I'm new to PHP, though I know perl very well.
I am trying to learn PHP by actually building a test system. So I have apache, mysql and php
and I am building the following:
1. A login form. Somebody logs in with a user name and passwd
This is done via a mysql table LOGIN, of the form
username password ID. So if login is successful, PHP knows the logger's ID
2. After authentication, based on the ID of the user name, the rights of the logger are determined via a second table, say RIGHTS of the form
ID Rights, where rights may be 'user' or 'admin'
Based on what rights ID has, a different form appears for user and admin
Here is how I am implementing these:
<!DOCTYPE html>
<html>
<body>
<SCRIPT LANGUAGE="JavaScript">
function doLogin() {
username=document.login.username.value;
if(username=="") {
alert("Please, enter your user name and password to complete the login procedure.\nIf you are a new user, click on the 'Register here' link.");
return false;
}
return true;
}
</SCRIPT>
<?php
if(!isset($_SESSION['userid'])) {
?>
<FORM METHOD="POST" NAME="login" ACTION="login.php" onSubmit="return doLogin()">
<table border=0 class=normal cellspacing="1" cellpadding="1" align=center>
<tr><td class=title><div align="center">Welcome to my site</div></td></tr>
<tr><td class=title><div align="center"> LOGIN</div></td></tr>
<tr><td><div align="center">Username</div></td></tr>
<tr><td><div align="center">
<input CLASS="textbox" type="text" name ="username" size=15>
</div></td></tr>
<tr><td><div align="center">Password</div></td></tr>
<tr><td><div align="center">
<input CLASS="textbox" type="password" name="passwd" size=15>
</div></td></tr>
<tr>
<td align=center><br>
<input CLASS="button" type="submit" value="Submit"></td></tr>
<tr>
<td align=center><p><A class=inside HREF="registration.php"><br>
Not yet registered?<br>
Register <B>here</B>!</A><br>
<br>
<br>
And login.php reads:
<?php
include 'userlogin.php';
include 'adminlogin.php'; //Are these necessary?
$debugOn=0;
ob_start();
// $pagegroup=public;
require "header.php";
require ("db_connect.php");
$dbname="Mydatabase";
$username=$_POST['username'];
$administrator='admin@mysite.com';//the admin (I'd like it global
/* Now since in the LOGIN table the passwd is stored hashed, get the hash; if not md5 or
if salted, do appropriate transformation*/
$passwd=md5($_POST['passwd']);
// $passwd=$_POST['passwd'];
// $pass = md5($_POST['pass']);
if ($user&&$pass)
{
//connect to db
$con = mysqli_connect("localhost",$user,$passwd,$dbname) or die("Some error occurred during connection to the $dbname database " . mysqli_error($con));
if ($result = $mysqli->query("SELECT ID,user,passwd FROM LOGIN WHERE user=$user and passwd=$passwd")){
/* printf("Select returned %d rows.\n", $result->num_rows);*/
/* Now check if a simple user, or admin on ID */
$row0 = mysqli_fetch_row($result);
$id=$row0[0]; // so $id is the user ID
}else{
echo "Invalid user name and/or password";
/* free result set */
$result->close();
}
/*
$result = mysqli_query($link, "SELECT ID,Rights FROM RIGHTS WHERE ID = $id");
$row = mysqli_fetch_row($result);
/* this assumes username is unique and is part of RIGHTS database integrity to guarantee this*/
if (!$row)
{
$error = 'Error - user does not exist';
include 'error.php';
exit();
}
else{
/* authenticated. So note id and do a further query to offer menus as simple user or admin*/
$category = $row[1];
/*check for admin */
if($category=='Admin'){
<td width="30%"> <A class=lightblue HREF="adminmenu.php"> Authenticated as an admin, click on linkto proceed</A> </td>}else{
<td width="30%"> <A class=lightblue HREF="usermenu.php"> Authenticated as a user, click on linkto proceed</A> </td>}
}// else authenticated
}// if user&&pass
?>
In addition, do I understand correctly that variables are scoped, i.e. if inside a <?php ...?>
I have a variable and call another form, the form called already knows the variables, such as a database connection of the calling form?
Even so, I might like to have a truly global variable, such as a mailing address for the site admin, that should be set ONCE(e.g. in the initial form) and known to all other forms, so that for example if something goes wrong ,error trapping can notify the admin. How does one do that?
I am trying to learn PHP by actually building a test system. So I have apache, mysql and php
and I am building the following:
1. A login form. Somebody logs in with a user name and passwd
This is done via a mysql table LOGIN, of the form
username password ID. So if login is successful, PHP knows the logger's ID
2. After authentication, based on the ID of the user name, the rights of the logger are determined via a second table, say RIGHTS of the form
ID Rights, where rights may be 'user' or 'admin'
Based on what rights ID has, a different form appears for user and admin
Here is how I am implementing these:
<!DOCTYPE html>
<html>
<body>
<SCRIPT LANGUAGE="JavaScript">
function doLogin() {
username=document.login.username.value;
if(username=="") {
alert("Please, enter your user name and password to complete the login procedure.\nIf you are a new user, click on the 'Register here' link.");
return false;
}
return true;
}
</SCRIPT>
<?php
if(!isset($_SESSION['userid'])) {
?>
<FORM METHOD="POST" NAME="login" ACTION="login.php" onSubmit="return doLogin()">
<table border=0 class=normal cellspacing="1" cellpadding="1" align=center>
<tr><td class=title><div align="center">Welcome to my site</div></td></tr>
<tr><td class=title><div align="center"> LOGIN</div></td></tr>
<tr><td><div align="center">Username</div></td></tr>
<tr><td><div align="center">
<input CLASS="textbox" type="text" name ="username" size=15>
</div></td></tr>
<tr><td><div align="center">Password</div></td></tr>
<tr><td><div align="center">
<input CLASS="textbox" type="password" name="passwd" size=15>
</div></td></tr>
<tr>
<td align=center><br>
<input CLASS="button" type="submit" value="Submit"></td></tr>
<tr>
<td align=center><p><A class=inside HREF="registration.php"><br>
Not yet registered?<br>
Register <B>here</B>!</A><br>
<br>
<br>
And login.php reads:
<?php
include 'userlogin.php';
include 'adminlogin.php'; //Are these necessary?
$debugOn=0;
ob_start();
// $pagegroup=public;
require "header.php";
require ("db_connect.php");
$dbname="Mydatabase";
$username=$_POST['username'];
$administrator='admin@mysite.com';//the admin (I'd like it global
/* Now since in the LOGIN table the passwd is stored hashed, get the hash; if not md5 or
if salted, do appropriate transformation*/
$passwd=md5($_POST['passwd']);
// $passwd=$_POST['passwd'];
// $pass = md5($_POST['pass']);
if ($user&&$pass)
{
//connect to db
$con = mysqli_connect("localhost",$user,$passwd,$dbname) or die("Some error occurred during connection to the $dbname database " . mysqli_error($con));
if ($result = $mysqli->query("SELECT ID,user,passwd FROM LOGIN WHERE user=$user and passwd=$passwd")){
/* printf("Select returned %d rows.\n", $result->num_rows);*/
/* Now check if a simple user, or admin on ID */
$row0 = mysqli_fetch_row($result);
$id=$row0[0]; // so $id is the user ID
}else{
echo "Invalid user name and/or password";
/* free result set */
$result->close();
}
/*
$result = mysqli_query($link, "SELECT ID,Rights FROM RIGHTS WHERE ID = $id");
$row = mysqli_fetch_row($result);
/* this assumes username is unique and is part of RIGHTS database integrity to guarantee this*/
if (!$row)
{
$error = 'Error - user does not exist';
include 'error.php';
exit();
}
else{
/* authenticated. So note id and do a further query to offer menus as simple user or admin*/
$category = $row[1];
/*check for admin */
if($category=='Admin'){
<td width="30%"> <A class=lightblue HREF="adminmenu.php"> Authenticated as an admin, click on linkto proceed</A> </td>}else{
<td width="30%"> <A class=lightblue HREF="usermenu.php"> Authenticated as a user, click on linkto proceed</A> </td>}
}// else authenticated
}// if user&&pass
?>
In addition, do I understand correctly that variables are scoped, i.e. if inside a <?php ...?>
I have a variable and call another form, the form called already knows the variables, such as a database connection of the calling form?
Even so, I might like to have a truly global variable, such as a mailing address for the site admin, that should be set ONCE(e.g. in the initial form) and known to all other forms, so that for example if something goes wrong ,error trapping can notify the admin. How does one do that?