如果结果与表值相同,则检查数据库

时间:2013-05-23 11:49:53

标签: php sql

有这个脚本的家伙我可以查看用户名和密码,以便我的rturn 2值

 if( $result == false )
   {
    $packet->AddDWValue( "fail" );
    $packet->AddDWValue( "incorrect username and/or password" );
    ....

如果用户传递true:

    $packet->AddDWValue( "ok" );
    $packet->AddDWValue( "nice." );
    ....

但我还需要检查名为“usergroup”的其他表,如果此表的值为“7” 重新运行其他值,例如:

  if( $result == false )
   {
    $packet->AddDWValue( "fail" );
    $packet->AddDWValue( "you are banned" );
    ....

但我很困惑,如果可能的话,请求如何帮助我。

这是我的代码:

 <?
  class Login
{
    function CheckLogin( $username, $password )
    {           

$MySQL_Host = "localhost";
$MySQL_User = "1";
$MySQL_Pass = "2";
$MySQL_DB = "3";
$tbl_name = "mybb_users";

     mysql_connect("$MySQL_Host", "$MySQL_User", "$MySQL_Pass") or die(mysql_error());
     mysql_select_db("$MySQL_DB") or die(mysql_error());

        $sql="SELECT * FROM $tbl_name WHERE username='$username'";
        $result=mysql_query($sql);          

        if( $result == false )
            return false;
//              fwrite($fh, $result);
//              fclose($fh);


        $count=mysql_num_rows($result);
        // If result matched $username and $password, table row must be 1 row
        if($count==1){
            $row = mysql_fetch_assoc($result);
            //global $mybb;         
            if (md5(md5($row['salt']).md5($password)) == $row['password'] ){
            return array( 'uid'  => $row['uid'] ,
                          'mail' => $row['email'],
                          'user' => $username
                        );
            }
        }
    }
}

  class DWAuth
{
    var $keys;

    function AddDWValue( $val )
    {
        $this->keys[] = $val;
    }

    function GetAuthString( )
    {
        $result = "";

        foreach( $this->keys as $c )
        {
            $result .= $c."#";
        }

        return $result;
    }
}


$login = new Login();
$result = $login->CheckLogin( $result[ 'user' ], $result[ 'pass' ] );

if( $result == false )
{
    $packet->AddDWValue( "fail" );
    $packet->AddDWValue( "incorrect username and/or password" );
    $packet->AddDWValue( 1 );
    $packet->AddDWValue( "Anonymous" );
    $packet->AddDWValue( "anonymous@example.com" );
    $packet->AddDWValue( 0 );
}
else
{
    $sessionID = md5( rand() );

    $packet->AddDWValue( "ok" );
    $packet->AddDWValue( "nice." ); 
    $packet->AddDWValue( $result[ 'uid' ] ); 
    $packet->AddDWValue( $result[ 'user' ] ); 
    $packet->AddDWValue( $result[ 'mail' ] ); 
    $packet->AddDWValue( $sessionID );      
}

echo $packet->GetAuthString();
 ?>

2 个答案:

答案 0 :(得分:0)

据我了解,您需要在另一个表SELECT中再制作一个usergroup,或者在第一个查询中使用JOIN,语法取决于您的架构,可以将其用作参考:http://dev.mysql.com/doc/refman/5.0/en/join.html

答案 1 :(得分:0)

你可以试试这样的...... 

    $sql="SELECT *,group_id FROM $tbl_name  INNER JOIN usergroup AS ug ON ug.id=".$table_name.".user_group_id WHERE username='$username'";
        $result=mysql_query($sql);          
        $res=mysql_fet_assoc($result);
        if( $res[group_id] == 7 )
            {
             $error_flag=1;//banned

            }
          else if($result==false)
         {
             $error_flag=2;//invlid user

          }

         return $error_flag;

$login = new Login();
$result = $login->CheckLogin( $result[ 'user' ], $result[ 'pass' ] );

if( $result == 1)

{
//your banned code
}
else if( $result == 2)
{
    $packet->AddDWValue( "fail" );
    $packet->AddDWValue( "incorrect username and/or password" );
    $packet->AddDWValue( 1 );
    $packet->AddDWValue( "Anonymous" );
    $packet->AddDWValue( "anonymous@example.com" );
    $packet->AddDWValue( 0 );
}
else
{
    $sessionID = md5( rand() );

    $packet->AddDWValue( "ok" );
    $packet->AddDWValue( "nice." ); 
    $packet->AddDWValue( $result[ 'uid' ] ); 
    $packet->AddDWValue( $result[ 'user' ] ); 
    $packet->AddDWValue( $result[ 'mail' ] ); 
    $packet->AddDWValue( $sessionID );      
}
相关问题
最新问题