Posted by JHollis on 01/09/05 22:35

Will,

Thanks so much for all the time and effort you have put into making my
code better. I dont have time right now to really test all of this out,
but when i do, if i have any questions about your modified code, i will
be sure to ask you.

Again thanks!
Jason

Will Merrell wrote:
> On Tuesday, January 04, 2005 9:05 PM, JHollis wrote:
>
>
>>I had this code working the way i wanted it to (as far as
>>correct username and password allowing successful login)
>>...but what i want to happen now is when a user
>>successfully logs it it will make the login
>>form disappear and just say successfully logged in or
>>welcome user and a link below it so they can log off and
>>make the form re-appear.
>>[and then he included some sample code]
>
>
>
> I am working on something similar, so I was intrigued at your question. I
> took the liberty of looking at your code and rewritting it somewhat. Here
> are my thoughts and my version.
>
> First, as someone else noted, it is best to do the login/logout logic at the
> top of the code because a lot of things in PHP require that they be done
> before any output is sent. So I find it is best to resolve all of that
> before I send any HTML.
>
> Second, I don't like to rely on side effects and data outside my control to
> determine my code logic. I perfer to figure out what I need and then set a
> variable of my own to use to steer my logic. So in this case I want to
> determine if I have a valid user and then set a variable to hold the state
> of the user. Then I can use that variable to steer my logic later in the
> code.
>
> Below is my version of your code. I have added session management so a user
> can stay logged on over multiple pages. This is demonstrated by the Reload
> button in the Content section.
>
> <!-- -------- Snippet ----------- -->
> <?php
>
> // cleanup_text() protects against malicious users
> // using POST values to insert dangerous code into
> // your sql calls. All user supplied data should
> // be filtered before being trusted.
> function cleanup_text ($value)
> {
> return htmlspecialchars(strip_tags($value));
> }
>
> // logout closes a logged in user session. It is
> // in a function because it is called in several
> // places
> function logout()
> {
> global $user;
> global $userid;
>
> unset($user);
> $userid = 0;
> session_destroy();
> }
>
>
> $userid = 0; // contains the sql record id of
> // the logged in user. It can be
> // used to test if a user is
> // logged in. This assumes that
> // no valid record has an id of 0.
>
> // Database connection code:
> // Asumptions:
> // 1) Using MySQL
> // 2) user login info is contained in a table
> // called 'users'
> // 3) 'users' contains a unique identifier field
> // called 'id' and it is numeric
> // 4) 'users' contains a unique field
> // called 'username' and it is string type
> // (that is, each user has only one record
> // per'username' entry)
> // 5) 'users' contains a string field called
> // 'password'
> // 6) the 'password' field contains the password
> // data encoded in md5 form. This is for added
> // security.
>
> $db_username="root";
> $db_password="";
> $db="teamtrack";
> $server="localhost";
>
> $connect = mysql_connect($server,$db_username,$db_password);
> if (!$connect)
> {
> die ("Error: could not connect to database<br />\n");
> }
> $select = mysql_select_db($db,$connect);
> if (!$select)
> {
> die ("Error: could not select database $db<br />\n");
> }
>
> session_start(); // Start the session.
>
> // Check to see if we are already logged in from some previous session.
> if( isset($_SESSION['userid']) && $_SESSION['userid'] > 0 )
> {
> // Check to see if we are logging out.
> if ( isset($_POST['login']) && $_POST['login'] == "Log Out" )
> {
> logout();
> }
> else
> {
> // if we were previously logged in and we are not
> // logging out then set up the user's data
> $userid = $_SESSION['userid'];
> $sql = "select * from users where id=$userid";
> $result = mysql_query($sql);
> $user = mysql_fetch_object($result);
> if (isset($user->id))
> {
> // The specified user was found in the database
> $userid = $user->id;
> $_SESSION['userid'] = $userid;
> }
> else
> {
> // The specified user was NOT found in the database
> logout();
> }
> }
> }
> else
> {
> // We were NOT previously logged in, so check if this is a
> // login request
> if ( isset($_POST['login']) && $_POST['login'] == "Login" )
> {
> $sql = "select * from users where username='" .
> cleanup_text ($_POST['username']) . "' and password=md5('" .
> cleanup_text ($_POST['password']) . "')";
> $result = mysql_query($sql);
> $user = mysql_fetch_object($result);
> if (isset($user->id))
> {
> // The specified user was found in the database
> $userid = $user->id;
> $_SESSION['userid'] = $userid;
> }
> else
> {
> // The specified user was NOT found in the database
> logout();
> }
> }
> }
>
> ?>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
> <html>
> <head>
> <title>Test</title>
> <link href="style.css" rel="stylesheet" type="text/css" />
> </head>
> <body>
> <div id="container">
> <div id="top">
> <h1>Header</h1>
> </div>
> <div id="leftnav">
> <p>Left Nav Box</p>
> <p>
> <?php
> // Check to see if we are logged in.
> // Note: The logout button is put into a form so that it will
> // be sent to the next page as a $_POST variable.
> if ($userid > 0)
> {
> ?>
> Welcome, <b><?php echo $user->first_name; ?></b><br />
> Your email address is: <b><?php echo $user->email_address;
> ?></b><br />
> <form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
> <input type="submit" name="login" value="Log Out">
> </form>
>
> <?php
> }
> else
> {
> // Since we are not logged in, present the log in form.
> ?>
> <form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
> <input type="hidden" name="id">
> <table border="1">
> <tr>
> <td>Username:</td>
> <td><input class="input" size="20" type="text"
> name="username" value="<?php echo $username ?>"></td>
> </tr>
> <tr>
> <td>Password:</td>
> <td><input class="input" size="20" type="password"
> name="password"></td>
> </tr>
> <tr>
> <td>&nbsp;</td>
> <td><input type="submit" name="login" value="Login"></td>
> </table>
> </form>
> <?php
> }
> ?>
> </p>
> </div>
> <?php
> if ($userid > 0)
> {
> ?>
> <div id="rightnav" class="box">
> <p>Right Nav Box</p>
> </div>
> <?php
> }
> ?>
> <div id="content">
> <h2>Page Content</h2>
> <p>Blah, Blah, Blah</p>
> <a href="<?php $_SERVER['PHP_SELF'] ?>">Reload</a>
> <p>Blah, Blah, Blah</p>
> </div>
> <div id="footer">
> <p>Today is <?php echo( date("F dS Y.")); ?></p>
> </div>
> </div>
> </body>
> </html>
> <!-- ------ end snippet --------- -->
>
> -- Will

[Back to original message]