Log in script...

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
Random
Forum Commoner
Posts: 30
Joined: Wed Mar 12, 2003 5:38 pm

Log in script...

Post by Random »

How would you set up a login script to check username and password from a database, and if there isnt one there make it redirect to a "Bad username/password" page? Is there any good tutorials out there on this topic? Thanks.
bionicdonkey
Forum Contributor
Posts: 132
Joined: Fri Jan 31, 2003 2:28 am
Location: Sydney, Australia
Contact:

Post by bionicdonkey »

this may give u some ideas:

Code: Select all

<?php
class authenticate extends database {

	var $sessionid;
	
	function authenticate() {
		parent::database();
		$this->sessionid = session_id();
	}
	
	//
	// Constructor and function that does most of the work
	//
	function authenticateUser($user, $pass) {
		$query = "SELECT * FROM member_data WHERE username='". $user ."' AND password='". $pass ."'";
		$result = parent::selectQuery($query, 'numRows');
		if($result != 1) { // If the user doesn't exist or the password is incorect (aka if array returns as FALSE)
			die("Wrong username and/or password"); // Kill script with message
		} else { // If all is OK
			$active = authenticate::checkActive($user); // Call checkActive function the see if user is enabled.
			if($active == false) { // I user is disabled
				die("User account is disabled. Contact Administration"); // Kill script with message
			} else { // If user is active
				return true; // Function returns TRUE
			}
		}
	}
	
	//
	// Checks if the user is active
	//
	function checkActive($user) {
		$query = "SELECT * FROM member_data WHERE username='". $user ."' AND active='enable'";
		$numRows = parent::selectQuery($query, 'numRows'); // Call function in parent class 'database'
		if($numRows == 1) { // If query returned value '1' (aka If user is active)
			return true; // Return TRUE
		} else { // If user is disabled
			return false; // Return FALSE
		}
	}
	
	function login($user, $pass) {
		$auth = authenticate::authenticateUser($user, $pass);
		if($auth == true) { // User authenticated
			$query = "UPDATE sessions SET registered=1, reguser='". $user ."', lastAccess=". time() ." WHERE session_id='". $this->sessionid ."'";
			mysql_query($query, $this->dblink) or die(mysql_error()); // Insert session into table in db
			//
			// Update the Cookie
			//
			sessions::newCookie($user, $pass);
			authenticate::sessionVariable($user);
		} else {
			die(); // Just in case other ones don't work for some reason
		}
	}
	
	function sessionVariable($user) {
		$query = "SELECT username, accessPermitted FROM member_data WHERE username='". $user ."'";
		$result = parent::selectQuery($query, 'resultArray');
		if($result == false) {
			die("Hmm... User doesn't exist!?! While trying to create session variable! Contact Administration");
		}
		$_SESSION['authdata'] = array("username"=>$result['username'], "access"=>$result['accessPermitted']);
	}
}
?>
Random
Forum Commoner
Posts: 30
Joined: Wed Mar 12, 2003 5:38 pm

Post by Random »

I don't really wanna learn PEAR :P any other examples?
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

holy Rand, it's only one 6 line class....hehe

:wink:
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

You can look at this for the sessions side of user login -
viewtopic.php?t=6521

When it comes to checking against the database - pseudocode 'cause I don't know your database structure:

Code: Select all

$sql = "SELECT ID FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_query($sql) or die(mysql_error().'<p>'.$sql.'</p>');
if (mysql_num_rows($result) == 0) {
    echo 'Username and/or password are incorrect';
} else {
    echo 'Welcome '.$username;
}
The redirecting thing is in the tutorial I linked to above.

Mac
ckuipers
Forum Commoner
Posts: 61
Joined: Mon Mar 24, 2003 6:10 am

Post by ckuipers »

Make sure you encrypt your passwords...
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

ckuipers wrote:Make sure you encrypt your passwords...
very good point, meant to say that then totally forget... :oops: :)

Mac
Random
Forum Commoner
Posts: 30
Joined: Wed Mar 12, 2003 5:38 pm

Post by Random »

Oromian wrote:holy Rand, it's only one 6 line class....hehe

:wink:
My server cant do Pear i dont think...thats the problem
bionicdonkey
Forum Contributor
Posts: 132
Joined: Fri Jan 31, 2003 2:28 am
Location: Sydney, Australia
Contact:

Post by bionicdonkey »

Random wrote:
Oromian wrote:holy Rand, it's only one 6 line class....hehe

:wink:
My server cant do Pear i dont think...thats the problem
if you're refering to my script i posted, it's not pear. (unless i'm doing thing without knowing about it again)
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

bionicdonkey wrote:
Random wrote:
Oromian wrote:holy Rand, it's only one 6 line class....hehe

:wink:
My server cant do Pear i dont think...thats the problem
if you're refering to my script i posted, it's not pear. (unless i'm doing thing without knowing about it again)
yea...well so i believe.
http://pear.php.net/manual/en/introduction.php#about-pfc wrote: The PHP Foundation Classes is a subset of PEAR that focuses on quality, generality, interoperability and compatibility.
Post Reply