|
|
Posted by Jerry Stuckle on 04/24/07 01:32
dylanhughes@gmail.com wrote:
> I'm looking for an example of a login system that has multiple fields
> (2 to be exact) + password. e.g username, company name and password,
> the user, company and password are checked against a mysql database. I
> have it working with just the username field but I'm confused on how
> to go about adding another field. I'm pretty new to PHP so don't beat
> me up too much for this example code, I borrowed and hacked it
> together in a very short period of time.
>
> Code:
>
> <?php
> include 'db.php';
> //Checks if there is a login cookie
>
> if(isset($_COOKIE['ID_user']))
>
>
> //if there is, it logs you in and directs you to the members page
> //shopname is used to select the correct database
> {
> $shopname = $_COOKIE['ID_fitsheetshop'];
> $username = $_COOKIE['ID_fitsheetuser'];
> $pass = $_COOKIE['Key_fitsheet'];
>
> $checkuser = mysql_query("SELECT * FROM users WHERE username =
> '$username'")or die(mysql_error());
> $checkshop = mysql_query("SELECT * FROM users WHERE shopname =
> '$shopname'")or die(mysql_error());
> while($info = mysql_fetch_array($checkuser))
> {
>
> if ($pass != $info['password'])
> {
> die('something is wrong');
> }
>
> else
> {
> header("Location: members.php");
> }
>
> }
>
> while($info = mysql_fetch_array($checkshop))
> {
>
> if ($pass != $info['password'])
> {
> die('something is wrong');
> }
>
> else
> {
> header("Location: members.php");
>
> }
>
> }
>
> }
>
>
> //if the login form is submitted
>
> if (isset($_POST['submit'])) { // if form has been submitted
>
>
> // makes sure they filled it in
>
> if(!$_POST['shopname'] | !$_POST['username'] | !$_POST['pass']) {
> die('You did not fill in a required field.');
> }
>
> // checks it against the database
>
> if (!get_magic_quotes_gpc()) {
> $_POST['username'] = addslashes($_POST['username']);
> $_POST['shopname'] = addslashes($_POST['shopname']);
> }
>
> $checkuser = mysql_query("SELECT * FROM users WHERE username = '".
> $_POST['username']."'")or die(mysql_error());
> $checkshop = mysql_query("SELECT * FROM users WHERE shopname = '".
> $_POST['shopname']."'")or die(mysql_error());
>
> //Gives error if user dosen't exist
>
> $check2 = mysql_num_rows($checkuser);
> if ($check2 == 0) {
> die('Something is wrong');
> }
>
> $check3 = mysql_num_rows($checkshop);
> if ($check3 == 0) {
> die('Something is wrong');
> }
>
> while($info = mysql_fetch_array($checkuser))
> while($info = mysql_fetch_array($checkshop))
> {
>
> $_POST['pass'] = stripslashes($_POST['pass']);
> $info['password'] = stripslashes($info['password']);
> $_POST['pass'] = md5($_POST['pass']);
>
> //gives error if the password is wrong
>
> if ($_POST['pass'] != $info['password']) {
> die('Something is wrong');
> }
>
> else
> {
> // if login is ok then we add a cookie
> $_POST['shopname'] = stripslashes($_POST['shopname']);
> $_POST['username'] = stripslashes($_POST['username']);
>
> $hour = time() + 3600;
> setcookie(ID_shop, $_POST['shopname'], $hour);
> setcookie(ID_user, $_POST['username'], $hour);
> setcookie(Key_shop, $_POST['pass'], $hour);
>
> //then redirect them to the members area
> header("Location: members.php");
>
> }
>
> }
>
> }
>
> else {
>
> // if they are not logged in
> //code removed for privacy
> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
> <table border="0">
> <tr><td colspan=2><h1>Login</h1></td></tr>
> <tr><td>Shop Name:</td><td>
> <input type="text" name="shopname" size="60" maxlength="60">
> <tr><td>Username:</td><td>
> <input type="text" name="username" size="2" maxlength="60">
> </td></tr>
> <tr><td>Password:</td><td>
> <input type="password" name="pass" maxlength="50">
> </td></tr>
> <tr><td colspan="2" align="right">
> <input type="submit" name="submit" value="Login">
> </td></tr>
> </table>
> </form>
> //code removed
> <?php
> }
>
>
> ?>
>
>
>
>
> Each company will have its own database, once the user logs in I was
> going to check their cookie for the company name and use that to
> select the correct database. Does anyone have any better ideas?
>
>
> Thanks for your time.
>
I don't know of any examples, but it's not too hard. But you need to
put everything in one SQL query, i.e. (Not checked for syntax)
$result = mysql_query("SELECT * FROM users WHERE username = " .
"'$username' AND shopname='$shopname' AND `password` = '$pass'");
if (mysql_rows($result) !< 1)
echo "User not found";
elseif (mysql_rows($result) > 1)
echo "This should not occur!");
else
// valid login here
The way you have it, you could have user 'abc' at shop 'acme shop' and
still be able to access shop 'widgets, inc.'.
Also, I wouldn't have a different table for every shop. It gets too
hard to manage. Rather, in your table have a column for the shop id and
filter on that.
For instance:
User table:
userid
pwd
shopid
Shop table:
shopid
shop Name
Data table:
shopid
(other information)
Of course, if you did it this way you'd have to adjust your SQL code
slightly - but it's much better than separate tables for each shop.
For more info on the DB design, try comp.database.mysql (or whatever
database you're using if not MySQL).
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|