|
|
Posted by Steve on 01/29/08 19:43
"Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
news:y66dnRrY6-eMHALanZ2dnUVZ_vDinZ2d@comcast.com...
> Steve wrote:
>> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
>> news:XdadneMF3qDgmALanZ2dnUVZ_sLinZ2d@comcast.com...
>>> white lightning wrote:
>>>> Here is my login code. As I said earlier, it works perfect in
>>>> localhost but not in web hosting server... Perhaps it's something to
>>>> do with something else.. Not sure if i could attach files here...
>>>> otherwise i could have sent more codes....
>>>>
>>>> class User {
>>>> function User(&$db) {
>>>> $this->db = $db;
>>>> }
>>>>
>>>> function session_defaults() {
>>>> $_SESSION['logged'] = false;
>>>> $_SESSION['uid'] = 0;
>>>> $_SESSION['username'] = '';
>>>> $_SESSION['cookie'] = 0;
>>>> $_SESSION['remember'] = false;
>>>> }
>>>>
>>>> function _checkLogin($username, $password, $remember = false) {
>>>> $username = mysql_escape_string($username);
>>>> $password = $password;
>>>> $sql = "SELECT * FROM member WHERE username = '$username' AND
>>>> password = '$password'";
>>>> $result = mysql_query($sql) or die("Could not select");
>>>> $return_result = mysql_fetch_assoc($result);
>>>> if (mysql_num_rows($result)) {
>>>> if ($this->_setSession($return_result, $remember)) {
>>>> return $return_result['username'];
>>>> }
>>>> } else {
>>>> $this->failed = true;
>>>> $this->_logout();
>>>> return false;
>>>> }
>>>> }
>>>>
>>>>
>>>> function _setSession(&$values, $remember, $init = true) {
>>>> $this->id = $values['member_id'];
>>>> $_SESSION['uid'] = $this->id;
>>>> $_SESSION['username'] = htmlspecialchars($values['username']);
>>>> $_SESSION['cookie'] = $values['cookie'];
>>>> $_SESSION['logged'] = true;
>>>> echo "session_logged: ".$_SESSION['logged'];
>>>> if ($remember) {
>>>> $this->updateCookie($values['cookie'], true);
>>>> }
>>>> if ($init) {
>>>> $session = session_id();
>>>> $ip = $_SERVER['REMOTE_ADDR'];
>>>>
>>>> $sql = "UPDATE member SET session = '$session', ip = '$ip' WHERE
>>>> member_id = '$this->id'";
>>>> mysql_query($sql);
>>>> return true;
>>>> }
>>>> }
>>>>
>>>> function _logout() {
>>>> $query = "UPDATE member SET cookie='', session='', ip='' WHERE
>>>> member_id='{$_SESSION['uid']}'";
>>>> mysql_query($query) or die("Could not select");
>>>>
>>>> $_SESSION['logged'] = false;
>>>> $_SESSION = array();
>>>> session_destroy();
>>>> return true;
>>>> }
>>>> }
>>>>
>>> OK, you show us maybe 1/2 the code you use to do it. I'm sure there is
>>> more to it than this.
>>
>> not really much more needed...this stuff is not what i'd call well
>> written though.
>>
>> for the OP, check to make sure your isp/host is having php store session
>> information on the server's side rather than client-side.
>>
>
> I don't know of any hosts which store session data client-side.
rare, but worth checking.
>> as for the code, your class has several members/interfaces that are not
>> defined...i.e id, db, etc.. to be clear and gain other php features, you
>> need to declare them in your class. also, your class is not decoupled
>> from your db implementation. however, the big killer is that ALL your
>> pertanent, supposedly secure user information is stored and accessed via
>> $_SESSION. that should be the primary use of your user class...not to
>> simply run queries. you need to be forcing any caller to access user
>> information - where the user class is in complete control.
>>
>
> $db is defined in the constructor.
yet is definitively mysql...and thus, not loosely coupled.
>> btw, we know for a fact that this is not your complete working code...or
>> else $this->updateCookie would explode in your browser. oh, and one more
>> thought...you do know that _interfaceName is typically always/only used
>> to denote that the interface has class-only scope? that's not just a php
>> thing either. i can't imagine that session_defaults is the only function
>> used by a caller, i mean, how would you log in/out anyone. :)
>
> As I said - the complete code is not there, so we don't know what's going
> on.
exactly.
Navigation:
[Reply to this message]
|