justlukeyou Posted September 12, 2012 Share Posted September 12, 2012 Hi, I am trying add a checklogin code to a registration page so that someone can add details into a database to create a profile and then the site checks if they are looged in. However when I add the checkLogin code it creates the following error: Call to undefined function checkLogin() Can anyone advise how this process works? Does someone need to enter their information and then clck a confirmation link on a email before the checklogin code works? My plan is to centralise the checklogin code to the homepage, should I be doing that? <?php $loggedIn = checkLogin(); ?> <?php if($loggedIn) { echo "Welcome, ".$user['firstname'].". <a href=\"logout.php\">Logout</a>."; } else { echo "Please <a href=\"login.php\">Login</a>."; } ?> <?php if(isset($_POST['submit'])){ $firstname = mysql_real_escape_string(trim($_POST['firstname'])); $surname = mysql_real_escape_string(trim($_POST['surname'])); $password = trim($_POST['password']); $password1 = mysql_real_escape_string(trim($_POST['password1'])); $emailaddress = mysql_real_escape_string(trim($_POST['emailaddress'])); if(!isset($firstname) || empty($firstname)) { $error = "Please enter your First Name."; } if(!isset($surname) || empty($surname)) { $error = "Please enter your Surname."; } if((!isset($password) || empty($password)) && !$error) { $error = "You need to enter a password."; } if((!isset($password1) || empty($password1)) && !$error) { $error = "You need to enter your password twice."; } if($password != $password1 && !$error) { $error = "The passwords you entered did not match."; } if((!isset($emailaddress) || empty($emailaddress)) && !$error) { $error = "Please enter an email address."; } $emailAddress = filter_var($_POST['emailaddress'], FILTER_VALIDATE_EMAIL); if (!$emailAddress) { $error = 'Please enter your email address in a valid format. Example: bobsmith@companyname.com'; } $query = mysql_query("SELECT userid FROM organisermembers WHERE emailaddress = '".$emailaddress."' LIMIT 1"); if(mysql_num_rows($query) > 0 && !$error) { $error = "Sorry, that email is already in use!"; } if(!$error) { $query = mysql_query("INSERT INTO organisermembers (firstname, surname, password, emailaddress) VALUES ('".$firstname."', '".$surname."', '".mysql_real_escape_string(md5($password))."', '".$emailaddress."')"); if($query) { $message = "Hello ".$_POST['firstname'].",\r\n\r\nThanks for registering with us! We hope you enjoy your stay.\r\n\r\n Many Thanks,\r\nus.com"; $headers = "From: ".$website['name']." <".$website['emailaddress'].">\r\n"; mail($_POST['emailaddress'], "Welcome", $message, $headers); setcookie("user", mysql_insert_id(), $time); setcookie("pass", mysql_real_escape_string(md5($password)), $time); header("Location: registerorganiser.php"); } else { $error = "There was a problem with the registration. Please try again."; } } } ?> Quote Link to comment Share on other sites More sharing options...
Mahngiel Posted September 12, 2012 Share Posted September 12, 2012 where's the checkLogin() function? do you need to include/require it? Quote Link to comment Share on other sites More sharing options...
justlukeyou Posted September 12, 2012 Author Share Posted September 12, 2012 Hi, Im not sure what the full checklogin function is. If theres anything missing I dont have it. Is there code which is able to check is someone is logged in? Should I be using the following code: http://www.phpeasystep.com/phptu/6.html Quote Link to comment Share on other sites More sharing options...
Mahngiel Posted September 12, 2012 Share Posted September 12, 2012 Im not sure what the full checklogin function is. I'm sorry, but why the hell not? Why would you run code you don't know what it is? Quote Link to comment Share on other sites More sharing options...
justlukeyou Posted September 12, 2012 Author Share Posted September 12, 2012 Uh, Im trying to learn what it is and how the process works so I can apply it. Hence why Im asking on a forum dedicated to PHP. BTW I'm not asking someone to write the code for me, Im asking what code I need and the process I should use it in. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 12, 2012 Share Posted September 12, 2012 Should I be using the following code: http://www.phpeasystep.com/phptu/6.html NO. The code on that site is ten years out of date. Quote Link to comment Share on other sites More sharing options...
justlukeyou Posted September 12, 2012 Author Share Posted September 12, 2012 Should I be using something like this? <?php if(isset($_POST['submit'])) { $membername = mysql_real_escape_string($_POST['firstname']); $password = mysql_real_escape_string(md5($_POST['password'])); $query = mysql_query("SELECT * FROM users WHERE organisermembers = '".$firstname."' AND password = '".$password."' LIMIT 1"); if(mysql_num_rows($query) > 0) { $row = mysql_fetch_array($query); $time = ($_POST['remember'] == "yes") ? time()+60*60*24*365 : 0; setcookie("user", $row['id'], $time); setcookie("pass", $password, $time); header("Location: ".$_POST['return']); } else { $site['error'] = "Invalid username/password."; } } ?> Quote Link to comment Share on other sites More sharing options...
justlukeyou Posted September 12, 2012 Author Share Posted September 12, 2012 Or this, can someone lead me in the right direction for the code I should be using? function Login() { if(empty($_POST['username'])) { $this->HandleError("UserName is empty!"); return false; } if(empty($_POST['password'])) { $this->HandleError("Password is empty!"); return false; } $username = trim($_POST['username']); $password = trim($_POST['password']); if(!$this->CheckLoginInDB($username,$password)) { return false; } session_start(); $_SESSION[$this->GetLoginSessionVar()] = $username; return true; } Quote Link to comment Share on other sites More sharing options...
Mahngiel Posted September 12, 2012 Share Posted September 12, 2012 Or this, can someone lead me in the right direction for the code I should be using? The code you should be using is code that satisfies your requirements. add a checklogin code to a registration page ... someone can add details into a database... checks if they are looged in. Based on your code examples, I suppose you mean a login form and you seem to have general idea. Do you have any specific problems? BTW, I added some content to my signature. Quote Link to comment Share on other sites More sharing options...
Jessica Posted September 12, 2012 Share Posted September 12, 2012 I don't understand how someone has over 500 posts and doesn't know what a signature on the forum is. *SMH* Quote Link to comment Share on other sites More sharing options...
White_Lily Posted September 13, 2012 Share Posted September 13, 2012 Im guessing you are trying to get the script to submit to itself, then check the login details, compare the details to the database, then if successful start sessions? For an example go here: http://tutorials.janedealsart.co.uk (register, then use the login box) Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted September 13, 2012 Share Posted September 13, 2012 @justlukeyou - You're going about learning PHP in a very inefficient manner. What I've seen is that you have an idea for a site, and rather than learning in a linear manner, you scour the web for different small scripts to mash together in the hope that something will actually come of it. That's really the worst way to learn because you're focused more on the end result rather than the process. PHP is a language. It has syntax and grammar, and you'll be much better served if you do the tedious work of learning the building blocks rather than jumping to a finished project. To stretch a literary metaphor, right now you're trying to write a novel in French without understanding how verbs work. Not gonna happen. So instead of going through the painful "I'm going to blindly throw shit at the wall and examine what sticks" process, go back to the beginning and start again. That may sound horrible, but it's really the only way you'll become anything more than a dabbler. Quote Link to comment Share on other sites More sharing options...
White_Lily Posted September 13, 2012 Share Posted September 13, 2012 Also, considering you seem to know very little maybe starting off with simple things will give you some head start? Look into echoing and getting different messages to show with if/else statements. This will give you a genernal starting point . Echoing: <?php echo "Hello World"; ?> If / Else <?php $date= date("D"); if($date == "Fri"){ echo "Almost the weekend."; } else{ echo "Not quite the weekend."; } Quote Link to comment Share on other sites More sharing options...
White_Lily Posted September 13, 2012 Share Posted September 13, 2012 Just to give you an example of a login script, heres mine: <?php if(!$ses_user && !$ses_pass){ if($_POST["submit"]){ $u = $_POST["username"]; $p = $_POST["password"]; if(!$u && !$p){ $msg = "<p>The login form is empty. Try again.</p>"; } else{ if(!$u){ $msg .= "<p>The username is empty. Try again.</p>"; } else{ if(!$p){ $msg .= "<p>The password is empty. Try again.</p>"; } else{ $log = mysql_query("SELECT * FROM users WHERE username = '$u' AND password = '$p'"); $check = mysql_fetch_assoc($log); $u_check = $check["username"]; $p_check = $check["password"]; if($u != $u_check && $p != $p_check){ $msg .= "<p>The username or password was incorrect.</p>"; } if($u === $u_check && $p === $p_check){ session_start(); $_SESSION['log_user'] = $u; $_SESSION['log_pass'] = $p; header("Location: profile.php"); } } } } echo "<div class='bad'>".$msg."</div>"; } echo '<form action="" method="POST">'; echo '<label>Username:</label><input type="text" name="username" class="fields" />'; echo '<label>Password:</label><input type="password" name="password" class="fields" />'; echo '<input type="submit" name="submit" class="send" value="Login" />'; echo '</form>'; echo '<a href="register.php">Register</a> <div class="clear"></div>'; } else { echo '<div class="good">Login was successful.<br>You are logged in as: '.$ses_user.'</div>'; $join = mysql_query("SELECT * FROM users WHERE username = '$ses_user'"); if($joined = mysql_fetch_assoc($join)) { $join_num = $joined["joined"]; if($join_num < 1) { echo '<a href="join.php">Join the Team</a>'; } } } ?> It works fine. The process? -> You fill in the form -> Submits to itself -> Gets the information from the form and puts them inside variables -> The variables are then checked to make sure none are empty -> If not empty it then compares them to the database entries -> If successful, logs you in and creates sessions around your username and password. Quote Link to comment Share on other sites More sharing options...
ignace Posted September 13, 2012 Share Posted September 13, 2012 @White_Lily You should escape your inputs before putting them into the SQL query. You avoid a user from actually logging in (' OR 1 --) by double checking the username and password but he might break your query or even break out of it and writing PHP code (". eval('<?php echo 'foo'; ?>') .", won't actually execute but still). Quote Link to comment Share on other sites More sharing options...
ignace Posted September 13, 2012 Share Posted September 13, 2012 Correction: or even break out of it and writing PHP code (". eval('<?php echo 'foo'; ?>') .", won't actually execute but still). Quote Link to comment Share on other sites More sharing options...
justlukeyou Posted September 13, 2012 Author Share Posted September 13, 2012 Thanks everyone, PHP seems to be huge range of code but I want to apply to a certain range. IE a membership system. What Im finding very odd is that no one can actually tell me how what a solid and safe membership script should contain. Take the recent posts for example, someone posts a membership script only for someone else to point out their are parts missing. My membership script is slowly coming together. Quote Link to comment Share on other sites More sharing options...
Jessica Posted September 13, 2012 Share Posted September 13, 2012 It takes a lot of research to learn all of the security issues. You're not doing research though, you're just grabbing random scripts and asking is this one ok? what about this one? Rather than searching for an actual script you can take and use, you need to be searching for information about the entire IDEA, and researching web security. You won't get a unified answer on "THIS IS THE WAY TO DO IT" because there are lots of ways to do it, and lots of competing ideas on what is best. There is no one right answer. It's like asking which political party is "correct". ETA: If there were one truly right answer, no one would ever get their user's information leaked by hackers. Yet it happens every week. LinkedIn had their user's passwords stolen. It happens to BANKS, FFS. Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted September 13, 2012 Share Posted September 13, 2012 It takes a lot of research to learn all of the security issues. You're not doing research though, you're just grabbing random scripts and asking is this one ok? what about this one? Rather than searching for an actual script you can take and use, you need to be searching for information about the entire IDEA, and researching web security. You won't get a unified answer on "THIS IS THE WAY TO DO IT" because there are lots of ways to do it, and lots of competing ideas on what is best. There is no one right answer. It's like asking which political party is "correct". ETA: If there were one truly right answer, no one would ever get their user's information leaked by hackers. Yet it happens every week. LinkedIn had their user's passwords stolen. It happens to BANKS, FFS. All of this. The 'right way' to do something is usually a balance between complexity, performance, ease of use, and how it fits into your overall project. The best a 3rd party script or tutorial can do is point you in a general direction. There is always tweaking and modification that needs to be done. Sometimes small (rendered HTML/CSS), sometimes large (change the way the script talks to the back end, or the back end itself). This goes for professional solutions as well. WordPress, Joomla, et al. don't tend to address the edge use cases that a project's identity can depend on. Even with plugins, you'll likely find that you need to actually go under the hood from time to time. Just to be clear, we're not being critical to be mean. We're being critical because we were in your position once, too, and have been through the frustration of learning. We're trying to help you avoid common pitfalls that will merely have you wasting time and not really learning. One of the problems with 3rd party scripts is that unless you're experienced, you can't tell if the code is good or not. It's not just a matter of "Will this work?" It's a matter of "Will this work? Is it secure? Does it work well? Does it fit in with the rest of my code?" Handling input, stuffing data in a database, and displaying something on the screen is only part of the process. And there are a ton of shitty free scripts out there that will only teach you the wrong way to approach a problem. That's why I keep trying to hammer home the idea of learning from the ground up. You need to know the basics language itself before you can attempt to make your ideas a reality. The PHP site itself has some of the best online documentation in the business (http://www.php.net/manual/en/langref.php). There are plenty of good books on the subject (Larry Ullman's books are straightforward and gentle) as well. From there, it's a matter of doing research, asking questions, and practicing by writing small test scripts. No web developer has ever spawned fully formed. We've all had to make a gazillion number of rinky-dink, idiotic test scripts in our lives. I still like to prototype in that way. Quote Link to comment Share on other sites More sharing options...
justlukeyou Posted September 13, 2012 Author Share Posted September 13, 2012 I fully support what your saying, Im just stuck on where to get the relevant information I need. For example, all the code Im working now requires a header. But I dont know what a header is and how it works. Lets you wanted to learn and apply a header (or other piece of code to your site) where would to turn to get that information. Oh yeah, to be totally honest I simply dont understand the PHP site. I've looked at around 50 different terms and not understand one of them. Quote Link to comment Share on other sites More sharing options...
Jessica Posted September 13, 2012 Share Posted September 13, 2012 Maybe a community college course then. Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted September 13, 2012 Share Posted September 13, 2012 I fully support what your saying, Im just stuck on where to get the relevant information I need. For example, all the code Im working now requires a header. But I dont know what a header is and how it works. Lets you wanted to learn and apply a header (or other piece of code to your site) where would to turn to get that information. First, I'd check the PHP documentation (header). If I didn't understand what an HTTP header was, I'd do some research - there's a link to the HTTP specification in the PHP documentation for header(), so I'd check that out. I'd also check out wikipedia, as their programming articles are generally a decent Reader's Digest version of the actual topics. Oh yeah, to be totally honest I simply dont understand the PHP site. I've looked at around 50 different terms and not understand one of them. Not sure how to help you there, to be honest. Larry Ullman's Visual Quickstart Pro books are probably your best bet. They're very beginner friendly. Beyond that, I'm not sure. Quote Link to comment Share on other sites More sharing options...
justlukeyou Posted September 13, 2012 Author Share Posted September 13, 2012 Maybe a community college course then. I've tried looking around but their are none near me. Are their sites on which you can learn PHP. I've seen some sites in which you can actually learn code on a website? I built one database driven site which I'm really pleased with. However I want to build a site in which people can join as a member. Quote Link to comment Share on other sites More sharing options...
justlukeyou Posted September 13, 2012 Author Share Posted September 13, 2012 So a header is the location someone goes to when they login? Does everyone page of a website need to have the code that checks if someone is logged in? With the error below all the places I have seen the header locator in a script is inside the same script in which someone enters their login details. <html> <?php /* This will give an error. Note the output * above, which is before the header() call */ header('Location: http://www.example.com/'); ?> Quote Link to comment Share on other sites More sharing options...
White_Lily Posted September 14, 2012 Share Posted September 14, 2012 To check if a user is logged in and providing you are using sessions, it would look something similar to this: <?php if(!$ses_user && !$ses_pass){ echo "You need to be logged in to view this page."; } ?> This code gets placed ABOVE the doctype. That way the first thing it checks for, is whether the sessions are set or not. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.