|
|
Posted by Jerry Stuckle on 01/29/08 19:38
Steve wrote:
> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
> news:XdadneMF3qDgmALanZ2dnUVZ_sLinZ2d@comcast.com...
>> white lightning wrote:
>>> Here is my login code. As I said earlier, it works perfect in
>>> localhost but not in web hosting server... Perhaps it's something to
>>> do with something else.. Not sure if i could attach files here...
>>> otherwise i could have sent more codes....
>>>
>>> class User {
>>> function User(&$db) {
>>> $this->db = $db;
>>> }
>>>
>>> function session_defaults() {
>>> $_SESSION['logged'] = false;
>>> $_SESSION['uid'] = 0;
>>> $_SESSION['username'] = '';
>>> $_SESSION['cookie'] = 0;
>>> $_SESSION['remember'] = false;
>>> }
>>>
>>> function _checkLogin($username, $password, $remember = false) {
>>> $username = mysql_escape_string($username);
>>> $password = $password;
>>> $sql = "SELECT * FROM member WHERE username = '$username' AND
>>> password = '$password'";
>>> $result = mysql_query($sql) or die("Could not select");
>>> $return_result = mysql_fetch_assoc($result);
>>> if (mysql_num_rows($result)) {
>>> if ($this->_setSession($return_result, $remember)) {
>>> return $return_result['username'];
>>> }
>>> } else {
>>> $this->failed = true;
>>> $this->_logout();
>>> return false;
>>> }
>>> }
>>>
>>>
>>> function _setSession(&$values, $remember, $init = true) {
>>> $this->id = $values['member_id'];
>>> $_SESSION['uid'] = $this->id;
>>> $_SESSION['username'] = htmlspecialchars($values['username']);
>>> $_SESSION['cookie'] = $values['cookie'];
>>> $_SESSION['logged'] = true;
>>> echo "session_logged: ".$_SESSION['logged'];
>>> if ($remember) {
>>> $this->updateCookie($values['cookie'], true);
>>> }
>>> if ($init) {
>>> $session = session_id();
>>> $ip = $_SERVER['REMOTE_ADDR'];
>>>
>>> $sql = "UPDATE member SET session = '$session', ip = '$ip' WHERE
>>> member_id = '$this->id'";
>>> mysql_query($sql);
>>> return true;
>>> }
>>> }
>>>
>>> function _logout() {
>>> $query = "UPDATE member SET cookie='', session='', ip='' WHERE
>>> member_id='{$_SESSION['uid']}'";
>>> mysql_query($query) or die("Could not select");
>>>
>>> $_SESSION['logged'] = false;
>>> $_SESSION = array();
>>> session_destroy();
>>> return true;
>>> }
>>> }
>>>
>> OK, you show us maybe 1/2 the code you use to do it. I'm sure there is
>> more to it than this.
>
> not really much more needed...this stuff is not what i'd call well written
> though.
>
> for the OP, check to make sure your isp/host is having php store session
> information on the server's side rather than client-side.
>
I don't know of any hosts which store session data client-side.
> as for the code, your class has several members/interfaces that are not
> defined...i.e id, db, etc.. to be clear and gain other php features, you
> need to declare them in your class. also, your class is not decoupled from
> your db implementation. however, the big killer is that ALL your pertanent,
> supposedly secure user information is stored and accessed via $_SESSION.
> that should be the primary use of your user class...not to simply run
> queries. you need to be forcing any caller to access user information -
> where the user class is in complete control.
>
$db is defined in the constructor.
> btw, we know for a fact that this is not your complete working code...or
> else $this->updateCookie would explode in your browser. oh, and one more
> thought...you do know that _interfaceName is typically always/only used to
> denote that the interface has class-only scope? that's not just a php thing
> either. i can't imagine that session_defaults is the only function used by a
> caller, i mean, how would you log in/out anyone. :)
>
>
>
As I said - the complete code is not there, so we don't know what's
going on.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
[Back to original message]
|