Announcement

Collapse
No announcement yet.

Login and Logout Code

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Login and Logout Code

    Hey, I'm currently writing the backend for a personal homepage system and I'm tinkering with the log in and logout code. Can anyone spot any obvious mistakes, or see any improvements that can be made?

    Code:
     
     
    <?php//login.php
    
    // Include the global file to set up all necessary
    
    include('./global.php');
    
    // Function for logging users out.
    
    function logout($userid)
    
    {
    
    if (!isset($userid) or !is_int($userid))
    
    {
    
    // Call to error checking here, guests can't logout
    
    }
    
    elseif (isset($userid) && is_int($userid))
    
    {
    
    //Log the user out here
    
    session_unset();
    
    session_destroy();
    
    // Kill all session information before moving on.
    
    header("Location: $homepageurl"); //maybe a redirect page?
    
    // redirect them to the main page
    
    }
    
    }
    
    // Function for logging users in.
    
    function login($username)
    
    {
    
    //Be careful that session info isn't carried over here from guest users.
    
    session_unset(); //clear session info if any exists
    
    session_destroy(); //destroy all existing sessions
    
    $username=$HTTP_POST_VARS['username']; //Take the username from the form - POST only
    
    $password=md5($HTTP_POST_VARS['password']); //Take the password and md5 it
    
    $sql="SELECT userid,username,password,usergroupid FROM users WHERE username='$username' AND password='$password'";
    
    // Set up query to check for matches in the database.
    
    $query=mysql_query($sql);
    
    // Perform query
    
    $resultcheck=mysql_num_rows($query);
    
    // Ask MySQL how many results it had.
    
    if ($resultcheck!=1)
    
    {
    
    // No users match, place code to handle that in here
    
    }
    
    elseif ($resultcheck==1)
    
    {
    
    //User successfully found with username and pass match,
    
    //carry on with the login.
    
    session_start();
    
    session_register("userinfo");
    
    $userinfo=array(
    
    "userid" => "$userid", // Set userid no.
    
    "username" => "$username", //Set username info into session variable array
    
    "password" => "$password", //Set password hash
    
    "usergroupid" => "$usergroupid"//Set usergroupid
    
    );
    
    // redirect to homepage after logging in.
    
    }
    
    }
    
    ?>
    
    

  • #2
    This isnt the place to ask, try vBulletin.org

    Comment


    • #3
      It's not a hack, it's just a general PHP related project I'm working on.

      Comment


      • #4
        It might be a little late, but you're using is_int() wrong (assuming $id is form data); all form data is a string!

        If you want to test whether form data is numeric, use is_numeric() -- that error might be throwing your whole script off.

        Comment

        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
        Working...
        X