samflex wrote:First off, I am using a hash.
$pass = md5($pass);
An unsalted MD5 hash doesn't offer much protection:
Troy Hunt: Our password hashing has no clothes[^]
samflex wrote:check whether username and / or password is correct and redirecting to appropriate page
As I said, use two steps:
1) Validate the username and password:
u.empl_first +' '+ u.empl_last as fullname,
INNER JOIN Employee e
ON u.Employee_Id = e.EmpNum
u.USERNAME = ?
u.PASSWORD = ?
If no data is returned, then the username or password is invalid.
2) Check whether the user has completed the test:
SELECT Employee_Id FROM tblTBA WHERE Employee_Id = ?
If no data is returned, then the user has not taken the test.
NB: If the
Employee record doesn't get created until the user has taken the test, then you'll need to move that part of the query from step 1 to step 2.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."