|
Posted by Jochem Maas on 08/05/05 10:36
sub@pudlz.com wrote:
>
> I think this is the way I need to write my if statement.
>
> if ( $min && $user[ "min" ] == $min && $user[ "pin" ] == $pin || $pin == 'allow')
try a couple paretheses to make your intension explicit. your if statement might
work the way you want it but I have no idea - and I'm way to lazy to go and look
up the operator precedence to work it out....
if ($min && $user[ "min" ] == $min && ($user[ "pin" ] == $pin || $pin == 'allow')) {
// you are okay to login
}
>
> $min login name entered by the customer at the form.
> $user[min] is the login name from my sql db that matches $min
> $user[pin] is the password from mysql db that matches $min
> $pin is the password that is entered by the user
>
> There's 4 checks
> 1) $min must have a value
> 2) $user[ "min" ] must equal $min
> 3) $user[ "pin" ] must equal $pin
> 4) $pin == 'allow'
check 4 seems a little absurd - anyone who knows it will be able to login
as anyone on your app. also checking whether $user['min'] is equal to $min
_seems_ pointless because I assume that you had to extract the data from the
database somehow - usually this means using the login (i.e. $min) entered by
the user to do the look up.
lots of good reading here on security: http://www.phpsec.org/
>
> I want it so that both 1 and 2 must be true and either 3 or 4 must be true. Will this if statement work?
>
>
> Andrew Darrow
> Kronos1 Productions
> www.pudlz.com
>
>
Navigation:
[Reply to this message]
|