PHP Login script from flash

Forum Moderators: coopster

Message Too Old, No Replies

PHP Login script from flash

Modern Merlin

3:19 am on Jul 20, 2008 (gmt 0)

I have a login script that gets data passed to it through a form in flash. It all worked just fine until I tried to add another thing to check. Now it just goes directly to sending the error message back. If anyone can take a look at this and see if my PHP code is correct that would be great! Thanks!


<?php
session_start();
$user = $_POST['user'];
$password = $_POST['pass'];


//mysqldetails
require_once("config.php");


$SQL = "SELECT * FROM account WHERE login ='".$user."' AND password = '".$password."'";


$rs = mysql_query($SQL,$conn);
$numRows = mysql_num_rows($rs);


 $SQL2 = "SELECT * FROM mobster WHERE login ='".$user."'";


 $rs2 = mysql_query($SQL2,$conn);
 $numRows2 = mysql_num_rows($rs2);


if($numRows > 0 && $numRows2 > 0){


 $_SESSION['loggedIn'] = true;
 echo 'login=successin';
 }else if($numRows > 0 && $numRows2 == 0){


 $_SESSION['loggedIn'] = true;
 echo 'login=successnew';
 }
?>

MohDesign

5:45 am on Jul 20, 2008 (gmt 0)

i don't see any error at your script

but for flash u should use

echo '&login=successin&';

echo '&login=successnew&';

u must add & to send back the variable to the flash

Modern Merlin

6:14 am on Jul 20, 2008 (gmt 0)

Hmmm when I do not check the two things and only check the one it works without the & signs.

But if there is nothing wrong with the PHP (other than the & signs) then I think Ill have to pursue the flash side of it.

Thanks!

ag_47

5:17 pm on Jul 20, 2008 (gmt 0)

You should also validate your input! What if someone inputs:

 
' OR ''='

as password field! Then your my_sql query would be:


$SQL = "SELECT * FROM account WHERE login ='".$user."' AND password = '[b]' OR ''='[/b]' ";

Anyway, long story short, check out mysql_real_escape_string(); documentation to prevent injections.
You may already know this.. but just in case.. Cheers.