Jump to content
lewashby

Validating and logging in from a form

Recommended Posts

In the following pages I'm trying to validate if a user is signed in or not. If the user is signed in I would like to see 'Log Out' printed to the screen(I'll do more with that later). If the user is not signed in I would like to see a login form at the top right of the screen. As it stands I'm only seeing 'Log Out' on the screen, I can't get the form to show up anymore. I thought it might be because the session variable was still hanging around but I restarted my computer to make absolutely sure but I'm still just getting 'Log Out'. At the moment I need this program to work as is as much as possible. If you see an entirely different approach that you would use that's fine but I don't currently have the time to go changing a lot, I need to get this going kinda quick. Thanks.

 

records-board.php

<?php
require_once('includes/init.php');
if(!isset($_SESSION)) { init_session(); }
?>






<html>
  <head>
    <Title>Pop Report</title>
    <link rel="stylesheet" type="text/css" href="styles/popreport2.css">
    <h1>Pop Report</h1>
  </head>


<body>
<?php


if(isset($_POST['nameinput']) && isset($_POST['passinput']))
{
    $nameinput = $_POST['nameinput'];
    $passinput = $_POST['passinput'];
    User::sign_in($nameinput, $passinput);
}


if(!isset($_SESSION['user']))
{
    print_form();
}
else
{
    echo "Log Out ";
    echo $_SESSION['user']->name; // this line was just trouble shooting, it told me nothing!
}


?>

user.php

<?php


if(!isset($_SESSION)) { init_session(); }


class User
{
    public $name;


    public function __construct($username, $password)
    {
        
        $connection = get_db_connection();
        $query = $connection->query("SELECT * FROM users WHERE username='$username' AND password='$password'"); 
        
        if(!$query)
        {
            echo "Invalid username or password";
        }


        else
        {
            $result = $query->fetch(PDO::FETCH_ASSOC);


            if(!$result['username'] == $username || !$result['password'] == $password)
            {
                echo "Invalid username or password";
            }
            else { $this->name = $result['username']; }
        }
    }


    public static function sign_in($username, $password)
    {
        $_SESSION['user'] = new User($username, $password);
    }
}
?>
<?php


function print_form()
{
    echo "<form id='loginform' name='loginform' action='records-board.php' method='post'>";
    echo "Username: <input type='text' name='nameinput'>";
    echo "Password: <input type='text' name='passinput'><br />";
    echo "<input type='submit' value='Sign In'>";
    echo "</form>";
}


?>
 

 

Share this post


Link to post
Share on other sites

Is user.php being imported into the script? Perhaps that's being done in init.php.

 

Is PHP set to display all errors and warnings? Note that you can add the following to the top of your script during the debugging process:

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>

Share this post


Link to post
Share on other sites

your code contains two logic problems.

 

1) if(!$query) - this condition means that the query failed with an error of some kind (sql syntax error, wrong table or column name.) it does not mean that the username/password was invalid. your code should actually be using exceptions to handle database errors so that the main program logic only has to deal with the non-error conditions.

 

2) your code creates an instance of the user class in $_SESSION['user'] any time the User::sign_in() method gets called, regardless of the username/password matching anything. any request to the page after that will result in $_SESSION['user'] being set.

 

your user class needs a property or method you can use in your code to determine the logged in state.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.