Need help with login form

Beginners - Learning PHP
#1

NOTE TO MODERATORS: I didn’t notice the register button so I posted something similar as a guest. Please ignore that post.

I am trying to modify an existing login class to check if a user is approved. There currently already exists a column in the database called ‘status’ but it is currently always populated with 1 (1=y) and I have made some other changes to make it so 0 = no but can’t figure out how to validate this and send a user to index.php?login=approval instead of index.php?login=success

The code is below, could somebody assist with adding a condition where if status != 1 the user is sent to index.php?login=approval instead of the main page? I’ve already setup the approval page I just can’t figure out how to direct people there.

[php]<?php
class Login{
function Login(){
}

function new_user($user_name, $password, $confirm) {
	global $crypto;
	$confirm = $this->no_injections($confirm);
	$password = $this->no_injections($password);
	$user_name = $this->no_injections($user_name);
	if($confirm === $password && $this->confirm_user($user_name)){			
		$this->juice = substr($crypto->encrypt((uniqid(mt_rand(), true))), 0, 10);
		$this->secure_password = $crypto->encrypt($this->juice . $crypto->encrypt($password));
		$this->store_user($user_name);
	}
}

function store_user($user_name) {
	global $db_prefix;
	$juicey = $this->juice;
	$user_password_SQL_raw = "INSERT INTO " . $db_prefix . "users SET userName = '".$user_name."', password = '".$this->secure_password."', juice = '".$juicey."'";
	$user_password_SQL_result = mysql_query($user_password_SQL_raw);
}

function validate_password() {
	global $crypto;
	$user_name = $this->no_injections($_POST['username']);
	$password = $this->no_injections($_POST['password']);
	$user = $this->get_user($user_name);
	if (isset($user) && strlen($password) > 0 && $user->password == $crypto->encrypt($user->juice . $crypto->encrypt($password))) {
		$_SESSION['logged'] = 'yes';
		$_SESSION['loggedInUser'] = $user->userName;

// $_SESSION[‘level’] = md5($user->user_level);
header(‘Location: index.php?login=success’);
}else {
$_SESSION = array();
header(‘Location: login.php?login=failed’);
}
}

function get_user($user_name) {
	global $db_prefix;
	$get_user_SQL = "SELECT * FROM " . $db_prefix . "users WHERE userName = '" . $user_name . "' and status = 1";
	$result = mysql_query($get_user_SQL);
	$user_info = mysql_fetch_object($result);
	return $user_info;
	
}

function get_user_by_id($user_id) {
	global $db_prefix;
	$get_user_SQL = "SELECT * FROM " . $db_prefix . "users WHERE userID = '" . $user_id . "' and status = 1";
	$result = mysql_query($get_user_SQL);
	$user_info = mysql_fetch_object($result);
	return $user_info;
}

function confirm_user($old_user){
	$new_user = $this->get_user($old_user);
	if($new_user == null){
		return true;		
	}else{
		return false;
	}
}

function no_injections($username){
	$injections = array('/(\n+)/i','/(\r+)/i','/(\t+)/i','/(%0A+)/i','/(%0D+)/i','/(%08+)/i','/(%09+)/i');
	$username = preg_replace($injections,'',$username);
	$username = trim($username);
	return $username;
}

function logout(){
	$_SESSION = array();
}

}
?>[/php]

#2

Surely you wouldn’t put the redirect in the class itself?

Why don’t you just make another function called check_status or validate_status in that class? Make it query the database to check if the status is more than 0 and if so return true or false (whichever you prefer) and then redirect depending on the result in your main page. Having someone write your code for you isn’t going to help you learn the logic.

#3

I tried that and got a loop error message. Perhaps I didn’t do it correctly.

I was going to put the ‘redirect’ here as I assumed it would fit along with login pass/fail (User/PW check) - I figured this was the correct place to put it as it’s yet another condition/scenario of a successful login.

#4

You COULD put it in your class, but that wouldn defeat the purpose also what loop?

Try something like this:
[php]function check_status($user_name){
$result = mysql_query(‘SELECT status FROM whatever WHERE username = ‘$user_name’ AND status < 1’);
if(mysql_num_rows($result) > 0){
return true;
}
}
[/php]

whatever other file
[php]if($Login->check_status($user_name) == true){
//insert redirect code
}[/php]

#5

Thank you spring.

That helped and also pointed out to me I had already made a mistake. I think I can fix the issue and move on now.

Sponsor our Newsletter | Privacy Policy | Terms of Service