
//session_start();
//$_SESSION['login'] = "1";
//header ("Location: indexx.php");
//}
}
else {
$errorMessage = "Error logging on";
}
}
else {
$errorMessage = "Error logging on";
}
}
else {
$errorMessage = "Error logging on";
}
}
Note: What I try to do is to implement a simple login/logout application. I know that some of the techniques I use are not best practices (e.g. MD5 hashing).
Aucun commentaire:
Enregistrer un commentaire