Forum Moderators: coopster
<?php
$con = mysql_connect("localhost","youshallneverknowO_O","sillyme4gottoremoveit");
if (!$con)
{
echo "8";
}
$hashed = sha1(strtolower($user) . $password);
mysql_select_db("dinsdale_forum", $con);
error_reporting(E_ALL);
$result = mysql_query("SELECT memberName , passwd , realName FROM smf_members WHERE memberName='" . mysql_real_escape_string($user)."' AND passwd='" . mysql_real_escape_string($hashed)."'");
while ($row = mysql_fetch_assoc($result))
{
if ($row['memberName']==$user && $row['passwd']==$hashed)
{
echo '1' . ' ';
echo $row['realName'];
}
}
if(mysql_num_rows($result)==0)
{
$try2 = mysql_query("SELECT memberName , passwd , realName FROM smf_members WHERE realName='" . mysql_real_escape_string($user)."' AND passwd='" . mysql_real_escape_string($hashed)."'");while ($row = mysql_fetch_assoc($try2))
{
if ($row['realName']==$user && $row['passwd']==$hashed)
{
echo '1' . ' ';
echo $row['realName'];
}
}
if(mysql_num_rows($try2)==0)
{
echo'7';
}
}
mysql_close($con);
?>
See the user has two names, the one they signed up with and a display name they can choose. I want to check if the username entered is correct whether they enter the displayname or their username. Sadly if you enter your display name it returns 7 like it is supposed to for an error. But if you enter you original username it returns the correct results. In short where am I going wrong.
[edited by: Ben878 at 10:38 pm (utc) on Feb. 3, 2008]
$result = mysql_query("SELECT memberName, realName FROM smf_members WHERE memberName='" . mysql_real_escape_string($user)."' OR realname='" . mysql_real_escape_string($user)."' AND passwd='" . mysql_real_escape_string($hashed)."'");
I took out the password part because is there some reason you need to return the password data or are you just verifying that the hashed string matches the hash in the database. I am also assuming that the form they enter the username or realname into is the same for both.
Hope that helps
Brandon
