SESSIONS & classes
am 30.11.2009 09:39:07 von Allen McCabe--00504502cb1a292add04799293c1
Content-Type: text/plain; charset=ISO-8859-1
I am trying to implement a relatively complete login system code for my
website, but the code is a bit dated ($HTTP_POST_VARS for example).
I am not too familiar with classes and I'm having trouble with this one.
I have an include which is the login form if the SESSION is not set, and a
mini control panel when it is.
I will post the code below because it is a bit extensive. My problem: When I
try to log in (POST username/password to same page and validate with the
class, the page simply reloads MINUS THE FORM SUBMIT BUTTON. It's very odd.
I have a working system on another website without using this class, I just
hoping to be more object-oriented with this one.
Like I said, the code is a bit lengthy, and if you are kind enough to take a
look at I can even send you the php files for the sake of readability (ie.
formatted better than here).
Anything you can help with would be greatly appreciated; I'll have my wife
bake you some cookies or something!
The basic page looks like this:
// Get the PHP file containing the DbConnector class
require_once('../includes/DbConnector.php');
// Create an instance of DbConnector
$connector = new DbConnector();
// sets $thispage and $directory
include('../includes/pagedefinition.php');
// Include functions
require_once('../includes/functions.php');
//content
include('../includes/signupform.php');
include('../includes/signup_val_inser_eml.php');
include('../includes/signinform.php');
include('../includes/header.php');
include('../includes/body.php');
?>
The page definition file looks like this:
require_once("Sentry.php");
if ($_GET['action'] == 'logout'){
if ($sentry->logout()){
echo '
You have been logged
out
';
}
}
.. . . // site content-grabbing code excluded ///
// Attempted login url - use for redirect after login.
$redirect = "http://mwclans.com/{$_SERVER['REQUEST_URI'
]}";
// Defined in includes/Sentry.php
$sentry = new Sentry();
// If logging in, POST['login'] will be set - check credentials (9 is used
to specify the minimum group level that's allowed to access this resource)
if ($_POST['login'] != ''){
$sentry->checkLogin($_POST['username'],$_POST['password'],9, '$redirect',/user/index.php');
}
if ($minlevel < 9)
{
if (!$sentry->checkLogin($minlevel) ){ header("Location:
/user/
die(); }
}
?>
Here is the Sentry class:
//////////////////////////////////////////////////////////// ////////////////////////////
// Class: sentry
// Purpose: Control access to pages
//////////////////////////////////////////////////////////// ///////////////////////////
class sentry {
var $loggedin = false; // Boolean to store whether the user is logged in
var $userdata; // Array to contain user's data
function sentry(){
session_start();
header("Cache-control: private");
}
//========================================================== ============================
// Log out, destroy session
function logout(){
if (is_object($this->userdata))
{
unset($this->userdata);
$session_name = session_name();
return true;
}
else
{
$message = "
Call to non-object by
function: logout()
}
}
//========================================================== ============================
// Log in, and either redirect to goodRedirect or badRedirect depending on
success
function checkLogin($username = '',$password = '',$role_id =
9,$goodRedirect = '',$badRedirect = ''){
// Include database and validation classes, and create objects
require_once('DbConnector.php');
require_once('Validator.php');
$validate = new Validator();
$loginConnector = new DbConnector();
// If user is already logged in then check credentials
if ($_SESSION['username'] && $_SESSION['password']){
// Validate session data
if (!$validate->validateTextOnly($_SESSION['username'])){return false;}
if (!$validate->validateTextOnly($_SESSION['password'])){return false;}
$getUser = $loginConnector->query("SELECT * FROM user WHERE username =
'".$_SESSION['username']."' AND password = '".$_SESSION['password']."' AND
role_id <= ".$role_id.' AND verified = 1');
if ($loginConnector->getNumRows($getUser) > 0){
// Existing user ok, continue
if ($goodRedirect != '') {
header("Location: ".$goodRedirect."?".strip_tags(session_id())) ;
}
return true;
}else{
// Existing user not ok, logout
$this->logout();
return false;
}
// User isn't logged in, check credentials
}else{
// Validate input
if (!$validate->validateTextOnly($username)){return false;}
if (!$validate->validateTextOnly($password)){return false;}
// Look up user in DB
$getUser = $loginConnector->query("SELECT * FROM user WHERE username =
'$username' AND password = PASSWORD('$password') AND role_id <= $role_id AND
verified = 1");
$this->userdata = $loginConnector->fetchArray($getUser);
if ($loginConnector->getNumRows($getUser) > 0){
// Login OK, store session details
// Log in
$_SESSION["username"] = $username;
$_SESSION["password"] = $this->userdata['password'];
$_SESSION["user_id"] = $this->userdata['user_id'];
$_SESSION["role_id"] = $this->userdata['role_id'];
if ($goodRedirect) {
header("Location: ".$goodRedirect."?".strip_tags(session_id())) ;
}
return true;
}else{
// Login BAD
unset($this->userdata);
if ($badRedirect) {
header("Location: ".$badRedirect) ;
}
return false;
}
}
}
}
?>
And here is the login page:
$loginsettingquery = "SELECT * FROM site_settings WHERE name='login'";
$loginsettingresult = $connector->query($loginsettingquery);
$loginsettinginfo = $connector->fetchArray($loginsettingresult);
$currentpage = "http://mwclans.com/{$_SERVER['REQUEST_URI'
]}";
if (isset($_SESSION['username']) && isset($_SESSION['password'])) // display
other info, else display login form
{
// logged-in user tools
}
else
{
if ($loginsettinginfo['value'] == 1 || $directory == "cmsadmin")
{
$signinform = <<
END;
}
else
{
// login disabled message
}
}
?>
--00504502cb1a292add04799293c1--