Member Avatar for Ozzzi

Hello , I'm in some trouble regarding the following code.I must state first that I'm a beginner in programming, and that I've tried to understand other solved solutions before crying for help , but with no luck.Had tons of errors and a lot of frustration ; almost gave up(work on other stuff too that give me headaches).Though , I need to pull this off , it's for an important project of mine.If you're willing to help I'll be eternal gratefull.SO ..here is the code :

config.php (which has the db settings)

<?php
    //set off all error for security purposes
    error_reporting(E_ALL);


    //define some contstant
    define( "DB_DSN", "mysql:host=localhost;dbname=clients" );
    define( "DB_USERNAME", "root" );
    define( "DB_PASSWORD", "" );
    define( "CLS_PATH", "class" );

    //include the classes
    include_once( CLS_PATH . "/user.php" );


?>

users.php (which has the functions for the system to work)

<?php

 class Users {
     public $username = null;
     public $password = null;
     public $salt = ""

     public function __construct( $data = array() ) {
         if( isset( $data['username'] ) ) $this->username = stripslashes( strip_tags( $data['username'] ) );
         if( isset( $data['password'] ) ) $this->password = stripslashes( strip_tags( $data['password'] ) );
     }

     public function storeFormValues( $params ) {
        //store the parameters
        $this->__construct( $params ); 
     }

     public function userLogin() {
         $success = false;
         try{
            $con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD ); 
            $con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
            $sql = "SELECT * FROM users WHERE username = :username AND password = :password LIMIT 1";

            $stmt = $con->prepare( $sql );
            $stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
            $stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
            $stmt->execute();

            $valid = $stmt->fetchColumn();

            if( $valid ) {
                $success = true;
            }

            $con = null;
            return $success;
         }catch (PDOException $e) {
             echo $e->getMessage();
             return $success;
         }
     }

     public function register() {
        $correct = false;
            try {
                $con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
                $con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
                $sql = "INSERT INTO users(username, password) VALUES(:username, :password)";

                $stmt = $con->prepare( $sql );
                $stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
                $stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
                $stmt->execute();
                return "Registration successful! <br/> <a href='index.php'>Login.</a>";
            }catch( PDOException $e ) {
                return $e->getMessage();
            }
     }

 }

?>

login.php

<?php 

include_once("config.php"); //include the settings/configuration
?>

//if user did not click the login button show the login form
<?php if( !(isset( $_POST['login'] ) ) ) { ?>

<!DOCTYPE htmude_once("config.php"); //include the settings/configuration
?>

//if user did not click the login button show the login form
<?php if( !(isset( $_POST['login'] ) ) ) { ?>

<!DOCTYPE html>
<html>
    <head>
        <title>Codecall Tutorials - Secured Login with php5</title>
        <link rel="stylesheet" type="text/css" href="style.css" />
    </head>

    <body>

        <header id="head" >
         <p>Codecall tutorials User Login</p>
         <p><a href="register.php"><span id="register">Register</span></a></p>
        </header>

        <div id="main-wrapper">
         <div id="login-wrapper">
             <form method="post" action="">
                 <ul>
                     <li>
                         <label for="usn">Username : </label>
                         <input type="text" maxlength="30" required autofocus name="username" />
                     </li>

                     <li>
                         <label for="passwd">Password : </label>
                         <input type="password" maxlength="30" required name="password" />
                     </li>
                     <li class="buttons">
                         <input type="submit" name="login" value="Log me in" />
                            <input type="button" name="register" value="Register" onclick="location.href='register.php'" />
                     </li>

                 </ul>
             </form>

            </div>
        </div>

    </body>
</html>

<?php 
//else look at the database and see if he entered the correct details
<?php 
} else {
    $usr = new Users;
    $usr->storeFormValues( $_POST );

    if( $usr->userLogin() ) {

    header("Location:personal.php");



    } else {
        echo "Incorrect name /password.";   
    }
}
?>

This is 'stock' code with no modification.What I tried to implement is that after a username logs in , he will be redirected to the following pages BASED ON DATABASE , "clients" table userID.
So: if username is George (id=35) upon successful login, he will be redirected to "admins.php" .If his name is Troll (id=5), upon succesfull login he will be redirected to "personal.php".I will be setting the admin's id's manually in the script.
Thank you for taking interest in my problem.

  • 3 Contributors
  • 3 Replies
  • 572 Views
  • 1 Hour Discussion Span
  • Latest Post Latest Post by Ozzzi
Member Avatar for paulkd

You don't actually say what your problem is - are you looking for SQL code or do you have an error message?

switch($id) {
    case: 5 :
        header('location: /personal.php');die;
        break;
    case 35 :
        header('location: /admins.php');die;
        break
    }
}
Member Avatar for tpunt

Within your Users class, you could implement a handling method that returns the required page based upon the user ID. The method could look something like the following:

Class Users
{
    private $adminIDs = [1, 2];

    /* class methods here */

    public function whereToGo($userID)
    {
        if(in_array($userID, $this->adminIDs, TRUE)) {
            return 'admins.php';
        }
        return 'personal.php';
    }
}

Then within the client-calling code, you would modify the header relocation to the following:

header("Location:{$usr->whereToGo($userID)}");

How you get the user ID is up to you. I personally would get it within your userLogin function since you're returning the entire tuple from the parametrised query (with the asterisk wild card). From there, you could assign it to a property within your class, which would allow you to omit the single argument within the whereToGo() function.

Edited by tpunt
Member Avatar for Ozzzi

Yes , I'm looking how to implement the code .I'm really sorry for asking what you think they are 'basic things' but I'm really trying to learn ..in a short time.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.