SESSIONS & classes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am trying to implement a relatively complete login system code for my
website, but the code is a bit dated ($HTTP_POST_VARS for example).

I am not too familiar with classes and I'm having trouble with this one.

I have an include which is the login form if the SESSION is not set, and a
mini control panel when it is.


I will post the code below because it is a bit extensive. My problem: When I
try to log in (POST username/password to same page and validate with the
class, the page simply reloads MINUS THE FORM SUBMIT BUTTON. It's very odd.
I have a working system on another website without using this class, I just
hoping to be more object-oriented with this one.

Like I said, the code is a bit lengthy, and if you are kind enough to take a
look at I can even send you the php files for the sake of readability (ie.
formatted better than here).



Anything you can help with would be greatly appreciated; I'll have my wife
bake you some cookies or something!

The basic page looks like this:

<?php
// Get the PHP file containing the DbConnector class
require_once('../includes/DbConnector.php');

// Create an instance of DbConnector
$connector = new DbConnector();

// sets $thispage and $directory
include('../includes/pagedefinition.php');

// Include functions
require_once('../includes/functions.php');

//content
include('../includes/signupform.php');
include('../includes/signup_val_inser_eml.php');
include('../includes/signinform.php');
include('../includes/header.php');
include('../includes/body.php');
?>

The page definition file looks like this:

<?php
require_once("Sentry.php");
if ($_GET['action'] == 'logout'){
 if ($sentry->logout()){
  echo '<p align=\"center\" class=\"confirm\">You have been logged
out</p><br>';
 }
}

. . . // site content-grabbing code excluded ///

// Attempted login url - use for redirect after login.
$redirect = "http://mwclans.com/{$_SERVER['REQUEST_URI'<http://mwclans.com/%7B$_SERVER['REQUEST_URI'>
]}";
// Defined in includes/Sentry.php
$sentry = new Sentry();
// If logging in, POST['login'] will be set - check credentials (9 is used
to specify the minimum group level that's allowed to access this resource)
if ($_POST['login'] != ''){
 $sentry->checkLogin($_POST['username'],$_POST['password'],9,'$redirect',/user/index.php');
}
if ($minlevel < 9)
{
 if (!$sentry->checkLogin($minlevel) ){ header("Location:
/user/<http://www.mwclans.com/user/>");
die(); }
}
?>

Here is the Sentry class:

<?php
////////////////////////////////////////////////////////////////////////////////////////
// Class: sentry
// Purpose: Control access to pages
///////////////////////////////////////////////////////////////////////////////////////
class sentry {

 var $loggedin = false; // Boolean to store whether the user is logged in
 var $userdata;   //  Array to contain user's data

 function sentry(){
  session_start();
  header("Cache-control: private");
 }

 //======================================================================================
 // Log out, destroy session
 function logout(){
  if (is_object($this->userdata))
  {
   unset($this->userdata);
   $session_name = session_name();
   return true;
  }
  else
  {
   $message = "<p align=\"center\" class=\"error\">Call to non-object by
function: logout()</p>";
  }

 }
 //======================================================================================
 // Log in, and either redirect to goodRedirect or badRedirect depending on
success
 function checkLogin($username = '',$password = '',$role_id =
9,$goodRedirect = '',$badRedirect = ''){
  // Include database and validation classes, and create objects
  require_once('DbConnector.php');
  require_once('Validator.php');
  $validate = new Validator();
  $loginConnector = new DbConnector();

  // If user is already logged in then check credentials
  if ($_SESSION['username'] && $_SESSION['password']){
   // Validate session data
   if (!$validate->validateTextOnly($_SESSION['username'])){return false;}
   if (!$validate->validateTextOnly($_SESSION['password'])){return false;}
   $getUser = $loginConnector->query("SELECT * FROM user WHERE username =
'".$_SESSION['username']."' AND password = '".$_SESSION['password']."' AND
role_id <= ".$role_id.' AND verified = 1');
   if ($loginConnector->getNumRows($getUser) > 0){
    // Existing user ok, continue
    if ($goodRedirect != '') {
     header("Location: ".$goodRedirect."?".strip_tags(session_id())) ;
    }
    return true;
   }else{
    // Existing user not ok, logout
    $this->logout();
    return false;
   }

  // User isn't logged in, check credentials
  }else{
   // Validate input
   if (!$validate->validateTextOnly($username)){return false;}
   if (!$validate->validateTextOnly($password)){return false;}
   // Look up user in DB
   $getUser = $loginConnector->query("SELECT * FROM user WHERE username =
'$username' AND password = PASSWORD('$password') AND role_id <= $role_id AND
verified = 1");
   $this->userdata = $loginConnector->fetchArray($getUser);
   if ($loginConnector->getNumRows($getUser) > 0){
    // Login OK, store session details
    // Log in
    $_SESSION["username"] = $username;
    $_SESSION["password"] = $this->userdata['password'];
    $_SESSION["user_id"] = $this->userdata['user_id'];
    $_SESSION["role_id"] = $this->userdata['role_id'];

    if ($goodRedirect) {
     header("Location: ".$goodRedirect."?".strip_tags(session_id())) ;
    }
    return true;
   }else{
    // Login BAD
    unset($this->userdata);
    if ($badRedirect) {
     header("Location: ".$badRedirect) ;
    }
    return false;
   }
  }
 }
}
?>

And here is the login page:

<?php
$loginsettingquery = "SELECT * FROM site_settings WHERE name='login'";
$loginsettingresult = $connector->query($loginsettingquery);
$loginsettinginfo = $connector->fetchArray($loginsettingresult);
$currentpage = "http://mwclans.com/{$_SERVER['REQUEST_URI'<http://mwclans.com/%7B$_SERVER['REQUEST_URI'>
]}";
if (isset($_SESSION['username']) && isset($_SESSION['password'])) // display
other info, else display login form
{
 // logged-in user tools
}
else
{
if ($loginsettinginfo['value'] == 1 || $directory == "cmsadmin")
{
 $signinform = <<<END
<table width="250" align="center" border="0" cellspacing="0" cellpadding="3"
class="contentbox">
 <tr>
  <td colspan="2" bgcolor="#000000"><b>Login</b></td>
 </tr>
 <tr>
  <td align="right"><span style="cursor:default;">Username:</td>
  <td style="vertical-align:top">
  <form name="login" method="post" action="$currentpage">
  <input type="hidden" name="login" value="1">
  <input name="username" type="text" size="15" id="username" /></td>
 </tr>
 <tr valign="center">
  <td align="right"><span style="cursor:default;">Password:</td>
  <td style="vertical-align:top;">
  <input name="password" type="password" size="15" id="password" /></td>
 </tr>
 <tr>
  <td colspan="2" align="right"></td>
 </tr>
</table></form>
END;
}
else
{
 // login disabled message
}
}
?>
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux