Jump to content

Help with login script code

netpumber

By netpumber
in PHP Coding Help

 Share

Recommended Posts

netpumber Member

netpumber

Posted
Posted (edited)

Hello i was watching

video on how to create a login script in php and i thought to use it.

 

So here is the code :

 

<?php

include("config.php");

class login
{
	private $_id;
	private $_username;
	private $_password;
	private $_passmd5;

	private $_errors;
	private $_access;
	private $_login;
	private $_token;
	

	public function __construct()
	{
		$this->_errors 	= 	array();
		$this->_login 	= 	isset($_POST['login']) ? 1 : 0 ;
		$this->_access 	= 	0;
		$this->_token 	= 	($this->_login) ? $_POST['token'] : $_SESSION['token'];

		$this->_id 	= 	0;
		$this->_username	= 	($this->_login) ? $this->filter($_POST['username']) : $this->$_SESSION['username'];
		$this->_password	= 	($this->_login) ? $this->filter($_POST['password']) : '';
		$this->_passmd5		= 	($this->_login) ? md5($this->_password) : $this->$_SESSION['password'];

	}

	public function isLoggedIn()
	{
		($this->_login) ? $this->verifyPost() : $this->verifySession();
		return $this->_access;
	}

	public function filter($var)
	{
		return preg_replace('/[^a-zA-Z0-9]/', '', $var);
	}

	public function verifyPost()
	{
		try
		{
			if(!$this->isTokenValid())
				throw new Exception("Invalid Form Submition");

			if(!$this->isDataValid())
				throw new Exception("Invalid Form Data");

			if(!$this->verifyDatabase())
				throw new Exception("Invalid Username/Password");

		$this->_access = 1;
		$this->registerSession();				
		}

		catch(Exception $e)
		{
			$this->_errors[] = $e->getMessage();
		}
	}

	public function verifySession()
	{
		if($this->sessionExist() && $this->verifyDatabase())
			$this->_access = 1;
	}

	public function verifyDatabase()
	{
		init_mysql();

		$data = mysql_query("SELECT user_id FROM users WHERE user_name = '{$this->_username}' AND user_password='{$this->_passmd5}'");

		if(mysql_num_rows($data))
		{
			$row = mysql_fetch_assoc($data);
			$this->_id = $row['user_id'];
			return true;
		}
		else
		{
			return false;
		}
	
	}

	public function isDataValid()
	{
		return preg_match('/^[a-zA-Z0-9]{5,12}$/', $this->_username) && preg_match('/^[a-zA-Z0-9]{5,12}$/', $this->_password) ? 1 : 0 ;
	}

	public function isTokenValid()
	{
		return (!isset($_SESSION['token']) || $this->_token != $_SESSION['token']) ? 0 : 1;
	}

	public function registerSession()
	{
		$_SESSION['ID'] 		= $this->_id;
		$_SESSION['username'] 	= $this->_username;
		$_SESSION['password']	= $this->_passmd5;
	}

	public function sessionExist()
	{
		return (isset($_SESSION['username']) && isset($_SESSION['password'])) ? 1 : 0;
	}

	public function showErrors()
	{
		echo "<h3>Errors</h3>";

		foreach ($this->_errors as $key => $value) {
			echo $value . "<br>";
		}
	}

}


?>

 

 

Here is the code of login.php

 

<?php
session_start();

$token = $_SESSION['token'] = md5(uniqid(mt_rand(),true));

if(isset($_POST['login']))
{
	include('classes/class.login.php');

	$login = new Login;

	if($login->isLoggedIn())
		header('location: op-index.php');
	else
		$login->showErrors();	
}
?> 

 

 

But it seems that i have a problem with isTokenValid() Function.

 

 

return (!isset($_SESSION['token']) || $this->_token != $_SESSION['token']) ? 0 : 1;
 

If i try to login it returns me this error Invalid Form Submition but i cannot understand why.

 

So if i change the above code into this 

 

 

return (!isset($_SESSION['token'])  ? 0 : 1;
 

everything works like a charm but when is the || operator it returns false.

 

Can someone image why this could happen ?

 

Also $this->_token will be always different from $_SESSION['token'] because the $token variable changes after the form submition.

Edited by netpumber
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.