loginscript
class.login.php
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
<?php
class login {
public $username;
public $password;
public $rememberme = FALSE;
public $error = array();
//********************************************************************
function check_user() {
$logincheck = mysql_query("SELECT * FROM Users WHERE UserName = '$this->username' AND Password = '$this->password' LIMIT 1;");
if(mysql_num_rows($logincheck) == 0) {
$this->error[] = "error_user_not_found";
}
}
function do_login($username,$password,$rememberme) {
$this->username = mysql_real_escape_string($username);
$this->password = mysql_real_escape_string($password);
$this->rememberme = $rememberme;
$this->check_user();
if(count($this->error) == "0")
{
//Set cookies for further use
if ($rememberme) {
// Set cookie to last 1 year
setcookie('c_user',$this->username,time()+60*60*24*365);
setcookie('pw',$this->password,time()+60*60*24*365);
} else {
// Cookie expires when browser closes
setcookie('c_user', $this->username, false);
setcookie('pw', $this->password, false);
}
return TRUE;
}
}
function check_login() {
if(isset($_COOKIE['c_user']) AND isset($_COOKIE['pw'])) {
//Get information from cookies
$this->username = mysql_real_escape_string($_COOKIE['c_user']);
$this->password = mysql_real_escape_string($_COOKIE['pw']);
$this->check_user();
if(count($this->error) == 0) {
return TRUE;
}
}
else
{
$this->error[] = "error_no_cookies_found";
}
}
function do_logout() {
setcookie('c_user','',time()-60*60*24*365);
setcookie('pw','',time()-60*60*24*365);
}
}
?>
class login {
public $username;
public $password;
public $rememberme = FALSE;
public $error = array();
//********************************************************************
function check_user() {
$logincheck = mysql_query("SELECT * FROM Users WHERE UserName = '$this->username' AND Password = '$this->password' LIMIT 1;");
if(mysql_num_rows($logincheck) == 0) {
$this->error[] = "error_user_not_found";
}
}
function do_login($username,$password,$rememberme) {
$this->username = mysql_real_escape_string($username);
$this->password = mysql_real_escape_string($password);
$this->rememberme = $rememberme;
$this->check_user();
if(count($this->error) == "0")
{
//Set cookies for further use
if ($rememberme) {
// Set cookie to last 1 year
setcookie('c_user',$this->username,time()+60*60*24*365);
setcookie('pw',$this->password,time()+60*60*24*365);
} else {
// Cookie expires when browser closes
setcookie('c_user', $this->username, false);
setcookie('pw', $this->password, false);
}
return TRUE;
}
}
function check_login() {
if(isset($_COOKIE['c_user']) AND isset($_COOKIE['pw'])) {
//Get information from cookies
$this->username = mysql_real_escape_string($_COOKIE['c_user']);
$this->password = mysql_real_escape_string($_COOKIE['pw']);
$this->check_user();
if(count($this->error) == 0) {
return TRUE;
}
}
else
{
$this->error[] = "error_no_cookies_found";
}
}
function do_logout() {
setcookie('c_user','',time()-60*60*24*365);
setcookie('pw','',time()-60*60*24*365);
}
}
?>
verwerking formulier
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<?php
if(isset($_POST['submit'])) {
// Username and password sent from signup form
if(!isset($_SESSION))
session_start();
include('../includes/scripts/db.php');
include('../includes/classes/class.login.php');
$username = strip_tags($_POST['username']);
$password = sha1(strip_tags($_POST['password']));
if(isset($_POST['rememberme'])) {
$rememberme = TRUE;
}
else
{
$rememberme = FALSE;
}
$login = new login;
$do_login = $login->do_login($username,$password,$rememberme);
if($do_login)
{
header('location: portal.php');
}
else
{
foreach($login->error as $error) {
echo $error;
}
}
}
?>
if(isset($_POST['submit'])) {
// Username and password sent from signup form
if(!isset($_SESSION))
session_start();
include('../includes/scripts/db.php');
include('../includes/classes/class.login.php');
$username = strip_tags($_POST['username']);
$password = sha1(strip_tags($_POST['password']));
if(isset($_POST['rememberme'])) {
$rememberme = TRUE;
}
else
{
$rememberme = FALSE;
}
$login = new login;
$do_login = $login->do_login($username,$password,$rememberme);
if($do_login)
{
header('location: portal.php');
}
else
{
foreach($login->error as $error) {
echo $error;
}
}
}
?>
Gewijzigd op 19/01/2011 18:03:29 door Daan dd
password in een cookie?? en niet encrypted??
En hier zijn nou net weer 'exceptions' voor tot leven geroepen.
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<?php
class login {
public $username;
public $password;
public $rememberme = FALSE;
public $permission;
public $logincheck;
public $detail;
public $error = array();
//********************************************************************
function check_user() {
$this->logincheck = mysql_query("SELECT * FROM Users WHERE UserName = '$this->username' AND Password = '$this->password' LIMIT 1;");
if(mysql_num_rows($this->logincheck) == 0) {
throw new Exception('error_user_not_found');
}
}
function do_login($username,$password,$rememberme) {
$this->username = mysql_real_escape_string($username);
$this->password = mysql_real_escape_string($password);
$this->rememberme = $rememberme;
try {
$this->check_user();
//Set cookies for further use
if ($rememberme) {
// Set cookie to last 1 year
setcookie('c_user',$this->username,time()+60*60*24*365);
setcookie('pw',$this->password,time()+60*60*24*365);
} else {
// Cookie expires when browser closes
setcookie('c_user', $this->username, false);
setcookie('pw', $this->password, false);
}
return TRUE;
}
catch(Exception $e) {
$this->error[] = $e->getMessage();
}
}
function check_login() {
try {
if(!isset($_COOKIE['c_user']) OR !isset($_COOKIE['pw'])) {
throw new Exception('error_no_cookies_found');
}
//Get information from cookies
$this->username = mysql_real_escape_string($_COOKIE['c_user']);
$this->password = mysql_real_escape_string($_COOKIE['pw']);
$this->check_user();
return TRUE;
}
catch(Exception $e) {
$this->error[] = $e->getMessage();
}
}
function do_logout() {
setcookie('c_user','',time()-60*60*24*365);
setcookie('pw','',time()-60*60*24*365);
}
function get_userinfo() {
$row = mysql_fetch_array($this->logincheck);
return $row;
}
}
?>
class login {
public $username;
public $password;
public $rememberme = FALSE;
public $permission;
public $logincheck;
public $detail;
public $error = array();
//********************************************************************
function check_user() {
$this->logincheck = mysql_query("SELECT * FROM Users WHERE UserName = '$this->username' AND Password = '$this->password' LIMIT 1;");
if(mysql_num_rows($this->logincheck) == 0) {
throw new Exception('error_user_not_found');
}
}
function do_login($username,$password,$rememberme) {
$this->username = mysql_real_escape_string($username);
$this->password = mysql_real_escape_string($password);
$this->rememberme = $rememberme;
try {
$this->check_user();
//Set cookies for further use
if ($rememberme) {
// Set cookie to last 1 year
setcookie('c_user',$this->username,time()+60*60*24*365);
setcookie('pw',$this->password,time()+60*60*24*365);
} else {
// Cookie expires when browser closes
setcookie('c_user', $this->username, false);
setcookie('pw', $this->password, false);
}
return TRUE;
}
catch(Exception $e) {
$this->error[] = $e->getMessage();
}
}
function check_login() {
try {
if(!isset($_COOKIE['c_user']) OR !isset($_COOKIE['pw'])) {
throw new Exception('error_no_cookies_found');
}
//Get information from cookies
$this->username = mysql_real_escape_string($_COOKIE['c_user']);
$this->password = mysql_real_escape_string($_COOKIE['pw']);
$this->check_user();
return TRUE;
}
catch(Exception $e) {
$this->error[] = $e->getMessage();
}
}
function do_logout() {
setcookie('c_user','',time()-60*60*24*365);
setcookie('pw','',time()-60*60*24*365);
}
function get_userinfo() {
$row = mysql_fetch_array($this->logincheck);
return $row;
}
}
?>
User logt in:
- Dookie wordt aangemaakt met: uderID en een MD5 hash uit uniqid() en time()...
- Database-record wordt aangemaakt met de zelfde waardes als die van beide cookie's, UserID, IP staat erbij, een TimeToDie en een IP-adres.
Als een user ingelogd is check ik met een functie of beiden waardes uit de Cookie en de databaseitem overeenkomen met elkaar. Zo ja: true... Zo nee, false...
Sim-pel.