Re: [PHP] help with some logic.
Thanks makes it alot easier to follow.
On 4/4/06, Dallas Cahker [EMAIL PROTECTED] wrote:
Okay I'll look at that.
What about switching to setting the password in md5 format in the cookie
rather then a regular id. I might not call the cookie password but to me in
thinking about it seems like the same thing as setting a random id and then
saving the random id in the db.
On 4/4/06, Dan McCullough [EMAIL PROTECTED] wrote:
hey Dallas,
have you thought about breaking this up and making two seperate
functions one the checks the cookie and one that checks the session
information? I'm not sure if that is what you were looking for as far
as an answer but it might be a good start.
On 4/4/06, Dallas Cahker [EMAIL PROTECTED] wrote:
I've been looking at this code for a few hours now and I get the
nagging
feeling that I am overcomplicating something, something I never ever
do. I
have a login that puts some information on the session, and if the
customer
wants they can ask to be remembered, the cookie is given the customers
user
name and another cookie stores a unique id, similar to a password I
could do
the password in a cookie as its md5 encrypted, but I went with an a
unique
id which is store in the user db.
Anyway here is what I am trying to do with the code below. The
authorized
user section requires 4 pieces of information, userid, password,
username
and user level, a person who logs in each time gets that information
assigned to their session, that part works *knock on wood*
perfectly. When
a customer says remember me they go away and come back a while later
they
are remembered, so that part works perfectly, however I need to get
the
persons information and put that on the session, however I would like
the
function to behave in such a way as to not overwrite the information
each
time the page load. So for example the cookie is read the information
is
valid, the query to the db, the information set to the session. You
might
wonder why I dont set the userlevel to the cookie, well I dont want
someone
changing the value of a cookie and getting admin access, which reminds
me I
should add that as a check.
Thats about it. getCookieInfo() the function inside the checkLogin
function
just looks up the information for the cookie in the db. I know that
someone
is going to say something really simple that I am going to slap my
forehead
over, I would like to thank that person before hand.
function checkLogin () {
/* Check if user has been remembered */
if (isset($_COOKIE['cookname']) isset($_COOKIE['cookid'])) {
if (!isset($_SESSION['name']) !isset($_SESSION['id'])
!isset($_SESSION['level']) !isset($_SESSION['password'])) {
$cookieInfo=getCookieInfo($_COOKIE['cookname'], $_COOKIE['cookid']);
if ($cookieInfo==0) {
return 0;
}
if ($cookieInfo==1) {
setcookie(cookname, , time()-60*60*24*100, /);
setcookie(cookid, , time()-60*60*24*100, /);
return 1;
}
if ($cookieInfo==2) {
setcookie(cookname, , time()-60*60*24*100, /);
setcookie(cookid, , time()-60*60*24*100, /);
return 2;
}
}
}
if (isset($_SESSION['name']) isset($_SESSION['id'])
isset($_SESSION['level']) isset($_SESSION['password'])) {
if (loginUser($_SESSION['username'], $_SESSION['password'],'') != 1)
{
unset($_SESSION['name']);
unset($_SESSION['id']);
unset($_SESSION['level']);
unset($_SESSION['password']);
$_SESSION = array(); // reset session array
session_destroy(); // destroy session.
// incorrect information, user not logged in
return 0;
}
// information valid, user okay
return 1;
} else {
// user not logged in
return 2;
}
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] help with some logic.
I've been looking at this code for a few hours now and I get the nagging
feeling that I am overcomplicating something, something I never ever do. I
have a login that puts some information on the session, and if the customer
wants they can ask to be remembered, the cookie is given the customers user
name and another cookie stores a unique id, similar to a password I could do
the password in a cookie as its md5 encrypted, but I went with an a unique
id which is store in the user db.
Anyway here is what I am trying to do with the code below. The authorized
user section requires 4 pieces of information, userid, password, username
and user level, a person who logs in each time gets that information
assigned to their session, that part works *knock on wood* perfectly. When
a customer says remember me they go away and come back a while later they
are remembered, so that part works perfectly, however I need to get the
persons information and put that on the session, however I would like the
function to behave in such a way as to not overwrite the information each
time the page load. So for example the cookie is read the information is
valid, the query to the db, the information set to the session. You might
wonder why I dont set the userlevel to the cookie, well I dont want someone
changing the value of a cookie and getting admin access, which reminds me I
should add that as a check.
Thats about it. getCookieInfo() the function inside the checkLogin function
just looks up the information for the cookie in the db. I know that someone
is going to say something really simple that I am going to slap my forehead
over, I would like to thank that person before hand.
function checkLogin () {
/* Check if user has been remembered */
if (isset($_COOKIE['cookname']) isset($_COOKIE['cookid'])) {
if (!isset($_SESSION['name']) !isset($_SESSION['id'])
!isset($_SESSION['level']) !isset($_SESSION['password'])) {
$cookieInfo=getCookieInfo($_COOKIE['cookname'], $_COOKIE['cookid']);
if ($cookieInfo==0) {
return 0;
}
if ($cookieInfo==1) {
setcookie(cookname, , time()-60*60*24*100, /);
setcookie(cookid, , time()-60*60*24*100, /);
return 1;
}
if ($cookieInfo==2) {
setcookie(cookname, , time()-60*60*24*100, /);
setcookie(cookid, , time()-60*60*24*100, /);
return 2;
}
}
}
if (isset($_SESSION['name']) isset($_SESSION['id'])
isset($_SESSION['level']) isset($_SESSION['password'])) {
if (loginUser($_SESSION['username'], $_SESSION['password'],'') != 1) {
unset($_SESSION['name']);
unset($_SESSION['id']);
unset($_SESSION['level']);
unset($_SESSION['password']);
$_SESSION = array(); // reset session array
session_destroy(); // destroy session.
// incorrect information, user not logged in
return 0;
}
// information valid, user okay
return 1;
} else {
// user not logged in
return 2;
}
}
Re: [PHP] help with some logic.
hey Dallas,
have you thought about breaking this up and making two seperate
functions one the checks the cookie and one that checks the session
information? I'm not sure if that is what you were looking for as far
as an answer but it might be a good start.
On 4/4/06, Dallas Cahker [EMAIL PROTECTED] wrote:
I've been looking at this code for a few hours now and I get the nagging
feeling that I am overcomplicating something, something I never ever do. I
have a login that puts some information on the session, and if the customer
wants they can ask to be remembered, the cookie is given the customers user
name and another cookie stores a unique id, similar to a password I could do
the password in a cookie as its md5 encrypted, but I went with an a unique
id which is store in the user db.
Anyway here is what I am trying to do with the code below. The authorized
user section requires 4 pieces of information, userid, password, username
and user level, a person who logs in each time gets that information
assigned to their session, that part works *knock on wood* perfectly. When
a customer says remember me they go away and come back a while later they
are remembered, so that part works perfectly, however I need to get the
persons information and put that on the session, however I would like the
function to behave in such a way as to not overwrite the information each
time the page load. So for example the cookie is read the information is
valid, the query to the db, the information set to the session. You might
wonder why I dont set the userlevel to the cookie, well I dont want someone
changing the value of a cookie and getting admin access, which reminds me I
should add that as a check.
Thats about it. getCookieInfo() the function inside the checkLogin function
just looks up the information for the cookie in the db. I know that someone
is going to say something really simple that I am going to slap my forehead
over, I would like to thank that person before hand.
function checkLogin () {
/* Check if user has been remembered */
if (isset($_COOKIE['cookname']) isset($_COOKIE['cookid'])) {
if (!isset($_SESSION['name']) !isset($_SESSION['id'])
!isset($_SESSION['level']) !isset($_SESSION['password'])) {
$cookieInfo=getCookieInfo($_COOKIE['cookname'], $_COOKIE['cookid']);
if ($cookieInfo==0) {
return 0;
}
if ($cookieInfo==1) {
setcookie(cookname, , time()-60*60*24*100, /);
setcookie(cookid, , time()-60*60*24*100, /);
return 1;
}
if ($cookieInfo==2) {
setcookie(cookname, , time()-60*60*24*100, /);
setcookie(cookid, , time()-60*60*24*100, /);
return 2;
}
}
}
if (isset($_SESSION['name']) isset($_SESSION['id'])
isset($_SESSION['level']) isset($_SESSION['password'])) {
if (loginUser($_SESSION['username'], $_SESSION['password'],'') != 1) {
unset($_SESSION['name']);
unset($_SESSION['id']);
unset($_SESSION['level']);
unset($_SESSION['password']);
$_SESSION = array(); // reset session array
session_destroy(); // destroy session.
// incorrect information, user not logged in
return 0;
}
// information valid, user okay
return 1;
} else {
// user not logged in
return 2;
}
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] help with some logic.
Okay I'll look at that.
What about switching to setting the password in md5 format in the cookie
rather then a regular id. I might not call the cookie password but to me in
thinking about it seems like the same thing as setting a random id and then
saving the random id in the db.
On 4/4/06, Dan McCullough [EMAIL PROTECTED] wrote:
hey Dallas,
have you thought about breaking this up and making two seperate
functions one the checks the cookie and one that checks the session
information? I'm not sure if that is what you were looking for as far
as an answer but it might be a good start.
On 4/4/06, Dallas Cahker [EMAIL PROTECTED] wrote:
I've been looking at this code for a few hours now and I get the nagging
feeling that I am overcomplicating something, something I never ever
do. I
have a login that puts some information on the session, and if the
customer
wants they can ask to be remembered, the cookie is given the customers
user
name and another cookie stores a unique id, similar to a password I
could do
the password in a cookie as its md5 encrypted, but I went with an a
unique
id which is store in the user db.
Anyway here is what I am trying to do with the code below. The
authorized
user section requires 4 pieces of information, userid, password,
username
and user level, a person who logs in each time gets that information
assigned to their session, that part works *knock on wood*
perfectly. When
a customer says remember me they go away and come back a while later
they
are remembered, so that part works perfectly, however I need to get the
persons information and put that on the session, however I would like
the
function to behave in such a way as to not overwrite the information
each
time the page load. So for example the cookie is read the information
is
valid, the query to the db, the information set to the session. You
might
wonder why I dont set the userlevel to the cookie, well I dont want
someone
changing the value of a cookie and getting admin access, which reminds
me I
should add that as a check.
Thats about it. getCookieInfo() the function inside the checkLogin
function
just looks up the information for the cookie in the db. I know that
someone
is going to say something really simple that I am going to slap my
forehead
over, I would like to thank that person before hand.
function checkLogin () {
/* Check if user has been remembered */
if (isset($_COOKIE['cookname']) isset($_COOKIE['cookid'])) {
if (!isset($_SESSION['name']) !isset($_SESSION['id'])
!isset($_SESSION['level']) !isset($_SESSION['password'])) {
$cookieInfo=getCookieInfo($_COOKIE['cookname'], $_COOKIE['cookid']);
if ($cookieInfo==0) {
return 0;
}
if ($cookieInfo==1) {
setcookie(cookname, , time()-60*60*24*100, /);
setcookie(cookid, , time()-60*60*24*100, /);
return 1;
}
if ($cookieInfo==2) {
setcookie(cookname, , time()-60*60*24*100, /);
setcookie(cookid, , time()-60*60*24*100, /);
return 2;
}
}
}
if (isset($_SESSION['name']) isset($_SESSION['id'])
isset($_SESSION['level']) isset($_SESSION['password'])) {
if (loginUser($_SESSION['username'], $_SESSION['password'],'') != 1) {
unset($_SESSION['name']);
unset($_SESSION['id']);
unset($_SESSION['level']);
unset($_SESSION['password']);
$_SESSION = array(); // reset session array
session_destroy(); // destroy session.
// incorrect information, user not logged in
return 0;
}
// information valid, user okay
return 1;
} else {
// user not logged in
return 2;
}
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
