|
|
Posted by Steve on 01/29/08 14:50
"Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
news:XdadneMF3qDgmALanZ2dnUVZ_sLinZ2d@comcast.com...
> white lightning wrote:
>> Here is my login code. As I said earlier, it works perfect in
>> localhost but not in web hosting server... Perhaps it's something to
>> do with something else.. Not sure if i could attach files here...
>> otherwise i could have sent more codes....
>>
>> class User {
>> function User(&$db) {
>> $this->db = $db;
>> }
>>
>> function session_defaults() {
>> $_SESSION['logged'] = false;
>> $_SESSION['uid'] = 0;
>> $_SESSION['username'] = '';
>> $_SESSION['cookie'] = 0;
>> $_SESSION['remember'] = false;
>> }
>>
>> function _checkLogin($username, $password, $remember = false) {
>> $username = mysql_escape_string($username);
>> $password = $password;
>> $sql = "SELECT * FROM member WHERE username = '$username' AND
>> password = '$password'";
>> $result = mysql_query($sql) or die("Could not select");
>> $return_result = mysql_fetch_assoc($result);
>> if (mysql_num_rows($result)) {
>> if ($this->_setSession($return_result, $remember)) {
>> return $return_result['username'];
>> }
>> } else {
>> $this->failed = true;
>> $this->_logout();
>> return false;
>> }
>> }
>>
>>
>> function _setSession(&$values, $remember, $init = true) {
>> $this->id = $values['member_id'];
>> $_SESSION['uid'] = $this->id;
>> $_SESSION['username'] = htmlspecialchars($values['username']);
>> $_SESSION['cookie'] = $values['cookie'];
>> $_SESSION['logged'] = true;
>> echo "session_logged: ".$_SESSION['logged'];
>> if ($remember) {
>> $this->updateCookie($values['cookie'], true);
>> }
>> if ($init) {
>> $session = session_id();
>> $ip = $_SERVER['REMOTE_ADDR'];
>>
>> $sql = "UPDATE member SET session = '$session', ip = '$ip' WHERE
>> member_id = '$this->id'";
>> mysql_query($sql);
>> return true;
>> }
>> }
>>
>> function _logout() {
>> $query = "UPDATE member SET cookie='', session='', ip='' WHERE
>> member_id='{$_SESSION['uid']}'";
>> mysql_query($query) or die("Could not select");
>>
>> $_SESSION['logged'] = false;
>> $_SESSION = array();
>> session_destroy();
>> return true;
>> }
>> }
>>
>
> OK, you show us maybe 1/2 the code you use to do it. I'm sure there is
> more to it than this.
not really much more needed...this stuff is not what i'd call well written
though.
for the OP, check to make sure your isp/host is having php store session
information on the server's side rather than client-side.
as for the code, your class has several members/interfaces that are not
defined...i.e id, db, etc.. to be clear and gain other php features, you
need to declare them in your class. also, your class is not decoupled from
your db implementation. however, the big killer is that ALL your pertanent,
supposedly secure user information is stored and accessed via $_SESSION.
that should be the primary use of your user class...not to simply run
queries. you need to be forcing any caller to access user information -
where the user class is in complete control.
btw, we know for a fact that this is not your complete working code...or
else $this->updateCookie would explode in your browser. oh, and one more
thought...you do know that _interfaceName is typically always/only used to
denote that the interface has class-only scope? that's not just a php thing
either. i can't imagine that session_defaults is the only function used by a
caller, i mean, how would you log in/out anyone. :)
Navigation:
[Reply to this message]
|