Jump to content

Check Login Process/Error


justlukeyou

Recommended Posts

Hi,

 

I am trying add a checklogin code to a registration page so that someone can add details into a database to create a profile and then the site checks if they are looged in.  However when I add the checkLogin code it creates the following error:

 

Call to undefined function checkLogin()

 

Can anyone advise how this process works?  Does someone need to enter their information and then clck a confirmation link on a email before the checklogin code works?

 

My plan is to centralise the checklogin code to the homepage, should I be doing that?

 

 

<?php 
$loggedIn = checkLogin();
?>
<?php 

if($loggedIn) {
    echo "Welcome, ".$user['firstname'].". <a href=\"logout.php\">Logout</a>.";
} else {
    echo "Please <a href=\"login.php\">Login</a>.";
}

?>

<?php

if(isset($_POST['submit'])){
    $firstname = mysql_real_escape_string(trim($_POST['firstname']));
    $surname = mysql_real_escape_string(trim($_POST['surname']));
    $password = trim($_POST['password']);
$password1 = mysql_real_escape_string(trim($_POST['password1']));
    $emailaddress = mysql_real_escape_string(trim($_POST['emailaddress']));
    
    if(!isset($firstname) || empty($firstname)) {
        $error = "Please enter your First Name.";
    }

if(!isset($surname) || empty($surname)) {
        $error = "Please enter your Surname.";
    }

    if((!isset($password) || empty($password)) && !$error) {
        $error = "You need to enter a password.";
    }
    if((!isset($password1) || empty($password1)) && !$error) {
        $error = "You need to enter your password twice.";
    }
    if($password != $password1 && !$error) {
        $error = "The passwords you entered did not match.";
    }

  
    if((!isset($emailaddress) || empty($emailaddress)) && !$error) {
        $error = "Please enter an email address.";
    }

$emailAddress = filter_var($_POST['emailaddress'], FILTER_VALIDATE_EMAIL);
if (!$emailAddress)
{
  $error = 'Please enter your email address in a valid format.  Example: bobsmith@companyname.com';
} 	

    $query = mysql_query("SELECT userid FROM organisermembers WHERE emailaddress = '".$emailaddress."' LIMIT 1");
    if(mysql_num_rows($query) > 0 && !$error) {
        $error = "Sorry, that email is already in use!";
    }

    
    if(!$error) {
        $query = mysql_query("INSERT INTO organisermembers (firstname, surname, password, emailaddress) VALUES ('".$firstname."', '".$surname."', '".mysql_real_escape_string(md5($password))."', '".$emailaddress."')");
        if($query) {
            $message = "Hello ".$_POST['firstname'].",\r\n\r\nThanks for registering with us! We hope you enjoy your stay.\r\n\r\n Many Thanks,\r\nus.com";
            $headers = "From: ".$website['name']." <".$website['emailaddress'].">\r\n";
            mail($_POST['emailaddress'], "Welcome", $message, $headers);
            setcookie("user", mysql_insert_id(), $time);
            setcookie("pass", mysql_real_escape_string(md5($password)), $time);
            header("Location: registerorganiser.php");
        } else {
            $error = "There was a problem with the registration. Please try again.";
        }
    }
}

?>

Link to comment
Share on other sites

  • Replies 71
  • Created
  • Last Reply

Should I be using something like this?

 

<?php

if(isset($_POST['submit'])) {
    $membername = mysql_real_escape_string($_POST['firstname']);
    $password = mysql_real_escape_string(md5($_POST['password']));
    $query = mysql_query("SELECT * FROM users WHERE organisermembers = '".$firstname."' AND password = '".$password."' LIMIT 1");
    if(mysql_num_rows($query) > 0) {
        $row = mysql_fetch_array($query);
        $time = ($_POST['remember'] == "yes") ? time()+60*60*24*365 : 0;
        setcookie("user", $row['id'], $time);
        setcookie("pass", $password, $time);
        header("Location: ".$_POST['return']);
    } else {
        $site['error'] = "Invalid username/password.";
    }
}

?>

Link to comment
Share on other sites

Or this, can someone lead me in the right direction for the code I should be using?

 

function Login()
{
    if(empty($_POST['username']))
    {
        $this->HandleError("UserName is empty!");
        return false;
    }
    if(empty($_POST['password']))
    {
        $this->HandleError("Password is empty!");
        return false;
    }
    $username = trim($_POST['username']);
    $password = trim($_POST['password']);
    if(!$this->CheckLoginInDB($username,$password))
    {
        return false;
    }
    session_start();
    $_SESSION[$this->GetLoginSessionVar()] = $username;
    return true;
}

Link to comment
Share on other sites

Or this, can someone lead me in the right direction for the code I should be using?

 

The code you should be using is code that satisfies your requirements.

 

add a checklogin code to a registration page  ...

someone can add details into a database...

checks if they are looged in.

 

Based on your code examples, I suppose you mean a login form and you seem to have general idea.  Do you have any specific problems?

 

BTW, I added some content to my signature.

Link to comment
Share on other sites

:facepalm:

 

@justlukeyou - You're going about learning PHP in a very inefficient manner.  What I've seen is that you have an idea for a site, and rather than learning in a linear manner, you scour the web for different small scripts to mash together in the hope that something will actually come of it.

 

That's really the worst way to learn because you're focused more on the end result rather than the process.  PHP is a language.  It has syntax and grammar, and you'll be much better served if you do the tedious work of learning the building blocks rather than jumping to a finished project.  To stretch a literary metaphor, right now you're trying to write a novel in French without understanding how verbs work.  Not gonna happen.

 

So instead of going through the painful "I'm going to blindly throw shit at the wall and examine what sticks" process, go back to the beginning and start again.  That may sound horrible, but it's really the only way you'll become anything more than a dabbler.

Link to comment
Share on other sites

Also, considering you seem to know very little maybe starting off with simple things will give you some head start? Look into echoing and getting different messages to show with if/else statements. This will give you a genernal starting point :) .

 

Echoing:

<?php echo "Hello World"; ?>

 

If / Else

<?php

$date= date("D");

if($date == "Fri"){
    echo "Almost the weekend.";
}
else{
    echo "Not quite the weekend.";
}

Link to comment
Share on other sites

Just to give you an example of a login script, heres mine:

 


<?php
    if(!$ses_user && !$ses_pass){
        if($_POST["submit"]){
            $u = $_POST["username"];
            $p = $_POST["password"];
            
            if(!$u && !$p){
                $msg = "<p>The login form is empty. Try again.</p>";
            }
            else{
                if(!$u){
                    $msg .= "<p>The username is empty. Try again.</p>";
                }
                else{
                    if(!$p){
                        $msg .= "<p>The password is empty. Try again.</p>";
                    }
                    else{
                        
                        $log = mysql_query("SELECT * FROM users WHERE username = '$u' AND password = '$p'");
                        
                        $check = mysql_fetch_assoc($log);
                        
                        $u_check = $check["username"];
                        $p_check = $check["password"];
                        
                        if($u != $u_check && $p != $p_check){
                            $msg .= "<p>The username or password was incorrect.</p>";
                        }
                        
                        if($u === $u_check && $p === $p_check){
                            session_start();
            
                            $_SESSION['log_user'] = $u;

                            $_SESSION['log_pass'] = $p;
                                    
                            header("Location: profile.php");
                        }
                    }
                }                        
            }
            echo "<div class='bad'>".$msg."</div>";
        }
        echo '<form action="" method="POST">';
            echo '<label>Username:</label><input type="text" name="username" class="fields" />';
            echo '<label>Password:</label><input type="password" name="password" class="fields" />';
            echo '<input type="submit" name="submit" class="send" value="Login" />';
        echo '</form>';
        echo '<a href="register.php">Register</a>
            <div class="clear"></div>';
    }    
    else
    {
        echo '<div class="good">Login was successful.<br>You are logged in as: '.$ses_user.'</div>';
        
        $join = mysql_query("SELECT * FROM users WHERE username = '$ses_user'");
        if($joined = mysql_fetch_assoc($join))
        {
            $join_num = $joined["joined"];
            
            if($join_num < 1)
            {
                echo '<a href="join.php">Join the Team</a>';
            }
        }
    }
?>

 

It works fine. The process?

 

-> You fill in the form -> Submits to itself

-> Gets the information from the form and puts them inside variables

-> The variables are then checked to make sure none are empty

-> If not empty it then compares them to the database entries

-> If successful, logs you in and creates sessions around your username and password.

Link to comment
Share on other sites

@White_Lily You should escape your inputs before putting them into the SQL query. You avoid a user from actually logging in (' OR 1 --) by double checking the username and password but he might break your query or even break out of it and writing PHP code (". eval('<?php echo 'foo'; ?>') .", won't actually execute but still).

Link to comment
Share on other sites

Thanks everyone,

 

PHP seems to be huge range of code but I want to apply to a certain range.  IE a membership system. 

 

What Im finding very odd is that no one can actually tell me how what a solid and safe membership script should contain.  Take the recent posts for example, someone posts a membership script only for someone else to point out their are parts missing.

 

My membership script is slowly coming together. 

 

Link to comment
Share on other sites

It takes a lot of research to learn all of the security issues. You're not doing research though, you're just grabbing random scripts and asking is this one ok? what about this one?

 

Rather than searching for an actual script you can take and use, you need to be searching for information about the entire IDEA, and researching web security.

 

You won't get a unified answer on "THIS IS THE WAY TO DO IT" because there are lots of ways to do it, and lots of competing ideas on what is best. There is no one right answer. It's like asking which political party is "correct".

 

ETA: If there were one truly right answer, no one would ever get their user's information leaked by hackers. Yet it happens every week. LinkedIn had their user's passwords stolen. It happens to BANKS, FFS.

Link to comment
Share on other sites

It takes a lot of research to learn all of the security issues. You're not doing research though, you're just grabbing random scripts and asking is this one ok? what about this one?

 

Rather than searching for an actual script you can take and use, you need to be searching for information about the entire IDEA, and researching web security.

 

You won't get a unified answer on "THIS IS THE WAY TO DO IT" because there are lots of ways to do it, and lots of competing ideas on what is best. There is no one right answer. It's like asking which political party is "correct".

 

ETA: If there were one truly right answer, no one would ever get their user's information leaked by hackers. Yet it happens every week. LinkedIn had their user's passwords stolen. It happens to BANKS, FFS.

 

All of this.

 

The 'right way' to do something is usually a balance between complexity, performance, ease of use, and how it fits into your overall project.  The best a 3rd party script or tutorial can do is point you in a general direction.  There is always tweaking and modification that needs to be done.  Sometimes small (rendered HTML/CSS), sometimes large (change the way the script talks to the back end, or the back end itself).

 

This goes for professional solutions as well.  WordPress, Joomla, et al. don't tend to address the edge use cases that a project's identity can depend on.  Even with plugins, you'll likely find that you need to actually go under the hood from time to time.

 

Just to be clear, we're not being critical to be mean.  We're being critical because we were in your position once, too, and have been through the frustration of learning.  We're trying to help you avoid common pitfalls that will merely have you wasting time and not really learning.

 

One of the problems with 3rd party scripts is that unless you're experienced, you can't tell if the code is good or not.  It's not just a matter of "Will this work?"  It's a matter of "Will this work?  Is it secure?  Does it work well?  Does it fit in with the rest of my code?"  Handling input, stuffing data in a database, and displaying something on the screen is only part of the process.  And there are a ton of shitty free scripts out there that will only teach you the wrong way to approach a problem.

 

That's why I keep trying to hammer home the idea of learning from the ground up.  You need to know the basics language itself before you can attempt to make your ideas a reality.  The PHP site itself has some of the best online documentation in the business (http://www.php.net/manual/en/langref.php).  There are plenty of good books on the subject (Larry Ullman's books are straightforward and gentle) as well.

 

From there, it's a matter of doing research, asking questions, and practicing by writing small test scripts.  No web developer has ever spawned fully formed.  We've all had to make a gazillion number of rinky-dink, idiotic test scripts in our lives.  I still like to prototype in that way.

Link to comment
Share on other sites

I fully support what your saying, Im just stuck on where to get the relevant information I need.

 

For example, all the code Im working now requires a header.  But I dont know what a header is and how it works.

 

Lets you wanted to learn and apply a header (or other piece of code to your site) where would to turn to get that information.

 

Oh yeah, to be totally honest I simply dont understand the PHP site.  I've looked at around 50 different terms and not understand one of them.

Link to comment
Share on other sites

I fully support what your saying, Im just stuck on where to get the relevant information I need.

 

For example, all the code Im working now requires a header.  But I dont know what a header is and how it works.

 

Lets you wanted to learn and apply a header (or other piece of code to your site) where would to turn to get that information.

 

First, I'd check the PHP documentation (header).  If I didn't understand what an HTTP header was, I'd do some research - there's a link to the HTTP specification in the PHP documentation for header(), so I'd check that out.  I'd also check out wikipedia, as their programming articles are generally a decent Reader's Digest version of the actual topics.

 

Oh yeah, to be totally honest I simply dont understand the PHP site.  I've looked at around 50 different terms and not understand one of them.

 

Not sure how to help you there, to be honest.  Larry Ullman's Visual Quickstart Pro books are probably your best bet.  They're very beginner friendly.  Beyond that, I'm not sure.

Link to comment
Share on other sites

Maybe a community college course then.

 

I've tried looking around but their are none near me.  Are their sites on which you can learn PHP.  I've seen some sites in which you can actually learn code on a website?

 

I built one database driven site which I'm really pleased with.  However I want to build a site in which people can join as a member. 

Link to comment
Share on other sites

So a header is the location someone goes to when they login?  Does everyone page of a website need to have the code that checks if someone is logged in?

 

With the error below all the places I have seen the header locator in a script is inside the same script in which someone enters their login details.

 

 

 

<html>
<?php
/* This will give an error. Note the output
* above, which is before the header() call */
header('Location: http://www.example.com/');
?>

Link to comment
Share on other sites

To check if a user is logged in and providing you are using sessions, it would look something similar to this:

 

 



<?php




   if(!$ses_user && !$ses_pass){
      echo "You need to be logged in to view this page.";
   }




?>

 

 

This code gets placed ABOVE the doctype. That way the first thing it checks for, is whether the sessions are set or not.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.