Page 1 of 1

Multiple Users Login - Working but need advice

Posted: Sat Apr 03, 2010 10:48 am
by wibblywobbly
Hello all,

I'm new to OOP and PHP in general but I've been working on a login script that is now functioning and I could use your wisdom if you have time to offer it.

The idea is to have multiple users who all have their own username and passwords and their own secure pages, that only they can access. There is 1 login box. Once the user logs in successfully they are redirected to their secure page that only they can see. The address to this page is pulled from the database and stored in a session.

If the user attempts to access another user's secure page, then the the header address is compared with the address stored in the session and they're taken back to the login if they don't match.

I have this working and I've attached the files in a zip.

I need some help though:

1 I think the code is overly long, can it be trimmed in any way, how? General feedback on it would be appreciated.

2 The script seems to be secure against mysql injection, but how? I haven't added any security but my tests show it's robust...

3 Here's the really big one. My server doesn't support mysqli(). I need to re-write the Db.php class to connect to the database using mysql_connect() and mysql_select_db(), instead of mysqli(). My knowledge doesn't go this far, and I can't upload onto my website because of this. It's very frustrating to have it working locally and then discover I can't get it working online.

Ok, as I say, I've attached the file. This is the first step of many I hope and in advance, I really appreciate your time and knowledge.

-- wibbly.
login.zip
Login.zip - the login system
(21.71 KiB) Downloaded 64 times

Re: Multiple Users Login - Working but need advice

Posted: Sat Apr 03, 2010 11:10 am
by samwho
Hmm, very interestingly written system but I'm not sure it's necessary... Would a simpler login system not suffice?

Have a registration page that submits a user's details to a database, then have a login system that checks against the users database and if it finds a match, store the primary key from the user table as something like $_SESSION['USER_ID'] and base the rest of your queries on that? It will have all of the security you require and will be significantly less code.

If you need a more extensive example to explain my point please say so and I'll make one :)

Re: Multiple Users Login - Working but need advice

Posted: Sat Apr 03, 2010 8:05 pm
by wibblywobbly
Hmm, I think I see what you mean.

I was trying to create a system where the "check" on each page wasn't hard-wired directly to the user, if you see what I mean?

So, if you added a new user and you wanted to copy code from another user's page and use it again, you would only have to change the database information for the new user, not the actual files. That just seemed like good practice, but perhaps it makes no difference whatsoever...

The files in the folders of User 1, User 2 and User 3 are currently identical. It's only the information in the database that is different between each user. Under your system, the three users would need to have slightly different files, wouldn't they?

God, a man could go insane thinking about this kind of thing.

Either way, any advice on my mysqli() issue would be massively appreciated, that really is a major downer in my life right now. All the best gang!

-- wibbly.