Hey guys,
I am trying to create a login script, using an MVC structure, but i know i am missing something out. I normally code in php4 and procedural so it’s quite straightforward that way, however i want to try this method. Anyway below is my code and file structure:
Models/Person.class.php
<?php
class Person {
protected $id, $email, $password, $forename, $surname, $address, $postcode, $date_added;
public function __construct($dbrow) {
$this->id = $dbrow['ID'];
$this->email = $dbrow['email'];
$this->password = $dbrow['password'];
$this->forename = $dbrow['forename'];
$this->surname = $dbrow['surname'];
$this->address = $dbrow['address'];
$this->postcode = $dbrow['postcode'];
$this->date_added = $dbrow['date_added'];
}
public function getId(){
return $this->id;
}
public function getEmail(){
return $this->email;
}
public function getPassword(){
return $this->password;
}
public function getForename(){
return $this->forename;
}
public function getSurname(){
return $this->surname;
}
public function getAddress(){
return $this->address;
}
public function getPostcode(){
return $this->postcode;
}
public function getDateAdded(){
return $this->date_added;
}
}
Models/Database.class.php
<?php
require_once('Person.class.php');
require_once('Category.class.php');
class Database {
protected $mysqli;
public function sanitise($data) { // Escapes parameters before sending SQL query
foreach($data as $key => $value){
$data[$key] = $this->mysqli->real_escape_string($value);
}
return $data;
}
public function __construct($host, $username, $password, $dbname) {
$this->mysqli = new mysqli($host, $username, $password, $dbname);
if ($this->mysqli->errno){
echo 'Unable to connect'.$this->mysqli->error;
exit();
}
}
public function login($username, $password) { // Login
$data = $this->sanitise($data);
$sql = 'SELECT ID, email, password FROM hussaini_members
WHERE email = \\''.$data['email'].'\\' AND password = \\''.$data['password'].'\\'';
$results = $this->mysqli->query($sql);
$personArray = array();
while($row = $results->fetch_array(MYSQLI_ASSOC)) {
$personArray[] = new Person($row);
}
return $personArray;
}
public function __destruct() {
$this->mysqli->close();
}
}
Views/login.php
<?php
$view->pageTitle = 'Login';
require_once('Models/Database.class.php');
$database = new Database('localhost', ****', '', '****');
if(isset($_POST['submit']))
{
$view->login($_POST['email'], $_POST['password']);
}
require_once('Views/login.phtml');
login.phtml
<?php require('template/header.phtml') ?>
<h2>Login</h2>
<div id="login">
<fieldset>
<legend>Please login</legend>
<form action="" method="post">
<ul>
<li><label for="email">Email: </label> <input type="text" maxlength="45" id="email" name="email" /></li>
<li><label for="password">Password: </label> <input type="password" maxlength="45" id="password" name="password" /></li>
<li><input style="float:right; margin-right:30px;" type="submit" value="Submit" name="submit"/></li>
</ul>
</form>
</fieldset>
</div>
<?php require('template/sidebar.phtml') ?>
<?php require('template/footer.phtml') ?>
Now the structure above shows how i am trying to implement a login script, the login function in the database.class.php file looks fine. I am using a function to escape string called sanitise…
But in the index.php (Controller), I call the function but i need to actually check to see if the details match. I think i need some return error or something in the login function??
How can i fix this so i can create a session if the details are true??
Can someone please help?
Thanks again