• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 221
  • Last Modified:

PHP Coding

Hello, can someone please explain me this code?


/**
    * confirmUserPass - Checks whether or not the given
    * username is in the database, if so it checks if the
    * given password is the same password in the database
    * for that user. If the user doesn't exist or if the
    * passwords don't match up, it returns an error code
    * (1 or 2). On success it returns 0.
    */
   function confirmUserPass($username, $password){
      /* Add slashes if necessary (for query) */
      if(!get_magic_quotes_gpc()) {
            $username = addslashes($username);
      }

      /* Verify that user is in database */
      $q = "SELECT password FROM ".TBL_USERS." WHERE username = '$username'";
      $result = mysql_query($q, $this->connection);
      if(!$result || (mysql_numrows($result) < 1)){
         return 1; //Indicates username failure
      }

      /* Retrieve password from result, strip slashes */
      $dbarray = mysql_fetch_array($result);
      $dbarray['password'] = stripslashes($dbarray['password']);
      $password = stripslashes($password);

      /* Validate that password is correct */
      if($password == $dbarray['password']){
         return 0; //Success! Username and password confirmed
      }
      else{
         return 2; //Indicates password failure
      }
   }
0
krutarth941
Asked:
krutarth941
  • 2
  • 2
1 Solution
 
Dave BaldwinFixer of ProblemsCommented:
It first makes sure the username format is correct to match the usernames in the database.  Then it queries the database to see if there is a user with that username.  If not, it exits returning a '1' indicating an error.

If there is a match, then it checks the password field to see if it matches $password.  If it matched, it returns a 0 for success.  If it doesn't, it returns a 2 for error.

1 = no such user, 2 = wrong password for an existing user.
0
 
krutarth941Author Commented:
Thank you for the information.
Can you please tell me, what is if(!get_magic_quotes_gpc())  used for?
0
 
Dave BaldwinFixer of ProblemsCommented:
It has to do with how COOKIE, POST and GET data is escaped. http://us2.php.net/manual/en/function.get-magic-quotes-gpc.php  "if(!get_magic_quotes_gpc())" returns what the current state is to know whether escaping has been done.
0
 
krutarth941Author Commented:
It was helpful
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now