Re: [PHP] help with some logic.
Thanks makes it alot easier to follow. On 4/4/06, Dallas Cahker [EMAIL PROTECTED] wrote: Okay I'll look at that. What about switching to setting the password in md5 format in the cookie rather then a regular id. I might not call the cookie password but to me in thinking about it seems like the same thing as setting a random id and then saving the random id in the db. On 4/4/06, Dan McCullough [EMAIL PROTECTED] wrote: hey Dallas, have you thought about breaking this up and making two seperate functions one the checks the cookie and one that checks the session information? I'm not sure if that is what you were looking for as far as an answer but it might be a good start. On 4/4/06, Dallas Cahker [EMAIL PROTECTED] wrote: I've been looking at this code for a few hours now and I get the nagging feeling that I am overcomplicating something, something I never ever do. I have a login that puts some information on the session, and if the customer wants they can ask to be remembered, the cookie is given the customers user name and another cookie stores a unique id, similar to a password I could do the password in a cookie as its md5 encrypted, but I went with an a unique id which is store in the user db. Anyway here is what I am trying to do with the code below. The authorized user section requires 4 pieces of information, userid, password, username and user level, a person who logs in each time gets that information assigned to their session, that part works *knock on wood* perfectly. When a customer says remember me they go away and come back a while later they are remembered, so that part works perfectly, however I need to get the persons information and put that on the session, however I would like the function to behave in such a way as to not overwrite the information each time the page load. So for example the cookie is read the information is valid, the query to the db, the information set to the session. You might wonder why I dont set the userlevel to the cookie, well I dont want someone changing the value of a cookie and getting admin access, which reminds me I should add that as a check. Thats about it. getCookieInfo() the function inside the checkLogin function just looks up the information for the cookie in the db. I know that someone is going to say something really simple that I am going to slap my forehead over, I would like to thank that person before hand. function checkLogin () { /* Check if user has been remembered */ if (isset($_COOKIE['cookname']) isset($_COOKIE['cookid'])) { if (!isset($_SESSION['name']) !isset($_SESSION['id']) !isset($_SESSION['level']) !isset($_SESSION['password'])) { $cookieInfo=getCookieInfo($_COOKIE['cookname'], $_COOKIE['cookid']); if ($cookieInfo==0) { return 0; } if ($cookieInfo==1) { setcookie(cookname, , time()-60*60*24*100, /); setcookie(cookid, , time()-60*60*24*100, /); return 1; } if ($cookieInfo==2) { setcookie(cookname, , time()-60*60*24*100, /); setcookie(cookid, , time()-60*60*24*100, /); return 2; } } } if (isset($_SESSION['name']) isset($_SESSION['id']) isset($_SESSION['level']) isset($_SESSION['password'])) { if (loginUser($_SESSION['username'], $_SESSION['password'],'') != 1) { unset($_SESSION['name']); unset($_SESSION['id']); unset($_SESSION['level']); unset($_SESSION['password']); $_SESSION = array(); // reset session array session_destroy(); // destroy session. // incorrect information, user not logged in return 0; } // information valid, user okay return 1; } else { // user not logged in return 2; } } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] help with some logic.
I've been looking at this code for a few hours now and I get the nagging feeling that I am overcomplicating something, something I never ever do. I have a login that puts some information on the session, and if the customer wants they can ask to be remembered, the cookie is given the customers user name and another cookie stores a unique id, similar to a password I could do the password in a cookie as its md5 encrypted, but I went with an a unique id which is store in the user db. Anyway here is what I am trying to do with the code below. The authorized user section requires 4 pieces of information, userid, password, username and user level, a person who logs in each time gets that information assigned to their session, that part works *knock on wood* perfectly. When a customer says remember me they go away and come back a while later they are remembered, so that part works perfectly, however I need to get the persons information and put that on the session, however I would like the function to behave in such a way as to not overwrite the information each time the page load. So for example the cookie is read the information is valid, the query to the db, the information set to the session. You might wonder why I dont set the userlevel to the cookie, well I dont want someone changing the value of a cookie and getting admin access, which reminds me I should add that as a check. Thats about it. getCookieInfo() the function inside the checkLogin function just looks up the information for the cookie in the db. I know that someone is going to say something really simple that I am going to slap my forehead over, I would like to thank that person before hand. function checkLogin () { /* Check if user has been remembered */ if (isset($_COOKIE['cookname']) isset($_COOKIE['cookid'])) { if (!isset($_SESSION['name']) !isset($_SESSION['id']) !isset($_SESSION['level']) !isset($_SESSION['password'])) { $cookieInfo=getCookieInfo($_COOKIE['cookname'], $_COOKIE['cookid']); if ($cookieInfo==0) { return 0; } if ($cookieInfo==1) { setcookie(cookname, , time()-60*60*24*100, /); setcookie(cookid, , time()-60*60*24*100, /); return 1; } if ($cookieInfo==2) { setcookie(cookname, , time()-60*60*24*100, /); setcookie(cookid, , time()-60*60*24*100, /); return 2; } } } if (isset($_SESSION['name']) isset($_SESSION['id']) isset($_SESSION['level']) isset($_SESSION['password'])) { if (loginUser($_SESSION['username'], $_SESSION['password'],'') != 1) { unset($_SESSION['name']); unset($_SESSION['id']); unset($_SESSION['level']); unset($_SESSION['password']); $_SESSION = array(); // reset session array session_destroy(); // destroy session. // incorrect information, user not logged in return 0; } // information valid, user okay return 1; } else { // user not logged in return 2; } }
Re: [PHP] help with some logic.
hey Dallas, have you thought about breaking this up and making two seperate functions one the checks the cookie and one that checks the session information? I'm not sure if that is what you were looking for as far as an answer but it might be a good start. On 4/4/06, Dallas Cahker [EMAIL PROTECTED] wrote: I've been looking at this code for a few hours now and I get the nagging feeling that I am overcomplicating something, something I never ever do. I have a login that puts some information on the session, and if the customer wants they can ask to be remembered, the cookie is given the customers user name and another cookie stores a unique id, similar to a password I could do the password in a cookie as its md5 encrypted, but I went with an a unique id which is store in the user db. Anyway here is what I am trying to do with the code below. The authorized user section requires 4 pieces of information, userid, password, username and user level, a person who logs in each time gets that information assigned to their session, that part works *knock on wood* perfectly. When a customer says remember me they go away and come back a while later they are remembered, so that part works perfectly, however I need to get the persons information and put that on the session, however I would like the function to behave in such a way as to not overwrite the information each time the page load. So for example the cookie is read the information is valid, the query to the db, the information set to the session. You might wonder why I dont set the userlevel to the cookie, well I dont want someone changing the value of a cookie and getting admin access, which reminds me I should add that as a check. Thats about it. getCookieInfo() the function inside the checkLogin function just looks up the information for the cookie in the db. I know that someone is going to say something really simple that I am going to slap my forehead over, I would like to thank that person before hand. function checkLogin () { /* Check if user has been remembered */ if (isset($_COOKIE['cookname']) isset($_COOKIE['cookid'])) { if (!isset($_SESSION['name']) !isset($_SESSION['id']) !isset($_SESSION['level']) !isset($_SESSION['password'])) { $cookieInfo=getCookieInfo($_COOKIE['cookname'], $_COOKIE['cookid']); if ($cookieInfo==0) { return 0; } if ($cookieInfo==1) { setcookie(cookname, , time()-60*60*24*100, /); setcookie(cookid, , time()-60*60*24*100, /); return 1; } if ($cookieInfo==2) { setcookie(cookname, , time()-60*60*24*100, /); setcookie(cookid, , time()-60*60*24*100, /); return 2; } } } if (isset($_SESSION['name']) isset($_SESSION['id']) isset($_SESSION['level']) isset($_SESSION['password'])) { if (loginUser($_SESSION['username'], $_SESSION['password'],'') != 1) { unset($_SESSION['name']); unset($_SESSION['id']); unset($_SESSION['level']); unset($_SESSION['password']); $_SESSION = array(); // reset session array session_destroy(); // destroy session. // incorrect information, user not logged in return 0; } // information valid, user okay return 1; } else { // user not logged in return 2; } } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] help with some logic.
Okay I'll look at that. What about switching to setting the password in md5 format in the cookie rather then a regular id. I might not call the cookie password but to me in thinking about it seems like the same thing as setting a random id and then saving the random id in the db. On 4/4/06, Dan McCullough [EMAIL PROTECTED] wrote: hey Dallas, have you thought about breaking this up and making two seperate functions one the checks the cookie and one that checks the session information? I'm not sure if that is what you were looking for as far as an answer but it might be a good start. On 4/4/06, Dallas Cahker [EMAIL PROTECTED] wrote: I've been looking at this code for a few hours now and I get the nagging feeling that I am overcomplicating something, something I never ever do. I have a login that puts some information on the session, and if the customer wants they can ask to be remembered, the cookie is given the customers user name and another cookie stores a unique id, similar to a password I could do the password in a cookie as its md5 encrypted, but I went with an a unique id which is store in the user db. Anyway here is what I am trying to do with the code below. The authorized user section requires 4 pieces of information, userid, password, username and user level, a person who logs in each time gets that information assigned to their session, that part works *knock on wood* perfectly. When a customer says remember me they go away and come back a while later they are remembered, so that part works perfectly, however I need to get the persons information and put that on the session, however I would like the function to behave in such a way as to not overwrite the information each time the page load. So for example the cookie is read the information is valid, the query to the db, the information set to the session. You might wonder why I dont set the userlevel to the cookie, well I dont want someone changing the value of a cookie and getting admin access, which reminds me I should add that as a check. Thats about it. getCookieInfo() the function inside the checkLogin function just looks up the information for the cookie in the db. I know that someone is going to say something really simple that I am going to slap my forehead over, I would like to thank that person before hand. function checkLogin () { /* Check if user has been remembered */ if (isset($_COOKIE['cookname']) isset($_COOKIE['cookid'])) { if (!isset($_SESSION['name']) !isset($_SESSION['id']) !isset($_SESSION['level']) !isset($_SESSION['password'])) { $cookieInfo=getCookieInfo($_COOKIE['cookname'], $_COOKIE['cookid']); if ($cookieInfo==0) { return 0; } if ($cookieInfo==1) { setcookie(cookname, , time()-60*60*24*100, /); setcookie(cookid, , time()-60*60*24*100, /); return 1; } if ($cookieInfo==2) { setcookie(cookname, , time()-60*60*24*100, /); setcookie(cookid, , time()-60*60*24*100, /); return 2; } } } if (isset($_SESSION['name']) isset($_SESSION['id']) isset($_SESSION['level']) isset($_SESSION['password'])) { if (loginUser($_SESSION['username'], $_SESSION['password'],'') != 1) { unset($_SESSION['name']); unset($_SESSION['id']); unset($_SESSION['level']); unset($_SESSION['password']); $_SESSION = array(); // reset session array session_destroy(); // destroy session. // incorrect information, user not logged in return 0; } // information valid, user okay return 1; } else { // user not logged in return 2; } } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php