PHP and MySQL Web Development - P134 ppsx
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (137.17 KB, 5 trang )
637
Implementing Login
Here the form is blank, ready for new account details. Because this function only out-
puts HTML, we will not go through it here.
Figure 28.5 The new account creation form
enables users to enter their details.
The submit button on this form invokes the store-account action.The code for this
action is as follows:
case 'store-account' :
{
if (store_account($HTTP_SESSION_VARS['normal_user'],
$HTTP_SESSION_VARS['admin_user'], $HTTP_POST_VARS))
$action = '';
if(!check_logged_in())
display_login_form($action);
break;
}
The store_account() function writes the account details to the database.The code for
this function is shown in Listing 28.4.
34 525x ch28 1/24/03 2:55 PM Page 637
638
Chapter 28 Building a Mailing List Manager
Listing 28.4 store_account() Function from mlm_fns.php—These Functions Add a
New User or Modify an Existing User in the Database.
// add a new subscriber to the database, or let a user modify their data
function store_account($normal_user, $admin_user, $details)
{
if(!filled_out($details))
{
echo 'All fields must be filled in. Try again.<br /><br />';
return false;
}
else
{
if(subscriber_exists($details['email']))
{
//check logged in as the user they are trying to change
if(get_email()==$details['email'])
{
$query = "update subscribers set realname = '$details[realname]',
mimetype = '$details[mimetype]'
where email = '" . $details[email] . "'";
if(db_connect() && mysql_query($query))
{
return true;
}
else
{
echo 'could not store changes.<br /><br /><br /><br /><br /><br />';
return false;
}
}
else
{
echo '<p>Sorry, that email address is already registered here.</p>';
echo '<p>You will need to log in with that address to change '
.' its settings.</p>';
return false;
}
}
else // new account
{
$query = "insert into subscribers
values ('$details[email]',
'$details[realname]',
'$details[mimetype]',
password('$details[new_password]'),
0)";
34 525x ch28 1/24/03 2:55 PM Page 638
639
Implementing Login
if(db_connect() && mysql_query($query))
{
return true;
}
else
{
echo 'Could not store new account.<br /><br /><br /><br /><br /><br />';
return false;
}
}
}
}
This function first checks that the user has filled in the required details.
If this is okay, the function will then either create a new user, or update the account
details if the user already exists.A user can only update the account details of the user he
is logged in as.
This is checked using the get_email() function, which retrieves the email address of
the user who is currently logged in.We’ll return to this later, as it uses session variables
that are set up when the user logs in.
Logging In
If a user fills in the login form we saw back in Figure 28.4 and clicks on the Log In but-
ton, she will enter the index.php script with the email and password variables set.This
will activate the login code, which is in the pre-processing stage of the script, as follows:
// need to process log in or out requests before anything else
if($HTTP_POST_VARS['email']&&$HTTP_POST_VARS['password'])
{
$login = login($HTTP_POST_VARS['email'], $HTTP_POST_VARS['password']);
if($login == 'admin')
{
$status .= '<p><b>'.get_real_name($HTTP_POST_VARS['email']).'</b> logged in'.
' successfully as <b>Administrator</b></p>
'<br /><br /><br /><br /><br />';
$HTTP_SESSION_VARS['admin_user'] = $HTTP_POST_VARS['email'];
}
else if($login == 'normal')
{
$status .= "<p><b>".get_real_name($HTTP_POST_VARS['email'])."</b> logged in"
." successfully.</p><br /><br />";
$HTTP_SESSION_VARS['normal_user'] = $HTTP_POST_VARS['email'];
Listing 28.4 Continued
34 525x ch28 1/24/03 2:55 PM Page 639
640
Chapter 28 Building a Mailing List Manager
}
else
{
$status .= "<p>Sorry, we could not log you in with that
email address and password.</p><br />";
}
}
As you can see, we first try to log them in using the login() function from the
user_auth_fns.php library.This is slightly different from the login functions we have used
elsewhere, so we’ll take a look at it.The code for this function is shown in Listing 28.5.
Listing 28.5 login() Function from user_auth_fns.php—Checking a User’s Login
Details
function login($email, $password)
// check username and password with db
// if yes, return login type
// else return false
{
// connect to db
$conn = db_connect();
if (!$conn)
return 0;
$query = "select admin from subscribers
where email='$email'
and password = password('$password')";
//echo $query;
$result = mysql_query($query);
if (!$result)
return false;
if (mysql_num_rows($result)<1)
return false;
if(mysql_result($result, 0, 0) == 1)
return 'admin';
else
return 'normal';
}
Previously with login functions, we have returned true if the login was successful and
false if it was not. In this case, we still return false if the login failed, but if it was suc-
cessful we return the user type, either 'admin' or 'normal'.We check the user type by
retrieving the value stored in the admin column in the subscribers’ table, for a particular
combination of email address and password. If no results are returned, we return false.
If a user is an administrator, this value will be 1 (true), and we return 'admin'.
Otherwise, we return 'normal'.
34 525x ch28 1/24/03 2:55 PM Page 640
641
Implementing Login
Returning to the main line of execution, we register a session variable to keep track of
who our user is.This will either be admin_user if she is an administrator, or
normal_user if she is a regular user.Whichever one of these variables we set will contain
the email address of the user.To simplify checking for the email address of a user, we use
the get_email() function mentioned earlier.
This function is shown in Listing 28.6.
Listing 28.6 get_email() function from user_auth_fns.php—Returns the Email Address
of the Logged In User
function get_email()
{
global $HTTP_SESSION_VARS;
if (isset($HTTP_SESSION_VARS['normal_user']))
return $HTTP_SESSION_VARS['normal_user'];
if (isset($HTTP_SESSION_VARS['admin_user']))
return $HTTP_SESSION_VARS['admin_user'];
return false;
}
Back in our main program, we report to the user whether she was logged in or not, and
at what level.
The output from one login attempt is shown in Figure 28.6.
Figure 28.6 The system reports to the user that login was successful.
34 525x ch28 1/24/03 2:55 PM Page 641
