hey Dallas,
have you thought about breaking this up and making two seperate
functions one the checks the cookie and one that checks the session
information? I'm not sure if that is what you were looking for as far
as an answer but it might be a good start.
On 4/4/06, Dallas Cahker <christmasfruitcake@xxxxxxxxx> wrote:
> I've been looking at this code for a few hours now and I get the nagging
> feeling that I am overcomplicating something, something I never ever do. I
> have a login that puts some information on the session, and if the customer
> wants they can ask to be remembered, the cookie is given the customers user
> name and another cookie stores a unique id, similar to a password I could do
> the password in a cookie as its md5 encrypted, but I went with an a unique
> id which is store in the user db.
>
> Anyway here is what I am trying to do with the code below. The authorized
> user section requires 4 pieces of information, userid, password, username
> and user level, a person who logs in each time gets that information
> assigned to their session, that part works *knock on wood* perfectly. When
> a customer says "remember me" they go away and come back a while later they
> are remembered, so that part works perfectly, however I need to get the
> persons information and put that on the session, however I would like the
> function to behave in such a way as to not overwrite the information each
> time the page load. So for example the cookie is read the information is
> valid, the query to the db, the information set to the session. You might
> wonder why I dont set the userlevel to the cookie, well I dont want someone
> changing the value of a cookie and getting admin access, which reminds me I
> should add that as a check.
> Thats about it. getCookieInfo() the function inside the checkLogin function
> just looks up the information for the cookie in the db. I know that someone
> is going to say something really simple that I am going to slap my forehead
> over, I would like to thank that person before hand.
>
> function checkLogin () {
> /* Check if user has been remembered */
> if (isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])) {
> if (!isset($_SESSION['name']) && !isset($_SESSION['id']) &&
> !isset($_SESSION['level']) && !isset($_SESSION['password'])) {
> $cookieInfo=getCookieInfo($_COOKIE['cookname'], $_COOKIE['cookid']);
> if ($cookieInfo==0) {
> return 0;
> }
> if ($cookieInfo==1) {
> setcookie("cookname", "", time()-60*60*24*100, "/");
> setcookie("cookid", "", time()-60*60*24*100, "/");
> return 1;
> }
> if ($cookieInfo==2) {
> setcookie("cookname", "", time()-60*60*24*100, "/");
> setcookie("cookid", "", time()-60*60*24*100, "/");
> return 2;
> }
> }
> }
>
> if (isset($_SESSION['name']) && isset($_SESSION['id']) &&
> isset($_SESSION['level']) && isset($_SESSION['password'])) {
> if (loginUser($_SESSION['username'], $_SESSION['password'],'') != 1) {
> unset($_SESSION['name']);
> unset($_SESSION['id']);
> unset($_SESSION['level']);
> unset($_SESSION['password']);
> $_SESSION = array(); // reset session array
> session_destroy(); // destroy session.
> // incorrect information, user not logged in
> return 0;
> }
> // information valid, user okay
> return 1;
> } else {
> // user not logged in
> return 2;
> }
> }
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
