2014-11-11 20:20:05 -08:00
|
|
|
<?php
|
2014-11-16 23:34:19 -08:00
|
|
|
include 'functions.php';
|
2014-11-11 20:20:05 -08:00
|
|
|
// checks user name and pw provided on login page against registered users in account table
|
|
|
|
|
// increments global $errorCount if login not approved.
|
|
|
|
|
function validateLogin ($myusername,$mypassword) {
|
|
|
|
|
global $errorCount;
|
|
|
|
|
global $errorMessage;
|
2014-11-16 23:34:19 -08:00
|
|
|
global $connection;
|
|
|
|
|
//mysql_select_db("$db_name")or die("cannot select DB");
|
2014-11-11 20:20:05 -08:00
|
|
|
|
|
|
|
|
// To protect MySQL injection (more detail about MySQL injection)
|
|
|
|
|
$myusername = stripslashes($myusername);
|
|
|
|
|
$mypassword = stripslashes($mypassword);
|
2014-11-16 23:34:19 -08:00
|
|
|
$myusername = $connection->real_escape_string($myusername);
|
|
|
|
|
$mypassword = $connection->real_escape_string($mypassword);
|
2014-11-11 20:20:05 -08:00
|
|
|
|
|
|
|
|
// check login and password for validity
|
2014-11-16 23:34:19 -08:00
|
|
|
$sql = "SELECT * FROM users WHERE username='$myusername' and password='$mypassword'";
|
|
|
|
|
$result = queryMysql($sql);
|
2014-11-11 20:20:05 -08:00
|
|
|
|
|
|
|
|
// If result matched $myusername and $mypassword, table row must be 1 row
|
2014-11-16 23:34:19 -08:00
|
|
|
$count = $result->num_rows;
|
2014-11-11 20:20:05 -08:00
|
|
|
if($count == 1){
|
|
|
|
|
// record login to login_history table
|
2014-11-16 23:34:19 -08:00
|
|
|
//$sql2 = "INSERT INTO login_history (login) VALUES ('$myusername')";
|
|
|
|
|
//$result = queryMysql($sql2);
|
2014-11-11 20:20:05 -08:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$errorCount++;
|
|
|
|
|
$errorMessage .= "Wrong User Name or Password.<br />\n";
|
|
|
|
|
}
|
2014-11-16 23:34:19 -08:00
|
|
|
$result->close();
|
|
|
|
|
//mysql_close($db_connect);
|
2014-11-11 20:20:05 -08:00
|
|
|
return $myusername;
|
|
|
|
|
}
|
|
|
|
|
?>
|
