Just to warn you... I've been up for about 30 minutes and I'm still on
my first shot of caffeine... Sorry if things don't make 100% sense :)
On Mar 18, 2008, at 10:27 PM, Jochem Maas wrote:
Jason Pruim schreef:
On Mar 18, 2008, at 3:20 PM, Jochem Maas wrote:
what started out as a simple little reply bloated out into an
inpromptu brain
fart ... lots of bla .. enjoy :-)
Jason Pruim schreef:
Hi everyone,
I am attempting to add a little error checking for a very simple
login system. The info is stored in a MySQL database, and I am
using mysqli to connect to it. I have it working with the
solution provided below, but I am wondering if this is the right
way to do it or if there is a better way?
at an abstract level you might consider that your function could
simply
always return a boolean (true = logged in, false = not logged in)
and that the
rest of the application retrieves all the other data via the session
(as opposed to returning half the data and storing half in the
session)
I think this is what I am attempting to do... Just going about it
all wrong...
start from scratch again?
By the time I'm ready to release this, I'll have 50 versions :)
I want the pages to check to see if the person is still logged in
and if they are, then it's pulling live data from the database...
So maybe I should edit my authentication function...
maybe.
there are two different things being confused:
1. checking logged in state.
2. attempting to login.
Would it make sense to set up a function to see if they are
authenticated, and if they aren't, have it call the authentication
function?
function getUserData()
{
if (isAuthenticatedUser())
return $_SESSION['user']['data'];
return null;
}
function isAuthenticatedUser()
{
return (isset($_SESSION['user']['authenticated']) &&
$_SESSION['user']['authenticated']);
}
function authenticateUser($u, $p, $cc = false)
{
if (($iau = isAuthenticatedUser()) && !$cc)
throw Exception('Already logged in!');
$cmd = $iau ? 'verify account' : 'login';
I've seen these kinds of things in other scripts that I've looked at,
but don't totally understand what the : does between 2 options...
if (!($p = trim($p)) || !($u = trim($u)))
throw Exception('Cannot '.$cmd.' without credentials!');
$p = mysql_real_escape_string($p);
$u = mysql_real_escape_string($u);
if (!($res = mysql_query("SELECT * FROM `users` WHERE 'pwd'='$p'
AND `usr`='$u'")))
throw Exception('Cannot '.$cmd.', verification system error.');
if (mysql_num_rows($res) != 1)
return false;
if (!($row = mysql_fetch_assoc($res)))
throw Exception('Cannot '.$cmd.', verification system error.');
if ($iau)
return (int)$_SESSION['user']['data']['id'] === (int)$row['id'];
unset($row['pwd']);
$_SESSION['user'] = array(
'authenticated' => true,
'data' => $row,
);
return true;
}
function auth($loggedin) {
query database to see if username & Password match;
write certain variables into session (Or maybe into the cache?)
I'm going to try this suggestion in just a few minutes... Thanks for
your help. I had it all written and working without using functions,
but then I wanted to extend and all hell broke loose :)
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
japruim@xxxxxxxxxx
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
