Apologies I know this is going to be a simple answer most likely, but looking for answers I think its confusing me more than just asking the question as there are so many, with confusing or sometimes contradictory answers.
My login script is working as far as connecting to the DB, submitting the $POST usr/pass getting the correct response back.
I now need to use those results to authenticate the user. So.. previously I would have used mysql_num_rows to count the DB response and if 1 then auth. But I appreciate that mysql_num_rows is depreciated and I found another post saying that this is also a weak way to do things now and that it should be avoided.
So what do I use instead?
<form id='login' action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method='post' accept-charset='UTF-8'>
<fieldset >
<legend>Login</legend>
<input type='hidden' name='submitted' id='submitted' value='1'/>
<label for='username' >UserName*:</label>
<input type='text' name='username' id='username' value="" maxlength="50" />
<BR />
<label for='password' >Password*:</label>
<input type='password' name='password' id='password' value="" maxlength="50" />
<BR />
<input type='submit' name='Submit' value='Submit' />
</fieldset>
</form>
<?php
if(isset($_POST['submitted']))
{
$postname = $_POST['username'];
$postpass = $_POST['password'];
$postpassMD5 = md5 ($postpass);
$query = $dbcnx->query("SELECT uid, username, password, ulevel FROM members WHERE username = '$postname' AND password = '$postpassMD5' ");
$result = $query->fetch_object();
$dbcnx->close();
}
?>
Try to count your result array.
if(count($result) > 0 )
{
// your code
}