Jump to content

admin login problem

seanstuart

By seanstuart
in PHP Coding Help

 Share

Recommended Posts

seanstuart Newbie

seanstuart

Posted
Posted

I try to login to admin, but when I submit form it just clears its self????

form code....

<?php
include_once("../lib/config.php");
include_once(LIB_PATH."Admin.php");

/**
* Set the variable, which holds the error message, to an empty variable.
*/
$error = "";

if($_SERVER['REQUEST_METHOD'] == "POST"){

/**
 * Sanitize the posted data - remove any html code, if submited, remove "whote" spaces, cast to "string" data type.
 */
$admin_username = Sanitize::data($_POST['admin_username'], 'string');
$admin_password = Sanitize::data($_POST['admin_password'], 'string');

if(empty($admin_username)){
	$error = "Type your username, please!";
}elseif(empty($admin_password)){
	$error = "Type your password, please!";
}else{
	$admin_obj = new Admin();

	if($admin_obj->login($admin_username, $admin_password, &$error)){
		//the user is logged successfully, redirect him to the protected area
		header("location: index.php");
		exit;
	}
}
}

?>

<html>
<head>
<title>Admin area</title>
<link href="../public/style/admin_styles.css" type="text/css" rel="stylesheet" />  
</head>
<body>

<form method="post" action="login.php">
<table align="center" style="margin-top: 10%" class="base">

<tr>
<td colspan="2" align="center" class="title">Admin Login Form</td>
</tr>

<tr>
<td colspan="2" align="center" class="error"><?php echo $error; ?></td>
</tr>

<tr>
<td>Username:</td>
<td><input type="text" name="admin_username" size="25" value="<?php echo $admin_username; ?>" /></td>
</tr>

<tr>
<td>Password:</td>
<td><input type="password" name="admin_password" size="25" /></td>
</tr>

<tr>
<td> </td>
<td><input type="submit" name="sb1" value="Submit" /></td>
</tr>

<tr>
<td colspan="2" style="padding-top: 30px">
	<a href="forgot_password.php" class="base_link">Forgot password?</a>
</td>
</tr>

</table>

</form>
</body>
</html>

 

admin.php.........

 

<?php
include("config.php");
/**
* This class is created to handle the admin user functionalities, such as login, forgot password, edit profile.
* 
* @package Takeout&Delivery Module
* @author Venelin Manchev
* @link http://www.php-developers.net
* @version 0.1
*/

class Admin {

/**
 * Admin Id number
 */
var $admin_id;

/**
 * Admin username
 */
var $admin_username;

/**
 * Admin password
 */
var $admin_password;

/**
 * Admin email address
 */
var $admin_email;


function Admin($id= 0){

	/**
 	* Get the database connection.
 	*/
	global $db;

	if($id > 0){
		/**
		 * Build the SQL query to grab the admin user info and to set the object properties.
		 */			
		$sql = "SELECT * from tdm_admin where admin_id = '$id' ";

		if(!$db->Query($sql)){
			logMyErrors(__FILE__, __CLASS__, __METHOD__, __LINE__, $db->Error());
			return false;
		}else{
			$admin_array = $db->RecordsArray(MYSQL_ASSOC);

			if(is_array($admin_array)){
				if(count($admin_array) == 1){
					foreach($admin_array['0'] as $key=>$value){
						$this->$key = $value;
					}
				}else{
					return false;
				}
			}
		}
	}
}

/**
 * Admin login functionality
 * 
 * @param string $username	Admin username value, posted via the login form.
 * @param string $password	Admin password value, posted via the login form.
 * @param string &$error_message		Error message on failure, passed by reference.
 * @return boolean	True on success, False on failure. If true, a session variable admin_id will hold the admin id number value. 
 */
function login($username, $password, &$error_message) {

	/**
	 * Get the database connection
	 */
	global $db;

	$sql = "SELECT admin_id, admin_password from tdm_admin where admin_username = '$username' ";

	if(!$db->Query($sql)){
		logMyErrors(__FILE__, __CLASS__, __METHOD__, __LINE__, $db->Error());
		return false;
	}else{
		$db->MoveFirst();
		$result_data = $db->Row();

		if($result_data->admin_id > 0){
			if($result_data->admin_password != md5($password)){
				$error_message = "Wrong password!";
				return false;
			}else{
				$_SESSION['admin_id'] = $result_data->admin_id;
				return true;
			}
		}else{
			$error_message = "Wrong username!";
			return false;
		}

	}
}

/**
 * Admin logout functionality
 * 
 * @return boolean True on successful logout, false otherwise.
 */
function logout() {
	session_unset("admin_id");
	session_unregister("admin_id");
	session_destroy();
}

/**
 * Update an admin account
 * 
 * @param int $admin_id Admin account id number to update.
 * @param string &$error Error message text, passed by reference.
 * @return boolean True on success, false otherwise.
 */
function updateAdmin($admin_id, &$error){

	/**
	 * Get the database connection
	 */
	global $db;

	/**
	 * Validate the posted data.
	 */
	if(empty($this->admin_username)){
		$error = "Type the username, please!";
		return false;
	}elseif(empty($this->p1)){
		$error = "Type the password, please!";
		return false;			
	}elseif(empty($this->p2)){
		$error = "Confirm the password, please!";
		return false;			
	}elseif($this->p1 != $this->p2){
		$error = "Retype and confirm the password, please!";
		return false;			
	}elseif(!checkEmailAddress($this->admin_email)){
		$error = "Type a correct email address, please!";
		return false;
	}else{

		/**
		 * Build the SQL query string.
		 */
		$sql = "UPDATE tdm_admin set
							admin_username = '$this->admin_username',
							admin_password = MD5('$this->p1'),
							admin_email = '$this->admin_email' ";

		if(!$db->Query($sql)){
			$error = $db->Error();
			return false;
		}else{
			return true;
		}
	}
}

/**
 * Set a new value for object property.
 */
function setMember($name, $value) {
	$this->$name = $value;
}	

/**
 * This method handle the forgot password process.
 * 
 * The admin user must submit his username. In case of match, the system will generate a new password, will assign it as MD5-encripted hash to the admin account and will send an email to the admin email address with the new password.
 * 
 *@param string $username Admin username value, submited via the forgot password form.
 *@param string &$error_message	Error message text, passed by reference.
 *@return boolean True on success, false otherwise.
 */
function forgotPassword($username, &$error_message) {

	/**
	 * Get the database connection.
	 */
	global $db;

	$sql = "select * from tdm_admin where admin_username = '$username' ";

	if(!$db->Query($sql)){
		logMyErrors(__FILE__, __CLASS__, __METHOD__, __LINE__, $db->Error());
	}else{
		$db->MoveFirst();
		$result_data = $db->Row();

		if($result_data->admin_id > 0){

			//generate the new password
			$new_password = self::generatePassword();

			//save the new password
			$sql = "update tdm_admin set admin_password = MD5('$new_password') where admin_id = '$result_data->admin_id' ";

			if(!$db->Query($sql)){
				logMyErrors(__FILE__, __CLASS__, __METHOD__, __LINE__, $db->Error());
			}else{

				//get the TXT template
				$txt_template = file_get_contents(EMAIL_TEMPLATES."admin_forgot.txt");

				//setup the template variables
				$tpl_variables = array("{website}", "{username}", "{password}", "{login_url}");

				//setup the template values
				$tpl_values = array(WEBSITE_DOMAIN, $username, $new_password, ADMIN_LOGIN_URL);

				//parse the template
				$txt_message = str_replace($tpl_variables, $tpl_values, $txt_template);

				//send the new password
				sendMime($_SESSION['settings']['contact_email'], 
						 $_SESSION['settings']['contact_email'], 
						 $result_data->admin_email,
						 '',
						 '',
						 3,
						 'New password',
						 $txt_message,
						 $html_message);		

				return true;
			}

		}else{
			$error_message = "Wrong username!";
			return false;
		}			
	}
}

/**
 * This method generate a new password.
 * 
 * In case of forgotten password, we need a new one, geenrated on a random manier.
 * @access private
 * @return string New password string.
 */
function generatePassword() {

	//generate a random md5 hash
	$md5_hash = md5(crypt(time()));

	//the password should be no more than 6 chars in length
	$new_password = substr($md5_hash, 0, 6);

	return $new_password;
}
}

?>

 

>:( >:(

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.