Login Form

ferks

znova lamim v php a snazim sa urobit prihlasovaci formular a moje vedomosti s php su slabe, takze sa obraciam na radu starsich

pomocou udajov, ktore som nasiel na tejto stranke:

Kód: Vybrať všetko

http://www.devshed.com/c/a/PHP/Creating-a-Secure-PHP-Login-Script/

som si vytvoril SQL tabulku, dokonca som sam zvladol aj pridanie uzivatela + md5 heslom do databazy.

ale uz vytvorene dielo nedokazem spustit.

pri skusobnom prihlaseni mi vypise chybu, pretoze som zle zostavil kod, alebo sa ho snazim chybne pouzit

tu je vypis kodu na ktory odosielam prihlasovanie udaje:

Kód: Vybrať všetko

<?php

class User 
{ 
  var $db = null; // PEAR::DB pointer 
  var $failed = false; // failed login attempt 
  var $date; // current date GMT 
  var $id = 0; // the current user's id 
  function User(&$db) 
  { 
   $this->db = $db; 
   $this->date = $GLOBALS['date']; 
   if ($_SESSION['logged']) 
   { 
    $this->_checkSession(); 
   } 
   elseif ( isset($_COOKIE['imagesferksLogin']) ) 
   { 
    $this->_checkRemembered($_COOKIE['imagesferksLogin']); 
   } 
  }

function &db_connect() 
{ 
 require_once 'DB.php'; 
 PEAR::setErrorHandling(PEAR_ERROR_DIE); 
 $db_host = 'localhost'; 
 $db_user = '????'; 
 $db_pass = '????'; 
 $db_name = '????'; 
 $dsn = "mysql://$db_user:$db_pass@unix+$db_host/$db_name"; 
 $db = DB::connect($dsn); 
 $db->setFetchMode(DB_FETCHMODE_OBJECT); 
 return $db; 
}

function session_defaults() 
{ 
 $_SESSION['logged'] = false; 
 $_SESSION['uid'] = 0; 
 $_SESSION['username'] = ''; 
 $_SESSION['cookie'] = 0; 
 $_SESSION['remember'] = false; 
}

function _checkLogin($username, $password, $remember) 
{ 
 $username = $this->db->quote($username); 
 $password = $this->db->quote(md5($password)); 
 $sql = "SELECT * FROM member WHERE " . 
 "username = $username AND " . 
 "password = $password"; 
 $result = $this->db->getRow($sql); 
 if ( is_object($result) ) 
 { 
  $this->_setSession($result, $remember); 
  return true; 
 } 
 else
 { 
  $this->failed = true; 
  $this->_logout(); 
  return false; 
 } 
}

function _setSession(&$values, $remember, $init = true) { 
$this->id = $values->id; 
$_SESSION['uid'] = $this->id; 
$_SESSION['username'] = htmlspecialchars($values->username); 
$_SESSION['cookie'] = $values->cookie; 
$_SESSION['logged'] = true; 
if ($remember) { 
$this->updateCookie($values->cookie, true); 
} 
if ($init) { 
$session = $this->db->quote(session_id()); 
$ip = $this->db->quote($_SERVER['REMOTE_ADDR']); 

$sql = "UPDATE member SET session = $session, ip = $ip WHERE " . 
"id = $this->id"; 
$this->db->query($sql); 
} 
}

function updateCookie($cookie, $save) { 
$_SESSION['cookie'] = $cookie; 
if ($save) { 
$cookie = serialize(array($_SESSION['username'], $cookie) ); 
set_cookie('imagesferksLogin', $cookie, time() + 31104000, '/directory/'); 
} 
}

function _checkRemembered($cookie) { 
list($username, $cookie) = @unserialize($cookie); 
if (!$username or !$cookie) return; 
$username = $this->db->quote($username); 
$cookie = $this->db->quote($cookie); 
$sql = "SELECT * FROM member WHERE " . 
"(username = $username) AND (cookie = $cookie)"; 
$result = $this->db->getRow($sql); 
if (is_object($result) ) { 
$this->_setSession($result, true); 
} 
}

function _checkSession() { 
$username = $this->db->quote($_SESSION['username']); 
$cookie = $this->db->quote($_SESSION['cookie']); 
$session = $this->db->quote(session_id()); 
$ip = $this->db->quote($_SERVER['REMOTE_ADDR']); 
$sql = "SELECT * FROM member WHERE " . 
"(username = $username) AND (cookie = $cookie) AND " . 
"(session = $session) AND (ip = $ip)"; 
$result = $this->db->getRow($sql); 
if (is_object($result) ) { 
$this->_setSession($result, false, false); 
} else { 
$this->_logout(); 
} 
}

}

$_POST['login'] = $login;
$_POST['pass'] = $pass;

if (User::_checkLogin($login,$pass,$rem) == false)
{
  echo "Zly login";
}
else
 echo "Prihlaseny";

?>

s najvacsou pravdepodobnostou je chyba tu:

Kód: Vybrať všetko

if (User::_checkLogin($login,$pass,$rem) == false)
{
  echo "Zly login";
}
else
 echo "Prihlaseny";

pretoze nieco ako Triedy vidim v php prvy krat.
ak sa niekto na to pozrie a najde chybu, tak mu budem velmi vdacny

// k databaze mam vsetko spravne, len tu som to odstranil

programator

ferks napísal: s najvacsou pravdepodobnostou je chyba tu:
Kód: Vybrať všetko
if (User::_checkLogin($login,$pass,$rem) == false)
{
  echo "Zly login";
}
else
 echo "Prihlaseny";
pretoze nieco ako Triedy vidim v php prvy krat.
ak sa niekto na to pozrie a najde chybu, tak mu budem velmi vdacny

// k databaze mam vsetko spravne, len tu som to odstranil

No ja by som povedal ze ta podmienka ma byt takto :

Kód: Vybrať všetko

if (User->_checkLogin($login,$pass,$rem) == false)

snazis sa volat metody staticky, ktore nie su staticke. Musis si najprv vytvorit objekt,

Kód: Vybrať všetko

$user = new User(User::db_connect());

vsimni si ze parameter konstruktora je staticka metoda

potom uz pracujes s vytvorenym objektom... teda komplet nejak takto

Kód: Vybrať všetko

$user = new User(User::db_connect());
if ($user->_checkLogin($login,$pass,$rem) == false)
{
  echo "Zly login";
}
else
 echo "Prihlaseny";

jo a detail, chyba ti tam funkcia _logout()

ferks

dikes mastermind. karmu som uz poslal.
podarilo sa mi to spravit, logout som pridal

len zatial mi nejde ulozenie cookie sedenie do databazy, ulozi sa iba IP adresa prihlaseneho. este sa s tym skusim pohrat a ked nenajdem chybu, este sa na vas obratim. vdaka

ferks

alebo je to nedokoncene, ale ja som z toho mimo.
uvadza sa tam, ze do databazy sa uklada md5 hash cookie (v databaze je definovana dlza 32 znakov, ale v v prehliadaci je cookie ovela dlhsi = a%3A2%3A%7Bi%3A2%3Bs%3A5%3A%22ferks%22%3Bi%3B1%3Bs%3A0%3A%20%22%3B%7F) prihlaseneho uzivatela, ale aj po uspesnom prihlaseni (s pamatanim session) sa do databazy ulozi iba polozka IP. polozka Session a Cookie je prazdna, v kode ani nevidim, kde sa uklada polozka cookie, polozka seesion sice ano:

Kód: Vybrať všetko

$sql = "UPDATE member SET session = $session, ip = $ip WHERE " . 
"id = $this->id" ;

ale aj tak je to prazdny textovy retazec.

skusi niekto poradit?

nebolo by zle keby si poslal uz tvoju upravenu verziu kodu.
//prinajmensom by bodla ta cast ktorou ludi pridavas do db

ferks

Kód: Vybrať všetko

<?php

class User 
{ 
  var $db = null; // PEAR::DB pointer 
  var $failed = false; // failed login attempt 
  var $date; // current date GMT 
  var $id = 0; // the current user's id 
  function User(&$db) 
  { 
   $this->db = $db; 
   $this->date = $GLOBALS['date']; 
   if ($_SESSION['logged']) 
   { 
    $this->_checkSession(); 
   } 
   elseif ( isset($_COOKIE['imagesferksLogin']) ) 
   { 
    $this->_checkRemembered($_COOKIE['imagesferksLogin']); 
   } 
  }

function &db_connect() 
{ 
 require_once 'DB.php'; 
 PEAR::setErrorHandling(PEAR_ERROR_DIE); 
 $db_host = 'localhost'; 
 $db_user = '?'; 
 $db_pass = '?'; 
 $db_name = '?'; 
 $dsn = "mysql://$db_user:$db_pass@unix+$db_host/$db_name"; 
 $db = DB::connect($dsn); 
 $db->setFetchMode(DB_FETCHMODE_OBJECT); 
 return $db; 
}

function updateCookie($cookie, $save) { 
$_SESSION['cookie'] = $cookie; 
if ($save) { 
$cookie = serialize(array($_SESSION['username'], $cookie) ); 
//setcookie('imagesferksLogin', $cookie, time() + 31104000, '/directory/'); 
setcookie('imagesferksLogin', $cookie, time() + 31104000); 
} 
}

function session_defaults() 
{ 
 $_SESSION['logged'] = false; 
 $_SESSION['uid'] = 0; 
 $_SESSION['username'] = ''; 
 $_SESSION['cookie'] = 0; 
 $_SESSION['remember'] = false; 
}

function _checkLogin($username, $password, $remember) 
{ 
 $username = $this->db->quote($username); 
 $password = $this->db->quote(md5($password)); 
 $sql = "SELECT * FROM member WHERE " . 
 "username = $username AND " . 
 "password = $password"; 
 $result = $this->db->getRow($sql); 
 if ( is_object($result) ) 
 { 
  $this->_setSession($result, $remember); 
  return true; 
 } 
 else
 { 
  $this->failed = true; 
  $this->_logout(); 
  return false; 
 } 
}

function _setSession(&$values, $remember, $init = true) { 
$this->id = $values->id; 
$_SESSION['uid'] = $this->id; 
$_SESSION['username'] = htmlspecialchars($values->username); 
$_SESSION['cookie'] = $values->cookie; 
$_SESSION['logged'] = true; 
if ($remember) { 
$this->updateCookie($values->cookie, true); 
} 
if ($init) { 
$session = $this->db->quote(session_id()); 
$ip = $this->db->quote($_SERVER['REMOTE_ADDR']); 
$cookie = $values->cookie;
$sql = "UPDATE member SET session = $session, ip = $ip WHERE " . 
"id = $this->id" ; 
$this->db->query($sql); 
} 
}


function _checkRemembered($cookie) { 
list($username, $cookie) = @unserialize($cookie); 
if (!$username or !$cookie) return; 
$username = $this->db->quote($username); 
$cookie = $this->db->quote($cookie); 
$sql = "SELECT * FROM member WHERE " . 
"(username = $username) AND (cookie = $cookie)"; 
$result = $this->db->getRow($sql); 
if (is_object($result) ) { 
$this->_setSession($result, true); 
} 
}

function _logout() 
  {
   $this->session_defaults();
  }

function _checkSession() { 
$username = $this->db->quote($_SESSION['username']); 
$cookie = $this->db->quote($_SESSION['cookie']); 
$session = $this->db->quote(session_id()); 
$ip = $this->db->quote($_SERVER['REMOTE_ADDR']); 
$sql = "SELECT * FROM member WHERE " . 
"(username = $username) AND (cookie = $cookie) AND " . 
"(session = $session) AND (ip = $ip)"; 
$result = $this->db->getRow($sql); 
if (is_object($result) ) { 
$this->_setSession($result, false, false); 
} else { 
$this->_logout(); 
} 
}


}


//$_POST['username'];
//$_POST['password'];
//echo $username;
//echo $password;

$date = gmdate("'Y-m-d'"); 
$user = new User(User::db_connect());

if ($user->_checkLogin($username,$password,true) == false) 
{ 
  echo "Zly login"; 
} 
else 
 echo "Prihlaseny";

?>

<- takto to testujem.
po prihlaseni ma lo logne, cookie ulozi do prehliadaca, ale neulozi do databazy

funkcia "_checkLogin" skontroluje login a nasledne, ak je polozka rememeber true ma ulozit cookie a aktualizovat databazu pomocou funkcie "_setSession":

Kód: Vybrať všetko

function _setSession(&$values, $remember, $init = true) { 
$this->id = $values->id; 
$_SESSION['uid'] = $this->id; 
$_SESSION['username'] = htmlspecialchars($values->username); 
$_SESSION['cookie'] = $values->cookie; 
$_SESSION['logged'] = true; 
if ($remember) { 
$this->updateCookie($values->cookie, true); 
} 
if ($init) { 
$session = $this->db->quote(session_id()); 
$ip = $this->db->quote($_SERVER['REMOTE_ADDR']); 
$cookie = $values->cookie;
$sql = "UPDATE member SET session = $session, ip = $ip WHERE " . 
"id = $this->id" ; 
$this->db->query($sql); 
} 
}

<- tu bude asi nieco zle, alebo to robim zle ja?

na zaciatok metody _setSession(...); pridaj

Kód: Vybrať všetko

session_start();

jo a kedy to ma ukladat cookie do databazy?
jo a pridaj to vsade kde chces pracovat so sessions

ferks

mastermind napísal:na zaciatok metody _setSession(...); pridaj
Kód: Vybrať všetko
session_start();
jo a pridaj to vsade kde chces pracovat so sessions

parada, uz to ulozilo dalsi cookie a zaroved do databazy session. uz to dufam pojde. dik

mastermind napísal: jo a kedy to ma ukladat cookie do databazy?

tiez neviem, ale som myslel, ze to ma ukladat ked to vytvorilo tabulku v databaze...

ano uz som si vsimol, ze tam mas aj metody ktore vobec nevyuzivas. bolo mi divne ako mozes robit select nad databazou s podmienkou na cookie ked vlasten nikdy ziaden cookie do DB nedostanes

a s tou hodnotou cookie v prehliadaci. Ta hodnota ktoru si sem poslal je zakodovana. teda ak si ju nechas v php vypisat. napr cez

Kód: Vybrať všetko

var_dump($_COOKIE);

uvidis ze sa urcite do toho stlpca zmesti. to len tak btw

Login Form

Login Form

Re: Login Form