Jump to content

Recommended Posts

$sessionID = rand(1,99999);

 

I believe he said the sessionID had to be 5-chars long? rand only returns 1.

 

But unfortunately I have to follow the directions I posted earlier.

 

Sure, in regard to function names and their expected behavior. Everything aside from that is yours to decide. So if you want to create an extra function that converts a csv-file to a line-array is your decision. Creating a function to generate a SessionID is also your decision.

 

 

There are some issues in your code, especially regarding the session stuff. You should have used the $_SESSION superglobal for everything you wanted in your session, instead of using regular variables (upper-casing them doesn't do anything).

 

I've also taken the time to re-write your code, to show you (approximately) how I'd do it. Note that I've just guessed at the position of the e-mail and password in the database file, and set them at first and second position (respectively).

<?php

// Start the session.
session_start ();

// Redirect to index if already logged in.
if (isset ($_SESSION['email'])) {
header ('Location: index.php');
die ();
}

// Include required functions
require_once ('homepage/library.php');

/**
* Process the submitted login form, returns the form with added error message if fails.
* Otherwise it'll redirect the user to the correct welcome page.
* 
* @return string
*/
function process_loginForm () {
// Initialize variables for later use.
$error = array ();

// Retrieve e-mail address if it was sent, and if it's valid.
if (!$email = filter_input (INPUT_POST, 'email', FILTER_VALIDATE_EMAIL)) {
	// Otherwise show error.
	$error[] = 'Invalid or missing e-mail address.';

	if (isset ($_POST['email'])) {
		// E-mail address was sent. Add to form output variable.
		$email = $_POST['email'];
	}
}

// Make sure a password was sent.
if (!isset ($_POST['password'])) {
	$error[] = 'Invalid or missing password.';
}

// If errors have been set, shown form anew with user-data and error message.
if (!empty ($error)) {
	return generate_loginForm ($error, $email);
}

// Run login for user, or show form with error message if fails.
if (!check_login ($email, $password)) {
	return generate_loginForm (array ('Invalid email or password'), $email);
}

// Regenerate the session ID to prevent session fixation, and add e-mail address of the user to the session data.
session_regenerate_id ();
$_SESSION['email'] = $email;

// Send the user to the welcome page.
header ('Location: welcome.php');
die ();
}

/**
* Create the login form, with list of error messages and predefined e-mail address (if given).
*
* @param array[optional] $error
* @param string[optional] $email
* @return string
*/
function generate_loginForm ($error = array (), $email = '') {
// Check for error messages.
if (!empty ($error)) {
	// Escape all error messages for HTML output, and implode them into an un-ordered list.
	$error = array_map ('htmlspecialchars', $error);
	$error = '<ul class="error"><li>'.implode ("</li>\n\t<li>", $error)."</li>\n</ul>";
}

// Escape e-mail address for HTML output.
$email = htmlspecialchars ($email);

// Generate the completed form, and return it to the calling function.
return <<<OutForm
{$error}
<form method="post" action="">
<fieldset>
	<label for="inp_email">Email:</label>
	<input id="inp_email" type="email" name="email" size="35" value="{$email}>

	<label for="inp_pass">Password:</label>
	<input id="inp_pass" type="password" name="password" size="35">
</fieldset>

<fieldset class="buttons">
	<input type="submit" name="submit" value="Log in">
</fieldset>
</form>
OutForm;
}

/**
* Checks given login information against the user database.
* Returns true on success or false if no record matches.
* 
* @param string $email
* @param string $password
* @return bool
*/
function checkLogin ($email, $password) {
// Open a file socket to read the user database file. 
$fp = fopen('homepage/registered_users.txt', 'r');

// If file could not be opened, terminate the script with a fatal error message.
if (!$fp) {
	$error = '<h1>Error</h1><p>Could not open user database.<br>Contact administrator if this problem persists.</p>';
 		trigger_error ($error, E_USER_ERROR);
}

// Run through the file line-by-line, until the end is found.
while (!feof ($fp)) {
	// Create an array from the current line.
	$line = explode ('|', fgets ($fp, 999));

	// Hash the password with the salt from the users database.
	$password = hash_password ($password, $line[2]);

	// Return true if the e-mail and password combination matches the current row.
	if ($line[0] == $email && $line[1] == $password) {
		return true;
	}
}

// No matches found.
return false;
}


/**
* Determine whether a form has been submitted, or the user followed a link.
*/
if (isset ($_POST['submit'])) {
// The submit button has been pressed, process the form.
$form = process_loginForm ();
} else {
// No submission, just show the form.
$form = generate_loginForm ();
}

?>
<doctype html>

<html>
<body>

<?php echo $form; ?>

</body>
</html>

 

Glad to see that you got some entertainment from the last few messages from me and salathe, but most of all that you found them informative. :)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.