PHP - MySQL Login using sessions
Posted: Tue Mar 08, 2005 4:51 pm
Hi all,
Right, basically I have the following script using sessions to implement a login feature and then redirect the user to the appropriate part of the site according to their "role", however, at present it is just sitting there doing nothing (although I do know it is getting to the end of my script as it was throwing up an error about a missing "}" in my redirect function.)
any help with this will much appreciated,
Regards,
Simon.
feyd | you can use
Right, basically I have the following script using sessions to implement a login feature and then redirect the user to the appropriate part of the site according to their "role", however, at present it is just sitting there doing nothing (although I do know it is getting to the end of my script as it was throwing up an error about a missing "}" in my redirect function.)
any help with this will much appreciated,
Regards,
Simon.
Code: Select all
<?php
error_reporting(E_ALL);
#connect to MYSQL
$conn = @mysql_connect( "linuxproj", "****", "****" )
or die( mysql_error() );
#select the specified database
$rs = @mysql_select_db ( "db_sn202", $conn )
or die( mysql_error() );
session_start();
function session_defaults() {
$_SESSION['logged'] = false;
$_SESSION['uid'] = 0;
$_SESSION['username'] = '';
$_SESSION['cookie'] = 0;
$_SESSION['remember'] = false;
}
if (!isset($_SESSION['uid']) ) {
session_defaults();
}
class User {
var $db = null; // PEAR::DB pointer
var $failed = false; // failed login attempt
var $date; // current date GMT
var $id = 0; // the current user's id
function User($db) {
$this->db = $db;
$this->date = $GLOBALS['date'];
if ($_SESSION['logged']) {
$this->_checkSession();
} elseif ( isset($_COOKIE['mtwebLogin']) ) {
$this->_checkRemembered($_COOKIE['mtwebLogin']);
}
}
function _checkLogin($username, $password, $remember) {
$username = $this->db->quote($username);
$password = $this->db->quote(md5($password));
$sql = "SELECT * FROM user WHERE " .
"username = $username AND " .
"password = $password";
$result = $this->db->getRow($sql);
if ( is_object($result) ) {
$this->_setSession($result, $remember);
header("location:test.php");
return true;
} else {
$this->failed = true;
$this->_logout();
return false;
}
}
function _setSession($values, $remember, $init = true) {
$this->id = $values->id;
$_SESSION['uid'] = $this->id;
$_SESSION['username'] = htmlspecialchars($values->username);
$_SESSION['cookie'] = $values->cookie;
$_SESSION['logged'] = true;
if ($remember) {
$this->updateCookie($values->cookie, true);
}
if ($init) {
$session = $this->db->quote(session_id());
$ip = $this->db->quote($_SERVER['REMOTE_ADDR']);
$sql = "UPDATE user SET session = $session, ip = $ip WHERE " .
"id = $this->id";
$this->db->query($sql);
}
}
function updateCookie($cookie, $save) {
$_SESSION['cookie'] = $cookie;
if ($save) {
$cookie = serialize(array($_SESSION['username'], $cookie) );
set_cookie('mtwebLogin', $cookie, time() + 31104000, '/directory/');
}
}
function _checkRemembered($cookie) {
list($username, $cookie) = @unserialize($cookie);
if (!$username or !$cookie) return;
$username = $this->db->quote($username);
$cookie = $this->db->quote($cookie);
$sql = "SELECT * FROM user WHERE " .
"(username = $username) AND (cookie = $cookie)";
$result = $this->db->getRow($sql);
if (is_object($result) ) {
$this->_setSession($result, true);
}
}
function _checkSession() {
$username = $this->db->quote($_SESSION['username']);
$cookie = $this->db->quote($_SESSION['cookie']);
$session = $this->db->quote(session_id());
$ip = $this->db->quote($_SERVER['REMOTE_ADDR']);
$sql = "SELECT * FROM user WHERE " .
"(username = $username) AND (cookie = $cookie) AND " .
"(session = $session) AND (ip = $ip)";
$result = $this->db->getRow($sql);
if (is_object($result) ) {
$this->_setSession($result, false, false);
} else {
$this->_logout();
}
}
function _redirect() {
$name = $_POST['username'];
$self = $_SERVER['PHP_SELF'];
$referer = $_SERVER['HTTP_REFERER'];
$sql2="select role from user where username='$name'";
#exercute the query
$rs2 = mysql_query( $sql2, $conn )
or die( mysql_error() );
$row = mysql_fetch_object($rs2);
#get number of rows that match username
$num = mysql_numrows( $rs2 );
#if there is a match the login is authenticated
if( $num > 0 )
{ $msq = "Welcome $name - your log-in succeeded"; }
if ($row->role == "admin") {
header("HTTP/1.1 301 Moved Permanently");
header ("Location: http://www.ecs.soton.ac.uk/~sn202/fyp/admin/");
header("Connection: close");
}
if ($row->role == "learner") {
header("HTTP/1.1 301 Moved Permanently");
header ("Location: http://www.ecs.soton.ac.uk/~sn202/fyp/learner/");
header("Connection: close");
}
if ($row->role == "instructor") {
header("HTTP/1.1 301 Moved Permanently");
header ("Location: http://www.ecs.soton.ac.uk/~sn202/instructor/");
header("Connection: close");
}
}
}
?>Code: Select all
now.[/color]