Re: [PHP] Is this the best way?

14/03/2008, 18h51

I think the first thing I'd check is why you'd have more than one row being
returned. Is this a problem with some other part of the system? Bad data
import? Not checking for unique users when creating them? Something
like that.

If you do everything you can to prevent the possibility of multiple users,
then you can still check for multiple results if you want, maybe send an
email to yourself, but for the sake of not frustrating your users, just
take the first result and compare the login to that. The worst that'll
happen is they won't match and the user won't get logged in. Best case is
they get logged in and you won't get an annoyed user calling you.

-TG

----- Original Message -----
From: Jason Pruim <japruim@raoset.com>
To: PHP General List <php-general@lists.php.net>
Date: Fri, 14 Mar 2008 12:12:56 -0400
Subject: [php] Is this the best way?

> Hi everyone,
>
> I am attempting to add a little error checking for a very simple login
> system. The info is stored in a MySQL database, and I am using mysqli
> to connect to it. I have it working with the solution provided below,
> but I am wondering if this is the right way to do it or if there is a
> better way?
>
> My thinking with this is if more then 1 record is returned from the
> database, then there is a issue... If only is returned then the
> username/password matched and I can safely show them the info...
>
> $rowcnt = mysqli_num_rows($loginResult);
> if($rowcnt !="1"){
> echo "Auth failed";
> die("Auth failed... Sorry");
>
>
>
> }else{
> while($row1 = mysqli_fetch_array($loginResult)) {
> $_SESSION['user'] = $row1['loginName'];
> $_SESSION['loggedin'] = "YES";
> $table = $row1['tableName'];
> $adminLevel = $row1['adminLevel'];
> $authenticated = "TRUE";
> echo "<BR>authentication complete";
> }
> return Array($table, $authenticated, $adminLevel);

14/03/2008, 19h00

On Mar 14, 2008, at 12:51 PM, TG wrote:

>
> I think the first thing I'd check is why you'd have more than one
> row being
> returned. Is this a problem with some other part of the system?
> Bad data
> import? Not checking for unique users when creating them?
> Something
> like that.

The username's will be unique... Still need to make that change to the
DB but they will be.

The main reason I'm doing it this way, is if I don't put in some kind
of a check on the authentication then it pops up a mysql error saying
that there is a problem with my syntax... instead of NOT logging them
in... So I thought if I checked to make sure that the query only
returned 1 row, it would match up and I could do some error checking
based on that...

>
>
> If you do everything you can to prevent the possibility of multiple
> users,
> then you can still check for multiple results if you want, maybe
> send an
> email to yourself, but for the sake of not frustrating your users,
> just
> take the first result and compare the login to that. The worst
> that'll
> happen is they won't match and the user won't get logged in. Best
> case is
> they get logged in and you won't get an annoyed user calling you.

>
>
> -TG
>
> ----- Original Message -----
> From: Jason Pruim <japruim@raoset.com>
> To: PHP General List <php-general@lists.php.net>
> Date: Fri, 14 Mar 2008 12:12:56 -0400
> Subject: [php] Is this the best way?
>
>> Hi everyone,
>>
>> I am attempting to add a little error checking for a very simple
>> login
>> system. The info is stored in a MySQL database, and I am using mysqli
>> to connect to it. I have it working with the solution provided below,
>> but I am wondering if this is the right way to do it or if there is a
>> better way?
>>
>> My thinking with this is if more then 1 record is returned from the
>> database, then there is a issue... If only is returned then the
>> username/password matched and I can safely show them the info...
>>
>> $rowcnt = mysqli_num_rows($loginResult);
>> if($rowcnt !="1"){
>> echo "Auth failed";
>> die("Auth failed... Sorry");
>>
>>
>>
>> }else{
>> while($row1 = mysqli_fetch_array($loginResult)) {
>> $_SESSION['user'] = $row1['loginName'];
>> $_SESSION['loggedin'] = "YES";
>> $table = $row1['tableName'];
>> $adminLevel = $row1['adminLevel'];
>> $authenticated = "TRUE";
>> echo "<BR>authentication complete";
>> }
>> return Array($table, $authenticated, $adminLevel);
>
>

--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
japruim@raoset.com

14/03/2008, 18h51	#1
TG Messages: n/a Hébergeur:	Re: [PHP] Is this the best way? I think the first thing I'd check is why you'd have more than one row being returned. Is this a problem with some other part of the system? Bad data import? Not checking for unique users when creating them? Something like that. If you do everything you can to prevent the possibility of multiple users, then you can still check for multiple results if you want, maybe send an email to yourself, but for the sake of not frustrating your users, just take the first result and compare the login to that. The worst that'll happen is they won't match and the user won't get logged in. Best case is they get logged in and you won't get an annoyed user calling you. -TG ----- Original Message ----- From: Jason Pruim <japruim@raoset.com> To: PHP General List <php-general@lists.php.net> Date: Fri, 14 Mar 2008 12:12:56 -0400 Subject: [php] Is this the best way? > Hi everyone, > > I am attempting to add a little error checking for a very simple login > system. The info is stored in a MySQL database, and I am using mysqli > to connect to it. I have it working with the solution provided below, > but I am wondering if this is the right way to do it or if there is a > better way? > > My thinking with this is if more then 1 record is returned from the > database, then there is a issue... If only is returned then the > username/password matched and I can safely show them the info... > > $rowcnt = mysqli_num_rows($loginResult); > if($rowcnt !="1"){ > echo "Auth failed"; > die("Auth failed... Sorry"); > > > > }else{ > while($row1 = mysqli_fetch_array($loginResult)) { > $_SESSION['user'] = $row1['loginName']; > $_SESSION['loggedin'] = "YES"; > $table = $row1['tableName']; > $adminLevel = $row1['adminLevel']; > $authenticated = "TRUE"; > echo "<BR>authentication complete"; > } > return Array($table, $authenticated, $adminLevel);

14/03/2008, 19h00	#2
Jason Pruim Messages: n/a Hébergeur:	Re: [PHP] Is this the best way? On Mar 14, 2008, at 12:51 PM, TG wrote: > > I think the first thing I'd check is why you'd have more than one > row being > returned. Is this a problem with some other part of the system? > Bad data > import? Not checking for unique users when creating them? > Something > like that. The username's will be unique... Still need to make that change to the DB but they will be. The main reason I'm doing it this way, is if I don't put in some kind of a check on the authentication then it pops up a mysql error saying that there is a problem with my syntax... instead of NOT logging them in... So I thought if I checked to make sure that the query only returned 1 row, it would match up and I could do some error checking based on that... > > > If you do everything you can to prevent the possibility of multiple > users, > then you can still check for multiple results if you want, maybe > send an > email to yourself, but for the sake of not frustrating your users, > just > take the first result and compare the login to that. The worst > that'll > happen is they won't match and the user won't get logged in. Best > case is > they get logged in and you won't get an annoyed user calling you. > > > -TG > > ----- Original Message ----- > From: Jason Pruim <japruim@raoset.com> > To: PHP General List <php-general@lists.php.net> > Date: Fri, 14 Mar 2008 12:12:56 -0400 > Subject: [php] Is this the best way? > >> Hi everyone, >> >> I am attempting to add a little error checking for a very simple >> login >> system. The info is stored in a MySQL database, and I am using mysqli >> to connect to it. I have it working with the solution provided below, >> but I am wondering if this is the right way to do it or if there is a >> better way? >> >> My thinking with this is if more then 1 record is returned from the >> database, then there is a issue... If only is returned then the >> username/password matched and I can safely show them the info... >> >> $rowcnt = mysqli_num_rows($loginResult); >> if($rowcnt !="1"){ >> echo "Auth failed"; >> die("Auth failed... Sorry"); >> >> >> >> }else{ >> while($row1 = mysqli_fetch_array($loginResult)) { >> $_SESSION['user'] = $row1['loginName']; >> $_SESSION['loggedin'] = "YES"; >> $table = $row1['tableName']; >> $adminLevel = $row1['adminLevel']; >> $authenticated = "TRUE"; >> echo "<BR>authentication complete"; >> } >> return Array($table, $authenticated, $adminLevel); > > -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 3251 132nd ave Holland, MI, 49424-9337 www.raoset.com japruim@raoset.com

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email