PHP Login Class - Page 2

allworknoplay · 05-02-2009, 04:03 PM

Quote:

Originally Posted by Tanax

Have you guys checked the date of this thread? It's more than 1 year old, surely he must have removed the file by now.

It's always funny to find old threads, make a post and wonder where everyone is that was originally involved, or asking for files that are old..

I know when I go through an old thread I find interesting, I hope the OP is still around to answer my question!

sketchMedia · 05-02-2009, 04:59 PM

Quote:

Originally Posted by captainmerton

sketchMedia u are a saviour. The fact that it just completely wouldnt work when it had worked for so many others made me think i was going to have to change a setting in my php.ini file or apache config but never crossed my mind about that one. Its now working. Thanks for your help.

Glad to be of help.

captainmerton · 05-09-2009, 09:00 AM

Apologies for again being on asking stoopid questions on this one but I cant seem to get the verifyLogin method to work correctly i.e. I have set up my table

CREATE TABLE visionire
(username VARCHAR(30) NOT NULL,
password VARCHAR(30) NOT NULL,
IP VARCHAR(20) NOT NULL,
PRIMARY KEY (username));

and added a row however when I run the script and try and log in the following query always returns no rows:

$query = sprintf("SELECT * FROM user WHERE username = '%s' AND password = sha1('%s') LIMIT 0,1", $this->clean($username), $this->clean($password));

If i rewrite the query and hardcode the user details it works ok so I am assuming its something to do with the way i have defined the columns on the table or how the strings are handled i dunno any experts out there who can spot an error?

Cheers.

allworknoplay · 05-09-2009, 12:42 PM

Quote:

Originally Posted by captainmerton

Apologies for again being on asking stoopid questions on this one but I cant seem to get the verifyLogin method to work correctly i.e. I have set up my table

CREATE TABLE visionire
(username VARCHAR(30) NOT NULL,
password VARCHAR(30) NOT NULL,
IP VARCHAR(20) NOT NULL,
PRIMARY KEY (username));

and added a row however when I run the script and try and log in the following query always returns no rows:

$query = sprintf("SELECT * FROM user WHERE username = '%s' AND password = sha1('%s') LIMIT 0,1", $this->clean($username), $this->clean($password));

If i rewrite the query and hardcode the user details it works ok so I am assuming its something to do with the way i have defined the columns on the table or how the strings are handled i dunno any experts out there who can spot an error?

Cheers.

Well, I'm no OO expert but I don't see where

$this->clean() is defined anywhere?

So it would probably work if you just left that out and put username and password in there like this:

$query = sprintf("SELECT * FROM user WHERE username = '%s' AND password = sha1('%s') LIMIT 0,1", $username, $password);

allworknoplay · 05-09-2009, 12:52 PM

Sorry, found the function all the way on the bottom of the script....

So not sure what it could be....

allworknoplay · 05-09-2009, 01:16 PM

Maybe these 2 properties need to be made public?

/* The username of a member */
private $username;

/* The password of a member */
private $password;

captainmerton · 05-09-2009, 02:04 PM

Tried to changing them both to public and it had no effect it is still returning no rows on the select.

captainmerton · 05-09-2009, 02:08 PM

Just resolved it:

Removed the sha1 function on the password string. Any ideas what this is for anyway I believe it converts a string to hex or something?

allworknoplay · 05-09-2009, 02:13 PM

Quote:

Originally Posted by captainmerton

Just resolved it:

Removed the sha1 function on the password string. Any ideas what this is for anyway I believe it converts a string to hex or something?

Yeah that's for encryption I think. So are you storing your passwords as raw text?

What is your password column set as? Binary or varchar?

captainmerton · 05-09-2009, 02:28 PM

Varchar. Not sure it really matters to me if they are encrypted or not.

allworknoplay · 05-09-2009, 02:29 PM

Quote:

Originally Posted by captainmerton

Varchar. Not sure it really matters to me if they are encrypted or not.

Well if you're just messin' around, it doesn't matter...

But of course if your hosting anything meaningful you probably want to go the MD5 route...

captainmerton · 05-09-2009, 02:47 PM

Whats MD5? I assume I would encrypt the password then store it on the database then unencrypt after i've read it from the database.

allworknoplay · 05-09-2009, 02:50 PM

Quote:

Originally Posted by captainmerton

Whats MD5? I assume I would encrypt the password then store it on the database then unencrypt after i've read it from the database.

yeah you can do that with mcrypt if you have that extension installed.

http://us.php.net/mcrypt

But the best route is to one-way hash it with MD5 so that there is no way to display the password ever...

If a user forgets, they would have to come up with a new password.

baseballplayr · 05-15-2009, 02:10 AM

Can anyone point to a spot to download this script? Thanks. :)

Salathe · 05-15-2009, 02:39 PM

@baseballplayr The code is available as an attachment to the first post.

baseballplayr · 05-15-2009, 03:20 PM

Above the attachment is a v2 that the link is broken on. Does anyone have that?

Wildhoney · 05-15-2009, 04:51 PM

Sadly not. I don't have it. I have sent him an email to see if he has it. Let's hope he does!

captainmerton · 05-16-2009, 10:50 AM

I've been mucking about with this login class and have been starting to make some alterations. Wondered if i pick some more advanced php-ers brains. I want to verify someone is logged in without creating an object so I changed the verifyAccess method to static and call it like this:

/* Verify access */
Login::verifyAccess();
if (false)
{
$login = new Login;

/* Include the HTML for the form */
require_once('./lib/form.php');
}

Any thoughts on this? When you declare a method as static does that mean you are allowing it to be called when there is no object instantiated or specifying it can ONLY be called when no object is instantiated?

Also - any thoughts on the difference between using sessions as opposed to cookies to manage logins. I've always used cookies in the past and i know sessions are server side and probably safer but in my use of this script i want a user "logged in" indefinitely so once they log in they'll never have to login again unless they logout. I know a cookie is perfect for this as i've done it before maybe setting the cookie expiry for a year or something but can I do the same thing with a session or is it ill-suited as essentially you are storing such data on the server? Any advice on this? Cheers.

Wildhoney · 05-23-2009, 02:25 AM

You could, if you think it warrants it, convert the class to a singleton. I doubt you're going to want more than one instance of the login class, and so it does make sense to convert it to a singleton class as shown below.

I am not a lover of making all the functions static because you get rid of the ability to have member functions, saved states, and all the other OOP features. I use static functions as namespaces. Now that the new version of PHP will have namespaces, I doubt I'll be using static functions ever again.

When I say static functions, you will need one to make the singleton work, and this is more than fine. The getInstance function returns the object. By setting the constructor to private you're unable to initiate the class by using new.

Article: How to use the Singleton design pattern

php Code:

class TalkPHP_Singleton
{
    private static $m_pInstance;
    private $m_szHello;
    
    /* Prevent external initiation but still called. */
    private function __construct()
    {
        $this->m_szHello = 'Hello';
    }
    
    /**
     * @return TalkPHP_Singleton
     */
    public static function getInstance()
    {
        if (empty(self::$m_pInstance))
        {
            /* self() being this class we're in. */
            self::$m_pInstance = new self();
        }
        
        return self::$m_pInstance;
    }
    
    public function getHello($szName)
    {
        return sprintf('Hello %s!', $szName);
    }
}

echo TalkPHP_Singleton::getInstance()->getHello('Adam');

Sirupsen · 05-25-2009, 07:15 PM

Thanks! This should surely learn me something about the use of classes, thanks for the comments in the code as well!

I've been looking through the code, and it all seems understandable! But, I have some trouble with this code:

PHP Code:


			
    catch(Exception $error) {
        print $error->getMessage();
    }

What does it do? And where is "getMessage()" function defined?

Thanks. :)