okay, so i though i made my class right but i didn't. i search google to find the right way to do this but i can't find it at all. i getting a error:
what is the right way to do this?
Method Not Allowed
The requested method POST is not allowed for the URL /animesite/process.inc.
the site(does matter what you type in the username or password feild)
The test Page
the class:
class process
{
public function __construct(){
/* User submitted login form */
if(isset($_POST['sublogin'])){
self::procLogin();
}else{
header("Location: index.php");
}
}
public function procLogin() {
$session = new session();
$session->login($_POST['myusername'],$_POST['mypassword']);
}
}
class session {
public function security($ha****,$cleanusrnm){
$whitenoise = "removed";
$whitenoise = md5($whitenoise);
$newpass = sha1(md5($ha****.$whitenoise.$cleanusrnm));
return $newpass;
}
public function getRealIpAddr(){
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip=$_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip=$_SERVER['REMOTE_ADDR'];
}
return $ip;
}
public function login($myusername,$mypassword) {
$database = new MySQLDB();
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$mypassword = self::security($mypassword,$myusername);
$row = $database->userInfo($myusername);
if($row['username'] == $myusername && $row['password'] == $mypassword){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['$myusername'] = $myusername;
$_SESSION['$mypassword'] = $mypassword;
header("location:login_success.php");
} else {
echo "Wrong Username or Password";
}
}
public function logout(){
session_start();
session_destroy();
}
}
require("constants.inc");
class MySQLDB{
public $connection;
public function showerror()
{
if (mysqli_connect_error()){
die ("Error". mysqli_connect_errno() . " : " . mysqli_connect_error());
}else{
die ("Could not connect to the MySQL Database");
}
}
public function MySQLDB() {
$this->connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS) or self::showerror();
mysqli_select_db($this->connection, DB_NAME) or self::showerror();
}
public function addUser($username,$newpass,$email,$sessionid,$ipaddress){
$sql = "INSERT INTO `users` ( `user_id` , `username` , `password` , `email` , `session_id` , `ipaddress`, `userlevel` , `timestamp` )
VALUES ( NULL , '$username', '$newpass', '$email', '$sessionid' , '$ipaddress' , '', '')";
$result = mysqli_query($this->connection,$sql);
return $result;
}
public function checkLogin($username){
$row = $this->userInfo($username);
if($_SESSION['password'] == $row['password'] && $_SESSION['username'] == $row['username'] && $_SESSION['sid'] == $row['session_id'] && $_SESSION['ip'] == $row['ipaddress']){
} else {
}
}
public function userInfo($username){
$sql = "SELECT * FROM `users` WHERE `username` = '".$username."'";
$result = mysqli_query($this->connection,$sql);
return mysqli_fetch_array ($result, MYSQLI_ASSOC);
}
}