Multiple Users Login - Working but need advice
Posted: Sat Apr 03, 2010 10:48 am
Hello all,
I'm new to OOP and PHP in general but I've been working on a login script that is now functioning and I could use your wisdom if you have time to offer it.
The idea is to have multiple users who all have their own username and passwords and their own secure pages, that only they can access. There is 1 login box. Once the user logs in successfully they are redirected to their secure page that only they can see. The address to this page is pulled from the database and stored in a session.
If the user attempts to access another user's secure page, then the the header address is compared with the address stored in the session and they're taken back to the login if they don't match.
I have this working and I've attached the files in a zip.
I need some help though:
1 I think the code is overly long, can it be trimmed in any way, how? General feedback on it would be appreciated.
2 The script seems to be secure against mysql injection, but how? I haven't added any security but my tests show it's robust...
3 Here's the really big one. My server doesn't support mysqli(). I need to re-write the Db.php class to connect to the database using mysql_connect() and mysql_select_db(), instead of mysqli(). My knowledge doesn't go this far, and I can't upload onto my website because of this. It's very frustrating to have it working locally and then discover I can't get it working online.
Ok, as I say, I've attached the file. This is the first step of many I hope and in advance, I really appreciate your time and knowledge.
-- wibbly.
I'm new to OOP and PHP in general but I've been working on a login script that is now functioning and I could use your wisdom if you have time to offer it.
The idea is to have multiple users who all have their own username and passwords and their own secure pages, that only they can access. There is 1 login box. Once the user logs in successfully they are redirected to their secure page that only they can see. The address to this page is pulled from the database and stored in a session.
If the user attempts to access another user's secure page, then the the header address is compared with the address stored in the session and they're taken back to the login if they don't match.
I have this working and I've attached the files in a zip.
I need some help though:
1 I think the code is overly long, can it be trimmed in any way, how? General feedback on it would be appreciated.
2 The script seems to be secure against mysql injection, but how? I haven't added any security but my tests show it's robust...
3 Here's the really big one. My server doesn't support mysqli(). I need to re-write the Db.php class to connect to the database using mysql_connect() and mysql_select_db(), instead of mysqli(). My knowledge doesn't go this far, and I can't upload onto my website because of this. It's very frustrating to have it working locally and then discover I can't get it working online.
Ok, as I say, I've attached the file. This is the first step of many I hope and in advance, I really appreciate your time and knowledge.
-- wibbly.