Jump to content


Photo

user authentication/ login help

authentication login user

  • Please log in to reply
1 reply to this topic

#1 HartMan

HartMan

    Young Padawan

  • Members
  • Pip
  • 1 posts

Posted 14 February 2013 - 09:27 PM

hello all, first post here.

im fairly new to php and am still trying to really get a hold of what im doing. right now im just trying to build a simple login function for my site and am completely stuck.
here is what i have so far.

in function authuser im trying to create a query, return the result, compare it with those that were posted on index.php and if it matches the database i would like the login function. to start the session.
i hope that makes sense.

and if there is a better way to do this or something im missing please let me know

index.php
if($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'];
$password = md5($_POST['password']);
if(empty($username) || empty($password)){
$data['status'] = 'Please fill out both inputs';
} else {
// login
authuser($username,$password);
}
}


functions.php
function login($username,$password)
{
session_start();
}
function authuser($username,$password)
{
$sql = "SELECT * FROM users WHERE username='$username' and password='$password'";
$results = mysql_query($sql);
$rows = mysql_num_rows($results);
if($rows==1)
{
session_register("admin");
} else {
echo "Wrong Username or Password";
}
}


#2 EndurintKP

EndurintKP

    Young Padawan

  • Members
  • Pip
  • 1 posts

Posted 19 March 2013 - 05:16 PM

index.php

<?php
/*
  * index.php
  */
 
/* Start the session */
session_start();
 
    /* Database location and credentials */
/* Replace these with your values */
    define("DB_HOST", "localost");
    define("DB_USER", "user");
    define("DB_PASS", "password");
    define("DB_NAME", "database"); 
/* Connect to the database */
$db = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$db->set_charset("utf8");
/* Include the functions file */
include('functions.php');
if (isset($_POST))
{

  if (!isset($_POST['username'][1]) or !isset($_POST['password'][1]))
  {
   /*
    * This just exits the script. Maybe do something more
    * elegant with it.  
    */
   $message = "Please fill in both username and password.";
  }

  $username = dbPrep(strtolower($_POST['username']), $db);
  $password = md5($_POST['password']);
 
  $pass = authenticateUser($username, $password, $db);
 
  if ($pass === true)
  {
   /* User logged in successfully */
   $_SESSION['admin'] = true;
  }
  else
  {
   /* User authentication failed */
   $message = "Login Failed. Please try again.";
  }

}
else
{
  /* The form wasn't submitted. Normal page render. */
}

/* THE PAGE HTML GOES BELOW. USE echo $message somewhere. */
?>

functions.php

<?php
/*
  *
  * functions.php
  *
  */
/* Sanitize values to prevent SQL injection attacks */
function dbPrep($val, $db)
{
  $mess = array("\r\n", "\n", "\r", "\t", "\0", "\x0B");
  $gone = ''; 
  $val = str_replace($mess, $gone, $val);
  $val = trim($val);
  $val = $db->real_escape_string($val);
  return $val;
}

/* Check the database for a user's credentials */
function authenticateUser($username, $password, $db)
{

  $sql = "SELECT `id` FROM `users` WHERE LOWER(`username`)='{$username}' AND `password`='{$password}' LIMIT 1";
  $load = $db->query($sql) or exit($db->error);
 
  if ($load->num_rows == 1)
  {
   return true;
  }
  else
  {
   return false;
  }

}
?>





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users