Check Login Process/Error

justlukeyou · September 12, 2012, 9:11pm

Hi,

I am trying add a checklogin code to a registration page so that someone can add details into a database to create a profile and then the site checks if they are logged in. However when I add the checkLogin code it creates the following error:

Call to undefined function checkLogin()

Can anyone advise how this process works? Does someone need to enter their information and then clck a confirmation link on a email before the checklogin code works?

Can anyone advise how I can develop this code so it checks if someone is logged in?

My plan is to centralise the checklogin code to the homepage, should I be doing that?

<?php
$loggedIn = checkLogin();
?>
<?php

if($loggedIn) {
    echo "Welcome, ".$user['firstname'].". <a href=\\"logout.php\\">Logout</a>.";
} else {
    echo "Please <a href=\\"login.php\\">Login</a>.";
}

?>

<?php

if(isset($_POST['submit'])){
    $firstname = mysql_real_escape_string(trim($_POST['firstname']));
    $surname = mysql_real_escape_string(trim($_POST['surname']));
    $password = trim($_POST['password']);
	$password1 = mysql_real_escape_string(trim($_POST['password1']));
    $emailaddress = mysql_real_escape_string(trim($_POST['emailaddress']));

    if(!isset($firstname) || empty($firstname)) {
        $error = "Please enter your First Name.";
    }
	
	if(!isset($surname) || empty($surname)) {
        $error = "Please enter your Surname.";
    }

    if((!isset($password) || empty($password)) && !$error) {
        $error = "You need to enter a password.";
    }
    if((!isset($password1) || empty($password1)) && !$error) {
        $error = "You need to enter your password twice.";
    }
    if($password != $password1 && !$error) {
        $error = "The passwords you entered did not match.";
    }


    if((!isset($emailaddress) || empty($emailaddress)) && !$error) {
        $error = "Please enter an email address.";
    }

$emailAddress = filter_var($_POST['emailaddress'], FILTER_VALIDATE_EMAIL);
if (!$emailAddress)
{
  $error = 'Please enter your email address in a valid format.  Example: bobsmith@companyname.com';
} 	
	
    $query = mysql_query("SELECT userid FROM organisermembers WHERE emailaddress = '".$emailaddress."' LIMIT 1");
    if(mysql_num_rows($query) > 0 && !$error) {
        $error = "Sorry, that email is already in use!";
    }
	

    if(!$error) {
        $query = mysql_query("INSERT INTO organisermembers (firstname, surname, password, emailaddress) VALUES ('".$firstname."', '".$surname."', '".mysql_real_escape_string(md5($password))."', '".$emailaddress."')");
        if($query) {
            $message = "Hello ".$_POST['firstname'].",\\r\
\\r\
Thanks for registering with us! We hope you enjoy your stay.\\r\
\\r\
 Many Thanks,\\r\
us.com";
            $headers = "From: ".$website['name']." <".$website['emailaddress'].">\\r\
";
            mail($_POST['emailaddress'], "Welcome", $message, $headers);
            setcookie("user", mysql_insert_id(), $time);
            setcookie("pass", mysql_real_escape_string(md5($password)), $time);
            header("Location: registerorganiser.php");
        } else {
            $error = "There was a problem with the registration. Please try again.";
        }
    }
}

?>

jgetner · September 12, 2012, 9:26pm

Can you provide the code for the checkLogin function?. Currently that error you explained means that the function is not defined in the current scope of the script running.

But basically a checkLogin function i would use would check a session for the users data. If that does not exits the user is not logged in. So once the user is logged in you must have a way of saving the users data in a temporary state so you can reference the data as needed through the users lifetime on your website. Few options most commonly sessions are used but can be a security headache. Other options are caching the data, using a key/value database such as redis/predis.

I hope this helps you understand what is needed.

justlukeyou · September 12, 2012, 9:34pm

Many thanks, its becoming clearer but I dont have anymore of the checkLogin function. I dont know how it should appear or how I can get the correct function. I have done Google searches but anything reliable.

Should it be something like this?

function Login()
{
    if(empty($_POST['username']))
    {
        $this->HandleError("UserName is empty!");
        return false;
    }
    if(empty($_POST['password']))
    {
        $this->HandleError("Password is empty!");
        return false;
    }
    $username = trim($_POST['username']);
    $password = trim($_POST['password']);
    if(!$this->CheckLoginInDB($username,$password))
    {
        return false;
    }
    session_start();
    $_SESSION[$this->GetLoginSessionVar()] = $username;
    return true;
}

justlukeyou · September 13, 2012, 8:55pm

Hi,

Does anyone have any suggestions on how I can progress this plesae?