Building a Logout Class - Testing the Classes

(Page 4 of 4 )

Let's test the login/logout classes and see if they work. Create a new PHP document and add the following code. I've commented on the code that I used here so it should be easy to understand:

<?php
error_reporting(E_ALL &~E_NOTICE);
// First load the DB.php class from PEAR
require_once 'DB.php';
// Now load our DBAL class
require_once('../DB/db.class.php');
//load the config file for the login class
require_once('config/login.conf.php');
//finally load the login class itself.
require_once('login.class.php'); /*
$emails =mysql_escape_string($_POST['email']);
$pass=mysql_escape_string($_POST['pass']); */
if(isset($_POST['sub'])){
  $emails=$_POST['email'];
  $pass=$_POST['pw'];
  $dp=$dbpath;
  echo "<b>Contents of db connection variable:</b>";
  print_r($dp);
  echo '<br>';
  $a = new authorization($emails,$dp,$pass);
  $y = $a->check_user();
  if($y){
    $myid=$a->getid();
    $myname=$a->getname();
    echo "<b>Userid:</b> ".$myid." <b>Username: </b>".$myname;
    echo '<table>
    <tr>
      <td><a
href="../../app_fwork/authorize/logout.class.php">Logout</a></td>
    </tr>';
    echo '</table>';
  }else{
    $err=$a->showerror();
    echo $err."ERR";
  }
  exit;
}
?>
<html>
<head></head>
 <body>
  <form id="form1" name="form1" method="post" action="<? $_SERVER
['PHP_SELF']?>">
    <table width="100%" border="0">
      <tr>
        <td colspan="2"><center>Please login below:</center></td>
      </tr>
      <?php if(!empty($errmsg)){ ?>
      <tr>
        <td width="10%" bgcolor="#FF0000"><b>ERROR!</b></td>
        <td width="90%"><?php echo $errmsg;?></a></td>
      </tr>
<?php } ?>
<?php if(isset($lmsg)){ ?>
      <tr>
        <td width="10%" ><b>Logout message</b></td>
        <td width="90%"><?php echo "You've been logged out.'";?
></td>
      </tr>
<?php } ?>
      <tr>
        <td><b>Email:</b></td>
        <td><input name="email" type="text" class="input200"
id="email" value="mubasen.gaseb@damaranet.com" size="50"/></td>
      </tr>
      <tr>
        <td><b>Password:</b></td>
        <td><label>
          <input name="pw" type="password" class="input200"
id="pw" value="pass" />
          <input name="sub" type="hidden" value="sub" />
        </label></td>
      </tr>
      <tr>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td>&nbsp;</td>
        <td><a
href="../../app_fwork/authorize/logout.class.php"></a></td>
      </tr>
      <tr>
        <td><a
href="../../app_fwork/DB/validate.class.php"></a></td>
        <td><label>
          <input type="submit" name="Submit" value="Login" />
        </label></td>
      </tr>
    </table>
   </form>
</body>
</html>

The HTML form collects the username and password and then compares it with the information in the database. This is done through the checkuser() function defined in the login class. Upon successful authentication the username and id are displayed together with the contents of the connection variable. The id of the user is received through the getid() function of the login class; similarly, the username is received through the getname() function. Below is a screenshot of the login test:

Conclusion

There's a couple of things that I haven't done here in terms of security. The first is that I did not hash the passwords that are stored in the database, so please make sure that you implement this safety measure. Use either MD5() or Crypt() to encrypt the passwords. If there are other things that I have not done correctly than please, by all means, correct them before using the code. It is also a good idea to keep both the login application and users table separate from the other applications and databases. The users table should be in a separate database from the rest of the tables.

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

Comments On: Building a Logout Class

>>> Be the FIRST to comment on this article!