|
|
Posted by Vyoma on 07/30/06 06:23
This is quite a bit of problem I am facing, and I cannot point exactly
where I am going wrong. I have been lurking around at several forums
with regard to login and user authentication scripts and I have got as
far as this:
- Starting a session
- Registering a session variable
- Using the variable to check if the user is authenticated or not.
- Authenticating the user through MySQL database
- Logging of the user, by setting the session variable to
un-authenticated
I have been able to achive the following things too that I think is not
related to this problem:
- Encapsulate the database handling to a seperate source file
- Use a templating system of my own.
- Handle everything in only one page using the querying through URL
(this is my requirement due to the templating system I use) - I want
only one file (index.php) to be called with appropriate action requests
(?q=login or ?q=logout)
Here is the code I have so far:
----------------------------------------------------------------------------------------------------------
<?php
session_start();
session_register('auth');
require_once('database.inc');
// These $d_<something> variables will be placed in the template
$d_html_head = 'Some portal DART';
$d_header = 'The header - DART';
$d_status = NULL;
$d_content = NULL;
$d_nav = '<h2>Link set 1</h2><ul><li><a href="#">Link 1</a></li><li><a
href="#">Link 2</a></li><li><a href="#">Link 3</a></li></ul><h2>Link
set 2</h2><ul><li><a href="#">Link 4</a></li><li><a href="#">Link
5</a></li><li><a href="#">Link 6</a></li></ul><h2>Link set
3</h2><ul><li><a href="#">Link 7</a></li><li><a href="#">Link
8</a></li><li><a href="#">Link 9</a></li></ul>';
$d_footer = 'copyright info';
$q = '';
// Database handling part
$dartdb = new dbhandler;
$connection = $dartdb->setconnection( 'dbadmin', 'dbpassword',
'localhost');
if(!$connection)
$d_status .= "Unable to get a connection <BR /> $dartdb->errorstring
<BR />";
$connection = $dartdb->setdatabase('dartdb');
if(!$connection)
$d_status .= "Unable to select DART database <BR />
$dartdb->errorstring <BR />";
if ( isset($_GET['q']) )
$q = $_GET['q'];
if ( $q == 'login')
{
// Check the 'user' and 'pass' against database and set
// 'auth' based on the result
$loginmessage = "The Employee number or the password given is wrong.
Please try again.";
$_SERVER['auth'] = 'NO';
$user = NULL;
$pass = NULL;
$user = $_POST['user'];
$pass = $_POST['pass'];
$query = "SELECT * FROM dart_emp WHERE empid = '".$user."'";
$dartdb->query($query);
if ( $user != NULL && $dartdb->result != NULL )
{
$array = $dartdb->fetch_object();
if( isset($array->empid)
&& $array->empid == $user
&& $array->password == $pass )
{
$loginmessage = "Login successful.";
$_SERVER['auth'] = 'YES';
}
}
$d_status .= $loginmessage;
}
else if ($q == 'logout')
{
// User has logged out. Hence set the 'auth' to 'NO'
$_SERVER['auth'] = 'NO';
$d_status .= 'Logged out. <BR />';
}
if( isset($_SERVER['auth']) && $_SERVER['auth'] == 'YES' )
{
$d_status .= 'Authorized access <BR />';
$d_content .= 'Content, content. <BR />Logout <A
href="?q=logout">link</A>.';
}
else
{
//Show the login form
if ($q != 'logout')
$d_status .= 'Not logged in. <BR />';
$d_content .= '<form action="?q=login" method="post" name="login">
Employee Number: <input type="text" name="user" size="6"
maxlength="6" id="user" /> <BR />
Password: <input type="password" name="pass" size="30" maxlength="30"
id="pass" /> <BR />
<input type="submit" name="login" value="Login" id="login" />
</form>';
}
// This is the templating system I use. The above $d_<something>
values
// are replaced in the appropriate places
require 'template/page.tpl';
?>
----------------------------------------------------------------------------------------------------------
Now, here is my problem. Once I log in, the URL will be:
http://localhost/index.php?=login
After successful login, it will show the content.
Now, if I type the http://locahost/index.php, it should still be
showing the content. But it does not. For some reason, I am loosing
the $_SERVER['auth'] variable. I am not sure, where in the flow I am
doing wrong.
Could some one please check this up and let me know what I am doing
wrong, or what more should I be including?
Please let me know, if you need anything more, or want me to explain
why I put the code as I put it there.
Regards,
Mahesh a.k.a Vyoma
http://k.mahesh.bhat.googlepages.com
Navigation:
[Reply to this message]
|