Time is Money (part 1) - Open Sesame (
Page 5 of 9 )
With the database
designed and out of the way, it's time to actually start writing some code.
First up, the user login process, and the scripts which verify the user's
password and grant him access to the system.
Here's the initial login
form, "index.html".
<table border="0" cellspacing="5" cellpadding="5">
<form action="login.php" method="post">
<tr>
<td>Username</td>
<td><input type="Text" name="frmuser" size="15"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="frmpass" size="15"></td>
</tr>
<tr>
<td colspan="2" align="CENTER"><input type="Submit" name="submit"
value="Enter"></td>
</tr>
</form>
</table>
Here's what it looks like:
Once the form is submitted, the data is processed by
"login.php", which connects to the database to verify the username and password
against the "users" table.
<?
// login.php - verifies user login
// includes
include("config.php");
include("functions.php");
// check login and password
// connect and execute query
$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to
connect!");
$query = "SELECT uid, uperms from users WHERE uname = '$frmuser' AND upass
= PASSWORD('$frmpass')";
$result = mysql_db_query($database, $query, $connection) or die ("Error in
query: $query. " . mysql_error());
// if row exists - login/pass is correct
if (mysql_num_rows($result) == 1)
{
// initiate a session
session_start();
// register the user's ID and permission level
session_register("SESSION_UID");
session_register("SESSION_UPERMS");
list($uid, $uperms) = mysql_fetch_row($result);
$SESSION_UID = $uid;
$SESSION_UPERMS = $uperms;
// redirect to main menu page
header("Location:menu.php");
mysql_free_result ($result);
// close connection
mysql_close($connection);
}
else
// login/pass check failed
{
mysql_free_result ($result);
mysql_close($connection);
// redirect to error page
header("Location: error.php?ec=0");
exit;
}
?>
Assuming the username and password is correct, the script
initiates a session, and registers two session variables, $SESSION_UID (which
contains the user's ID) and $SESSION_UPERMS (which contains the user's
permission level). These variables will remain available throughout the session,
and will be used in many of the subsequent scripts. The script then redirects
the browser to "menu.php", which sets up the main menu for the system, via an
HTTP header.
A login failure will redirect the browser to the generic
error handler, "error.php", with an error code indicating the type of error.
I'll be using this error handler extensively, to handle the different types of
errors possible.
It is important to note that calls to header() and
session_start() must take place before *any* output is sent to the browser. Even
something as minor as whitespace or a carriage return outside the PHP tags can
cause these calls to barf all over your script.
Finally, the include()d
files, "config.php" and "functions.php", contain variables and functions which
will be used throughout the application. The most important of these are the
database name, user name and password, which are stored in "config.php" - take a
look:
<?
// config.php - useful variables/functions
// database parameters
// alter this as per your configuration
$database="timesheet";
$user = "time_agent";
$pass = "gs645kaf";
$hostname = "localhost";
?>
