|
|
Posted by dawnerd on 07/30/06 08:05
Vyoma wrote:
> This is quite a bit of problem I am facing, and I cannot point exactly
> where I am going wrong. I have been lurking around at several forums
> with regard to login and user authentication scripts and I have got as
> far as this:
>
> - Starting a session
> - Registering a session variable
> - Using the variable to check if the user is authenticated or not.
> - Authenticating the user through MySQL database
> - Logging of the user, by setting the session variable to
> un-authenticated
>
> I have been able to achive the following things too that I think is not
> related to this problem:
> - Encapsulate the database handling to a seperate source file
> - Use a templating system of my own.
> - Handle everything in only one page using the querying through URL
> (this is my requirement due to the templating system I use) - I want
> only one file (index.php) to be called with appropriate action requests
> (?q=login or ?q=logout)
>
> Here is the code I have so far:
>
> ----------------------------------------------------------------------------------------------------------
>
> <?php
> session_start();
> session_register('auth');
>
> require_once('database.inc');
>
> // These $d_<something> variables will be placed in the template
> $d_html_head = 'Some portal DART';
> $d_header = 'The header - DART';
> $d_status = NULL;
> $d_content = NULL;
> $d_nav = '<h2>Link set 1</h2><ul><li><a href="#">Link 1</a></li><li><a
> href="#">Link 2</a></li><li><a href="#">Link 3</a></li></ul><h2>Link
> set 2</h2><ul><li><a href="#">Link 4</a></li><li><a href="#">Link
> 5</a></li><li><a href="#">Link 6</a></li></ul><h2>Link set
> 3</h2><ul><li><a href="#">Link 7</a></li><li><a href="#">Link
> 8</a></li><li><a href="#">Link 9</a></li></ul>';
> $d_footer = 'copyright info';
>
>
> $q = '';
>
> // Database handling part
> $dartdb = new dbhandler;
> $connection = $dartdb->setconnection( 'dbadmin', 'dbpassword',
> 'localhost');
> if(!$connection)
> $d_status .= "Unable to get a connection <BR /> $dartdb->errorstring
> <BR />";
> $connection = $dartdb->setdatabase('dartdb');
> if(!$connection)
> $d_status .= "Unable to select DART database <BR />
> $dartdb->errorstring <BR />";
>
>
> if ( isset($_GET['q']) )
> $q = $_GET['q'];
> if ( $q == 'login')
> {
> // Check the 'user' and 'pass' against database and set
> // 'auth' based on the result
> $loginmessage = "The Employee number or the password given is wrong.
> Please try again.";
> $_SERVER['auth'] = 'NO';
>
> $user = NULL;
> $pass = NULL;
> $user = $_POST['user'];
> $pass = $_POST['pass'];
>
>
> $query = "SELECT * FROM dart_emp WHERE empid = '".$user."'";
> $dartdb->query($query);
> if ( $user != NULL && $dartdb->result != NULL )
> {
> $array = $dartdb->fetch_object();
> if( isset($array->empid)
> && $array->empid == $user
> && $array->password == $pass )
> {
> $loginmessage = "Login successful.";
> $_SERVER['auth'] = 'YES';
> }
> }
> $d_status .= $loginmessage;
> }
> else if ($q == 'logout')
> {
> // User has logged out. Hence set the 'auth' to 'NO'
> $_SERVER['auth'] = 'NO';
> $d_status .= 'Logged out. <BR />';
> }
>
> if( isset($_SERVER['auth']) && $_SERVER['auth'] == 'YES' )
> {
> $d_status .= 'Authorized access <BR />';
> $d_content .= 'Content, content. <BR />Logout <A
> href="?q=logout">link</A>.';
> }
> else
> {
> //Show the login form
> if ($q != 'logout')
> $d_status .= 'Not logged in. <BR />';
> $d_content .= '<form action="?q=login" method="post" name="login">
> Employee Number: <input type="text" name="user" size="6"
> maxlength="6" id="user" /> <BR />
> Password: <input type="password" name="pass" size="30" maxlength="30"
> id="pass" /> <BR />
> <input type="submit" name="login" value="Login" id="login" />
> </form>';
> }
>
> // This is the templating system I use. The above $d_<something>
> values
> // are replaced in the appropriate places
> require 'template/page.tpl';
> ?>
>
> ----------------------------------------------------------------------------------------------------------
>
> Now, here is my problem. Once I log in, the URL will be:
> http://localhost/index.php?=login
>
> After successful login, it will show the content.
> Now, if I type the http://locahost/index.php, it should still be
> showing the content. But it does not. For some reason, I am loosing
> the $_SERVER['auth'] variable. I am not sure, where in the flow I am
> doing wrong.
>
> Could some one please check this up and let me know what I am doing
> wrong, or what more should I be including?
>
> Please let me know, if you need anything more, or want me to explain
> why I put the code as I put it there.
>
> Regards,
> Mahesh a.k.a Vyoma
> http://k.mahesh.bhat.googlepages.com
I was having this problem too, and still am, but I think it is more of
my computer than anything. Also, I hope you check your posted data
before using it in your sql.
Navigation:
[Reply to this message]
|