Re: making FORM dissapear when successful login

[JHollis <jhollis@xxxxxxxxx>]

Will,

Thanks so much for all the time and effort you have put into making my 
code better.  I dont have time right now to really test all of this out, 
but when i do, if i have any questions about your modified code, i will 
be sure to ask you.

Again thanks!
Jason

Will Merrell wrote:
> On Tuesday, January 04, 2005 9:05 PM, JHollis wrote:
>
>
> > I had this code working the way i wanted it to (as far as
> > correct username and password allowing successful login)
> > ...but what i want to happen now is when a user
> > successfully logs it it will make the login
> > form disappear and just say successfully logged in or
> > welcome user and a link below it so they can log off and
> > make the form re-appear.
> > [and then he included some sample code]
>
>
>
> I am working on something similar, so I was intrigued at your question. I
> took the liberty of looking at your code and rewritting it somewhat. Here
> are my thoughts and my version.
>
> First, as someone else noted, it is best to do the login/logout logic at the
> top of the code because a lot of things in PHP require that they be done
> before any output is sent. So I find it is best to resolve all of that
> before I send any HTML.
>
> Second, I don't like to rely on side effects and data outside my control to
> determine my code logic. I perfer to figure out what I need and then set a
> variable of my own to use to steer my logic. So in this case I want to
> determine if I have a valid user and then set a variable to hold the state
> of the user. Then I can use that variable to steer my logic later in the
> code.
>
> Below is my version of your code. I have added session management so a user
> can stay logged on over multiple pages. This is demonstrated by the Reload
> button in the Content section.
>
> <!-- -------- Snippet ----------- -->
> <?php
>
>   // cleanup_text() protects against malicious users
>   // using POST values to insert dangerous code into
>   // your sql calls. All user supplied data should
>   // be filtered before being trusted.
>   function cleanup_text ($value)
>   {
>     return htmlspecialchars(strip_tags($value));
>   }
>
>   // logout closes a logged in user session. It is
>   // in a function because it is called in several
>   // places
>   function logout()
>   {
>     global $user;
>     global $userid;
>
>     unset($user);
>     $userid = 0;
>     session_destroy();
>   }
>
>
>   $userid = 0;        // contains the sql record id of
>                       // the logged in user. It can be
>                       // used to test if a user is
>                       // logged in. This assumes that
>                       // no valid record has an id of 0.
>
>   // Database connection code:
>   // Asumptions:
>   //    1) Using MySQL
>   //    2) user login info is contained in a table
>   //       called 'users'
>   //    3) 'users' contains a unique identifier field
>   //       called 'id' and it is numeric
>   //    4) 'users' contains a unique field
>   //       called 'username' and it is string type
>   //       (that is, each user has only one record
>   //       per'username' entry)
>   //    5) 'users' contains a string field called
>   //       'password'
>   //    6) the 'password' field contains the password
>   //       data encoded in md5 form. This is for added
>   //       security.
>
>   $db_username="root";
>   $db_password="";
>   $db="teamtrack";
>   $server="localhost";
>
>   $connect = mysql_connect($server,$db_username,$db_password);
>   if (!$connect)
>   {
>     die ("Error: could not connect to database<br />\n");
>   }
>   $select = mysql_select_db($db,$connect);
>   if (!$select)
>   {
>     die ("Error: could not select database $db<br />\n");
>   }
>
>   session_start();  // Start the session.
>
>   // Check to see if we are already logged in from some previous session.
>   if( isset($_SESSION['userid']) && $_SESSION['userid'] > 0 )
>   {
>     // Check to see if we are logging out.
>     if ( isset($_POST['login']) && $_POST['login'] == "Log Out" )
>     {
>       logout();
>     }
>     else
>     {
>       // if we were previously logged in and we are not
>       // logging out then set up the user's data
>       $userid = $_SESSION['userid'];
>       $sql = "select * from users where id=$userid";
>       $result = mysql_query($sql);
>       $user = mysql_fetch_object($result);
>       if (isset($user->id))
>       {
>         // The specified user was found in the database
>         $userid = $user->id;
>         $_SESSION['userid'] = $userid;
>       }
>       else
>       {
>         // The specified user was NOT found in the database
>         logout();
>       }
>     }
>   }
>   else
>   {
>     // We were NOT previously logged in, so check if this is a
>     // login request
>     if ( isset($_POST['login']) && $_POST['login'] == "Login" )
>     {
>       $sql = "select * from users where username='" .
>         cleanup_text ($_POST['username']) . "' and password=md5('" .
>         cleanup_text ($_POST['password']) . "')";
>       $result = mysql_query($sql);
>       $user = mysql_fetch_object($result);
>       if (isset($user->id))
>       {
>         // The specified user was found in the database
>         $userid = $user->id;
>         $_SESSION['userid'] = $userid;
>       }
>       else
>       {
>         // The specified user was NOT found in the database
>         logout();
>       }
>     }
>   }
>
> ?>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
>           "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
> <html>
>   <head>
>     <title>Test</title>
>     <link href="style.css" rel="stylesheet" type="text/css" />
>   </head>
>   <body>
>     <div id="container">
>       <div id="top">
>         <h1>Header</h1>
>       </div>
>       <div id="leftnav">
>         <p>Left Nav Box</p>
>         <p>
> <?php
>         // Check to see if we are logged in.
>         // Note: The logout button is put into a form so that it will
>         // be sent to the next page as a $_POST variable.
>         if ($userid > 0)
>         {
> ?>
>           Welcome, <b><?php echo $user->first_name; ?></b><br />
>           Your email address is: <b><?php echo $user->email_address;
> ?></b><br />
>           <form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
>             <input type="submit" name="login" value="Log Out">
>           </form>
>
> <?php
>         }
>         else
>         {
>           // Since we are not logged in, present the log in form.
> ?>
>           <form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
>             <input type="hidden" name="id">
>             <table border="1">
>               <tr>
>                 <td>Username:</td>
>                 <td><input class="input" size="20" type="text"
> name="username" value="<?php echo $username ?>"></td>
>               </tr>
>               <tr>
>                 <td>Password:</td>
>                 <td><input class="input" size="20" type="password"
> name="password"></td>
>               </tr>
>               <tr>
>                 <td>&nbsp;</td>
>                 <td><input type="submit" name="login" value="Login"></td>
>             </table>
>           </form>
> <?php
>         }
> ?>
>         </p>
>       </div>
> <?php
>       if ($userid > 0)
>       {
> ?>
>       <div id="rightnav" class="box">
>         <p>Right Nav Box</p>
>       </div>
> <?php
>       }
> ?>
>       <div id="content">
>         <h2>Page Content</h2>
>         <p>Blah, Blah, Blah</p>
>         <a href="<?php $_SERVER['PHP_SELF'] ?>">Reload</a>
>         <p>Blah, Blah, Blah</p>
>       </div>
>       <div id="footer">
>         <p>Today is <?php  echo( date("F dS Y.")); ?></p>
>       </div>
>     </div>
>   </body>
> </html>
> <!-- ------ end snippet --------- -->
>
> -- Will

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php