Login System

mdowling

I am new to php, and I am trying to write a login system for my site. The way it works now is a form with a UserName and UserPass sends those values to login.php
login.php then looks at the values and checks if the user is logged in. If the user isn't already logged in via a cookie, then the user has a cookie created and gets to view some private information.

My first question: cookies are freakin confusing; why wont they work?

Second question: how can I reload the same php page and keep all the values stored in variables? When I do it now, all the values are gone when the page reloads. I want to be able to reload the same page, because I want to be able to sort a table by different columns.

here is the code for the login script (note, I am a newb and have no clue what I am doing):

<?PHP

		function ViewAll() {

			global $n, $LoginName, $Link, $LoggedIn;

			$LoggedIn = "TRUE";

			mysql_close($Link);

			$Host = "localhost";
			$User = "user";
			$Password = "password";
			$DBName = "db";
			$TableName = "Registered";
			$Link = mysql_connect($Host, $User, $Password);

			$sql = "SELECT * FROM Registered WHERE UserPrivate='' ORDER BY 'UserLastName' LIMIT 0, 30";
			$r = mysql_db_query($DBName, $sql, $Link);

			print("Logged in as " . $LoginName . " | <a href=http://www.sigmanu-etazeta.com/logout.php>Logout</a>\n");
			?>
			<form method="POST" action="login.php">
				<p style="margin-top: 0; margin-bottom: 0" align="center">Sort By:
					<select size="1" name="D1">
						<option selected value="Name">Name</option>
						<option value="PIN">PIN#</option>
						<option value="City">City</option>
					</select>
					<input type="hidden" value="<?PHP "$LoginName" ?>" name="LoginName">
					<input type="hidden" value="<?PHP "$LoggedIn" ?>" name="LoggedIn">
					<input type="hidden" value="<?PHP "$LoginPass" ?>" name="LoginPass">
					<input type="submit" value="Submit" name="B1">
				</p>
			</form>
			<?PHP

			print ("<TABLE border=1 width=\"75%\" cellspacing=2 cellpadding=2 align=center>\n");

			print("<TR align=center valign=top>\n");

			print("<TD width=200 align=center valign=top><FONT size=2>Name</FONT></TD>\n");
			print("<TD align=center valign=top><FONT size=2>PIN#</FONT></TD>\n");
			print("<TD align=center valign=top><FONT size=2>Email</FONT></TD>\n");
			print("<TD align=center valign=top><FONT size=2>Home #</FONT></TD>\n");
			print("<TD align=center valign=top><FONT size=2>Cell #</FONT></TD>\n");
			print("<TD align=center valign=top><FONT size=2>Work #</FONT></TD>\n");
			print("<TD align=center valign=top><FONT size=2>Occ/Maj</FONT></TD>\n");
			print("<TD align=center valign=top><FONT size=2>Addr</FONT></TD>\n");
			print("<TD align=center valign=top><FONT size=2>Addr2</FONT></TD>\n");
			print("<TD align=center valign=top><FONT size=2>City</FONT></TD>\n");
			print("<TD align=center valign=top><FONT size=2>State</FONT></TD>\n");
			print("<TD align=center valign=top><FONT size=2>Zip</FONT></TD>\n");

			print("</TR>\n");

			while ($Row = mysql_fetch_array($r)) {

				 print("<TR ALIGN=CENTER VALIGN=TOP><FONT size=1 face=Lucida Consol>\n");

				 if ($Row[UserPIN] == "") $Row[UserPIN] = "---";
				 if ($Row[UserFirstName] == "") $Row[UserFirstName] = "---";
				 if ($Row[UserLastName] == "") $Row[UserLastName] = "---";
				 if ($Row[UserEmail] == "") $Row[UserEmail] = "---";
				 if ($Row[UserHomePhone] == "") $Row[UserHomePhone] = "---";
				 if ($Row[UserCellPhone] == "") $Row[UserCellPhone] = "---";
				 if ($Row[UserWorkPhone] == "") $Row[UserWorkPhone] = "---";
				 if ($Row[UserOccupation] == "") $Row[UserOccupation] = "---";
				 if ($Row[UserStreetAddress] == "") $Row[UserStreetAddress] = "---";
				 if ($Row[UserAddress2] == "") $Row[UserAddress2] = "---";
				 if ($Row[UserCity] == "") $Row[UserCity] = "---";
				 if ($Row[UserState] == "") $Row[UserState] = "---";
				 if ($Row[UserZipCode] == "") $Row[UserZipCode] = "---";

				 print("<FONT size=1><TD ALIGN=CENTER VALIGN=TOP>$Row[UserFirstName] $Row[UserLastName]</TD>\n");
				 print("<TD ALIGN=CENTER VALIGN=TOP><FONT size=2>Hz$Row[UserPIN]</FONT></TD>\n");
				 print("<TD ALIGN=CENTER VALIGN=TOP><FONT size=2>$Row[UserEmail]</FONT></TD>\n");
				 print("<TD ALIGN=CENTER VALIGN=TOP><FONT size=2>$Row[UserHomePhone]</FONT></TD>\n");
				 print("<TD ALIGN=CENTER VALIGN=TOP><FONT size=2>$Row[UserCellPhone]</FONT></TD>\n");
				 print("<TD ALIGN=CENTER VALIGN=TOP><FONT size=2>$Row[UserWorkPhone]</FONT></TD>\n");
				 print("<TD ALIGN=CENTER VALIGN=TOP><FONT size=2>$Row[UserOccupation]</FONT></TD>\n");
				 print("<TD ALIGN=CENTER VALIGN=TOP><FONT size=2>$Row[UserStreetAddress]</FONT></TD>\n");
				 print("<TD ALIGN=CENTER VALIGN=TOP><FONT size=2>$Row[UserAddress2]</FONT></TD>\n");
				 print("<TD ALIGN=CENTER VALIGN=TOP><FONT size=2>$Row[UserCity]</FONT></TD>\n");
				 print("<TD ALIGN=CENTER VALIGN=TOP><FONT size=2>$Row[UserState]</FONT></TD>\n");
				 print("<TD ALIGN=CENTER VALIGN=TOP><FONT size=2>$Row[UserZipCode]</FONT></TD></FONT>\n");

				 print("</font></TR>\n");

			}

			print("</TABLE><BR><BR>\n");

		}

		$n = trim($HTTP_COOKIE_VARS["SigmaNu"]);

		if ($n == $LoginName && $LoggedIn == "TRUE") {

			print ("...");
			ViewAll();

		} else {

			if ($LoginName == "" || $LoginPass == "") {


				print ("<BR><CENTER><B>You must <a href=http://www.sigmanu-etazeta.com/registered.php>login</a>!</B></CENTER>\n");

			} else {

				$Host = "localhost";
				$User = "user";
				$Password = "password";
				$DBName = "database";
				$TableName = "Registered";
				$Link = mysql_connect($Host, $User, $Password);

				if ($Link) {

					$LoginPass = trim($LoginPass);
					$LoginName = trim($LoginName);

					$sql = "SELECT * FROM `Registered` WHERE `UserName` = '".$LoginName."' LIMIT 0, 30";
					$r = mysql_db_query($DBName, $sql, $Link);

					if (mysql_affected_rows() == 0) {

						print ("<BR><CENTER><B>There are no registered users with that username!</B></CENTER>\n");
						$LoggedIn = "";

					} else {

						$sql = "SELECT * FROM `Registered` WHERE UserName = '".$LoginName."' AND UserPassword = '".$LoginPass."' LIMIT 0, 30";
						$r = mysql_db_query($DBName, $sql, $Link);

						if (mysql_affected_rows() == 0) {

							print ("<BR><CENTER><B>Invalid password!</B></CENTER>\n");
							$LoggedIn = "FALSE";

						} else {

							$LoggedIn = "TRUE";
							setcookie('SigmaNu', $LoginName, (time()+2592000), '/', '', 0);
							ViewAll();
						}
					}
					mysql_close($Link);
				}
			}
		}
	?>

planetsim

Firstly whats the error if any with the cookies? Maybe try $_COOKIE instead of $HTTP_COOKIE_VARS

Secondly this is quite a useless function to be all honest. Functions are meant to do accomplish one specific task, and be preferably portable. At the moment from what I am seeing there is a lot of procedural code which should be just that not in a function.

Thirdly you could create a session to save values, you may want to look into the [man]serialize[/man]/[man]unserialize[/man] functions

TimTimTimma

I agree, unless you plan on showing this information using a switch statement to show certain information after data has been collected, I would say execute on the page, not in a function. However its your script you will execute it as you wish we are simply here to help you with your issue at hand. Like planet said, try $COOKIE, or even try $SESSION to store the info via the browser. Good luck with your script.

P.S. Wasn't $HTTP_COOKIE_VARS, and other preset vars removed in PHP5? or are they still lying around taking up disk space??

halojoy

🙂
Here is a simple example, that should work.

<?php
///////////////////////////////// 
// Start page with 
// check COOKIE if is logged in  

function isAdmin($user) { 
// check if is admin 
// if not, return FALSE; 
// else return TRUE; 
}  

////////////////////////////////////////////////

if(isAdmin($_COOKIE['username'])) $your_level='2'; 
elseif(isset($_COOKIE['username'],$_COOKIE['password'])) 
$your_level='1'; 
else { 
$your_level='0'; 
echo 'You have to Log in'; 
exit; 
}  

echo 'Welcome '.$_COOKIE['username'];   

?>

<?php
///////////////////////////////////////// 
// login page with set COOKIE  

if(isset($_POST['username'],$_POST['password'])) { 

if(checkLogin($_POST['username'],md5($_POST['password']))){ 

if(isset($_POST['remember'])) {
          setcookie('username', $_POST['username'], time() + 31536000) or die('Could not set login cookie');
   setcookie('password', md5($_POST['password']), time() + 31536000) or die('Could not set login cookie'); 
      }
else{
      setcookie('username', $_POST['username']) or die('Could not set login cookie');
      setcookie('password', md5($_POST['password'])) or die('Could not set login cookie');
}

echo 'You have been logged in.
<p><form action="welcome.php">
<input class="button" type="submit" value="Continue"></form>'; 	
} 

  else 
      die('Incorrect login.
     <p><form action="login.php">
     <input class="button" type="submit" value="Retry"></form>'); 
}

 else {
 	echo "
  	<form method='post' action='$self'>
 	Username: <input type='text' name='username'>
 	<br>Password: <input type='password' name='password'>
 	<br><input type='checkbox' name='remember'>Remember me on this computer
 	<p><input class='button' type='submit' value='Login'>
 	</form>  	"; 
} 

exit;

?>

TimTimTimma

Doubtful that you'll be able to use this, but maybe it will help you in the learning process.

<?php
if(!defined("IN_DB")){
	die("Hacking Attempt!");
}

$Table->Open("<b>Restricted Area</b>");
if($user->id() > 1){
	header("Location: /index.php?find=Members");
}elseif($user->id() == 1){
	if(isset($_GET['Sec_Error'])){
		echo _SECURITY_CODE_MISSING;
	}

if(isset($_POST['submitted'])){
	if($Security_Login == 1){
		if($_POST['security_code'] != $_POST['check_code']){
			header("Location: /index.php?find=Members&file=Login&Sec_Error=1");
			die();
		}elseif(!isset($_POST['security_code'])){
			header("Location: /index.php?find=Members&file=Login&Sec_Error=1");
			die();
		}
	}		
	if(empty($_POST['usr_name']) || empty($_POST['passwrd'])){
		echo _USER_PASS_EMPTY;
	}elseif(isset($_POST['usr_name']) && isset($_POST['passwrd'])){

		$checkuser = array();
		$checkuser[0] = $MySQL->Fetch("SELECT * FROM ".$pre."users WHERE username = '".$_POST['usr_name']."'");
		$checkuser[1] = strtolower($checkuser[0][username]);
		$checkuser[2] = strtolower($_POST['usr_name']);

		if($checkuser[1] === $checkuser[2]){
			$checkpass = md5($_POST['passwrd']);
			$login_user = "SELECT * FROM ".$pre."users WHERE username ='".$checkuser[1]."' AND user_password = '".$checkpass."' "; 

			if($MySQL->Rows($login_user) == 0){ 
				echo _INCORRECT_PASSWORD; 
			}elseif($MySQL->Rows($login_user) == 1){

				if(isset($_POST['remember_me'])){
					setcookie("Cusername", $checkuser[0][username], time()+432000);
					setcookie("Cpassword", $checkpass, time()+432000);
				}else{
					setcookie("Cusername", $checkuser[0][username]);
					setcookie("Cpassword", $checkpass);
				}
				$user->updateip();
				header("Location: /index.php?find=Members");	

			}else{
				echo _ERROR;
			} 
		}else{
			echo _INCORRECT_USERNAME;
		}

	}else{
		echo _ERROR;
	}
}

?><br>
<form method="post" action="index.php?find=Members&file=Login">
<input name="submitted" type="hidden" value="1">

<table width="100%"  border="0" cellspacing="0" cellpadding="0">
<tr>
	<td align=center>
<table width="100%"  border="0" cellspacing="0" cellpadding="0">
  <tr>
	<td width="18%" align=left><?=_USERNAME ?>:</td>
	<td width="82%" align=left><input type="text" name="usr_name"></td>
  </tr>
  <tr>
	<td align=left><?=_PASSWORD ?>:</td>
	<td align=left><input type="password" name="passwrd"></td>
  </tr>
  <? if($Security_Login == 1){ ?>
  	  <tr align=left>
	<td align=left><?=_SECURITY_CODE ?>:</td>
	<td align=left><?php
			$datekey = date("F j");
			$rand = rand(1,10000);
			$rcode = hexdec(md5($HTTP_USER_AGENT . $rand . $datekey));
			$code = substr($rcode, 2, 6);
	?>
	<input name="check_code" type="hidden" value="<?=$code ?>">
	<input name="Security_Login" type="hidden" value="1">
	<img src="<?=$base_url ?>/Modules/Members/img.php?code=<?=$code ?>&base_url=<?=$base_url ?>"></td>
  	  </tr>
  	  <tr>
	<td align=left><?=_SECURITY_VERIFY ?>:</td>
	<td align=left><input name="security_code" type="text" maxlength="6"></td>
  	  </tr>
	  <? } ?>
  	  <tr>
	<td align=left><?=_REMEMBER_ME ?>:</td>
	<td align=left><input type="checkbox" name="remember_me" value="1"></td>
  	  </tr>
  	  <tr>
	<td align=left>&nbsp;</td>
	<td align=left><input type="submit" name="Submit" value="<?=_LOGIN ?>"></td>
  </tr>
</table><br>[ <a href="index.php?find=Members&file=Register"><?=_REGISTER ?></a> ]<br>[ <a href="index.php?find=Members&file=Password_Recovery"><?=_PASS_RECOVERY ?></a> ]
	</td>
	</tr>
</table>
</form><br>

<?php
}else{
	echo _ERROR;
}
$Table->Close();
?>