Basically I’m trying to use the following script to implement a secure login. I found this script in a php article and it looks very good, but as far as I can see its just a list of instructions saying how to do things rather than actually telling it to do anything. So if anyone could tell me how I would go about getting this script to execute that would be really helpfully.
cheers.
Code: Select all
<?php
error_reporting(E_ALL);
#connect to MYSQL
function &db_connect() {
require_once 'DB.php';
PEAR::setErrorHandling(PEAR_ERROR_DIE);
$db_host = '****';
$db_user = '****';
$db_pass = '*****';
$db_name = 'db_sn202';
$dsn = "mysql://$db_user:$db_pass@unix+$db_host/$db_name";
$db = DB::connect($dsn);
$db->setFetchMode(DB_FETCHMODE_OBJECT);
return $db;
}
session_start();
function session_defaults() {
$_SESSION['logged'] = false;
$_SESSION['uid'] = 0;
$_SESSION['username'] = '';
$_SESSION['cookie'] = 0;
$_SESSION['remember'] = false;
}
if (!isset($_SESSION['uid']) ) {
session_defaults();
}
class User {
var $db = null; // PEAR::DB pointer
var $failed = false; // failed login attempt
var $date; // current date GMT
var $id = 0; // the current user's id
function User($db) {
$this->db = $db;
$this->date = $GLOBALS['date'];
if ($_SESSION['logged']) {
$this->_checkSession();
} elseif ( isset($_COOKIE['mtwebLogin']) ) {
$this->_checkRemembered($_COOKIE['mtwebLogin']);
}
}
function _checkLogin($username, $password, $remember) {
$username = $this->db->quote($username);
$password = $this->db->quote(md5($password));
$sql = "SELECT * FROM user WHERE " .
"username = $username AND " .
"password = $password";
$result = $this->db->getRow($sql);
if ( is_object($result) ) {
$this->_setSession($result, $remember);
return true;
} else {
$this->failed = true;
$this->_logout();
return false;
}
}
function _setSession($values, $remember, $init = true) {
$this->id = $values->id;
$_SESSION['uid'] = $this->id;
$_SESSION['username'] = htmlspecialchars($values->username);
$_SESSION['cookie'] = $values->cookie;
$_SESSION['logged'] = true;
if ($remember) {
$this->updateCookie($values->cookie, true);
redirect();
}
if ($init) {
$session = $this->db->quote(session_id());
$ip = $this->db->quote($_SERVER['REMOTE_ADDR']);
$sql = "UPDATE user SET session = $session, ip = $ip WHERE " .
"id = $this->id";
$this->db->query($sql);
redirect();
}
}
function updateCookie($cookie, $save) {
$_SESSION['cookie'] = $cookie;
if ($save) {
$cookie = serialize(array($_SESSION['username'], $cookie) );
set_cookie('mtwebLogin', $cookie, time() + 31104000, '/directory/');
}
}
function _checkRemembered($cookie) {
list($username, $cookie) = @unserialize($cookie);
if (!$username or !$cookie) return;
$username = $this->db->quote($username);
$cookie = $this->db->quote($cookie);
$sql = "SELECT * FROM user WHERE " .
"(username = $username) AND (cookie = $cookie)";
$result = $this->db->getRow($sql);
if (is_object($result) ) {
$this->_setSession($result, true);
}
}
function _checkSession() {
$username = $this->db->quote($_SESSION['username']);
$cookie = $this->db->quote($_SESSION['cookie']);
$session = $this->db->quote(session_id());
$ip = $this->db->quote($_SERVER['REMOTE_ADDR']);
$sql = "SELECT * FROM user WHERE " .
"(username = $username) AND (cookie = $cookie) AND " .
"(session = $session) AND (ip = $ip)";
$result = $this->db->getRow($sql);
if (is_object($result) ) {
$this->_setSession($result, false, false);
} else {
$this->_logout();
}
}
function redirect() {
$name = $_POST['username'];
$sql2="select role from user where username='$name'";
#exercute the query
$rs2 = mysql_query( $sql2, $db )
or die( mysql_error() );
$row = mysql_fetch_object($rs2);
#get number of rows that match username
$num = mysql_numrows( $rs2 );
#if there is a match the login is authenticated
if( $num > 0 )
Switch($row->role)
{
Case 'admin' :
header("HTTP/1.1 301 Moved Permanently");
header ("Location: http://www.****/admin/");
header("Connection: close");
break;
Case 'leaner' :
header("HTTP/1.1 301 Moved Permanently");
header ("Location: http://www.****/learner/");
header("Connection: close");
break;
Case 'instructor' :
header("HTTP/1.1 301 Moved Permanently");
header ("Location: http://www.****/instructor/");
header("Connection: close");
break;}
}
}
?>