I am very new to the MVC style of programming. I have a management script that I would like to be able to integrate the user credentials into my browser application. User information such as username, email, name, etc. The documentation for this system provides a clear explanation for generating this information. I have done so in the following script which works fine, but it will always return "AUTH_NO_SESSION" because I have no way of allowing the user to log in to get this information and that is my issue:
User Information (user_cred.php)
include_once("includes.php");
$auth = new TAuthentication();
$accept_roles = array('plugin');
$auth_result = $auth->validateSession($accept_roles);
if ($auth_result->auth_code == AUTH_NO_SESSION) {
header('Access-Control-Allow-Origin: *');
echo "AUTH_NO_SESSION";
// means that no session was found, therefore the page is being accessed anonymously.
} elseif ($auth_result->auth_code == AUTH_OKAY) {
header('Access-Control-Allow-Origin: *');
echo "AUTH_OKAY";
// means that there was a session and the user owns all the required roles to access this content.
} elseif ($auth_result->auth_code == AUTH_INSUFFICIENT_ROLES) {
header('Access-Control-Allow-Origin: *');
echo "AUTH_INSUFFICIENT_ROLES";
// means that a session exists, but the user does not own the required roles to access this content.
} else {
// no code here
}
The browser application will retrieve the user data from user_cred.php file listen above.
Everything works fine as far as requesting information from this php file. The problem I am faced with is actually getting the users information, and the only way to do that is for the user to log into their account. Other wise nothing will be given.
Browser Application
<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">
function loadXMLDoc()
{
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
}
else
{// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function()
{
if (xmlhttp.readyState==4 && xmlhttp.status==200)
{
document.getElementById("myDiv").innerHTML=xmlhttp.responseText;
}
}
xmlhttp.open("GET","user_cred.php",true);
xmlhttp.send();
}
</script>
</head>
<body>
<h2>Using the XMLHttpRequest object</h2>
<div id="myDiv"></div>
<button type="button" onclick="loadXMLDoc()">Change Content</button>
</body>
</html>
In the management system there is a view file that has the following login form. So that users and access the website. You also have the main index file that has the login code. With my limited knowledge I have looked at this and believe these two files will help me with my script so that the users can log in from the browser application and get their user credentials. My thought would be to add the code from the the index.php file into the user_cred.php file so that i can add a url like this http://website.com/user_cred.php?username=admin&pass=test&signin=Login in to the javascript httprequest and get the user info that way
login view
<form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">
<ul>
<li class="listitem">
<div class="row">
<label>Username:</label>
<input class="textbox" type="text" name="username" value="" maxlength="80"/>
</div>
<div class="row">
<label>Password:</label>
<input class="textbox" type="password" name="password" value="" maxlength="80"/>
</div>
</li>
<li class="listitem">
<div class="row">
<input class="form-button" type="submit" name="signin" value="Signin"/>
<a class="loginoptions indentmore" href="signup.php">Signup</a>
<a class="loginoptions" href="resetpassword.php">Forgot your password?</a>
</div>
</li>
</ul>
</form>
index.php
include_once("includes.php");
class TSigninController extends TAbstractController {
public function run($allowedRoles = null)
{
$this->allowedRoles = $allowedRoles;
$this->execute();
}
protected function execute()
{
$this->auth_result = parent::validateSession(null);
if ($this->auth_result->auth_code == AUTH_OKAY)
{
$this->goToAfterSignInPage($this->auth_result->roles);
}
else if (!$this->getUserAction())
{
$this->loadview("signin");
}
else
{
$this->signin();
}
}
protected function signin()
{
$input = $this->getUserInput();
$model = $this->loadmodel("Users");
$account = $model->getUser($input["username"], $input["password"]);
if ($account == null || sizeof($account) == 0)
{
$data = array("error" => "Could not sign you in");
$this->loadview("signin", $data);
return;
}
if ($account["disabled"] == 1 || $account["admin_disabled"] == 1)
{
$data = array("error" => ($account["admin_disabled"] == 0) ? "This account is disabled." : "This account is been locked by the admin. Please contact the site admin!");
$this->loadview("signin", $data);
return;
}
$this->createNewSession($account);
$this->goToAfterSignInPage($account["roles"]);
}
protected function createNewSession($account) {
$model = $this->loadmodel("Sessions");
$sessionid = crypt($account["username"] . date('now'));
$_SESSION['SESSIONID'] = $sessionid;
$model->createNewSession($sessionid, $account["id"]);
}
public function goToAfterSignInPage($roles)
{
foreach($roles as $role)
{
if ($this->utils->stringsEqual($role["name"], "admin", false))
{
$this->redirect(SITE_URL . "/admin/dashboard.php");
return;
}
}
$this->redirect(SITE_URL . "/user/userprofile.php");
}
protected function getUserAction()
{
if ($this->post("signin"))
return "signin";
else
return null;
}
protected function getUserInput()
{
return array(
"username" => $this->post("username"),
"password" => $this->post("password")
);
}
}
$controller = new TSigninController();
$controller->run();
In conclusion I am seeking help so that I cam make a php script user_cred.php that allows users to access their credentials from within my browser application. So anyone with MVC and PHP knowledge I would be very greatful.
