Page 1 of 1

Login system, lets try and modify

Posted: Sun Oct 19, 2008 6:50 am
by staar2
I tried to make login system so here it is, try it and help to improve it.

Sql database table

Code: Select all

 
 CREATE TABLE `andmed`.`login` (
`id` INT NOT NULL AUTO_INCREMENT ,
`username` VARCHAR( 62 ) NOT NULL ,
`password` VARCHAR( 33 ) NOT NULL ,
`time` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
PRIMARY KEY ( `id` )
) ENGINE = InnoDB 
 
 
Add at page top, what you want protect.

Code: Select all

 
require_once('Login.php');
$login = Login::getInstance();
if ($login->isLogged()) {
    echo 'You are in';
}
 
Login.php

Code: Select all

 
<?php
session_start();
 
require_once('config.php');
 
class Login {
 
    private $sql;
    private static $instance = null;
    
    protected function __construct() {
        $this->sql = new mysqli(Config::HOST, Config::USER, Config::PASS, Config::DB);
        if (mysqli_connect_error()) {
            exit('Error with db connection');
        }
    }
    
    public static function getInstance() {
        if (self::$instance == null) {
            $c = __CLASS__;
            self::$instance = new $c;
        }       
        return self::$instance;
    }
 
    public function isLogged() {
        if (isset($_SESSION['user']) && isset($_SESSION['pass'])) {
            $stmt = $this->sql->prepare("SELECT `id` , `username` , `password` 
                FROM `login`
                WHERE (
                    `username` = ?
                AND 
                    `password` = ?)"); 
            
            $stmt->bind_param('ss', $_SESSION['user'], $_SESSION['pass']);
            $stmt->execute();
            $stmt->store_result();
            
            return ($stmt->num_rows == 1) ? true : false;
    
        } else {
            return false;
        }
    }
    
    public function login($username, $password) {
        if (strlen($username) > 3 && strlen($password) > 3) {
            $stmt = $this->sql->prepare("SELECT `id` , `username` , `password` 
                FROM `login`
                WHERE (
                    `username` = ?
                AND 
                    `password` = ?)"); 
            
            $stmt->bind_param('ss', $username, md5($password + Config::SALT));
            $stmt->execute();
            $stmt->store_result();
            
            if ($stmt->num_rows == 1) {
                $_SESSION['user'] = $username;
                $_SESSION['pass'] = md5($password + Config::SALT);
                return true;
            } else {
                return false;
            }
 
        } else {
            return false;
        }
    }
    
    public function logout() {
        unset($_SESSION['user']);
        unset($_SESSION['pass']);
        session_destroy();
    }
    
    public function __destruct() {
        $this->sql->close();
    }
}
 
?>
 
config.php

Code: Select all

 
<?php
class Config {
 
    const HOST  = 'localhost';
    const USER  = 'root';
    const PASS  = '';
    const DB    = 'andmed';
    const SALT  = 'ThisWillBeSalt';
}
 
?>
 
testlog.php

Code: Select all

 
<?php
require_once('Login.php');
$login = Login::getInstance();
 
if (isset($_POST['login'])) {
    if ($login->login($_POST['user'], $_POST['pass'])) {
        header('Location: mysqli_prep.php');
    } else {
        echo '<p>Problem with login</p>';
    }
}
?>
 
Login test
 
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>User: <input type="text" name="user" value="" /></p>
<p>Pass: <input type="password" name="pass" value="" /></p>
<p> <input type="submit" name="login" value="Log in" /></p>
</form>
 

Re: Login system, lets try and modify

Posted: Wed Oct 22, 2008 2:43 am
by phpserver
staar2 wrote:I tried to make login system so here it is, try it and help to improve it.

Sql database table

Code: Select all

 
 CREATE TABLE `andmed`.`login` (
`id` INT NOT NULL AUTO_INCREMENT ,
`username` VARCHAR( 62 ) NOT NULL ,
`password` VARCHAR( 33 ) NOT NULL ,
`time` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
PRIMARY KEY ( `id` )
) ENGINE = InnoDB 
 
 
Add at page top, what you want protect.

Code: Select all

 
require_once('Login.php');
$login = Login::getInstance();
if ($login->isLogged()) {
    echo 'You are in';
}
 
Login.php

Code: Select all

 
<?php
session_start();
 
require_once('config.php');
 
class Login {
 
    private $sql;
    private static $instance = null;
    
    protected function __construct() {
        $this->sql = new mysqli(Config::HOST, Config::USER, Config::PASS, Config::DB);
        if (mysqli_connect_error()) {
            exit('Error with db connection');
        }
    }
    
    public static function getInstance() {
        if (self::$instance == null) {
            $c = __CLASS__;
            self::$instance = new $c;
        }       
        return self::$instance;
    }
 
    public function isLogged() {
        if (isset($_SESSION['user']) && isset($_SESSION['pass'])) {
            $stmt = $this->sql->prepare("SELECT `id` , `username` , `password` 
                FROM `login`
                WHERE (
                    `username` = ?
                AND 
                    `password` = ?)"); 
            
            $stmt->bind_param('ss', $_SESSION['user'], $_SESSION['pass']);
            $stmt->execute();
            $stmt->store_result();
            
            return ($stmt->num_rows == 1) ? true : false;
    
        } else {
            return false;
        }
    }
    
    public function login($username, $password) {
        if (strlen($username) > 3 && strlen($password) > 3) {
            $stmt = $this->sql->prepare("SELECT `id` , `username` , `password` 
                FROM `login`
                WHERE (
                    `username` = ?
                AND 
                    `password` = ?)"); 
            
            $stmt->bind_param('ss', $username, md5($password + Config::SALT));
            $stmt->execute();
            $stmt->store_result();
            
            if ($stmt->num_rows == 1) {
                $_SESSION['user'] = $username;
                $_SESSION['pass'] = md5($password + Config::SALT);
                return true;
            } else {
                return false;
            }
 
        } else {
            return false;
        }
    }
    
    public function logout() {
        unset($_SESSION['user']);
        unset($_SESSION['pass']);
        session_destroy();
    }
    
    public function __destruct() {
        $this->sql->close();
    }
}
 
?>
 
config.php

Code: Select all

 
<?php
class Config {
 
    const HOST  = 'localhost';
    const USER  = 'root';
    const PASS  = '';
    const DB    = 'andmed';
    const SALT  = 'ThisWillBeSalt';
}
 
?>
 
testlog.php

Code: Select all

 
<?php
require_once('Login.php');
$login = Login::getInstance();
 
if (isset($_POST['login'])) {
    if ($login->login($_POST['user'], $_POST['pass'])) {
        header('Location: mysqli_prep.php');
    } else {
        echo '<p>Problem with login</p>';
    }
}
?>
 
Login test
 
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>User: <input type="text" name="user" value="" /></p>
<p>Pass: <input type="password" name="pass" value="" /></p>
<p> <input type="submit" name="login" value="Log in" /></p>
</form>
 
I will attempt to store sessions in a a mysql database and get back to you.

Re: Login system, lets try and modify

Posted: Sun Oct 26, 2008 12:45 am
by josh
staar2 wrote:lets try and modify
no thanks?

Re: Login system, lets try and modify

Posted: Sun Oct 26, 2008 10:17 am
by staar2
and why not ?

Re: Login system, lets try and modify

Posted: Sun Oct 26, 2008 9:51 pm
by josh
I'll do it if you finish my website for me, only about 70,000 lines of code need to be written

All sarcasm aside you didn't say what you wanted to modify. This is a coding critique forum anyways, not the volunteer work forum.

Re: Login system, lets try and modify

Posted: Mon Oct 27, 2008 3:22 am
by staar2
phpserver wrote: I will attempt to store sessions in a a mysql database and get back to you.
Here is nice code for that http://www.nateklaiber.com/blog/2006/05 ... on-handler

Re: Login system, lets try and modify

Posted: Mon Oct 27, 2008 6:17 am
by josh
I see you edited your post, suggest ways to help to improve it I will.

granted the code presumably "works", the view logic is intertwined with the business logic, by that I mean its not MVC and that is one way it could be improved. Secondly your persistence layer is intertwined with the model ( the $login object's class ). Ideally your login object would not access the data source directly like that, and would allow different login adapters to be used to login from different sources. That may or may not be overkill for your design but those are 2 ways to improve the design, and where I would start.