Login and Logout Authentication for a Project Management Application (
Page 1 of 4 )
In this article we continue to look at the login and logout scripts of the project management application. We ended the previous article by looking at the PHP code of the login script. In this article we will be looking at the HTML login form and the logout script.To quickly recap: the login script is responsible for authenticating a user's log-in credentials. It takes the user's username and password, and compares them to the information in the database. Here’s the code that makes that comparison; I’ve already explained in detail what the code means in the previous article and will not do it here.
<?php
include "dbcon.php";
include "functions.php";
//initialise variables
$err=false;
$errmsg=””;
//is form submitted?
if(isset($_POST['submit'])){
//check that the form values are not empty, if so, set errormsg value
if(empty($_POST['uname'])){
$errmsg="The username field is empty, please enter a username<br>";
$err=true;
}
if(empty($_POST['upass'])){
$err=true;
$errmsg .="The password field is empty, please enter password<br>";
}
//check that the username is in correct format
if(!checkformat($_POST['uname'])){
$err=true;
$errmsg .="The username that you entered has a incorrect format.<br>";
}
//if there is no errors above, then clean the form values before using in query.
if(!$err){
$cleanuname = mysql_escape_string($_POST['uname']);
$cleanupass = mysql_escape_string($_POST['upass']);
$checkuser = "SELECT * from users WHERE uname = '".$cleanuname."' AND upass = '".$cleanupass."'";
$checkuser_res = mysql_query($checkuser);
$checkuser_num = mysql_num_rows($checkuser_res);
if($checkuser_num > 0){
//if user exists and passes authentication
//setup session variables and redirect to index page
$row = mysql_fetch_assoc($checkuser_res);
$_SESSION['name'] = $row['name']." ".$row['sname'];
$_SESSION['uid'] = $row['uid'];
$_SESSION['level'] = $row['level'];
//redirect
header("location:main.php");
}else{
//if values do not match set errmsg
$err=true;
$errmsg .="The username or password you entered does not match.<br> MYSQL ERROR ".mysql_error();
}//else
}//end $err check
} //end form submit check
The user's login information is stored in a MySQL database table called “users” and contains all the information that the project management application will need to manage the user. Below is the SQL for the table; as with the earlier code, I’ve already explained what each field is for. Check the previous article for more information.
CREATE TABLE `users` (
`uid` int(11) NOT NULL auto_increment,
`name` varchar(20) NOT NULL default '',
`sname` varchar(20) NOT NULL default '',
`uname` varchar(100) NOT NULL default '',
`upass` varchar(8) NOT NULL default '',
`level` enum('admin','normal') NOT NULL default 'normal',
`last_login` datetime NOT NULL default '0000-00-00 00:00:00',
`email` varchar(100) NOT NULL default '',
PRIMARY KEY (`uid`)
) TYPE=MyISAM AUTO_INCREMENT=5 ;
That is basically all there is to the login part of user authentication.
/ 9 
