Page 1 of 1
Log in script...
Posted: Mon Apr 07, 2003 4:05 pm
by Random
How would you set up a login script to check username and password from a database, and if there isnt one there make it redirect to a "Bad username/password" page? Is there any good tutorials out there on this topic? Thanks.
Posted: Mon Apr 07, 2003 5:40 pm
by bionicdonkey
this may give u some ideas:
Code: Select all
<?php
class authenticate extends database {
var $sessionid;
function authenticate() {
parent::database();
$this->sessionid = session_id();
}
//
// Constructor and function that does most of the work
//
function authenticateUser($user, $pass) {
$query = "SELECT * FROM member_data WHERE username='". $user ."' AND password='". $pass ."'";
$result = parent::selectQuery($query, 'numRows');
if($result != 1) { // If the user doesn't exist or the password is incorect (aka if array returns as FALSE)
die("Wrong username and/or password"); // Kill script with message
} else { // If all is OK
$active = authenticate::checkActive($user); // Call checkActive function the see if user is enabled.
if($active == false) { // I user is disabled
die("User account is disabled. Contact Administration"); // Kill script with message
} else { // If user is active
return true; // Function returns TRUE
}
}
}
//
// Checks if the user is active
//
function checkActive($user) {
$query = "SELECT * FROM member_data WHERE username='". $user ."' AND active='enable'";
$numRows = parent::selectQuery($query, 'numRows'); // Call function in parent class 'database'
if($numRows == 1) { // If query returned value '1' (aka If user is active)
return true; // Return TRUE
} else { // If user is disabled
return false; // Return FALSE
}
}
function login($user, $pass) {
$auth = authenticate::authenticateUser($user, $pass);
if($auth == true) { // User authenticated
$query = "UPDATE sessions SET registered=1, reguser='". $user ."', lastAccess=". time() ." WHERE session_id='". $this->sessionid ."'";
mysql_query($query, $this->dblink) or die(mysql_error()); // Insert session into table in db
//
// Update the Cookie
//
sessions::newCookie($user, $pass);
authenticate::sessionVariable($user);
} else {
die(); // Just in case other ones don't work for some reason
}
}
function sessionVariable($user) {
$query = "SELECT username, accessPermitted FROM member_data WHERE username='". $user ."'";
$result = parent::selectQuery($query, 'resultArray');
if($result == false) {
die("Hmm... User doesn't exist!?! While trying to create session variable! Contact Administration");
}
$_SESSION['authdata'] = array("username"=>$result['username'], "access"=>$result['accessPermitted']);
}
}
?>
Posted: Mon Apr 07, 2003 8:22 pm
by Random
I don't really wanna learn PEAR

any other examples?
Posted: Mon Apr 07, 2003 8:41 pm
by m3mn0n
holy Rand, it's only one 6 line class....hehe

Posted: Tue Apr 08, 2003 4:10 am
by twigletmac
You can look at this for the sessions side of user login -
viewtopic.php?t=6521
When it comes to checking against the database - pseudocode 'cause I don't know your database structure:
Code: Select all
$sql = "SELECT ID FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_query($sql) or die(mysql_error().'<p>'.$sql.'</p>');
if (mysql_num_rows($result) == 0) {
echo 'Username and/or password are incorrect';
} else {
echo 'Welcome '.$username;
}
The redirecting thing is in the tutorial I linked to above.
Mac
Posted: Tue Apr 08, 2003 4:25 am
by ckuipers
Make sure you encrypt your passwords...
Posted: Tue Apr 08, 2003 4:52 am
by twigletmac
ckuipers wrote:Make sure you encrypt your passwords...
very good point, meant to say that then totally forget...
Mac
Posted: Thu Apr 10, 2003 4:05 pm
by Random
Oromian wrote:holy Rand, it's only one 6 line class....hehe

My server cant do Pear i dont think...thats the problem
Posted: Thu Apr 10, 2003 10:56 pm
by bionicdonkey
Random wrote:Oromian wrote:holy Rand, it's only one 6 line class....hehe

My server cant do Pear i dont think...thats the problem
if you're refering to my script i posted, it's not pear. (unless i'm doing thing without knowing about it again)
Posted: Thu Apr 10, 2003 11:24 pm
by m3mn0n
bionicdonkey wrote:Random wrote:Oromian wrote:holy Rand, it's only one 6 line class....hehe

My server cant do Pear i dont think...thats the problem
if you're refering to my script i posted, it's not pear. (unless i'm doing thing without knowing about it again)
yea...well so i believe.