Login and Logout Authentication for a Project Management Application

(Page 1 of 4 )

In this article we continue to look at the login and logout scripts of the project management application. We ended the previous article by looking at the PHP code of the login script. In this article we will be looking at the HTML login form and the logout script.

To quickly recap: the login script is responsible for authenticating a user's log-in credentials. It takes the user's username and password, and compares them to the information in the database. Here’s the code that makes that comparison; I’ve already explained in detail what the code means in the previous article and will not do it here. 

<?php

include "dbcon.php";

include "functions.php";

//initialise variables

$err=false;

$errmsg=””;

//is form submitted?

if(isset($_POST['submit'])){

//check that the form values are not empty, if so, set errormsg value

if(empty($_POST['uname'])){

$errmsg="The username field is empty, please enter a username<br>";

$err=true;

}

if(empty($_POST['upass'])){

$err=true;

$errmsg .="The password field is empty, please enter password<br>";

}

//check that the username is in correct format

if(!checkformat($_POST['uname'])){

$err=true;

$errmsg .="The username that you entered has a incorrect format.<br>";

}

//if there is no errors above, then clean the form values before using in query.

if(!$err){

$cleanuname = mysql_escape_string($_POST['uname']);

$cleanupass = mysql_escape_string($_POST['upass']);

$checkuser = "SELECT * from users WHERE uname = '".$cleanuname."' AND upass = '".$cleanupass."'";

$checkuser_res = mysql_query($checkuser);

$checkuser_num = mysql_num_rows($checkuser_res);

if($checkuser_num > 0){

//if user exists and passes authentication

//setup session variables and redirect to index page

$row = mysql_fetch_assoc($checkuser_res);

$_SESSION['name'] = $row['name']." ".$row['sname'];

$_SESSION['uid'] = $row['uid'];

$_SESSION['level'] = $row['level'];

//redirect

header("location:main.php");

}else{

//if values do not match set errmsg

$err=true;

$errmsg .="The username or password you entered does not match.<br> MYSQL ERROR ".mysql_error();

}//else

}//end $err check

} //end form submit check

The user's login information is stored in a MySQL database table called “users” and contains all the information that the project management application will need to manage the user. Below is the SQL for the table; as with the earlier code, I’ve already explained what each field is for. Check the previous article for more information.

CREATE TABLE `users` (

`uid` int(11) NOT NULL auto_increment,

`name` varchar(20) NOT NULL default '',

`sname` varchar(20) NOT NULL default '',

`uname` varchar(100) NOT NULL default '',

`upass` varchar(8) NOT NULL default '',

`level` enum('admin','normal') NOT NULL default 'normal',

`last_login` datetime NOT NULL default '0000-00-00 00:00:00',

`email` varchar(100) NOT NULL default '',

PRIMARY KEY (`uid`)

) TYPE=MyISAM AUTO_INCREMENT=5 ;

That is basically all there is to the login part of user authentication.

Next: The HTML Form >>
 

More PHP Articles
More By David Web

Comments On: Login and Logout Authentication for a Project Management Application

· Tables for layout? Not a single class, object or function? This might have been fine...    · It would have been good to post what checkformat () contains for other users, also I...    · Unless I am seriously mistaken you use a style sheet for formatting but forgot to...   >>> Post your comment now!