Couple weeks ago i integrated an open-source file admnistrator to my website which included a login/member system. (file admnistrator can be found here).
Since i'm learning web developping i thought this would be a great idea to integrate this login system to my whole website. So i added the necessary php code to stay connected in my header (included on every page), and a logout script wasn't a problem neither.
But my problem is with the login form. Here is the one i made (it is in my header.php file) :
<form method="post" action="">
<div id="username">
<input type="text" name="txt_username" id="txt_username" placeholder="username" required="" value="" />
<span class="username_icon"><i class="fa fa-user"></i></span>
</div>
<div id="password">
<input type="password" name="txt_password" id="txt_password" placeholder="password" required="" />
<span class="password_icon"><i class="fa fa-lock"></i></span>
</div>
<div id="stay_connected">
<input type="checkbox" name="chk_connected" id="chk_connected">
<label for="chk_connected"><span>Stay Connected</span></label>
</div>
<div id="submit_button">
<button type="submit" name="sub_login" id="sub_login"><i id="submit"class="fa fa-long-arrow-right"></i></button>
</div>
<div class="feedback">login successful <br />redirecting...</div>
</form>
and here is the original full login.php that the file admnistrator uses to login his users (which i intend to kick out once mine is ready) :
<?php
require_once('config/config.inc.php');
require_once('config/settings.inc.php');
require_once('classes/User.php');
require_once('lib/functions.php');
session_start();
/***********************************************************************************************************/
/********************************* INITIALISATION OF VARIABLES ********************************************/
/***********************************************************************************************************/
$error = "";
/***********************************************************************************************************/
/********************************* DATA TREATMENT **************************************************/
/***********************************************************************************************************/
if(isset($_COOKIE['identifiant']) && !empty($_COOKIE['identifiant']) && isset($_COOKIE['mdp']) && !empty($_COOKIE['mdp'])) {
$monUtilisateur = User::check($_COOKIE['identifiant'], $_COOKIE['mdp']);
if($monUtilisateur !== false) {
$_SESSION['auth'] = $monUtilisateur;
redirect('index.php');
}
else {
// on supprime les cookies
setcookie('identifiant');
setcookie('mdp');
$error = "The username or password is incorrect.";
}
}
else {
if( isset($_POST['txt_identifiant']) || isset($_POST['txt_mdp']) ) {
/////////// PRELIMINARY CONTROLS ////////////////////////////////////////////////////////////////////////
$nbErreurs = isset($GLOBALS['login_nbErreurs']) ? (int)$GLOBALS['login_nbErreurs'] : 0;
$nbChampsrestantsaremplir = isset($GLOBALS['login_nbChampsrestantsaremplir']) ? (int)$GLOBALS['login_nbChampsrestantsaremplir'] : 0;
$t_erreurs = array();
/***********************************************************************************************************/
/********** USERNAME ************************************************************************************/
/***********************************************************************************************************/
if (isset($_POST['txt_identifiant'])) {
$_POST['txt_identifiant'] = trim($_POST['txt_identifiant']);
if ($_POST['txt_identifiant'] == '') {
$nbChampsrestantsaremplir++;
$t_erreurs['txt_identifiant'] = 'Veuillez saisir votre identifiant';
}
}
/***********************************************************************************************************/
/*********** PASSWORD *******************************************************************************************/
/***********************************************************************************************************/
if (isset($_POST['txt_mdp'])) {
$_POST['txt_mdp'] = trim($_POST['txt_mdp']);
if ($_POST['txt_mdp'] == '') {
$nbChampsrestantsaremplir++;
$t_erreurs['txt_mdp'] = 'Please enter your password';
}
}
////////// END OF PRELIMINARY CONTROLS //////////////////////////////////////////////////////////////////////
$GLOBALS['login_nbErreurs'] = $nbErreurs;
$GLOBALS['login_nbChampsrestantsaremplir'] = $nbChampsrestantsaremplir ;
if ($nbErreurs == 0 && $nbChampsrestantsaremplir == 0) {
$monUtilisateur = User::check($_POST['txt_identifiant'], $_POST['txt_mdp']);
if($monUtilisateur !== false) {
// si l'authentification est bonne et que la case est cochee, on cree le cookie
if (isset($_POST['chk_cookie']) && $_POST['chk_cookie']=="oui") {
// on cree les cookies valide 1 JOUR
setcookie('identifiant', $_POST['txt_identifiant'], time() + 1*24*3600, null, null, false, true);
setcookie('mdp', $_POST['txt_mdp'], time() + 1*24*3600, null, null, false, true);
}
// sinon on supprime
else {
// on supprime les cookies
setcookie('identifiant');
setcookie('mdp');
}
//je cree une session
$_SESSION['auth'] = $monUtilisateur;
//je redirige
redirect('index.php');
}
else
$error = "The username or password is incorrect.";
}
}
}
?>
<!doctype html>
<html lang="fr">
<head>
<meta charset="utf-8">
<title>Authentification</title>
<meta name="robots" content="noindex,nofollow" />
<!-- CSS -->
<link rel="stylesheet" href="themes/original/css/login.css" />
<!-- JQUERY -->
<script src="js/jquery-1.11.0.min.js"></script>
<!-- SCRIPTS DIVERS -->
<script src="js/jquery.placeholder.min.js"></script>
<script>
$(document).ready(function(){
$('input[placeholder]').placeholder();
});
</script>
<script>
$(document).ready(function(){
$('#txt_identifiant').focus();
});
</script>
</head>
<body>
<div id="content">
<div id="logo">
<img alt="logo" src="themes/original/images/logo.png" />
</div>
<? if(isset($error)) { ?><p class="error"><?php echo $error ?></p><? } ?>
<form method="post" action="login.php">
<div id="identifiant">
<input type="text" name="txt_identifiant" id="txt_identifiant" placeholder="Identifiant" required="" value="" />
</div>
<div id="mdp">
<input type="password" name="txt_mdp" id="txt_mdp" placeholder="Mot de passe" required="" />
</div>
<div id="maintenir">
<input type="checkbox" name="chk_maintenir" id="chk_maintenir">
<label for="chk_maintenir"><span>Stay connected</span></label>
</div>
<div id="soumettre">
<input type="submit" name="sub_login" id="sub_login" value="Connexion" style="width:100px;" />
</div>
</form>
</div><!-- fin de content -->
</body>
</html>
I naively tried to implement the php code present on the original login.php (while changing the paths) but of course it didn't do the trick. And even if it did i wasn't sure this was actually the best idea. I feel like having all the login php code in my header would be kind of "heavy" or maybe poor structuration.
For instance the logout system is pretty easy, a button that redirects that leads to the logout.php page which then instantly destroy the session and redirect the user where i want to. This is more or less what i was trying to do with the login system : submit the form -> brieflycall for a login.php file that checks if everything is allright and start the session -> redirect to the page instantly.
But so far, using the original code of the file admnistrator's login page and my poor knowledges i haven't been able to do that.
Hopefully i'm clear enough, i'm pretty new at all this, but i'm willing to follow every instructions and try your suggestions the best i can !
Thanks a lot for your help,
-Apatik
Resolved thanks to Julios, check the comments. Thanks !
