Need help making login verification cleaner...

[pneudralics]

I use the below to verify user login. I first check the cookie for the id, ip and a unique id. If it's set then I move on to verifying that they all belong together. I usually copy and paste everything on a page that needs verification and I just edit the "we are good...." part.

 

Login verification

<?php
//Check to see if cookie is set
if (isset($_COOKIE['id']) && isset($_COOKIE['ip']) && isset($_COOKIE['uniqueid'])){

$cookieid = $_COOKIE['id'];
$cookieip = $_COOKIE['ip'];
$cookieuniqueid = $_COOKIE['uniqueid'];

require('header.php');

//Select id and loginip according to cookie uniqueid	
$query = "SELECT * FROM user WHERE uniqueid = '$cookieuniqueid' LIMIT 1";

if ($result = mysql_query ($query)) {
while ($row = mysql_fetch_array ($result)) {
$id = $row['id'];
$uniqueid = $row['uniqueid'];
$ip = $row['ip'];	
}
}

//Compare cookie ip and id with query loginip and id --- if cookies match database then we allow
if ($_COOKIE['id'] == $id && $_COOKIE['ip'] == $ip && $_COOKIE['uniqueid'] == $uniqueid) {
?>
we are good....
<?php

require('footer.php');
//End cookie compare
}
//Redirect to index if cookie compare fails
else {
header('Location: index.php');
}
//End cookie set 	 
}
//Redirect to index if cookie is not set
else {
header('Location: index.php');
}
?>

 

I was wondering if there was a way for me to just do something like:

<?php
require('verify.php');
//If not logged in user wont see the below..
?>
Login user sees this

[teamatomic]

Make the code a function in its own file

 

function_login_check.php
<?php
function check_login()
{
code goes here
}
?>

 

Then include the function file and call the function

check_login();

 

see the php manual

http://www.php.net/manual/en/language.functions.php

specifically the user defined functions section

 

 

HTH

Teamatomic

[ignace]

Make the code a function in its own file

 

function_login_check.php
<?php
function check_login()
{
code goes here
}
?>

 

That is confusing to me I ususally adhere to:

 

function.check-login.php

 

Now you instanly know the function callsign is check_login()

 

A dash indicates an underscore

[laffin]

verify.php

<?php
//Check to see if cookie is set
if (isset($_COOKIE['id']) && isset($_COOKIE['ip']) && isset($_COOKIE['uniqueid'])){
  $cookieid = $_COOKIE['id'];
  $cookieip = $_COOKIE['ip'];
  $cookieuniqueid = $_COOKIE['uniqueid'];

  //Select id and loginip according to cookie uniqueid
  $query = "SELECT * FROM user WHERE uniqueid = '$cookieuniqueid' LIMIT 1";

  if ($result = mysql_query ($query)) {
    while ($row = mysql_fetch_array ($result)) {
      $id = $row['id'];
      $uniqueid = $row['uniqueid'];
      $ip = $row['ip'];
    }
  }

  //Compare cookie ip and id with query loginip and id --- if cookies match database then we allow
  if (!($_COOKIE['id'] == $id && $_COOKIE['ip'] == $ip && $_COOKIE['uniqueid'] == $uniqueid)) {
    header('Location: index.php');
    die();
  //End cookie compare
  }
  //End cookie set 
}
//Redirect to index if cookie is not set
else {
header('Location: index.php');
die();
}
?>

 

Notice I removed the header/footer, and added die functions (the header function doesnt like any outbound info beforehand)

 

sample.php

<?php
require('verify.php');
require('header.php');
//If not logged in user wont see the below..
?>
Login user sees this
<?php
require('footer.php');
?>

 

Although your code can be optimized a lot, this was more of instruction of how to include other aspects to your code. I do agree with teamotomic, is that you should start using functions, but that is beyond the scope of the request.