subject:"\[PHP\] making FORM dissapear when successful login"

RE: [PHP] making FORM dissapear when successful login

2005-01-09 Thread Will Merrell

On Tuesday, January 04, 2005 9:05 PM, JHollis wrote:

 I had this code working the way i wanted it to (as far as
 correct username and password allowing successful login)
 ...but what i want to happen now is when a user
 successfully logs it it will make the login
 form disappear and just say successfully logged in or
 welcome user and a link below it so they can log off and
 make the form re-appear.
 [and then he included some sample code]


I am working on something similar, so I was intrigued at your question. I
took the liberty of looking at your code and rewritting it somewhat. Here
are my thoughts and my version.

First, as someone else noted, it is best to do the login/logout logic at the
top of the code because a lot of things in PHP require that they be done
before any output is sent. So I find it is best to resolve all of that
before I send any HTML.

Second, I don't like to rely on side effects and data outside my control to
determine my code logic. I perfer to figure out what I need and then set a
variable of my own to use to steer my logic. So in this case I want to
determine if I have a valid user and then set a variable to hold the state
of the user. Then I can use that variable to steer my logic later in the
code.

Below is my version of your code. I have added session management so a user
can stay logged on over multiple pages. This is demonstrated by the Reload
button in the Content section.

!--  Snippet --- --
?php

  // cleanup_text() protects against malicious users
  // using POST values to insert dangerous code into
  // your sql calls. All user supplied data should
  // be filtered before being trusted.
  function cleanup_text ($value)
  {
return htmlspecialchars(strip_tags($value));
  }

  // logout closes a logged in user session. It is
  // in a function because it is called in several
  // places
  function logout()
  {
global $user;
global $userid;

unset($user);
$userid = 0;
session_destroy();
  }


  $userid = 0;// contains the sql record id of
  // the logged in user. It can be
  // used to test if a user is
  // logged in. This assumes that
  // no valid record has an id of 0.

  // Database connection code:
  // Asumptions:
  //1) Using MySQL
  //2) user login info is contained in a table
  //   called 'users'
  //3) 'users' contains a unique identifier field
  //   called 'id' and it is numeric
  //4) 'users' contains a unique field
  //   called 'username' and it is string type
  //   (that is, each user has only one record
  //   per'username' entry)
  //5) 'users' contains a string field called
  //   'password'
  //6) the 'password' field contains the password
  //   data encoded in md5 form. This is for added
  //   security.

  $db_username=root;
  $db_password=;
  $db=teamtrack;
  $server=localhost;

  $connect = mysql_connect($server,$db_username,$db_password);
  if (!$connect)
  {
die (Error: could not connect to databasebr /\n);
  }
  $select = mysql_select_db($db,$connect);
  if (!$select)
  {
die (Error: could not select database $dbbr /\n);
  }

  session_start();  // Start the session.

  // Check to see if we are already logged in from some previous session.
  if( isset($_SESSION['userid'])  $_SESSION['userid']  0 )
  {
// Check to see if we are logging out.
if ( isset($_POST['login'])  $_POST['login'] == Log Out )
{
  logout();
}
else
{
  // if we were previously logged in and we are not
  // logging out then set up the user's data
  $userid = $_SESSION['userid'];
  $sql = select * from users where id=$userid;
  $result = mysql_query($sql);
  $user = mysql_fetch_object($result);
  if (isset($user-id))
  {
// The specified user was found in the database
$userid = $user-id;
$_SESSION['userid'] = $userid;
  }
  else
  {
// The specified user was NOT found in the database
logout();
  }
}
  }
  else
  {
// We were NOT previously logged in, so check if this is a
// login request
if ( isset($_POST['login'])  $_POST['login'] == Login )
{
  $sql = select * from users where username=' .
cleanup_text ($_POST['username']) . ' and password=md5(' .
cleanup_text ($_POST['password']) . ');
  $result = mysql_query($sql);
  $user = mysql_fetch_object($result);
  if (isset($user-id))
  {
// The specified user was found in the database
$userid = $user-id;
$_SESSION['userid'] = $userid;
  }
  else
  {
// The specified user was NOT found in the database
logout();
  }
}
  }

?
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Strict//EN
  http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd;
html
  head
titleTest/title
link href=style.css rel=stylesheet

Re: [PHP] making FORM dissapear when successful login

2005-01-09 Thread JHollis

Will,
Thanks so much for all the time and effort you have put into making my 
code better.  I dont have time right now to really test all of this out, 
but when i do, if i have any questions about your modified code, i will 
be sure to ask you.

Again thanks!
Jason
Will Merrell wrote:
On Tuesday, January 04, 2005 9:05 PM, JHollis wrote:

I had this code working the way i wanted it to (as far as
correct username and password allowing successful login)
...but what i want to happen now is when a user
successfully logs it it will make the login
form disappear and just say successfully logged in or
welcome user and a link below it so they can log off and
make the form re-appear.
[and then he included some sample code]

I am working on something similar, so I was intrigued at your question. I
took the liberty of looking at your code and rewritting it somewhat. Here
are my thoughts and my version.
First, as someone else noted, it is best to do the login/logout logic at the
top of the code because a lot of things in PHP require that they be done
before any output is sent. So I find it is best to resolve all of that
before I send any HTML.
Second, I don't like to rely on side effects and data outside my control to
determine my code logic. I perfer to figure out what I need and then set a
variable of my own to use to steer my logic. So in this case I want to
determine if I have a valid user and then set a variable to hold the state
of the user. Then I can use that variable to steer my logic later in the
code.
Below is my version of your code. I have added session management so a user
can stay logged on over multiple pages. This is demonstrated by the Reload
button in the Content section.
!--  Snippet --- --
?php
  // cleanup_text() protects against malicious users
  // using POST values to insert dangerous code into
  // your sql calls. All user supplied data should
  // be filtered before being trusted.
  function cleanup_text ($value)
  {
return htmlspecialchars(strip_tags($value));
  }
  // logout closes a logged in user session. It is
  // in a function because it is called in several
  // places
  function logout()
  {
global $user;
global $userid;
unset($user);
$userid = 0;
session_destroy();
  }
  $userid = 0;// contains the sql record id of
  // the logged in user. It can be
  // used to test if a user is
  // logged in. This assumes that
  // no valid record has an id of 0.
  // Database connection code:
  // Asumptions:
  //1) Using MySQL
  //2) user login info is contained in a table
  //   called 'users'
  //3) 'users' contains a unique identifier field
  //   called 'id' and it is numeric
  //4) 'users' contains a unique field
  //   called 'username' and it is string type
  //   (that is, each user has only one record
  //   per'username' entry)
  //5) 'users' contains a string field called
  //   'password'
  //6) the 'password' field contains the password
  //   data encoded in md5 form. This is for added
  //   security.
  $db_username=root;
  $db_password=;
  $db=teamtrack;
  $server=localhost;
  $connect = mysql_connect($server,$db_username,$db_password);
  if (!$connect)
  {
die (Error: could not connect to databasebr /\n);
  }
  $select = mysql_select_db($db,$connect);
  if (!$select)
  {
die (Error: could not select database $dbbr /\n);
  }
  session_start();  // Start the session.
  // Check to see if we are already logged in from some previous session.
  if( isset($_SESSION['userid'])  $_SESSION['userid']  0 )
  {
// Check to see if we are logging out.
if ( isset($_POST['login'])  $_POST['login'] == Log Out )
{
  logout();
}
else
{
  // if we were previously logged in and we are not
  // logging out then set up the user's data
  $userid = $_SESSION['userid'];
  $sql = select * from users where id=$userid;
  $result = mysql_query($sql);
  $user = mysql_fetch_object($result);
  if (isset($user-id))
  {
// The specified user was found in the database
$userid = $user-id;
$_SESSION['userid'] = $userid;
  }
  else
  {
// The specified user was NOT found in the database
logout();
  }
}
  }
  else
  {
// We were NOT previously logged in, so check if this is a
// login request
if ( isset($_POST['login'])  $_POST['login'] == Login )
{
  $sql = select * from users where username=' .
cleanup_text ($_POST['username']) . ' and password=md5(' .
cleanup_text ($_POST['password']) . ');
  $result = mysql_query($sql);
  $user = mysql_fetch_object($result);
  if (isset($user-id))
  {
// The specified user was found in the database
$userid = $user-id;
$_SESSION['userid'] = $userid;
  }
  else
  {
// The

Re: [PHP] making FORM dissapear when successful login

2005-01-05 Thread Richard Lynch

JHollis wrote:
 I had this code working the way i wanted it to (as far as correct
 username and password allowing successful login)...but what i want to
 happen now is when a user successfully logs it it will make the login
 form disappear and just say successfully logged in or welcome user and a
 link below it so they can log off and make the form re-appear.  Below is
 the code that i have where i tried to get it to disappear on successful
 login, but it stays disappeared all the time.  Can someone please point
 out what im doing wrong.  I have tried everything i can think of...and
 nothing works.  Im a PHP newbie...so im sure some of you might get a
 laugh out of this...if it is real easy.

I would *NOT* use break; to get out of the successful login...

Just move everything else inside the else{ } block if you don't want it to
appear.

After they *DO* login, perhaps use http://php.net/session_start so they
can *stay* logged in.  You'll need to move the password check (and
database connection and so on) to be *ABOVE* all the HTML stuff -- to the
very tip-top of the file.

Then, to log them out, you can use the code from
http://php.net/session_destroy

For sure, don't send stuff through as ?_SERVER[username]=xxx

$_SERVER is for the web server to fill in, not you.

You'll just confuse yourself (next week/month/year) and any other
programmer if you start polluting $_SERVER with your own stuff.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] making FORM dissapear when successful login

2005-01-04 Thread JHollis

I had this code working the way i wanted it to (as far as correct 
username and password allowing successful login)...but what i want to 
happen now is when a user successfully logs it it will make the login 
form disappear and just say successfully logged in or welcome user and a 
link below it so they can log off and make the form re-appear.  Below is 
the code that i have where i tried to get it to disappear on successful 
login, but it stays disappeared all the time.  Can someone please point 
out what im doing wrong.  I have tried everything i can think of...and 
nothing works.  Im a PHP newbie...so im sure some of you might get a 
laugh out of this...if it is real easy.

---snippet
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Strict//EN 
http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd;
html
head
link href=style.css rel=stylesheet type=text/css /
/head
body
 div id=container
div id=top
h1header/h1

/div
div id=leftnav
p
?php
	$username=$_POST['username'];
	$password=$_POST['password'];
	$db=user;
	$server=localhost;
	$db_username=root;
	$db_password=***;
	
	$connect = mysql_connect($server,$db_username,$db_password);
	if (!$connect) {
			die (could not connect to database);
	}
	$select = mysql_select_db($db,$connect);
	if (!$select) {
			die (could not select database $db);
	}
 /*username='$username';*/
	$sql = SELECT * FROM passwords, user_info where id=PID and 
username='$username';
	$result = mysql_query($sql);
/*$num_rows = mysql_num_rows($result);*/
	while ($user = mysql_fetch_array($result))
		{
		$id = $user['id'];
		$username2 = $user['username'];
		$password2 = $user['password'];
		$firstname = $user['firstname'];
		$email = $user['email_address'];
		
		
	IF ($username==$username2  $password==$password2)
		{
		echo(\Welcome, b$firstname/b\);?br?
		echo (\Your email address is b$emailb\);?/tdtr
		a href=?$_SERVER['PHP_SELF']??username=?password=Logoff/a?
		break;
		}
		else
		{
		?
FORM action=?$_SERVER['PHP_SELF']? method=post
			INPUT type=hidden name=id
table
tdb*/bUsername:/td tdINPUT class=input size=8 
type=text name=username value=?echo $username?/tdtr
tdb*/bPassword:/td tdINPUT class=input size=8 
type=password name=password/tdtr
td class=xsmallb* Case Sensitive/b/td
tdINPUT type=submit value=Login/tdtr
tdnbsp /td
/table
/FORM
?
		
		break;
			}
		
	}	
//IF ($username != $username2 || $password != $password2) {//


?br
?
if  ($username ==   $password == ) {
echo (Please type in a Username and Password);}
if  ($username !=   $password == ) {
echo (Please type in a password);}
	if  ($username ==   $password != ) {
		echo (Please type in a username and password);}
	
	 ?

	 		
/p
/div
?if (($username2==$username  $password2==$password)  
($username2!= || $password2!=)){?
div id=rightnav class=box
p
/p
/div
?}?
div id=content
h2Subheading/h2
p
/p
p
/p
/div
div id=footer
p
Today is
?php
	echo( date(F dS Y.));
?
/p
/div
/div
/body
/html
snippet

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] making FORM dissapear when successful login

Re: [PHP] making FORM dissapear when successful login

Re: [PHP] making FORM dissapear when successful login

[PHP] making FORM dissapear when successful login

4 matches

Site Navigation

Mail list logo

Footer information