To keep this from being a book, I am not going to explain everything in this post. There will be three files included to make this bad boy work, two supporting and one with the meat. The first supporting file will contain the database login information:
|
1 2 3 4 5 6 7 8 |
<?php $dbHost = "localhost"; //machine that hosts database $dbUser = ""; //database user $dbPass = ""; //database user password $dbDB = ""; //database name ?> |
The second supporting file with contain a custom class with some functions:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
<?php class dbClass { public $objDB; public function __construct($dbHost, $dbUser, $dbPass, $dbDB) { $this->objDB = new mysqli($dbHost, $dbUser, $dbPass, $dbDB); if ($this->objDB->connect_errno) { echo "Connect failed: %s\n", $this->objDB->connect_error; exit(); } } public function AuthenticateUser($strUsername, $strPassword) { $strSQL = "SELECT * FROM tbSiteUsers WHERE name = ? AND password = md5(?) LIMIT 1"; $objStatement = $this->objDB->prepare($strSQL); $objStatement->bind_param("ss",$strUsername, $strPassword); $objStatement->execute(); $objResult = $objStatement->get_result(); $objReturn = array(); while($objRow = $objResult->fetch_assoc()) { $objReturn[] = $objRow; } return $objReturn; } public function CloseDB() { $this->objDB->close(); } } ?> |
Finally we have the meat of it. Do note that in this example I am taking the posted values from a form and using those as my variables:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 |
<?php session_start(); include("dbClass.php"); include("config.php"); include("head.php"); $strErrorMsg = ""; $strUsername = ""; if(!empty($_POST["username"])) { $strUsername = $_POST["username"]; } $strPassword = ""; if(!empty($_POST["password"])) { $strPassword = $_POST["password"]; } if(($strUsername != "") && ($strPassword != "")) { $varDB = new dbClass($dbHost, $dbUser, $dbPass, $dbDB); $varUser = $varDB->AuthenticateUser($strUsername, $strPassword); $varDB->CloseDB(); if(count($varUser) == 1) { $_SESSION["UserID"] = $varUser[0]["name"]; }else { $strErrorMsg = "<div class=\"alert alert-danger\" role=\"alert\">\n"; $strErrorMsg .= " <strong>Oh snap!</strong> Username and/or password incorrect\n"; $strErrorMsg .= "</div>\n"; } } if(empty($_SESSION["UserID"]) == true) { //bunch of html for form. Bootstrap stuffs not included in this post echo "<body class=\"text-left\">\n"; echo " <div class=\"py-5\">\n"; echo " <div class=\"container\">\n"; echo " <div class=\"row\">\n"; echo " <div class=\"col-md-12\"> </div>\n"; echo " </div>\n"; echo " <div class=\"row\">\n"; echo " <div class=\"col-md-12\">\n"; echo " <h1 class=\"text-center display-4 m-5\">\n"; echo " <u>Authentication Test</u>\n"; echo " </h1>\n"; echo " </div>\n"; echo " </div>\n"; echo " <div class=\"row\">\n"; echo " <div class=\"col-md-4\"></div>\n"; echo " <div class=\"col-md-4\">\n"; echo $strErrorMsg; echo " <form action=\"index.php\" method=\"post\" class=\"\">\n"; echo " <div class=\"form-group\"> <label>Username</label>\n"; echo " <input type=\"text\" class=\"form-control\" placeholder=\"Enter username\" name=\"username\"> </div>\n"; echo " <div class=\"form-group\"> <label>Password</label>\n"; echo " <input type=\"password\" class=\"form-control\" placeholder=\"Enter password\" name=\"password\"> </div>\n"; echo " <button type=\"submit\" class=\"btn btn-info\">Login</button>\n"; echo " </form>\n"; echo " </div>\n"; echo " <div class=\"col-md-4\"></div>\n"; echo " </div>\n"; echo " </div>\n"; echo " </div>\n"; }else { //a bunch of html for success echo "<body class=\"text-left\">\n"; echo " <div class=\"py-5\">\n"; echo " <div class=\"container\">\n"; echo " <div class=\"row\">\n"; echo " <div class=\"col-md-12\"> </div>\n"; echo " </div>\n"; echo " <div class=\"row\">\n"; echo " <div class=\"col-md-12\">\n"; echo " <h1 class=\"text-center display-4 m-5\">\n"; echo " <u>Success!</u>\n"; echo " </h1>\n"; echo " </div>\n"; echo " </div>\n"; echo " <div class=\"row\">\n"; echo " <div class=\"col-md-4\"></div>\n"; echo " <div class=\"col-md-4\">\n"; echo " </div>\n"; echo " <div class=\"col-md-4\"></div>\n"; echo " </div>\n"; echo " </div>\n"; echo " </div>\n"; } include("foot.php"); ?> |