Re: Is this the best way?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Just to warn you... I've been up for about 30 minutes and I'm still on my first shot of caffeine... Sorry if things don't make 100% sense :)


On Mar 18, 2008, at 10:27 PM, Jochem Maas wrote:

Jason Pruim schreef:
On Mar 18, 2008, at 3:20 PM, Jochem Maas wrote:
what started out as a simple little reply bloated out into an inpromptu brain
fart ... lots of bla .. enjoy :-)

Jason Pruim schreef:
Hi everyone,
I am attempting to add a little error checking for a very simple login system. The info is stored in a MySQL database, and I am using mysqli to connect to it. I have it working with the solution provided below, but I am wondering if this is the right way to do it or if there is a better way?

at an abstract level you might consider that your function could simply always return a boolean (true = logged in, false = not logged in) and that the
rest of the application retrieves all the other data via the session
(as opposed to returning half the data and storing half in the session)
I think this is what I am attempting to do... Just going about it all wrong...

start from scratch again?

By the time I'm ready to release this, I'll have 50 versions :)


I want the pages to check to see if the person is still logged in and if they are, then it's pulling live data from the database... So maybe I should edit my authentication function...

maybe.
there are two different things being confused:

1. checking logged in state.
2. attempting to login.

Would it make sense to set up a function to see if they are authenticated, and if they aren't, have it call the authentication function?


function getUserData()
{
	if (isAuthenticatedUser())
		return $_SESSION['user']['data'];

	return null;
}

function isAuthenticatedUser()
{
return (isset($_SESSION['user']['authenticated']) && $_SESSION['user']['authenticated']);
}

function authenticateUser($u, $p, $cc = false)
{
	if (($iau = isAuthenticatedUser()) && !$cc)
		throw Exception('Already logged in!');

	$cmd = $iau ? 'verify account' : 'login';

I've seen these kinds of things in other scripts that I've looked at, but don't totally understand what the : does between 2 options...


	if (!($p = trim($p)) || !($u = trim($u)))
		throw Exception('Cannot '.$cmd.' without credentials!');


	$p = mysql_real_escape_string($p);
	$u = mysql_real_escape_string($u);

if (!($res = mysql_query("SELECT * FROM `users` WHERE 'pwd'='$p' AND `usr`='$u'")))
		throw Exception('Cannot '.$cmd.', verification system error.');

	if (mysql_num_rows($res) != 1)
		return false;
				
	if (!($row = mysql_fetch_assoc($res)))
		throw Exception('Cannot '.$cmd.', verification system error.');
		
	if ($iau)
		return (int)$_SESSION['user']['data']['id'] === (int)$row['id'];
		
	unset($row['pwd']);

	$_SESSION['user'] = array(
		'authenticated' => true,
		'data'		=> $row,
	);			

	return true;
}

function auth($loggedin) {
   query database to see if username & Password match;
   write certain variables into session (Or maybe into the cache?)

I'm going to try this suggestion in just a few minutes... Thanks for your help. I had it all written and working without using functions, but then I wanted to extend and all hell broke loose :)



--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
japruim@xxxxxxxxxx




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux