Android Question problem in database job

[khwarizmi]

Hi all

I wrote this PHP script to get the id of the user if he type the user name (which is phone number) and password correctly:

<?php

include('../includes/config.php');

$phone_no=$_GET["phone_no"];
$pw=$_GET["pw"];
$q="SELECT  *  FROM users WHERE phone_num='$phone_no' AND blocked='0' AND pw='$pw' ";
    $result = $con->query($q);

// Mysql_num_row is counting table row
$count=mysqli_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
    $row = mysqli_fetch_assoc($result);
        $_SESSION['phone_no']= "phone_no";
        $_SESSION['pw']= "pw";
       // echo "Login Successful";
        print($row['id']);
        return true;
}
else{
   return false;
}

?>

then I wrote this code to check and verify the username and password:

 Dim lg As HttpJob
        lg.Initialize("checklogin", Me)
        Dim tl As String="11"
        Dim pw As String="11"
        ProgressDialogShow("verifying username and password")
        lg.download("http://newg.com.sd/b4atest/users/login.php?phone_no=" & tl & "&pw=" & pw)

Sub JobDone (Job As HttpJob)
    ProgressDialogHide
Dim user_id As String
    If Job.Success = True Then

        Select Job.JobName
            Case "checklogin"
                user_id = Job.GetString
                Msgbox("login successfully with the id " & user_id,"")
    End Select
    Else
        Msgbox("invalid username or password","")
    End If
    Job.Release
End Sub

the job always gives me success even if username or password is incorrect ..
where is the problem, is it in the php code ?
remark (username=0990400788 and password=12 is correct)

thanks in advance

 

[DonManfred]

<?php

include('../includes/config.php');

$phone_no=$_GET["phone_no"];
$pw=$_GET["pw"];
$q="SELECT  *  FROM users WHERE phone_num='$phone_no' AND blocked='0' AND pw='$pw' ";
    $result = $con->query($q);

// Mysql_num_row is counting table row
$count=mysqli_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
    $row = mysqli_fetch_assoc($result);
        $_SESSION['phone_no']= "phone_no";
        $_SESSION['pw']= "pw";
       // echo "Login Successful";
        echo $row['id'];
        exit;
        #return true; # You are not using a function here. So there is nothing to return.
} else{
   echo "0";
    #return false;
}

?>

and then in your b4a app you just check if the value returned is a number greater 0.

Sub JobDone (Job As HttpJob)
    ProgressDialogHide
Dim user_id As String ' should be a global var and not only local
    If Job.Success = True Then
       log("Result from PHP: "&Job.GetString
        Select Job.JobName
            Case "checklogin"
                user_id = Job.GetString
               if user_id > 0 then                
                 Msgbox("login successfully with the id " & user_id,"")
              end if
    End Select
    Else
        Msgbox("invalid username or password","")
    End If
    Job.Release
End Sub

 

[khwarizmi]

thank you .. then if user_id<= 0 Msgbox("invalid username or password","") must be added to the code

 

[DonManfred]

right

 

[OliverA]

Just a heads up: Job.Success is true if the HTTP status code of the response is in the 2xx range (https://en.wikipedia.org/wiki/List_of_HTTP_status_codes). It has nothing to do with what you return (in your PHP code). PHP's default response status code is 200. If you want PHP to return a non-2xx code, use http_response_code (see: http://php.net/manual/en/function.http-response-code.php).

 

[khwarizmi]

thank you very much DonManfred and OliverA