TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   Advanced PHP Programming (http://www.talkphp.com/advanced-php-programming/)
-   -   form for logged user (http://www.talkphp.com/advanced-php-programming/2999-form-logged-user.html)

anoopd 06-24-2008 08:04 AM
form for logged user
 
Hi Friends,

Im a newbie here . Just wanted to clear some of my doubts ... i am working with a site where the logged user can
edit something ... ie; a form should be shown only for logged users.. should i use iframes or just show the php file checking session ...Expecting valuable advice and thanks in advance

Anoop

Jim 06-24-2008 11:25 AM
Just create a function (like isLoggedIn()) returning true or false. In that function check the session and maybe some more proof to be 100% sertain the user is logged in.

Something like this will be the result:

PHP Code:
<?php

if(isLoggedIn()) {

   // Parse form

} else {

   echo 'Not logged in';

}

?>
How this helps a bit :)

Wildhoney 06-24-2008 02:30 PM
Perhaps having a peruse over this script that I did may be of some use to you?

maZtah 06-25-2008 08:50 AM
Yesterday I've written this function to check whether a user is logged in or not:

Users have options to save their login in a cookie, so that they don't have to fill the login form back in again.

A cookie is stored like: 'username;sha1hashedpasswordwithoutsalt'.

PHP Code:
// You have to define a SALT first
define('SALT''foo');

function is_logged_in()
{
    if (isset($_COOKIE['user']))
    {
        list($szName$szPassword) = explode(';'$_COOKIE['user']);
        
        $szQuery sprintf(
            "SELECT id
                FROM users
                WHERE name = '%s' AND password = SHA1(CONCAT('%s', '%s'))
                LIMIT 1"$szNameSALT$szPassword);
        
        $pUser mysql_query($szQuery) or die(mysql_error());
        
        if (mysql_numrows($pUser) > 0)
        {
            return TRUE;
        }
    }
    elseif ($_SESSION['loggedin'] === 1)
    {
        return TRUE;
    }
    else
    {
        return FALSE;
    }
Then, you can check (just like Jim did) if a user is logged in like so:

PHP Code:
if (is_logged_in() === TRUE)
{
    echo 'Logged in.';
}

// Or

if (is_logged_in() !== TRUE)
{
    echo 'Not logged in.';
Good luck!

Jim 06-25-2008 08:53 AM
Even if it's hashed with a salt, never save a password in a Cookie.

maZtah 06-25-2008 08:58 AM
I think you are true on that. What's a better way to store a cookie (and to check if it's from a real logged in user)?

Jim 06-25-2008 09:05 AM
What i always do is make an SQL table:

id - ipadres - userid - uniquestring
1 - 127.0.0.1 - 1 - bvt54345bw45herw45vw45wgef

And save a cookie named "login" or something containing the uniquestring. Then check the table for a record containing the uniquestring and ipadres. And then if its found login the user since you have it's userid.

Although i use this for autologin, you can also check it for login validation.

maZtah 06-25-2008 09:10 AM
Yep that's definitely a better route to go. Well, I think anoopd should be able modify my script to make it work like that. If not, I will post an update later.

Thanks for keeping me sharp, Jim!


All times are GMT. The time now is 03:23 AM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0