I'm using a login script that I have found in Innvo.com , they do not answer... I have modified a little bit this code though, I need to retrieve the username value at the login page and I can not find the way... first I will put the code of the file (login.php) with all the classes that take care of the login, then the code that should go in the login page (access.php), where I need to retrieve the username of the logged user... thanks
// Some pre-defined constants to indicate the login state
define('LOGIN_NOERROR',0);
define('LOGIN_USER_CREDENTIALS',-1);
define('LOGIN_USER_EXISTS',-2);
define('LOGIN_USER_NONEXISTS',-3);
define('LOGIN_PASSWORD_LINKSENT',-4);
define('LOGIN_PASSWORD_BADMATCH',-5);
define('LOGIN_PASSWORD_TOOSHORT',-6);
define('LOGIN_PASSWORD_LINKEXPIRED',-7);
define('LOGIN_SESSION_EXPIRED',-8);
define('LOGIN_AWAITS_APPROVAL',-9);
class auth {
private $db = null; // Database object
private $baseurl = 'https://exemple.com/recover.php'; // a URL that will have this script included. Used for password reset emails which require a hyperlink
private $hashfunction = 'sha256'; // Hash function used, this is always computed by PHP due to mysql versions giving binary & non-binary outputs depending on its version
private $hashlength = 32; // Length of $this->hashfunction output in binary format
private $secret = 'LDGH$$$$$'; // A secret salt used in passwords alongside user-specific salts, change this
public $account = array(); // User details on successful login
private $errors = array( // Error array for when there is a UI issue for the user
LOGIN_NOERROR=>'',
LOGIN_USER_CREDENTIALS=>'<br /><h3 style="margin-left: 20px;">Usuari i/o contrasenya incorrectes!</h3>',
LOGIN_USER_EXISTS=>'<br /><h3 style="margin-left: 20px;">Aquest usuari ja existeix al sistema!</h3>',
LOGIN_USER_NONEXISTS=>'<br /><h3 style="margin-left: 20px;">Aquest usuari no existeix al sistema!</h3>',
LOGIN_PASSWORD_LINKSENT=>'<br /><h3 style="margin-left: 20px;">Li hem enviat un correu electrònic amb un enllaç per a restablir la contrasenya. Ha de seguir les instruccions que s\'esmenten al correu per a crear una contrasenya nova.</h3>',
LOGIN_PASSWORD_BADMATCH=>'<br /><h3 style="margin-left: 20px;">Les contrasenyes no coincideixen!</h3>',
LOGIN_PASSWORD_TOOSHORT=>'<br /><h3 style="margin-left: 20px;">Les contrasenyes han de tenir al menys 8 caràcters!</h3>',
LOGIN_PASSWORD_LINKEXPIRED=>'<br /><h3 style="margin-left: 20px;">L\'enllaç per a restablir la contrasenya ha caducat!</h3>',
LOGIN_SESSION_EXPIRED=>'<br /><h3 style="margin-left: 20px;">La seva sessió ha caducat!</h3>',
LOGIN_AWAITS_APPROVAL=>'<br /><h3 style="margin-left: 20px;">El seu compte espera l\'aprovació de l\'administrador del lloc, rebrà un correu quan això estigui fet!</h3>'
);
public $forms = array( // Unique HTMLforms used
'signin'=>array(
'fields'=>array(
'username'=>array('type'=>'text','placeholder'=>'Correu electrònic','icon'=>'envelope'),
'password'=>array('type'=>'password','placeholder'=>'Contrasenya','icon'=>'lock')
),
'submit'=>'Accedir',
'message'=>'<br /><h3 style="margin-left: 20px;">Introdueixi el seu correu electrònic i la seva contrasenya per accedir-hi</h3>'
),
'signup'=>array(
'fields'=>array(
'newusername'=>array('type'=>'text','placeholder'=>'Correu electrònic','icon'=>'envelope'),
'newnamelastname'=>array('type'=>'text','placeholder'=>'Nom i cognom','icon'=>'envelope'),
'newpassword'=>array('type'=>'password','placeholder'=>'Contrasenya','icon'=>'lock'),
'confirmnewpassword'=>array('type'=>'password','placeholder'=>'Confirmi la contrasenya','icon'=>'lock')
),
'submit'=>'Crear un compte nou',
'message'=>'<br /><h3 style="margin-left: 20px;">Si us plau, empleni tots els camps per a crear el seu compte.
És important que el correu sigui vàlid per a poder recuperar la contrasenya si fos el cas!</h3>'
),
'lost'=>array(
'fields'=>array(
'lostusername'=>array('type'=>'text','placeholder'=>'Correu electrònic','icon'=>'envelope')
),
'submit'=>'Envia\'m el correu',
'message'=>'<br /><h3 style="margin-left: 20px;">Introdueixi el seu correu electrònic per a rebre les instruccions de recuperació de la seva contrasenya</h3>'
),
'reset'=>array(
'fields'=>array(
'newpassword1'=>array('type'=>'password','placeholder'=>'Contrasenya','icon'=>'lock'),
'newpassword2'=>array('type'=>'password','placeholder'=>'Confirmi la contrasenya','icon'=>'lock')
),
'submit'=>'Restableix la contrasenya',
'message'=>'Estableixi una nova contrasenya pell seu usuari!'
)
);
// Initiate the database if its not connected already
public function __construct($dbobj = null) {
!$dbobj->connect_errno
or die("Failed to connect to MySQL: (" . $dbobj->connect_errno . ") " . $dbobj->connect_error);
$this->db = &$dbobj;
if(isset($_COOKIE['cddzck']) && $this->session_validate()) {
// Logged In here
if(isset($_GET['logout']))
$this->logout();
}
else {
// Sign in attempt
if(isset($_POST['username'],$_POST['password']))
$this->login($_POST['username'],$_POST['password']);
// Sign up attempt
else if(isset($_POST['newusername'],$_POST['newnamelastname'],$_POST['newpassword'],$_POST['confirmnewpassword']))
$this->user_add($_POST['newusername'],$_POST['newnamelastname'],$_POST['newpassword'],$_POST['confirmnewpassword']);
// Lost password, email submitted via form
else if(isset($_POST['lostusername']))
$this->password_reset_form($_POST['lostusername']);
// Lost password area
else if(isset($_GET['reset']) && $this->session_valid($_GET['reset'])) {
// Form not submitted
if(!isset($_POST['newpassword1'],$_POST['newpassword2']))
$this->session_check($_GET['reset'],'lostpassword');
// Form submitted
else
$this->password_reset($_GET['reset'],$_POST['newpassword1'],$_POST['newpassword2']);
}
// Login as user, for use within an admin area to impersonate a logged in user
// You should add in the session value yourself in the admin area using $this->session_add($userid,$type = 'login') and then login via this method/URI
else if(isset($_GET['cddzck']) && $this->session_valid($_GET['cddzck'])) {
if(($this->session_check($_GET['cddzck'],'login') == 0) && isset($this->account['id'])) {
setcookie("cddzck",$_GET['cddzck'],time() + 21600);
$this->redirect();
}
else
sleep(1);
}
// None shall pass (unless logged in...)
die($this->form(LOGIN_NOERROR,(isset($_GET['form']) && in_array($_GET['form'],array('signup','lost','reset')) ? $_GET['form'] : 'signin')));
}
}
// Add a session to the hash table
public function session_add($userid,$type = 'login') {
$hash = hash($this->hashfunction,bin2hex(openssl_random_pseudo_bytes($this->hashlength)));
$result = $this->query('INSERT IGNORE sessions (hash,sessiontype,userid,created)
VALUES (UNHEX(\''.$hash.'\'),\''.$type.'\','.$userid.',UNIX_TIMESTAMP())');
return $hash;
}
// Run this in a cron job once an hour to remove stale sessions and lost password requests
public function housekeeping() {
// Remove sessions older than 6 hours
// Remove password reset authentication strings after 1 hour
$this->query('DELETE FROM sessions
WHERE (sessiontype = \'login\' AND created < UNIX_TIMESTAMP() - 21600)
OR (sessiontype = \'lostpassword\' AND created < UNIX_TIMESTAMP() - 3600);');
}
// User is not logged in, display one of the forms
private function form($error,$formname) {
// Throttle failed attempts
if($formname == 'signin' && $error != 0)
sleep(1);
// Show a sign up or sign in link in the navigation
if($formname == 'signin')
$link = '<p><a href="?form=signup">Crear compte nou</a></p>';
else
$link = '<p><a href="'.$this->clean_uri().'">Accedir</a></p>';
// Get all form fields and buttons
$formfields = '';
foreach($this->forms[$formname]['fields'] as $name => $field)
$formfields .= sprintf('<div class="input-group input-group-lg">
<span class="input-group-addon"><i class="glyphicon glyphicon-%s blue"></i></span>
<input name="%s" type="%s" placeholder="%s" class="form-control">
</div>
',$field['icon'],$name,$field['type'],$field['placeholder']);
$formfields .= sprintf('<p class="center col-md-5"><button class="btn btn-primary" type="submit">%s</button></p><p> </p>',$this->forms[$formname]['submit']);
// Navigation links for sign up/sign in/forgot password
$navigation = '<ul class="nav navbar-nav navbar-left">
<li>'.$link.'</li>
<li><p><a href="?form=lost">Recuperar contrasenya</a></p></li>
</ul>';
// Form wrapped in bootstrap 3.0 HTML with variables inserted
$form = sprintf('<div class="well col-md-5 center login-box">
<div class="alert alert-info">%s </div>
<form method="post" action="?form=%s" class="form-horizontal">%s</form>
</div>',($error != 0 ? $this->errors[$error] : $this->forms[$formname]['message']),$formname.(isset($_GET['reset']) ? '&reset='.$_GET['reset'] : ''),$formfields);
// The above HTML is taken from a bootstrap template, you can place it into an existing template as such, using %s placeholders for the content area and navigation, for example.
// echo sprintf(file_get_contents('template.html'),$navigation,$form);
// otherwise, here is the raw output that is used
echo $navigation.'<hr>'.$form;
exit(0);
}
// User is trying to log in
private function login($username,$password) {
$result = $this->query('SELECT id,active,salt,password
FROM users
WHERE active = \'1\' AND username = \''.$this->db->real_escape_string($username).'\';');
// We fetch the row because MySQL's SHA2() functions returns either a binary of hex string format depending on version.
// For simplicity the comparison is made in PHP, though it's trivial to change this to save the roundtrip of data
if(!($this->account = $result->fetch_array(MYSQLI_ASSOC)))
die($this->form(LOGIN_USER_CREDENTIALS,'signin'));
else if($this->account['password'] != pack('H*',hash($this->hashfunction,$this->secret.$this->account['salt'].$password)))
die($this->form(LOGIN_USER_CREDENTIALS,'signin'));
// Successful login, you're about to be logged in and redirected
$this->query('UPDATE users
SET lastlogin = UNIX_TIMESTAMP()
WHERE id = '.$this->account['id']);
$hash = $this->session_add($this->account['id'],'login');
setcookie("cddzck",$hash,time() + 21600);
$this->redirect();
}
// Add a new user to the database and send the mail to awaits approval
private function user_add($username,$namelastname,$password,$password2) {
if($password != $password2) // Passwords do not match
die($this->form(LOGIN_PASSWORD_BADMATCH,'signup'));
elseif(strlen($password) < 8) // Password less than 8 characters
die($this->form(LOGIN_PASSWORD_TOOSHORT,'signup'));
$salt = openssl_random_pseudo_bytes($this->hashlength);
$hash = pack("H*",hash($this->hashfunction,$this->secret.$salt.$password));
$this->query('INSERT IGNORE users (created,username,namelastname,salt,password)
VALUES (UNIX_TIMESTAMP(),\''.$this->db->real_escape_string($username).'\',\''.$this->db->real_escape_string($namelastname).'\',\''.$this->db->real_escape_string($salt).'\',\''.$this->db->real_escape_string($hash).'\');');
if($this->db->affected_rows < 1)
die($this->form(LOGIN_USER_EXISTS,'signup'));
//ach $this->login($username,$password);
$emailcontents = sprintf("Nou usuari $username ($namelastname) esperant l'aprovació pel seu compte!");
$from = "CddZ-IAC";
$headers = "From: $from";
mail('andres@chandia.net','Nou usuari al CddZ esperant l\'aprovació!', $emailcontents, $headers, '-f ' . $from);
die($this->form(LOGIN_AWAITS_APPROVAL,'signin'));
}
// Reset a password, displays the reset password form if a valid authentication string is provided
private function password_reset_form($username) {
$result = $this->query('SELECT id
FROM users
WHERE username = \''.$this->db->real_escape_string($username).'\'');
if(!($row = $result->fetch_array(MYSQLI_ASSOC)))
die($this->form(LOGIN_USER_NONEXISTS,'lost'));
$hash = $this->session_add($row['id'],'lostpassword');
$emailcontents = sprintf("Benvolgut $namelastname, ha de seguir aquest enllaç per a restablir la seva contrasenya:\n\n%s?form=reset&reset=%s\n\nSalutacions!",$this->baseurl,$hash);
// Here you would send the reset link to an email address (the whole idea of ensuring this is the rightful owner of the account
// ... but for testing purposes , the output of the email is below
mail($username,'Restableixi la seva contrasenya', $emailcontents);
//echo "<hr>$emailcontents<hr>";
die($this->form(LOGIN_PASSWORD_LINKSENT,'reset'));
}
// On successful reset password link, allow the user to reset their password
private function password_reset($reset,$password,$password2) {
if(($error = $this->session_check($reset,'lostpassword')) < 0)
die($this->form($error,'reset'));
if($password != $password2)
die($this->form(LOGIN_PASSWORD_BADMATCH,'reset'));
elseif(strlen($password) < 8)
die($this->form(LOGIN_PASSWORD_TOOSHORT,'reset'));
$salt = openssl_random_pseudo_bytes($this->hashlength);
$hash = pack('H*',hash($this->hashfunction,$this->secret.$salt.$password));
$this->query('UPDATE sessions AS s
INNER JOIN users AS u ON s.userid = u.id
SET u.salt = \''.$this->db->real_escape_string($salt).'\',u.password = \''.$this->db->real_escape_string($hash).'\'
WHERE s.hash = UNHEX(\''.$reset.'\') AND s.sessiontype = \'lostpassword\'');
$this->query('DELETE FROM sessions
WHERE hash = UNHEX(\''.$reset.'\') AND sessiontype = \'lostpassword\'');
$this->login($this->account['username'],$password);
}
// Log out
private function logout() {
$this->query('DELETE FROM sessions
WHERE sessions.sessiontype = \'login\' AND sessions.hash = UNHEX(\''.$_COOKIE['cddzck'].'\');');
setcookie("cddzck","",time() - 3600);
$this->redirect();
}
private function redirect() {
header('Location: //'.$_SERVER['HTTP_HOST'].$this->clean_uri());
exit(0);
}
// Removes login-specific details from the current URI
private function clean_uri() {
return preg_replace("'[?&](form|reset|logout|cddzck)=[^&]+'",'',$_SERVER['REQUEST_URI']);
}
// Validate that a user-provided session is syntactically valid
private function session_valid($hash) {
return preg_match("'^[a-f0-9]{".($this->hashlength*2)."}$'",$hash);
}
// Check a session cookie to see whether it's valid, and logged in or not
private function session_validate() {
if(!isset($_COOKIE['cddzck']) || !$this->session_valid($_COOKIE['cddzck']))
die($this->form(LOGIN_SESSION_EXPIRED,'signin'));
if($this->session_check($_COOKIE['cddzck'],'login') < 0) {
setcookie("cddzck","",time() - 1800);
die($this->form(LOGIN_SESSION_EXPIRED,'signin'));
}
return $this->account['id'];
}
// Look up the hash table for a given session in a given context
private function session_check($hash,$type = 'login') {
$result = $this->query('SELECT u.id,u.flags,u.created,u.lastlogin,u.username
FROM sessions AS s
INNER JOIN users AS u ON s.userid = u.id
WHERE s.hash = UNHEX(\''.$hash.'\') AND s.sessiontype = \''.$type.'\';');
if(!$this->account = $result->fetch_array(MYSQLI_ASSOC)) {
unset($_GET['reset']);
die($this->form(LOGIN_PASSWORD_LINKEXPIRED,'reset'));
}
return 0;
}
// MySQL queries
private function query($sql) {
$result = $this->db->query($sql) or die(__LINE__.' '.$this->db->error.' '.$sql);
return $result;
}
}
?>
<?php
// Call me admin.php
$db = new mysqli('localhost','dbusr','dbpasswd','dbname'); // Change these details to your own
include_once('login.php');
$_auth = new auth($db); // Anything past here is logged in
printf('<span style="float: right; margin-right: 29px;">[<a href="?logout=1"> Sortir </a>]</span>');
?>
Extend your Auth-Class in login php with that method:
public function getUsername()
{
return isset($this->account['id']) ? $this->account['username'] : "No user found.";
}
After you login you can access that username :
<?php
// Call me admin.php
$db = new mysqli('localhost','dbusr','dbpasswd','dbname'); // Change these details to your own
include_once('login.php');
$_auth = new auth($db); // Anything past here is logged in
//Username:
$username = $_auth->getUsername();
printf('<span style="float: right; margin-right: 29px;">[<a href="?logout=1"> Sortir </a>]</span>');
?>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.