PHWinfo - Afficher un message

19/03/2008, 14h46

Just to warn you... I've been up for about 30 minutes and I'm still on
my first shot of caffeine... Sorry if things don't make 100% sense

On Mar 18, 2008, at 10:27 PM, Jochem Maas wrote:

> Jason Pruim schreef:
>> On Mar 18, 2008, at 3:20 PM, Jochem Maas wrote:
>>> what started out as a simple little reply bloated out into an
>>> inpromptu brain
>>> fart ... lots of bla .. enjoy :-)
>>>
>>> Jason Pruim schreef:
>>>> Hi everyone,
>>>> I am attempting to add a little error checking for a very simple
>>>> login system. The info is stored in a MySQL database, and I am
>>>> using mysqli to connect to it. I have it working with the
>>>> solution provided below, but I am wondering if this is the right
>>>> way to do it or if there is a better way?
>>>
>>> at an abstract level you might consider that your function could
>>> simply
>>> always return a boolean (true = logged in, false = not logged in)
>>> and that the
>>> rest of the application retrieves all the other data via the session
>>> (as opposed to returning half the data and storing half in the
>>> session)
>> I think this is what I am attempting to do... Just going about it
>> all wrong...
>
> start from scratch again?

By the time I'm ready to release this, I'll have 50 versions

>
>
>> I want the pages to check to see if the person is still logged in
>> and if they are, then it's pulling live data from the database...
>> So maybe I should edit my authentication function...
>
> maybe.
> there are two different things being confused:
>
> 1. checking logged in state.
> 2. attempting to login.

Would it make sense to set up a function to see if they are
authenticated, and if they aren't, have it call the authentication
function?
>
>
> function getUserData()
> {
> if (isAuthenticatedUser())
> return $_SESSION['user']['data'];
>
> return null;
> }
>
> function isAuthenticatedUser()
> {
> return (isset($_SESSION['user']['authenticated']) &&
> $_SESSION['user']['authenticated']);
> }
>
> function authenticateUser($u, $p, $cc = false)
> {
> if (($iau = isAuthenticatedUser()) && !$cc)
> throw Exception('Already logged in!');
>
> $cmd = $iau ? 'verify account' : 'login';

I've seen these kinds of things in other scripts that I've looked at,
but don't totally understand what the : does between 2 options...
>
>
> if (!($p = trim($p)) || !($u = trim($u)))
> throw Exception('Cannot '.$cmd.' without credentials!');
>
>
> $p = mysql_real_escape_string($p);
> $u = mysql_real_escape_string($u);
>
> if (!($res = mysql_query("SELECT * FROM `users` WHERE 'pwd'='$p'
> AND `usr`='$u'")))
> throw Exception('Cannot '.$cmd.', verification system error.');
>
> if (mysql_num_rows($res) != 1)
> return false;
>
> if (!($row = mysql_fetch_assoc($res)))
> throw Exception('Cannot '.$cmd.', verification system error.');
>
> if ($iau)
> return (int)$_SESSION['user']['data']['id'] === (int)$row['id'];
>
> unset($row['pwd']);
>
> $_SESSION['user'] = array(
> 'authenticated' => true,
> 'data' => $row,
> );
>
> return true;
> }
>
>> function auth($loggedin) {
>> query database to see if username & Password match;
>> write certain variables into session (Or maybe into the cache?)

I'm going to try this suggestion in just a few minutes... Thanks for
your . I had it all written and working without using functions,
but then I wanted to extend and all hell broke loose

--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
japruim@raoset.com

19/03/2008, 14h46	#15
Jason Pruim Messages: n/a Hébergeur:	Re: [PHP] Is this the best way? Just to warn you... I've been up for about 30 minutes and I'm still on my first shot of caffeine... Sorry if things don't make 100% sense On Mar 18, 2008, at 10:27 PM, Jochem Maas wrote: > Jason Pruim schreef: >> On Mar 18, 2008, at 3:20 PM, Jochem Maas wrote: >>> what started out as a simple little reply bloated out into an >>> inpromptu brain >>> fart ... lots of bla .. enjoy :-) >>> >>> Jason Pruim schreef: >>>> Hi everyone, >>>> I am attempting to add a little error checking for a very simple >>>> login system. The info is stored in a MySQL database, and I am >>>> using mysqli to connect to it. I have it working with the >>>> solution provided below, but I am wondering if this is the right >>>> way to do it or if there is a better way? >>> >>> at an abstract level you might consider that your function could >>> simply >>> always return a boolean (true = logged in, false = not logged in) >>> and that the >>> rest of the application retrieves all the other data via the session >>> (as opposed to returning half the data and storing half in the >>> session) >> I think this is what I am attempting to do... Just going about it >> all wrong... > > start from scratch again? By the time I'm ready to release this, I'll have 50 versions > > >> I want the pages to check to see if the person is still logged in >> and if they are, then it's pulling live data from the database... >> So maybe I should edit my authentication function... > > maybe. > there are two different things being confused: > > 1. checking logged in state. > 2. attempting to login. Would it make sense to set up a function to see if they are authenticated, and if they aren't, have it call the authentication function? > > > function getUserData() > { > if (isAuthenticatedUser()) > return $_SESSION['user']['data']; > > return null; > } > > function isAuthenticatedUser() > { > return (isset($_SESSION['user']['authenticated']) && > $_SESSION['user']['authenticated']); > } > > function authenticateUser($u, $p, $cc = false) > { > if (($iau = isAuthenticatedUser()) && !$cc) > throw Exception('Already logged in!'); > > $cmd = $iau ? 'verify account' : 'login'; I've seen these kinds of things in other scripts that I've looked at, but don't totally understand what the : does between 2 options... > > > if (!($p = trim($p)) \|\| !($u = trim($u))) > throw Exception('Cannot '.$cmd.' without credentials!'); > > > $p = mysql_real_escape_string($p); > $u = mysql_real_escape_string($u); > > if (!($res = mysql_query("SELECT * FROM `users` WHERE 'pwd'='$p' > AND `usr`='$u'"))) > throw Exception('Cannot '.$cmd.', verification system error.'); > > if (mysql_num_rows($res) != 1) > return false; > > if (!($row = mysql_fetch_assoc($res))) > throw Exception('Cannot '.$cmd.', verification system error.'); > > if ($iau) > return (int)$_SESSION['user']['data']['id'] === (int)$row['id']; > > unset($row['pwd']); > > $_SESSION['user'] = array( > 'authenticated' => true, > 'data' => $row, > ); > > return true; > } > >> function auth($loggedin) { >> query database to see if username & Password match; >> write certain variables into session (Or maybe into the cache?) I'm going to try this suggestion in just a few minutes... Thanks for your . I had it all written and working without using functions, but then I wanted to extend and all hell broke loose -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 3251 132nd ave Holland, MI, 49424-9337 www.raoset.com japruim@raoset.com