Help defining indexes?


#1

I want to find the users firstname. HOW DO I DO THIS? All I have is their email.

How do I find the corresponding firstname? I’ve tried many ways, but I still can’t find it. I AM A NOOB. I am trying a login, but can’t figure this out.

Here is my code.

[php]<?php
session_start();

$con = mysql_connect(“localhost”,“user”);
if(!$con) {
die(‘Error connecting to localhost’ . mysql_error());
}
$db = mysql_select_db(“socialdb”,$con);
if(!$db) {
die(‘Error connecting to database’ . mysql_error());
}

$email = $_POST[‘email’];
$password = $_POST[‘password’];
$hashedPassword = hash(“sha512”, $password);

$checke = mysql_query(“SELECT * FROM persons WHERE email=’$email’”);

if(mysql_num_rows($checke)<1) {
header(‘Location: wrong-login.php’);
exit();
}

$checkp = mysql_query(“SELECT * FROM persons WHERE password=’$hashedPassword’”);

if(mysql_num_rows($checkp)<1) {
header(‘Location: wrong-login.php’);
exit();
}

$sql = “SELECT Firstname, Lastname FROM persons WHERE
email = '”.$_POST[“email”]."’ AND
Password = ‘".$hashedPassword."’";
$result = mysql_query($sql, $con) or die(mysql_error($con));

if (mysql_num_rows($result) == 1) {

while ($info = mysql_fetch_array($result)){

$Fname = $info[‘firstname’];
$Lname = $info[‘lastname’];
}

$_SESSION[‘firstname’] = $Fname;
$_SESSION[‘lastname’] = $Lname;

}

mysql_close($con);
?>[/php]

I took out the MySQL username in here.

And here is the error I’m getting (actually two)

Notice: Undefined index: firstname in C:\wamp\www\login2.php on line 40

Notice: Undefined index: lastname in C:\wamp\www\login2.php on line 41

Thanks!


#2

This can be simplified a tad
[php]

<?php session_start(); // this bit should never be defined in the script. // needs to be in a seperate file and included or required // huge security hole doing it this way. $con = mysql_connect("localhost","user"); if(!$con) { die('Error connecting to localhost' . mysql_error()); } $db = mysql_select_db("socialdb",$con); if(!$db) { die('Error connecting to database' . mysql_error()); } // start the processing $email = $_POST['email']; $hashedPassword = hash("sha512", $_POST['password']); $checke = mysql_query("SELECT * FROM persons WHERE email='$email' AND password = '$hashedPassword'"); if(mysql_num_rows($checke) == 0) { header('Location: wrong-login.php'); } else { $info = mysql_fetch_assoc($checke); $_SESSION['firstname'] = $info['firstname']; $_SESSION['lastname'] = $info['lastname']; $_SESSION['id'] = $info['id']; echo $_SESSION['firstname']." ".$$_SESSION['lastname'] mysql_close($con); } ?>[/php]

If someone should happen to get a hold of this page, they’d have free reign over the data in your sql server since you’ve provided them with the login information and location of the server. No server is ever 100% secure and you can’t count on your host to have backups, becuse they usually don’t do client backups unless their moving or working on servers where data could be lost.

as for the rest of the script, you’ve got a lot of needless duplication in there. There are instances where more than 1 query would be required to get the information, but in this case, 1 will do the job. If you can’t use a unique id to do a search, try to use more than 1 column. Its entirely possible for more than 1 person to use the same password. Since id’s are generally always auto-incremented, there won’t be a case of 2 being the same.

Well, i hope that helps you out some.


#3

If I include or require it, doesn’t that mean they can just go to that page that is stated and find my information there?