Pseudocode Simple Login help

whats up all, im trying to write out my ideas for a script but im having some trouble with it, was wondering if someone could help me just get an idea down. im trying to setup a simple login script that will be the header of my site, what it will do is log a person in and then show a control panel.
i want to use cookies and sessions also.

so heres what i have so far.

==========
header.php
check for cookie
if exist set control panel with options and logout
if none exist check session,
if exist set control panel with options,
if none exist
exit

ask for login and password with remember option (will set cookie)
user inputs details, database check to see if user exists
if exist register session and setcookie if remember option true
else
show signup so user can register

this is what i got so far, is this even possible to have all these functions in one script?

and also, im not going to be using groups or anything this is just either the user exists or not show control panel or show login boxes.

yes, it all should work. And your taking a good approach by creating a “global” header.php file that you stick in every page on your site.

But, I would get the cookie…with the user id set in it, and check it against my database to validate they are a registered user on the site. Next, I would set a session variable for the user such as $yXYvXY_User_Logged_In and set it to 1. From there all your php files have to do is do an isset(’$yXYv…’) then display the control panel…without having to check the cookie and matching the user to the database each time.

I used $yXyvXY_User_Logged_In rather than somthing pretty ovious like $isloggedin so someone couldn’t pass a value along through the url.

In addition, I always put my database and other login globals in a php include file that is located in the site root, not the document root.

for instance if your server is set up like

/home/erebus/www/

I store include files with sensitive data, like database passwords in /home/erebus/ that way if something goes screwy with PHP on the server it doesn’t spit out your php code. (this is mentioned in Kevin Yanks article on Building A Database Driven Website using PHP – it should be in the book too.)

word, will they be ok if i put them in a .htaccess passworded folder like /home/erebus/www/includes/ ? or is that a no no

I still prefer setting a remember me cookie, but always require a password. It sounds silly, and saves the person time only by not having to type in the user id, but, I’m wondering how hard it would be to clone a cookie from another machine and it automatically logs the cookie holder into the marks account.

Nope. If you put in them in a .htaccess file, it’s going to pop up with a password. Been there done that. There was a neat trick on one of the forums. You can get the $DOCUMENT_ROOT which should return the absolute path to the document root then trim off the /www part. This beats putting the absolute path to the include file into each of your .php files.

question about the cookie,


setcookie("q4gaming",$uid,time()+31536000, '/');

uid = username from database how do i go about getting the username from the cookie to be displayed on the site? echo _COOKIE something blah blah
thanks for the help brother

anyhow this is as far as im gonna go with it tonight, the require and include stuff will change dont worry bout that, and where i echo the control panle i also want to echo the usersname from the cookie


  <?php
  
  require('backend/includes/functions.inc');
  require('backend/includes/config.inc');
  
  session_start();
  												
  if(isset($doLogin)) {	
  	$sql = "SELECT * FROM user WHERE nickname = '$uid' AND password = PASSWORD('$pwd') AND active = 'Y'";
  	$result = mysql_query($sql);
  	if(mysql_num_rows($result) > 0) {  
  	setcookie("nickname",$uid,time()+31536000, '/');
  	$bAnAnA_logged_in_user = 1;
  	//  session_register(bAnAnA_logged_in_user); unsure if i need this or what
  	} else {
  		unset($_SESSION[uid]);
  		$_SESSION = array();
  		session_destroy();
  		error("You do not appear to be a registered user, please register or contact tech support.");
  	}
  }
  
  if(isset($bAnAnA_logged_in_user) || ($_COOKIE["nickname"])) {
  	echo "control panel";
  } else {
  	?><form method="post" action="<?=$PHP_SELF?>">
  	  User ID: <input type="text" name="uid" size="10">
  	  Password: <input type="password" name="pwd" SIZE="10">
  	  <input type="submit" name="doLogin" value="Login">
  	<?php
  }
   
  ?>
  

hows that look so far? havent tested it yet

yeah, readcookie = _COOKIE[‘cookiename’];

Based on how you set the cookie in the above code.

You can also use $HTTP_COOKIE_VARS (see the php manual)

i really appreciate your help on this, its priceless :slight_smile:

so far its working great, i just have to throw some checks in there to make sure the user actually exists before allowing to show the control panel.