[thelist] best way to check for valid user/password in PHP
Tom Dell'Aringa
pixelmech at yahoo.com
Thu Jan 9 13:50:12 CST 2003
--- Jason Handby <jasonh at pavilion.co.uk> wrote:
> > I'm having a bit of trouble with checking vs. a valid username
> and
> > password in my PHP script. The password check seems to work but
> the
> > username check does not. Here is my code:
>
>
> Why not do
>
> SELECT password, username FROM reguser WHERE username =
> '$username' AND
> password = '$password'
>
> and then just see if any records are returned? Then you can have
> one message
> for failed logins that just says "either the username or password
> you
> entered was incorrect".
>
> I'd say it was good security practice not to distinguish between
> bad
> username and bad password as far as user feedback is concerned. The
> less
> information you give them about why they can't log in the better!
Well since you both said that :)..funny I started doing it that way
too and thought to distinguish. Thanks!
Tom
=====
var me = tom.pixelmech.webDeveloper();
http://www.pixelmech.com/
http://www.maccaws.com/
[Making A Commercial Case for Adopting Web Standards]
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
More information about the thelist
mailing list