RE: [PHP] making FORM dissapear when successful login
On Tuesday, January 04, 2005 9:05 PM, JHollis wrote: I had this code working the way i wanted it to (as far as correct username and password allowing successful login) ...but what i want to happen now is when a user successfully logs it it will make the login form disappear and just say successfully logged in or welcome user and a link below it so they can log off and make the form re-appear. [and then he included some sample code] I am working on something similar, so I was intrigued at your question. I took the liberty of looking at your code and rewritting it somewhat. Here are my thoughts and my version. First, as someone else noted, it is best to do the login/logout logic at the top of the code because a lot of things in PHP require that they be done before any output is sent. So I find it is best to resolve all of that before I send any HTML. Second, I don't like to rely on side effects and data outside my control to determine my code logic. I perfer to figure out what I need and then set a variable of my own to use to steer my logic. So in this case I want to determine if I have a valid user and then set a variable to hold the state of the user. Then I can use that variable to steer my logic later in the code. Below is my version of your code. I have added session management so a user can stay logged on over multiple pages. This is demonstrated by the Reload button in the Content section. !-- Snippet --- -- ?php // cleanup_text() protects against malicious users // using POST values to insert dangerous code into // your sql calls. All user supplied data should // be filtered before being trusted. function cleanup_text ($value) { return htmlspecialchars(strip_tags($value)); } // logout closes a logged in user session. It is // in a function because it is called in several // places function logout() { global $user; global $userid; unset($user); $userid = 0; session_destroy(); } $userid = 0;// contains the sql record id of // the logged in user. It can be // used to test if a user is // logged in. This assumes that // no valid record has an id of 0. // Database connection code: // Asumptions: //1) Using MySQL //2) user login info is contained in a table // called 'users' //3) 'users' contains a unique identifier field // called 'id' and it is numeric //4) 'users' contains a unique field // called 'username' and it is string type // (that is, each user has only one record // per'username' entry) //5) 'users' contains a string field called // 'password' //6) the 'password' field contains the password // data encoded in md5 form. This is for added // security. $db_username=root; $db_password=; $db=teamtrack; $server=localhost; $connect = mysql_connect($server,$db_username,$db_password); if (!$connect) { die (Error: could not connect to databasebr /\n); } $select = mysql_select_db($db,$connect); if (!$select) { die (Error: could not select database $dbbr /\n); } session_start(); // Start the session. // Check to see if we are already logged in from some previous session. if( isset($_SESSION['userid']) $_SESSION['userid'] 0 ) { // Check to see if we are logging out. if ( isset($_POST['login']) $_POST['login'] == Log Out ) { logout(); } else { // if we were previously logged in and we are not // logging out then set up the user's data $userid = $_SESSION['userid']; $sql = select * from users where id=$userid; $result = mysql_query($sql); $user = mysql_fetch_object($result); if (isset($user-id)) { // The specified user was found in the database $userid = $user-id; $_SESSION['userid'] = $userid; } else { // The specified user was NOT found in the database logout(); } } } else { // We were NOT previously logged in, so check if this is a // login request if ( isset($_POST['login']) $_POST['login'] == Login ) { $sql = select * from users where username=' . cleanup_text ($_POST['username']) . ' and password=md5(' . cleanup_text ($_POST['password']) . '); $result = mysql_query($sql); $user = mysql_fetch_object($result); if (isset($user-id)) { // The specified user was found in the database $userid = $user-id; $_SESSION['userid'] = $userid; } else { // The specified user was NOT found in the database logout(); } } } ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Strict//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd; html head titleTest/title link href=style.css rel=stylesheet
Re: [PHP] making FORM dissapear when successful login
Will, Thanks so much for all the time and effort you have put into making my code better. I dont have time right now to really test all of this out, but when i do, if i have any questions about your modified code, i will be sure to ask you. Again thanks! Jason Will Merrell wrote: On Tuesday, January 04, 2005 9:05 PM, JHollis wrote: I had this code working the way i wanted it to (as far as correct username and password allowing successful login) ...but what i want to happen now is when a user successfully logs it it will make the login form disappear and just say successfully logged in or welcome user and a link below it so they can log off and make the form re-appear. [and then he included some sample code] I am working on something similar, so I was intrigued at your question. I took the liberty of looking at your code and rewritting it somewhat. Here are my thoughts and my version. First, as someone else noted, it is best to do the login/logout logic at the top of the code because a lot of things in PHP require that they be done before any output is sent. So I find it is best to resolve all of that before I send any HTML. Second, I don't like to rely on side effects and data outside my control to determine my code logic. I perfer to figure out what I need and then set a variable of my own to use to steer my logic. So in this case I want to determine if I have a valid user and then set a variable to hold the state of the user. Then I can use that variable to steer my logic later in the code. Below is my version of your code. I have added session management so a user can stay logged on over multiple pages. This is demonstrated by the Reload button in the Content section. !-- Snippet --- -- ?php // cleanup_text() protects against malicious users // using POST values to insert dangerous code into // your sql calls. All user supplied data should // be filtered before being trusted. function cleanup_text ($value) { return htmlspecialchars(strip_tags($value)); } // logout closes a logged in user session. It is // in a function because it is called in several // places function logout() { global $user; global $userid; unset($user); $userid = 0; session_destroy(); } $userid = 0;// contains the sql record id of // the logged in user. It can be // used to test if a user is // logged in. This assumes that // no valid record has an id of 0. // Database connection code: // Asumptions: //1) Using MySQL //2) user login info is contained in a table // called 'users' //3) 'users' contains a unique identifier field // called 'id' and it is numeric //4) 'users' contains a unique field // called 'username' and it is string type // (that is, each user has only one record // per'username' entry) //5) 'users' contains a string field called // 'password' //6) the 'password' field contains the password // data encoded in md5 form. This is for added // security. $db_username=root; $db_password=; $db=teamtrack; $server=localhost; $connect = mysql_connect($server,$db_username,$db_password); if (!$connect) { die (Error: could not connect to databasebr /\n); } $select = mysql_select_db($db,$connect); if (!$select) { die (Error: could not select database $dbbr /\n); } session_start(); // Start the session. // Check to see if we are already logged in from some previous session. if( isset($_SESSION['userid']) $_SESSION['userid'] 0 ) { // Check to see if we are logging out. if ( isset($_POST['login']) $_POST['login'] == Log Out ) { logout(); } else { // if we were previously logged in and we are not // logging out then set up the user's data $userid = $_SESSION['userid']; $sql = select * from users where id=$userid; $result = mysql_query($sql); $user = mysql_fetch_object($result); if (isset($user-id)) { // The specified user was found in the database $userid = $user-id; $_SESSION['userid'] = $userid; } else { // The specified user was NOT found in the database logout(); } } } else { // We were NOT previously logged in, so check if this is a // login request if ( isset($_POST['login']) $_POST['login'] == Login ) { $sql = select * from users where username=' . cleanup_text ($_POST['username']) . ' and password=md5(' . cleanup_text ($_POST['password']) . '); $result = mysql_query($sql); $user = mysql_fetch_object($result); if (isset($user-id)) { // The specified user was found in the database $userid = $user-id; $_SESSION['userid'] = $userid; } else { // The
Re: [PHP] making FORM dissapear when successful login
JHollis wrote: I had this code working the way i wanted it to (as far as correct username and password allowing successful login)...but what i want to happen now is when a user successfully logs it it will make the login form disappear and just say successfully logged in or welcome user and a link below it so they can log off and make the form re-appear. Below is the code that i have where i tried to get it to disappear on successful login, but it stays disappeared all the time. Can someone please point out what im doing wrong. I have tried everything i can think of...and nothing works. Im a PHP newbie...so im sure some of you might get a laugh out of this...if it is real easy. I would *NOT* use break; to get out of the successful login... Just move everything else inside the else{ } block if you don't want it to appear. After they *DO* login, perhaps use http://php.net/session_start so they can *stay* logged in. You'll need to move the password check (and database connection and so on) to be *ABOVE* all the HTML stuff -- to the very tip-top of the file. Then, to log them out, you can use the code from http://php.net/session_destroy For sure, don't send stuff through as ?_SERVER[username]=xxx $_SERVER is for the web server to fill in, not you. You'll just confuse yourself (next week/month/year) and any other programmer if you start polluting $_SERVER with your own stuff. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] making FORM dissapear when successful login
I had this code working the way i wanted it to (as far as correct username and password allowing successful login)...but what i want to happen now is when a user successfully logs it it will make the login form disappear and just say successfully logged in or welcome user and a link below it so they can log off and make the form re-appear. Below is the code that i have where i tried to get it to disappear on successful login, but it stays disappeared all the time. Can someone please point out what im doing wrong. I have tried everything i can think of...and nothing works. Im a PHP newbie...so im sure some of you might get a laugh out of this...if it is real easy. ---snippet !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Strict//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd; html head link href=style.css rel=stylesheet type=text/css / /head body div id=container div id=top h1header/h1 /div div id=leftnav p ?php $username=$_POST['username']; $password=$_POST['password']; $db=user; $server=localhost; $db_username=root; $db_password=***; $connect = mysql_connect($server,$db_username,$db_password); if (!$connect) { die (could not connect to database); } $select = mysql_select_db($db,$connect); if (!$select) { die (could not select database $db); } /*username='$username';*/ $sql = SELECT * FROM passwords, user_info where id=PID and username='$username'; $result = mysql_query($sql); /*$num_rows = mysql_num_rows($result);*/ while ($user = mysql_fetch_array($result)) { $id = $user['id']; $username2 = $user['username']; $password2 = $user['password']; $firstname = $user['firstname']; $email = $user['email_address']; IF ($username==$username2 $password==$password2) { echo(\Welcome, b$firstname/b\);?br? echo (\Your email address is b$emailb\);?/tdtr a href=?$_SERVER['PHP_SELF']??username=?password=Logoff/a? break; } else { ? FORM action=?$_SERVER['PHP_SELF']? method=post INPUT type=hidden name=id table tdb*/bUsername:/td tdINPUT class=input size=8 type=text name=username value=?echo $username?/tdtr tdb*/bPassword:/td tdINPUT class=input size=8 type=password name=password/tdtr td class=xsmallb* Case Sensitive/b/td tdINPUT type=submit value=Login/tdtr tdnbsp /td /table /FORM ? break; } } //IF ($username != $username2 || $password != $password2) {// ?br ? if ($username == $password == ) { echo (Please type in a Username and Password);} if ($username != $password == ) { echo (Please type in a password);} if ($username == $password != ) { echo (Please type in a username and password);} ? /p /div ?if (($username2==$username $password2==$password) ($username2!= || $password2!=)){? div id=rightnav class=box p /p /div ?}? div id=content h2Subheading/h2 p /p p /p /div div id=footer p Today is ?php echo( date(F dS Y.)); ? /p /div /div /body /html snippet -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php