Get the username from a login php script
Question
I'm using a login script that I have found in Innvo.com , they do not answer... I have modified a little bit this code though, I need to retrieve the username value at the login page and I can not find the way... first I will put the code of the file (login.php) with all the classes that take care of the login, then the code that should go in the login page (access.php), where I need to retrieve the username of the logged user... thanks
FILE: login.php
// Some pre-defined constants to indicate the login state
define('LOGIN_NOERROR',0);
define('LOGIN_USER_CREDENTIALS',-1);
define('LOGIN_USER_EXISTS',-2);
define('LOGIN_USER_NONEXISTS',-3);
define('LOGIN_PASSWORD_LINKSENT',-4);
define('LOGIN_PASSWORD_BADMATCH',-5);
define('LOGIN_PASSWORD_TOOSHORT',-6);
define('LOGIN_PASSWORD_LINKEXPIRED',-7);
define('LOGIN_SESSION_EXPIRED',-8);
define('LOGIN_AWAITS_APPROVAL',-9);
class auth {
private $db = null; // Database object
private $baseurl = 'https://exemple.com/recover.php'; // a URL that will have this script included. Used for password reset emails which require a hyperlink
private $hashfunction = 'sha256'; // Hash function used, this is always computed by PHP due to mysql versions giving binary & non-binary outputs depending on its version
private $hashlength = 32; // Length of $this->hashfunction output in binary format
private $secret = 'LDGH$$$$$'; // A secret salt used in passwords alongside user-specific salts, change this
public $account = array(); // User details on successful login
private $errors = array( // Error array for when there is a UI issue for the user
LOGIN_NOERROR=>'',
LOGIN_USER_CREDENTIALS=>'<br /><h3 style="margin-left: 20px;">Usuari i/o contrasenya incorrectes!</h3>',
LOGIN_USER_EXISTS=>'<br /><h3 style="margin-left: 20px;">Aquest usuari ja existeix al sistema!</h3>',
LOGIN_USER_NONEXISTS=>'<br /><h3 style="margin-left: 20px;">Aquest usuari no existeix al sistema!</h3>',
LOGIN_PASSWORD_LINKSENT=>'<br /><h3 style="margin-left: 20px;">Li hem enviat un correu electrònic amb un enllaç per a restablir la contrasenya. Ha de seguir les instruccions que s\'esmenten al correu per a crear una contrasenya nova.</h3>',
LOGIN_PASSWORD_BADMATCH=>'<br /><h3 style="margin-left: 20px;">Les contrasenyes no coincideixen!</h3>',
LOGIN_PASSWORD_TOOSHORT=>'<br /><h3 style="margin-left: 20px;">Les contrasenyes han de tenir al menys 8 caràcters!</h3>',
LOGIN_PASSWORD_LINKEXPIRED=>'<br /><h3 style="margin-left: 20px;">L\'enllaç per a restablir la contrasenya ha caducat!</h3>',
LOGIN_SESSION_EXPIRED=>'<br /><h3 style="margin-left: 20px;">La seva sessió ha caducat!</h3>',
LOGIN_AWAITS_APPROVAL=>'<br /><h3 style="margin-left: 20px;">El seu compte espera l\'aprovació de l\'administrador del lloc, rebrà un correu quan això estigui fet!</h3>'
);
public $forms = array( // Unique HTMLforms used
'signin'=>array(
'fields'=>array(
'username'=>array('type'=>'text','placeholder'=>'Correu electrònic','icon'=>'envelope'),
'password'=>array('type'=>'password','placeholder'=>'Contrasenya','icon'=>'lock')
),
'submit'=>'Accedir',
'message'=>'<br /><h3 style="margin-left: 20px;">Introdueixi el seu correu electrònic i la seva contrasenya per accedir-hi</h3>'
),
'signup'=>array(
'fields'=>array(
'newusername'=>array('type'=>'text','placeholder'=>'Correu electrònic','icon'=>'envelope'),
'newnamelastname'=>array('type'=>'text','placeholder'=>'Nom i cognom','icon'=>'envelope'),
'newpassword'=>array('type'=>'password','placeholder'=>'Contrasenya','icon'=>'lock'),
'confirmnewpassword'=>array('type'=>'password','placeholder'=>'Confirmi la contrasenya','icon'=>'lock')
),
'submit'=>'Crear un compte nou',
'message'=>'<br /><h3 style="margin-left: 20px;">Si us plau, empleni tots els camps per a crear el seu compte.
És important que el correu sigui vàlid per a poder recuperar la contrasenya si fos el cas!</h3>'
),
'lost'=>array(
'fields'=>array(
'lostusername'=>array('type'=>'text','placeholder'=>'Correu electrònic','icon'=>'envelope')
),
'submit'=>'Envia\'m el correu',
'message'=>'<br /><h3 style="margin-left: 20px;">Introdueixi el seu correu electrònic per a rebre les instruccions de recuperació de la seva contrasenya</h3>'
),
'reset'=>array(
'fields'=>array(
'newpassword1'=>array('type'=>'password','placeholder'=>'Contrasenya','icon'=>'lock'),
'newpassword2'=>array('type'=>'password','placeholder'=>'Confirmi la contrasenya','icon'=>'lock')
),
'submit'=>'Restableix la contrasenya',
'message'=>'Estableixi una nova contrasenya pell seu usuari!'
)
);
// Initiate the database if its not connected already
public function __construct($dbobj = null) {
!$dbobj->connect_errno
or die("Failed to connect to MySQL: (" . $dbobj->connect_errno . ") " . $dbobj->connect_error);
$this->db = &$dbobj;
if(isset($_COOKIE['cddzck']) && $this->session_validate()) {
// Logged In here
if(isset($_GET['logout']))
$this->logout();
}
else {
// Sign in attempt
if(isset($_POST['username'],$_POST['password']))
$this->login($_POST['username'],$_POST['password']);
// Sign up attempt
else if(isset($_POST['newusername'],$_POST['newnamelastname'],$_POST['newpassword'],$_POST['confirmnewpassword']))
$this->user_add($_POST['newusername'],$_POST['newnamelastname'],$_POST['newpassword'],$_POST['confirmnewpassword']);
// Lost password, email submitted via form
else if(isset($_POST['lostusername']))
$this->password_reset_form($_POST['lostusername']);
// Lost password area
else if(isset($_GET['reset']) && $this->session_valid($_GET['reset'])) {
// Form not submitted
if(!isset($_POST['newpassword1'],$_POST['newpassword2']))
$this->session_check($_GET['reset'],'lostpassword');
// Form submitted
else
$this->password_reset($_GET['reset'],$_POST['newpassword1'],$_POST['newpassword2']);
}
// Login as user, for use within an admin area to impersonate a logged in user
// You should add in the session value yourself in the admin area using $this->session_add($userid,$type = 'login') and then login via this method/URI
else if(isset($_GET['cddzck']) && $this->session_valid($_GET['cddzck'])) {
if(($this->session_check($_GET['cddzck'],'login') == 0) && isset($this->account['id'])) {
setcookie("cddzck",$_GET['cddzck'],time() + 21600);
$this->redirect();
}
else
sleep(1);
}
// None shall pass (unless logged in...)
die($this->form(LOGIN_NOERROR,(isset($_GET['form']) && in_array($_GET['form'],array('signup','lost','reset')) ? $_GET['form'] : 'signin')));
}
}
// Add a session to the hash table
public function session_add($userid,$type = 'login') {
$hash = hash($this->hashfunction,bin2hex(openssl_random_pseudo_bytes($this->hashlength)));
$result = $this->query('INSERT IGNORE sessions (hash,sessiontype,userid,created)
VALUES (UNHEX(\''.$hash.'\'),\''.$type.'\','.$userid.',UNIX_TIMESTAMP())');
return $hash;
}
// Run this in a cron job once an hour to remove stale sessions and lost password requests
public function housekeeping() {
// Remove sessions older than 6 hours
// Remove password reset authentication strings after 1 hour
$this->query('DELETE FROM sessions
WHERE (sessiontype = \'login\' AND created < UNIX_TIMESTAMP() - 21600)
OR (sessiontype = \'lostpassword\' AND created < UNIX_TIMESTAMP() - 3600);');
}
// User is not logged in, display one of the forms
private function form($error,$formname) {
// Throttle failed attempts
if($formname == 'signin' && $error != 0)
sleep(1);
// Show a sign up or sign in link in the navigation
if($formname == 'signin')
$link = '<p><a href="?form=signup">Crear compte nou</a></p>';
else
$link = '<p><a href="'.$this->clean_uri().'">Accedir</a></p>';
// Get all form fields and buttons
$formfields = '';
foreach($this->forms[$formname]['fields'] as $name => $field)
$formfields .= sprintf('<div class="input-group input-group-lg">
<span class="input-group-addon"><i class="glyphicon glyphicon-%s blue"></i></span>
<input name="%s" type="%s" placeholder="%s" class="form-control">
</div>
',$field['icon'],$name,$field['type'],$field['placeholder']);
$formfields .= sprintf('<p class="center col-md-5"><button class="btn btn-primary" type="submit">%s</button></p><p> </p>',$this->forms[$formname]['submit']);
// Navigation links for sign up/sign in/forgot password
$navigation = '<ul class="nav navbar-nav navbar-left">
<li>'.$link.'</li>
<li><p><a href="?form=lost">Recuperar contrasenya</a></p></li>
</ul>';
// Form wrapped in bootstrap 3.0 HTML with variables inserted
$form = sprintf('<div class="well col-md-5 center login-box">
<div class="alert alert-info">%s </div>
<form method="post" action="?form=%s" class="form-horizontal">%s</form>
</div>',($error != 0 ? $this->errors[$error] : $this->forms[$formname]['message']),$formname.(isset($_GET['reset']) ? '&reset='.$_GET['reset'] : ''),$formfields);
// The above HTML is taken from a bootstrap template, you can place it into an existing template as such, using %s placeholders for the content area and navigation, for example.
// echo sprintf(file_get_contents('template.html'),$navigation,$form);
// otherwise, here is the raw output that is used
echo $navigation.'<hr>'.$form;
exit(0);
}
// User is trying to log in
private function login($username,$password) {
$result = $this->query('SELECT id,active,salt,password
FROM users
WHERE active = \'1\' AND username = \''.$this->db->real_escape_string($username).'\';');
// We fetch the row because MySQL's SHA2() functions returns either a binary of hex string format depending on version.
// For simplicity the comparison is made in PHP, though it's trivial to change this to save the roundtrip of data
if(!($this->account = $result->fetch_array(MYSQLI_ASSOC)))
die($this->form(LOGIN_USER_CREDENTIALS,'signin'));
else if($this->account['password'] != pack('H*',hash($this->hashfunction,$this->secret.$this->account['salt'].$password)))
die($this->form(LOGIN_USER_CREDENTIALS,'signin'));
// Successful login, you're about to be logged in and redirected
$this->query('UPDATE users
SET lastlogin = UNIX_TIMESTAMP()
WHERE id = '.$this->account['id']);
$hash = $this->session_add($this->account['id'],'login');
setcookie("cddzck",$hash,time() + 21600);
$this->redirect();
}
// Add a new user to the database and send the mail to awaits approval
private function user_add($username,$namelastname,$password,$password2) {
if($password != $password2) // Passwords do not match
die($this->form(LOGIN_PASSWORD_BADMATCH,'signup'));
elseif(strlen($password) < 8) // Password less than 8 characters
die($this->form(LOGIN_PASSWORD_TOOSHORT,'signup'));
$salt = openssl_random_pseudo_bytes($this->hashlength);
$hash = pack("H*",hash($this->hashfunction,$this->secret.$salt.$password));
$this->query('INSERT IGNORE users (created,username,namelastname,salt,password)
VALUES (UNIX_TIMESTAMP(),\''.$this->db->real_escape_string($username).'\',\''.$this->db->real_escape_string($namelastname).'\',\''.$this->db->real_escape_string($salt).'\',\''.$this->db->real_escape_string($hash).'\');');
if($this->db->affected_rows < 1)
die($this->form(LOGIN_USER_EXISTS,'signup'));
//ach $this->login($username,$password);
$emailcontents = sprintf("Nou usuari $username ($namelastname) esperant l'aprovació pel seu compte!");
$from = "CddZ-IAC";
$headers = "From: $from";
mail('andres@chandia.net','Nou usuari al CddZ esperant l\'aprovació!', $emailcontents, $headers, '-f ' . $from);
die($this->form(LOGIN_AWAITS_APPROVAL,'signin'));
}
// Reset a password, displays the reset password form if a valid authentication string is provided
private function password_reset_form($username) {
$result = $this->query('SELECT id
FROM users
WHERE username = \''.$this->db->real_escape_string($username).'\'');
if(!($row = $result->fetch_array(MYSQLI_ASSOC)))
die($this->form(LOGIN_USER_NONEXISTS,'lost'));
$hash = $this->session_add($row['id'],'lostpassword');
$emailcontents = sprintf("Benvolgut $namelastname, ha de seguir aquest enllaç per a restablir la seva contrasenya:\n\n%s?form=reset&reset=%s\n\nSalutacions!",$this->baseurl,$hash);
// Here you would send the reset link to an email address (the whole idea of ensuring this is the rightful owner of the account
// ... but for testing purposes , the output of the email is below
mail($username,'Restableixi la seva contrasenya', $emailcontents);
//echo "<hr>$emailcontents<hr>";
die($this->form(LOGIN_PASSWORD_LINKSENT,'reset'));
}
// On successful reset password link, allow the user to reset their password
private function password_reset($reset,$password,$password2) {
if(($error = $this->session_check($reset,'lostpassword')) < 0)
die($this->form($error,'reset'));
if($password != $password2)
die($this->form(LOGIN_PASSWORD_BADMATCH,'reset'));
elseif(strlen($password) < 8)
die($this->form(LOGIN_PASSWORD_TOOSHORT,'reset'));
$salt = openssl_random_pseudo_bytes($this->hashlength);
$hash = pack('H*',hash($this->hashfunction,$this->secret.$salt.$password));
$this->query('UPDATE sessions AS s
INNER JOIN users AS u ON s.userid = u.id
SET u.salt = \''.$this->db->real_escape_string($salt).'\',u.password = \''.$this->db->real_escape_string($hash).'\'
WHERE s.hash = UNHEX(\''.$reset.'\') AND s.sessiontype = \'lostpassword\'');
$this->query('DELETE FROM sessions
WHERE hash = UNHEX(\''.$reset.'\') AND sessiontype = \'lostpassword\'');
$this->login($this->account['username'],$password);
}
// Log out
private function logout() {
$this->query('DELETE FROM sessions
WHERE sessions.sessiontype = \'login\' AND sessions.hash = UNHEX(\''.$_COOKIE['cddzck'].'\');');
setcookie("cddzck","",time() - 3600);
$this->redirect();
}
private function redirect() {
header('Location: //'.$_SERVER['HTTP_HOST'].$this->clean_uri());
exit(0);
}
// Removes login-specific details from the current URI
private function clean_uri() {
return preg_replace("'[?&](form|reset|logout|cddzck)=[^&]+'",'',$_SERVER['REQUEST_URI']);
}
// Validate that a user-provided session is syntactically valid
private function session_valid($hash) {
return preg_match("'^[a-f0-9]{".($this->hashlength*2)."}$'",$hash);
}
// Check a session cookie to see whether it's valid, and logged in or not
private function session_validate() {
if(!isset($_COOKIE['cddzck']) || !$this->session_valid($_COOKIE['cddzck']))
die($this->form(LOGIN_SESSION_EXPIRED,'signin'));
if($this->session_check($_COOKIE['cddzck'],'login') < 0) {
setcookie("cddzck","",time() - 1800);
die($this->form(LOGIN_SESSION_EXPIRED,'signin'));
}
return $this->account['id'];
}
// Look up the hash table for a given session in a given context
private function session_check($hash,$type = 'login') {
$result = $this->query('SELECT u.id,u.flags,u.created,u.lastlogin,u.username
FROM sessions AS s
INNER JOIN users AS u ON s.userid = u.id
WHERE s.hash = UNHEX(\''.$hash.'\') AND s.sessiontype = \''.$type.'\';');
if(!$this->account = $result->fetch_array(MYSQLI_ASSOC)) {
unset($_GET['reset']);
die($this->form(LOGIN_PASSWORD_LINKEXPIRED,'reset'));
}
return 0;
}
// MySQL queries
private function query($sql) {
$result = $this->db->query($sql) or die(__LINE__.' '.$this->db->error.' '.$sql);
return $result;
}
}
?>
FILE: access.php
<?php
// Call me admin.php
$db = new mysqli('localhost','dbusr','dbpasswd','dbname'); // Change these details to your own
include_once('login.php');
$_auth = new auth($db); // Anything past here is logged in
printf('<span style="float: right; margin-right: 29px;">[<a href="?logout=1"> Sortir </a>]</span>');
?>
1 answers
solution1
2 ACCPTED 2017-07-22 12:57:59
Extend your Auth-Class in login php with that method:
public function getUsername()
{
return isset($this->account['id']) ? $this->account['username'] : "No user found.";
}
After you login you can access that username :
<?php
// Call me admin.php
$db = new mysqli('localhost','dbusr','dbpasswd','dbname'); // Change these details to your own
include_once('login.php');
$_auth = new auth($db); // Anything past here is logged in
//Username:
$username = $_auth->getUsername();
printf('<span style="float: right; margin-right: 29px;">[<a href="?logout=1"> Sortir </a>]</span>');
?>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Check Username is in database php & get data from two tables to login
Login PHP script Username and password is correct, but won't login
get azure ad login username in php
get client windows login username on intranet in php
How to grab username from the PHP Login Project
PHP: Get username from session
Get username from URL in PHP
Get Username from database after login
PHP login script redirects even when wrong username and password are provided
PHP Login Script always prints “wrong username or password”
Related Tags