So I am trying to create a mysqli version of the following login.php.
<?php
include 'functions.php';
if (loggedin())
{
header("Location: profile.php");
exit();
}
if ($_POST['login'])
{
//get data
$username = $_POST['username'];
$password = $_POST['password'];
$rememberme = $_POST ['rememberme'];
if ($username&&$password)
{
$login = mysql_query("SELECT * FROM user WHERE username='$username'");
while ($row = mysql_fetch_assoc($login))
{
$db_password = $row['password'];
if (md5 ($password) ==$db_password)
$loginok = TRUE;
else
$loginok = FALSE;
if ($loginok==TRUE)
{
if ($rememberme=="on")
setcookie("username", $username, time()+7200);
else if ($rememberme=="")
$_SESSION['username']=$username;
header("Location: profile.php");
exit();
}
else
die("Incorrect username/password combination.");
}
}
else
die("Please enter a username and password.");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Radical Audio Visual Exhibition - 8/18-19/2012 - Civic Center Park</title>
<link href="rave.css" rel="stylesheet" type="text/css" />
</head>
<div id="wrapper">
<div id="rightcol">
<center><form action="login.php" method="POST">
Username:<br />
<input type="text" name="username"><p />
Password:<br />
<input type="password" name="password"><p />
<input type="checkbox" name="rememberme"> Remember me<br />
<input type="submit" name="login" value="Log in" />
</form></center>
</div>
<?php include("footer.php"); ?>
</div>
</body>
</html>
As you can see this file includes a functions.php. Here is that file.
<?php
//session
session_start();
// connect to database
mysql_connect("samplename.fatcowmysql.com","code-a","Tatertots") or die();
mysql_select_db("databass") or die();
//login check function
function loggedin()
{
if (isset($_SESSION['username'])||isset($_COOKIE['username']))
{
$loggedin = TRUE;
return $loggedin;
}
}
?>
My new mysqli login form looks like this.
<?php
// MySQL Server settings
$server = 'samplename.fatcowmysql.com';
$user = 'code-a';
$pass = 'Tatertots';
$dbname = 'databass';
/**
* Object-Oriented MySQLi
*/
// First we connect
$conn = new mysqli($server,$user,$pass,$dbname);
// Check if the connection failed
if( $conn->connect_error )
{
die('There was a problem connecting to MySQL:<br>('.$conn->errno.') '.$conn->error);
}
// Define a query to run
$query = "SELECT * FROM user WHERE username='$username'";
// Query the database
$result = $conn->query($query);
// Check if the query failed
if( !$result )
{
die('There was a problem executing the query ('.$query.'):<br>('.$conn->errno.') '.$conn->error);
}
// Check if there are results
if($result->num_rows > 0 )
{
// Loop through the resulting rows
while( $row = $result->fetch_assoc() )
{
// output a column
echo $row['col'];
}
}
else
{
// No results
echo 'No results found';
}
// Close the connection
$conn->close();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Radical Audio Visual Exhibition - 8/18-19/2012 - Civic Center Park</title>
<link href="rave.css" rel="stylesheet" type="text/css" />
</head>
<div id="wrapper">
<div id="rightcol">
<center><form action="mysql_conn.php" method="POST">
Username:<br />
<input type="text" name="username"><p />
Password:<br />
<input type="password" name="password"><p />
<input type="checkbox" name="rememberme"> Remember me<br />
<input type="submit" name="login" value="Log in" />
</form></center>
</div>
<?php include("footer.php"); ?>
</div>
</body>
</html>
Now I can see that the connection to the database is established at the top of the mysqli form, which would otherwise be in the functions.php. Is that something I would want to move over there and include the functions still or is it better on the login form? Also, can I simply replace the code from
// First we connect
$conn = new mysqli($server,$user,$pass,$dbname);
// Check if the connection failed
if( $conn->connect_error )
{
die('There was a problem connecting to MySQL:<br>('.$conn->errno.') '.$conn->error);
}
// Define a query to run
$query = "SELECT * FROM user WHERE username='$username'";
// Query the database
$result = $conn->query($query);
// Check if the query failed
if( !$result )
{
die('There was a problem executing the query ('.$query.'):<br>('.$conn->errno.') '.$conn->error);
}
// Check if there are results
if($result->num_rows > 0 )
{
// Loop through the resulting rows
while( $row = $result->fetch_assoc() )
{
// output a column
echo $row['col'];
}
}
else
{
// No results
echo 'No results found';
}
// Close the connection
$conn->close();
with
if (loggedin())
{
header("Location: profile.php");
exit();
}
if ($_POST['login'])
{
//get data
$username = $_POST['username'];
$password = $_POST['password'];
$rememberme = $_POST ['rememberme'];
if ($username&&$password)
{
$login = mysql_query("SELECT * FROM user WHERE username='$username'");
while ($row = mysql_fetch_assoc($login))
{
$db_password = $row['password'];
if (md5 ($password) ==$db_password)
$loginok = TRUE;
else
$loginok = FALSE;
if ($loginok==TRUE)
{
if ($rememberme=="on")
setcookie("username", $username, time()+7200);
else if ($rememberme=="")
$_SESSION['username']=$username;
header("Location: profile.php");
exit();
}
else
die("Incorrect username/password combination.");
}
}
else
die("Please enter a username and password.");
}
and then add an include the functions.php as in the old format? Or is the scripting written differently entirely?
