PHPhulp.nl PHPhulp.nl
35k+ leden Over PHPhulp Offerte opdracht Contact
b

Login script php mysql

Door bradley verbrugge op 19-11-2013 16:02 gewijzigd op 19-11-2013 16:20
1.998 views
Hallo mensen,

Ik ben sinds een paar daagjes bezig met een login script in php en mySQL.
Het lukt allemaal prima want, het loopt helemaal goed maar, is het mogelijk om sommige gebruikersnamen naar een andere pagina te sturen?

MVG,

Een wanhopige PHP-scripter
index

<?php
require($_SERVER['DOCUMENT_ROOT'] . 'login/includes/config.php');

$sOutput .= '<div id="index-body">';
if (loggedIn()) {
	$sOutput .= '<h2>Welcome!</h2>
		Hello, ' . $_SESSION['username'] . '<br />
		<h4>Would you like to <a href="login.php?action=logout">Logout?</a></h4>';
}else {
	$sOutput .= '<h2>Welcome to the login page</h2><br><a href="login.php">login</a>?</h4>
		<h4>Create a new <a href="register.php">account</a>?</h4>';

}
$sOutput .= '</div>';

echo $sOutput;
?>

login.php

<?php

require($_SERVER['DOCUMENT_ROOT'] . 'login/includes/config.php');

if (isset($_GET['action'])) {
	switch (strtolower($_GET['action'])) {
		case 'login':
			if (isset($_POST['username']) && isset($_POST['password'])) {

				if (!validateUser($_POST['username'], $_POST['password'])) {
	
					$_SESSION['error'] = "Bad username or password supplied.";
					unset($_GET['action']);
				}
			}else {
				$_SESSION['error'] = "Username and Password are required to login.";
				unset($_GET['action']);
			}			
		break;
		case 'logout':

			if (loggedIn()) {
				logoutUser();
				$sOutput .= '<h1>Logged out!</h1><br />You have been logged out successfully. 
						<br /><h4>Would you like to go to <a href="index.php">site index</a>?</h4>';
			}else {
			
				unset($_GET['action']);
			}
		break;
	}
}

$sOutput .= '<div id="index-body">';


if (loggedIn()) {
	$sOutput .= '<h1>Logged In!</h1><br /><br />
		Hello, ' . $_SESSION["username"] . ' how are you today?<br /><br />
		<h4>Would you like to <a href="login.php?action=logout">logout</a>?</h4>
		<h4>Would you like to go to <a href="index.php">site index</a>?</h4>';
}elseif (!isset($_GET['action'])) {

	$sUsername = "";
	if (isset($_POST['username'])) {
		$sUsername = $_POST['username'];
	}
	
	$sError = "";
	if (isset($_SESSION['error'])) {
		$sError = '<span id="error">' . $_SESSION['error'] . '</span><br />';
	}
	
	$sOutput .= '<h2>Login to our site</h2><br />
		<div id="login-form">
			' . $sError . '
			<form name="login" method="post" action="login.php?action=login">
				Username: <input type="text" name="username" value="' . $sUsername . '" /><br />
				Password: <input type="password" name="password" value="" /><br /><br />
				<input type="submit" name="submit" value="Login!" />
			</form>
		</div>
		<h4>Would you like to <a href="login.php">login</a>?</h4>
		<h4>Create a new <a href="register.php">account</a>?</h4>';
}

$sOutput .= '</div>';


echo $sOutput;
?>

register.php

<?php

require($_SERVER['DOCUMENT_ROOT'] . 'login/includes/config.php');

$sOutput .= '<div id="register-body">';

if (isset($_GET['action'])) {
	switch (strtolower($_GET['action'])) {
		case 'register':
		
			if (isset($_POST['username']) && isset($_POST['password'])) {
				if (createAccount($_POST['username'], $_POST['password'])) {
					$sOutput .= '<h1>Account Created</h1><br />Your account has been created. 
								You can now login <a href="login.php">here</a>.';
				}else {
			
					unset($_GET['action']);
				}				
			}else {
				$_SESSION['error'] = "Username and or Password was not supplied.";
				unset($_GET['action']);
			}
		break;
	}
}


if (loggedIn()) {
	$sOutput .= '<h2>Already Registered</h2>
				You have already registered and are currently logged in as: ' . $_SESSION['username'] . '.
				<h4>Would you like to <a href="login.php?action=logout">logout</a>?</h4>
				<h4>Would you like to go to <a href="index.php">site index</a>?</h4>';
				

}elseif (!isset($_GET['action'])) {

	$sUsername = "";
	if (isset($_POST['username'])) {
		$sUsername = $_POST['username'];
	}
	
	$sError = "";
	if (isset($_SESSION['error'])) {
		$sError = '<span id="error">' . $_SESSION['error'] . '</span><br />';
	}
	
	$sOutput .= '<h2>Register for this site</h2>
		' . $sError . '
		<form name="register" method="post" action="' . $_SERVER['PHP_SELF'] . '?action=register">
			Username: <input type="text" name="username" value="' . $sUsername . '" /><br />
			Password: <input type="password" name="password" value="" /><br /><br />
			<input type="submit" name="submit" value="Register!" />
		</form>
		<br />
		<h4>Would you like to <a href="login.php">login</a>?</h4>';
}

$sOutput .= '</div>';


echo $sOutput;
?>

config.php
<?php

session_start();


$sFolder = 'login'; 

mysql_connect('localhost', 'root', '') or trigger_error("Unable to connect to the database: " . mysql_error());
mysql_select_db('login') or trigger_error("Unable to switch to the database: " . mysql_error());

****************/
define('SALT1', '24859f@#$#@$');
define('SALT2', '^&@#_-=+Afda$#%');


require_once($_SERVER['DOCUMENT_ROOT'] . $sFolder . '/includes/functions.php');


$_SESSION['error'] = "";


$sOutput="";
?>

functions.php

<?php

function createAccount($pUsername, $pPassword) {

	if (!empty($pUsername) && !empty($pPassword)) {
		$uLen = strlen($pUsername);
		$pLen = strlen($pPassword);
		
	
		$eUsername = mysql_real_escape_string($pUsername);
		$sql = "SELECT username FROM users WHERE username = '" . $eUsername . "' LIMIT 1";

	
		$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());

		
		if ($uLen <= 4 || $uLen >= 11) {
			$_SESSION['error'] = "Username must be between 4 and 11 characters.";
		}elseif ($pLen < 6) {
			$_SESSION['error'] = "Password must be longer then 6 characters.";
		}elseif (mysql_num_rows($query) == 1) {
			$_SESSION['error'] = "Username already exists.";
		}else {
			
			$sql = "INSERT INTO users (`username`, `password`) VALUES ('" . $eUsername . "', '" . hashPassword($pPassword, SALT1, SALT2) . "');";
			
			$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
			
			if ($query) {
				return true;
			}	
		}
	}
	
	return false;
}

function hashPassword($pPassword, $pSalt1="2345#$%@3e", $pSalt2="taesa%#@2%^#") {
	return sha1(md5($pSalt2 . $pPassword . $pSalt1));
}


function loggedIn() {

	if (isset($_SESSION['loggedin']) && isset($_SESSION['username'])) {
		return true;
	}
	
	return false;
}


function logoutUser() {

	unset($_SESSION['username']);
	unset($_SESSION['loggedin']);
	
	return true;
}

function validateUser($pUsername, $pPassword) {
	
	$sql = "SELECT username FROM users 
		WHERE username = '" . mysql_real_escape_string($pUsername) . "' AND password = '" . hashPassword($pPassword, SALT1, SALT2) . "' LIMIT 1";
	$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());
	
	
	if (mysql_num_rows($query) == 1) {
		$row = mysql_fetch_assoc($query);
		$_SESSION['username'] = $row['username'];
		$_SESSION['loggedin'] = true;
			
		return true;
	}
	
	
	return false;
}
?>
Q S
19-11-2013 16:59
Lees het stuk van kris ook goed door, je gaat straks nog tegen een hoop andere dingen aanlopen, maar dat is het leuke van iets leren :-)

Om je toch nog even iets verder te helpen

Je moet je functie validateUser eerst aanpassen want je systeem weet nog niks van de toegevoegd rank
zoals je waarschijnlijk al bedacht had hoef je de rank guest niet op te slaan ;-)

<?php
function validateUser($pUsername, $pPassword) {

$sql = "SELECT username, rank FROM users
WHERE username = '" . mysql_real_escape_string($pUsername) . "' AND password = '" . hashPassword($pPassword, SALT1, SALT2) . "' LIMIT 1";
$query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error());


if (mysql_num_rows($query) == 1) {
$row = mysql_fetch_assoc($query);
$_SESSION['username'] = $row['username'];
$_SESSION['rank'] = $row['rank'];
$_SESSION['loggedin'] = true;

return true;
}


return false;
}
?>

Nu kun je aan de hand van $_SESSION["rank"] op verschillende manieren te werk gaan.
Je kunt inderdaad iets doen als

<?php
if (isset($_GET['action'])) {
switch (strtolower($_GET['action'])) {
case 'login':
if (isset($_POST['username']) && isset($_POST['password'])) {

if (!validateUser($_POST['username'], $_POST['password'])) {

$_SESSION['error'] = "Bad username or password supplied.";
unset($_GET['action']);
}
}else {
if($_SESSION["rank"] == 2){
header("Location: user.php");
}
if($_SESSION["rank"] == 3){
header("Location: admin.php");
}
//deze error snap ik niet helemaal want de gebruikers logt in met de juiste gegevens dus deze error is niet meer nodig lijkt me
$_SESSION['error'] = "Username and Password are required to login.";
unset($_GET['action']);
}
break;
case 'logout':

if (loggedIn()) {
logoutUser();
$sOutput .= '<h1>Logged out!</h1><br />You have been logged out successfully.
<br /><h4>Would you like to go to <a href="index.php">site index</a>?</h4>';
}else {

unset($_GET['action']);
}
break;
}
}
?>
b
bradley verbrugge
20-11-2013 17:24
Dus ik moet een parent tabel maken:


ALTER TABLE Koppeltabel
ADD PRIMARY KEY (ranks, perms)

Ariën
20-11-2013 17:36
Kan je doen, als je het simpel wilt doen, dan kan je gewoon in de members-table een status invullen. Liefst met een ID om te koppelen met de Roles.

Reageren

Inloggen om te reageren