others have given good advice, but let's learn to walk before we run shall we.
1. session_start() should be called once per request. 2. checkValidUser() does a select on all the users in the database, this is *wrong* - do a select with a suitable WHERE clause the retrieves the one user that matches the given user name and password. 3. GetAccessLevel() uses an undefined property. 4. all the properties ($UserID, $AdminLevel, etc) are only set during the request where the user's login credentials are checked. subsequent requests will not have that info. 5. use php5? 6. go back and read the other replies regarding seperation of responsibilities and encapsulation. nihilism machine schreef:
I wrote an authentication class in php4. The sessions dont seem to be working with internet explorer, just with FF. here is the code below, a cookies notice pops up when you try and login:<?php class auth { var $UserID; var $AdminLevel; var $FirstName; var $LastName; var $DateAdded; var $MobileTelephone; var $LandLineTelephone; // Connect to the database function auth() {mysql_connect('','','') or die('ERROR: Could not connect to database');mysql_select_db('') or die('ERROR: Could not select database'); } // Attempt to login a user function CheckValidUser($Email,$Password) { $result = mysql_query('SELECT * FROM Users'); $Password = $this->encode($Password); if (mysql_num_rows($result) != 0) { while($row = mysql_fetch_assoc($result)) { if (!strcmp($row['Email'],$Email)) { if (!strcmp($row['Password'],$Password)) { // User info stored in Globals $this->UserID = $row['ID']; $this->AdminLevel = $row['Admin_Level']; $this->FirstName = $row['First_Name']; $this->LastName = $row['Last_Name']; $this->DateAdded = $row['Date_Added']; $this->MobileTelephone = $row['Telephone_Mobile'];$this->LandLineTelephone = $row['Telephone_Land_Line'];// User info stored in Sessions session_start(); $_SESSION['Status'] = "loggedIn"; $_SESSION['Email'] = $row['Email']; $_SESSION['AdminLevel'] = $row['Admin_Level'];$_SESSION['LandLine'] = $row['Telephone_Land_Line']; $_SESSION['MobileTelephone'] = $row['Telephone_Mobile'];$_SESSION['FirstName'] = $row['First_Name']; $_SESSION['LastName'] = $row['Last_Name']; return true; } } } header("Location: index.php?error=invalidLogin"); } else { die('ERROR: No Users in the database!'); } }// Create a new user account function CreateUser($Email, $Password, $AdminLevel, $LandLineTelephone, $MobileTelephone, $FirstName, $LastName) {$Password = $this->encode($Password); $this->AccessLevel = $AdminLevel; $DateAdded = date("Y-m-d H:i:s");mysql_query("INSERT INTO Users (Email, Password, Admin_Level, Date_Added, First_Name, Last_Name, Telephone_Land_Line, Telephone_Mobile) VALUES ('$Email','$Password','$AdminLevel', '$DateAdded', '$FirstName', '$LastName', '$LandLineTelephone', '$MobileTelephone')") or die(mysql_error());return $this->UserID = mysql_insert_id(); } // Update a users access level function UpdateAccessLevel($ID,$AdminLevel) {mysql_query("UPDATE Users SET Admin_Level='$AdminLevel' WHERE ID=$ID") or die(mysql_error());return true; } // Delete a user function DeleteUser($ID) {mysql_query("DELETE FROM Users WHERE ID=$ID") or die(mysql_error());return true; } // Get a users access level function GetAccessLevel() { return $this->AccessLevel; } // Get a users ID function GetUserID() { return $this->UserID; }// Log user outfunction LogOut() { session_start(); session_unset(); session_destroy(); header("Location: index.php"); }// Check users access level to see if they have clearance for a certain pagefunction CheckUserLevel($RequiredLevel) { if ($_SESSION['AdminLevel'] < $RequiredLevel) { if ($_SESSION['AdminLevel'] == 2) { header("Location: financial.php"); } else if ($_SESSION['AdminLevel'] == 1) { header("Location: user.php"); } else { header("Location: index.php"); } } }// Check to see if a user is logged infunction CheckLoggedIn() { session_start(); if ($_SESSION['Status'] != "loggedIn") { header("Location: index.php"); } } // Private Methodsfunction encode($str) {return md5(base64_encode($str)); } } ?>
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
