Also, hier das komplette Script:
member_class.php - Definition der Funktionen:
<?php
// member class
// handlers member logon
class member_class {
var $message = '';
var $query_error = 'ERROR: something went wrong when accessing the database. Please consult your webmaster';
function member_class() { //constructor
if (!isset($_SESSION['uid'])) { //fills session with empty values
$this->set_session_defaults();
}
if ($_SESSION['logged_in']) { //already logged in
$this->check_session();
}
if (isset($_COOKIE['remember'])) {
$this->check_remembered($_COOKIE['remember']);
}
}
function register($username,$password,$remember) {
$username = mysql_escape_string($username);
$password = mysql_escape_string(md5($password));
$result=mysql_fetch_array(mysql_query("SELECT * FROM member WHERE username = '{$username}'"), MYSQL_ASSOC);
if (!$result) { //insert record if user name doesn't exist
$insert = mysql_query("INSERT INTO member VALUES ('', '$username', '$password', '', '', '')") or DIE ($this->query_error);
$result = mysql_fetch_array(mysql_query("SELECT * FROM member WHERE username = '{$username}' AND password = '{$password}'"), MYSQL_ASSOC) or DIE ($this->query_error);
$this->message .= '<p>Registration was successful</p>';
$this->set_session($result,$remember,true); //log user on
return true;
} else {
$this->message .= '<p>username already exists! Please choose a different name</p>';
return false;
}
}
function check_login($username,$password,$remember) {
$username = mysql_escape_string($username);
$password = mysql_escape_string(md5($password));
$result=mysql_fetch_array(mysql_query("SELECT * FROM member WHERE username = '{$username}' AND password = '{$password}'"), MYSQL_ASSOC);
if ($result) {
$this->set_session($result,$remember,true);
return true;
} else {
$this->failed = true;
$this->logout();
$this->message .= 'incorrect username of password. please try again';
return false;
}
}
function logout() {
// blowup cookie
setcookie('remember',time()-3600);
$this->set_session_defaults();
session_destry(); //NUR HIER HABE ICH SELBST EINGEFÜGT!
}
function set_session($result,$remember,$init = true) {
$uid=$result['uid'];
if ($init) {
$session = mysql_escape_string(session_id());
$ip = mysql_escape_string($_SERVER['REMOTE_ADDR']);
$newtoken = $this->token(); // generate a new token
$update = mysql_query("UPDATE member SET session='{$session}', token='{$newtoken}', ip='{$ip}' WHERE uid='{$uid}'") or DIE ($this->query_error);
}
$_SESSION['uid'] = $result['uid'];
$_SESSION['username'] = htmlspecialchars($result['username']);
$_SESSION['token'] = $newtoken;
$_SESSION['logged_in'] = true;
if ($remember) {
$this->update_cookie($newtoken);
}
}
function update_cookie($token) {
$cookie = serialize(array($_SESSION['username'],$token));
setcookie('remember',$cookie, time()+12099600);
}
function check_remembered($cookie) {
$serializedArray=$cookie;
$serializedArray = stripslashes($serializedArray);
list($username,$token) = unserialize($serializedArray);
if(empty($username) or empty($token)) {
return;
} else {
$username = mysql_escape_string($username);
$token = mysql_escape_string($token);
$ip = mysql_escape_string($_SERVER['REMOTE_ADDR']);
$result = mysql_fetch_array(mysql_query("SELECT * FROM member WHERE username = '{$username}' AND token ='{$token}' AND ip = '{$ip}'"), MYSQL_ASSOC) or DIE ($this->query_error);
if (!$result) {
$this->set_session($result,false,false);
}else{
$this->set_session($result,true,true);
}
}
}
function token() {
// generate a random token
for($i=1;$i<33;$i++) {
$seed .= chr(rand(0,255));
}
return md5($seed);
}
function check_session() {
$username = mysql_escape_string($_SESSION['username']);
$token = mysql_escape_string($_SESSION['token']);
$session = mysql_escape_string(session_id());
$ip = mysql_escape_string($_SERVER['REMOTE_ADDR']);
$result = mysql_fetch_array(mysql_query("SELECT * FROM member WHERE username='{$username}' AND token='{$token}' AND session='{$session}' AND ip='{$ip}'"), MYSQL_ASSOC) or DIE ($this->query_error);
if ($result != false){
}else{
$this->logout();
}
}
function set_session_defaults() {
$_SESSION['logged_in'] = false;
$_SESSION['uid'] = 0;
$_SESSION['username'] = '';
$_SESSION['cookie'] = 0;
$_SESSION['remember'] = false;
}
}
?>
whatever.php - Hauptteil:
<?php
session_start();
include 'db_connect.php';
include 'member_class.php';
$member_class = new member_class;
//$Submit=$_POST['Submit']?TRUE:FALSE;
if($_POST['Register']) { //register new user
$username = $_POST['username'];
$password = $_POST['password'];
if ($username && $password) { //check whether username and password have been submitted
if($_POST['remember'] == 1) {
$member_class->register($username, $password, true);
}else{
$member_class->register($username, $password, false);
}
}
else {
$member_class->message .= '<p>please fill in a user name and password</p>';
$_POST['form_register'] = 'true';
}
}
elseif($_POST['Login']) {
$username=$_POST['username'];
$password=$_POST['password'];
if ($username && $password) {
if($_POST['remember'] ==1) {
$member_class->check_login($username, $password, true);
}else{
$member_class->check_login($username, $password, false);
}
}
else $member_class->message .= '<p>please fill in a valid user name and password</p>';
}
elseif($_POST['Logout']) {
$member_class->logout();
}
echo $member_class->message;
if($_POST['form_register']) {
print '
<h1>Register</H1>
<form name="form1" method="post" action="">
<table border="0">
<tr>
<td width="100px;">username:</td>
<td><input type="text" name="username" value="'.$username.'"></td>
</tr>
<tr>
<td>password:</td>
<td><input type="password" name="password" value="'.$password.'"></td>
</tr>
<tr>
<td colspan="2">
<input type="hidden" name="register" value="true">
<input name="remember" type="checkbox" id="remember" value="1"> remember me for 2 weeks
</td>
</tr>
<tr>
<td colspan="2" height="20px" valign="bottom" align="right"><input type="submit" name="Register" value="Register"></td>
</tr>
</table>
</form>';
}
elseif(!$_SESSION['username']) {
print '
<h1>Login</H1>
<form name="form1" method="post" action="">
<table border="0">
<tr>
<td colspan="2" align="right"><input type="submit" name="form_register" value="register" style="border: 0px; background: transparant; text-decoration: underline; cursor: pointer;"></td>
</tr>
<tr>
<td width="100px">username:</td>
<td><input type="text" name="username" value="'.$username.'"></td>
</tr>
<tr>
<td>password</td>
<td><input type="password" name="password" value="'.$password.'"></td>
</tr>
<tr>
<td colspan="2">
<input name="remember" type="checkbox" id="remember" value="1"> remember me for 2 weeks
</td>
</tr>
<tr>
<td colspan="2" height="20px" valign="bottom" align="right"><input type="submit" name="Login" value="Login"></td>
</tr>
</table>
</form>';
}elseif($_SESSION['username']) {
echo '<p>'.$_SESSION['username'].', you\'re logged on</p>';
print '
<form name="form1" method="post" action="">
<input type="submit" name="Logout" value="Logout">
</form>';
}
?>
db_connect.php - Verbindung mit der MySQL-Datenbank:
<?php
/**
* Connect to the mysql database.
*/
$conn = mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db('database', $conn) or die(mysql_error());
?>
@zeno: wo sollte ich deiner Meinung nach den von dir geposteten Code einsetzen? Habe versucht ganz oben im whatever.php - aber danach gibts kein login mehr...
@drok: schwer zu sagen...das script hat ausser login/logout noch keine funktionen...aber dennoch möchte ich nicht, dass die Taste-Zurück "funktioniert"...geht bei GMX auch nicht
Vielen Dank!