I am trying to implement a relatively complete login system code for my
website, but the code is a bit dated ($HTTP_POST_VARS for example).
I am not too familiar with classes and I'm having trouble with this one.
I have an include which is the login form if the SESSION is not set, and a
mini control panel when it is.
I will post the code below because it is a bit extensive. My problem: When I
try to log in (POST username/password to same page and validate with the
class, the page simply reloads MINUS THE FORM SUBMIT BUTTON. It's very odd.
I have a working system on another website without using this class, I just
hoping to be more object-oriented with this one.
Like I said, the code is a bit lengthy, and if you are kind enough to take a
look at I can even send you the php files for the sake of readability (ie.
formatted better than here).
Anything you can help with would be greatly appreciated; I'll have my wife
bake you some cookies or something!
The basic page looks like this:
<?php
// Get the PHP file containing the DbConnector class
require_once('../includes/DbConnector.php');
// Create an instance of DbConnector
$connector = new DbConnector();
// sets $thispage and $directory
include('../includes/pagedefinition.php');
// Include functions
require_once('../includes/functions.php');
//content
include('../includes/signupform.php');
include('../includes/signup_val_inser_eml.php');
include('../includes/signinform.php');
include('../includes/header.php');
include('../includes/body.php');
?>
The page definition file looks like this:
<?php
require_once("Sentry.php");
if ($_GET['action'] == 'logout'){
if ($sentry->logout()){
echo '<p align=\"center\" class=\"confirm\">You have been logged
out</p><br>';
}
}
. . . // site content-grabbing code excluded ///
// Attempted login url - use for redirect after login.
$redirect =
"http://mwclans.com/{$_SERVER['REQUEST_URI'<http://mwclans.com/%7B$_SERVER['REQUEST_URI'>
]}";
// Defined in includes/Sentry.php
$sentry = new Sentry();
// If logging in, POST['login'] will be set - check credentials (9 is used
to specify the minimum group level that's allowed to access this resource)
if ($_POST['login'] != ''){
$sentry->checkLogin($_POST['username'],$_POST['password'],9,'$redirect',/user/index.php');
}
if ($minlevel < 9)
{
if (!$sentry->checkLogin($minlevel) ){ header("Location:
/user/<http://www.mwclans.com/user/>");
die(); }
}
?>
Here is the Sentry class:
<?php
////////////////////////////////////////////////////////////////////////////////////////
// Class: sentry
// Purpose: Control access to pages
///////////////////////////////////////////////////////////////////////////////////////
class sentry {
var $loggedin = false; // Boolean to store whether the user is logged in
var $userdata; // Array to contain user's data
function sentry(){
session_start();
header("Cache-control: private");
}
//======================================================================================
// Log out, destroy session
function logout(){
if (is_object($this->userdata))
{
unset($this->userdata);
$session_name = session_name();
return true;
}
else
{
$message = "<p align=\"center\" class=\"error\">Call to non-object by
function: logout()</p>";
}
}
//======================================================================================
// Log in, and either redirect to goodRedirect or badRedirect depending on
success
function checkLogin($username = '',$password = '',$role_id =
9,$goodRedirect = '',$badRedirect = ''){
// Include database and validation classes, and create objects
require_once('DbConnector.php');
require_once('Validator.php');
$validate = new Validator();
$loginConnector = new DbConnector();
// If user is already logged in then check credentials
if ($_SESSION['username'] && $_SESSION['password']){
// Validate session data
if (!$validate->validateTextOnly($_SESSION['username'])){return false;}
if (!$validate->validateTextOnly($_SESSION['password'])){return false;}
$getUser = $loginConnector->query("SELECT * FROM user WHERE username =
'".$_SESSION['username']."' AND password = '".$_SESSION['password']."' AND
role_id <= ".$role_id.' AND verified = 1');
if ($loginConnector->getNumRows($getUser) > 0){
// Existing user ok, continue
if ($goodRedirect != '') {
header("Location: ".$goodRedirect."?".strip_tags(session_id())) ;
}
return true;
}else{
// Existing user not ok, logout
$this->logout();
return false;
}
// User isn't logged in, check credentials
}else{
// Validate input
if (!$validate->validateTextOnly($username)){return false;}
if (!$validate->validateTextOnly($password)){return false;}
// Look up user in DB
$getUser = $loginConnector->query("SELECT * FROM user WHERE username =
'$username' AND password = PASSWORD('$password') AND role_id <= $role_id AND
verified = 1");
$this->userdata = $loginConnector->fetchArray($getUser);
if ($loginConnector->getNumRows($getUser) > 0){
// Login OK, store session details
// Log in
$_SESSION["username"] = $username;
$_SESSION["password"] = $this->userdata['password'];
$_SESSION["user_id"] = $this->userdata['user_id'];
$_SESSION["role_id"] = $this->userdata['role_id'];
if ($goodRedirect) {
header("Location: ".$goodRedirect."?".strip_tags(session_id())) ;
}
return true;
}else{
// Login BAD
unset($this->userdata);
if ($badRedirect) {
header("Location: ".$badRedirect) ;
}
return false;
}
}
}
}
?>
And here is the login page:
<?php
$loginsettingquery = "SELECT * FROM site_settings WHERE name='login'";
$loginsettingresult = $connector->query($loginsettingquery);
$loginsettinginfo = $connector->fetchArray($loginsettingresult);
$currentpage =
"http://mwclans.com/{$_SERVER['REQUEST_URI'<http://mwclans.com/%7B$_SERVER['REQUEST_URI'>
]}";
if (isset($_SESSION['username']) && isset($_SESSION['password'])) // display
other info, else display login form
{
// logged-in user tools
}
else
{
if ($loginsettinginfo['value'] == 1 || $directory == "cmsadmin")
{
$signinform = <<<END
<table width="250" align="center" border="0" cellspacing="0" cellpadding="3"
class="contentbox">
<tr>
<td colspan="2" bgcolor="#000000"><b>Login</b></td>
</tr>
<tr>
<td align="right"><span style="cursor:default;">Username:</td>
<td style="vertical-align:top">
<form name="login" method="post" action="$currentpage">
<input type="hidden" name="login" value="1">
<input name="username" type="text" size="15" id="username" /></td>
</tr>
<tr valign="center">
<td align="right"><span style="cursor:default;">Password:</td>
<td style="vertical-align:top;">
<input name="password" type="password" size="15" id="password" /></td>
</tr>
<tr>
<td colspan="2" align="right"></td>
</tr>
</table></form>
END;
}
else
{
// login disabled message
}
}
?>
