I wrote an authentication class in php4. The sessions dont seem to be
working with internet explorer, just with FF. here is the code below,
a cookies notice pops up when you try and login:
<?php
class auth {
var $UserID;
var $AdminLevel;
var $FirstName;
var $LastName;
var $DateAdded;
var $MobileTelephone;
var $LandLineTelephone;
// Connect to the database
function auth() {
mysql_connect('','','') or die('ERROR: Could not connect to
database');
mysql_select_db('') or die('ERROR: Could not select database');
}
// Attempt to login a user
function CheckValidUser($Email,$Password) {
$result = mysql_query('SELECT * FROM Users');
$Password = $this->encode($Password);
if (mysql_num_rows($result) != 0) {
while($row = mysql_fetch_assoc($result)) {
if (!strcmp($row['Email'],$Email)) {
if (!strcmp($row['Password'],$Password)) {
// User info stored in Globals
$this->UserID = $row['ID'];
$this->AdminLevel = $row['Admin_Level'];
$this->FirstName = $row['First_Name'];
$this->LastName = $row['Last_Name'];
$this->DateAdded = $row['Date_Added'];
$this->MobileTelephone = $row['Telephone_Mobile'];
$this->LandLineTelephone = $row['Telephone_Land_Line'];
// User info stored in Sessions
session_start();
$_SESSION['Status'] = "loggedIn";
$_SESSION['Email'] = $row['Email'];
$_SESSION['AdminLevel'] = $row['Admin_Level'];
$_SESSION['LandLine'] = $row['Telephone_Land_Line'];
$_SESSION['MobileTelephone'] = $row['Telephone_Mobile'];
$_SESSION['FirstName'] = $row['First_Name'];
$_SESSION['LastName'] = $row['Last_Name'];
return true;
}
}
}
header("Location: index.php?error=invalidLogin");
} else {
die('ERROR: No Users in the database!');
}
}
// Create a new user account
function CreateUser($Email, $Password, $AdminLevel,
$LandLineTelephone, $MobileTelephone, $FirstName, $LastName) {
$Password = $this->encode($Password);
$this->AccessLevel = $AdminLevel;
$DateAdded = date("Y-m-d H:i:s");
mysql_query("INSERT INTO Users (Email, Password, Admin_Level,
Date_Added, First_Name, Last_Name, Telephone_Land_Line,
Telephone_Mobile) VALUES ('$Email','$Password','$AdminLevel',
'$DateAdded', '$FirstName', '$LastName', '$LandLineTelephone',
'$MobileTelephone')") or die(mysql_error());
return $this->UserID = mysql_insert_id();
}
// Update a users access level
function UpdateAccessLevel($ID,$AdminLevel) {
mysql_query("UPDATE Users SET Admin_Level='$AdminLevel' WHERE ID=
$ID") or die(mysql_error());
return true;
}
// Delete a user
function DeleteUser($ID) {
mysql_query("DELETE FROM Users WHERE ID=$ID") or die(mysql_error());
return true;
}
// Get a users access level
function GetAccessLevel() {
return $this->AccessLevel;
}
// Get a users ID
function GetUserID() {
return $this->UserID;
}
// Log user out
function LogOut() {
session_start();
session_unset();
session_destroy();
header("Location: index.php");
}
// Check users access level to see if they have clearance for a
certain page
function CheckUserLevel($RequiredLevel) {
if ($_SESSION['AdminLevel'] < $RequiredLevel) {
if ($_SESSION['AdminLevel'] == 2) {
header("Location: financial.php");
} else if ($_SESSION['AdminLevel'] == 1) {
header("Location: user.php");
} else {
header("Location: index.php");
}
}
}
// Check to see if a user is logged in
function CheckLoggedIn() {
session_start();
if ($_SESSION['Status'] != "loggedIn") {
header("Location: index.php");
}
}
// Private Methods
function encode($str) {
return md5(base64_encode($str));
}
}
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
