1,105,197 Community Members

login to comment

Member Avatar
vizz
Posting Pro in Training
427 posts since Dec 2009
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 9 [?]
 
0
 

I need login with cookies to hide comment form, from user who are not logged in.
Users can view article without login but can not comment without login

Database

CREATE TABLE IF NOT EXISTS `members` (
  `id` bigint(12) NOT NULL AUTO_INCREMENT,
  `fname` varchar(500) NOT NULL,
  `lname` varchar(500) NOT NULL,
  `email` varchar(250) NOT NULL,
  `username` varchar(250) NOT NULL,
  `pass` varchar(250) NOT NULL,
  PRIMARY KEY (`id`,`username`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;


CREATE TABLE IF NOT EXISTS `articles` (
  `id` bigint(12) NOT NULL AUTO_INCREMENT,
  `userid` varchar(12) NOT NULL,
  `catid` varchar(12) NOT NULL,
  `title` varchar(500) NOT NULL,
  `content` longtext NOT NULL,
  `time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;

article.php

<?php 
    include('config.php');

    $query="SELECT * FROM articles";
    $result = mysql_query($query);
    while($row = mysql_fetch_assoc($result)) 
    { 
        $title=$row["title"];
        $content=$row["content"];

        echo "$title"; 
        echo "$content"; 
?>

<div id="addCommentContainer">
    <p>Add a Comment</p>
    <form id="addCommentForm" method="post" action="comment.php">
        <div>                
            <input type="hidden" name="userid" id="id" />
            <input type="hidden" name="articleid" id="id" /> 

            <textarea name="body" id="body" cols="20" rows="5"></textarea>

        <input type="submit" id="submit" value="Submit" />
        </div>
    </form>
</div>
<?php 
    } 
?>
Member Avatar
pritaeas
mod_pritaeas
11,285 posts since Jul 2006
Reputation Points: 1,420 [?]
Q&As Helped to Solve: 1,830 [?]
Skill Endorsements: 154 [?]
Moderator
Featured
Sponsor
 
0
 

What are you having problems with?

Member Avatar
Biiim
Posting Pro
504 posts since Oct 2011
Reputation Points: 85 [?]
Q&As Helped to Solve: 86 [?]
Skill Endorsements: 9 [?]
 
0
 

Don't know if your login is going to be public but for a public account creating site you want to hash the passwords so they arn't stored in a database and there's no reason you can't use hash for private uses.

CREATE TABLE `users` (
  `uid` int(5) NOT NULL AUTO_INCREMENT,
  `title` varchar(30) DEFAULT NULL,
  `fname` varchar(15) DEFAULT NULL,
  `sname` varchar(15) DEFAULT NULL,
  `email` varchar(60) DEFAULT NULL,
  `hash` varchar(64) DEFAULT NULL,
  `salt` varchar(64) DEFAULT NULL,
  `tokendate` datetime DEFAULT NULL,
  `tokenexpires` datetime DEFAULT NULL,
  `token` varchar(64) DEFAULT NULL,
  `cat` int(3) DEFAULT NULL,
  `busname` varchar(60) DEFAULT NULL,
  `busdesc` varchar(200) DEFAULT NULL,
  `tel` varchar(20) DEFAULT NULL,
  `addr1` varchar(40) DEFAULT NULL,
  `addr2` varchar(40) DEFAULT NULL,
  `town` varchar(40) DEFAULT NULL,
  `county` int(3) DEFAULT NULL,
  `postcode` varchar(9) DEFAULT NULL,
  `dbloptin` varchar(50) DEFAULT NULL,
  `dbloptindate` datetime DEFAULT NULL,
  `newsletter` tinyint(1) NOT NULL DEFAULT '0',
  `advertiser` int(1) DEFAULT NULL,
  `lastip` varchar(16) DEFAULT NULL,
  `reset` smallint(1) NOT NULL DEFAULT '0',
  `imported` smallint(1) DEFAULT '0',
  `deleted` smallint(1) DEFAULT '0',
  PRIMARY KEY (`uid`)
) ENGINE=InnoDB AUTO_INCREMENT=314 DEFAULT CHARSET=latin1

Then heres some functions i use for doing a login:

<?php
function randStr($len = 6){
    if(is_int($len) && $len > 0){
        $string = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',$len)),0,$len);
    }else{
        $string = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',6)),0,6);
    }
    return $string;
}

function hashPass($pass,$salt){
    $len = strlen($pass);
    //$p1 = substr($pass,0,floor($len));//get creative with some hashing
    $p1 = $pass;
    $hash = hash('sha256', $salt . $p1);
    return $hash;
}
function noQuotes($str){
    $str = str_replace('"', '', $str);
    $str = str_replace("'", '', $str);
    $str = str_replace("\\", '', $str);
    return $str;
}
function makeNewUser($DB,$email,$pass,$activationcode,$extra){
    $salt = randStr(6);
    $hash = hashPass($pass, $salt);
    $Q = "INSERT INTO `users` (`title`,`fname`,`sname`,`email`,`hash`,`salt`,`cat`,"
        ."`busname`,`busdesc`,`tel`,`addr1`,`addr2`,`town`,"
        ."`county`,`postcode`,`dbloptin`,`advertiser`,`newsletter`,`lastip`)"
        ." VALUES('{$extra['title']}','{$extra['fname']}','{$extra['sname']}','{$email}','{$hash}','{$salt}','{$extra['catid']}',"
        ."'{$extra['busname']}','{$extra['busdesc']}','{$extra['telephone']}','{$extra['house']}','{$extra['street']}','{$extra['town']}',"
        ."'{$extra['county']}','{$extra['postcode']}','{$activationcode}','{$extra['advertisertoggle']}','{$extra['newsletter']}','".noQuotes($_SERVER['REMOTE_ADDR'])."')";
    $R = mysqli_query($DB, $Q);
    if($R !== false){
        $IID = mysqli_insert_id($DB);
    }else{
        $IID = false;
    }
    return $IID;
}
// DEFINED QUERY - update IP
$D = "UPDATE users SET lastip = '".$ipaddress."' WHERE email in ('".$user."') ";
//$DB = mysqli_connect(...);
$A = "SELECT * FROM `users` WHERE `email` = '".$user."' ";
$B = mysqli_query($A,$DB) or die(mysqli_error($DB));
if (mysqli_num_rows($B) > 0){
    // check if password is correct
    while ($C = mysqli_fetch_assoc($B)){
        $hash = hashPass($password, $C['salt']);
        // CORRECT
        if ($hash == $C['hash']) {
            // update IP address for user
            $E = mysqli_query($D,$DB) or die(mysqli_error($DB));

            // set and deliver cookie
            if(isset($_POST['rememberme']) && $_POST['rememberme'] == 'true'){
                $expire = time()+(60*60*24*14);
            }else{
                $expire = time()+1800;
            }
            $expiresdate = date("Y-m-d H:i:s",$expire);

            function makeNewToken($DB){
                $token = md5(rand());
                $Q = "SELECT `token` FROM `users` WHERE `token` = '{$token}'";
                $R = mysqli_query($Q);
                if($R !== false && mysqli_num_rows($R) > 0){
                    $token = false;
                }
                return $token;
            }

            $token = false;
            while($token === false){
                $token = makeNewToken($DB);
                if($token !== false){
                    break;
                }
            }
            $now = date("Y-m-d H:i:s");

            $updtoken = "UPDATE `users` SET `token` = '$token',`tokendate` = '{$now}',`tokenexpires` = '{$expiresdate}' WHERE email in ('".$user."')";
            mysqli_query($updtoken) or die("Login Error"); 
            setcookie("token", $token, $expire, "/");

            // Check if this is a password reset
            if ($C['reset'] == "1") {
                //echo "<!-- This is a password reset -->";
                header("Location:./forcereset.php");
                exit;
            }

            // go to account admin page
            header("Location: ./accountadmin.php");
        }else{// go back to login page
            header("Location: ./login.php");
        }
    }
}else{
    //go back to login page
    header("Location: ./login.php");
} 
?>

Note the

$updtoken = "UPDATE `users` SET `token` = '$token',`tokendate` = '{$now}',`tokenexpires` = '{$expiresdate}' WHERE email in ('".$user."')";
            mysqli_query($updtoken) or die("Login Error"); 
            setcookie("token", $token, $expire, "/");

Then on the rest of the site I include a file called app.php, which contains:

app.php
<?php
//require_once 'config.php';
//config contents
define("DIR_DOMAIN",'example.com');
define("DIR_ROOT",'http://www.example.com/');
define("SITE_NAME",'my site');
define("DB_HOST",'ipaddress');
define("DB_USER",'user');
define("DB_PASS",'pass');
define("DB_DB",'dbname');

//require_once 'site_func.php';
function dbFetchAssoc($R){
    $D = array();
    $i = 0;
    while($row = mysqli_fetch_assoc($R)){
        $D[] = $row;
        $i++;
    }
    return $D;
}
//$DB = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_DB);
$A = array();
if(ISSET($adminarea) && $adminarea){
    if(!ISSET($_COOKIE['token'])){
        header('Location: '.DIR_ROOT.'login.php');
    }else{
        $cookie = noQuotes($_COOKIE['token']);
        $Q = "SELECT * FROM `users` WHERE `token` = '{$cookie}' AND `tokenexpires` > '".date("Y-m-d H:i:s")."' LIMIT 1";
        $R = mysqli_connect($DB, $Q);
        if($R !== false){
            $A = dbFetchAssoc($R);
            $A = $A[0];
            $A['login'] = true;
            $A['DB'] = $DB;
        }else{
            header('Location: '.DIR_ROOT.'login.php');
            $A['login'] = false;
            $A['DB'] = $DB;
        }
    }   
}else{
    if(!ISSET($_COOKIE['token'])){
        $A['login'] = false;
        $A['DB'] = $DB;
    }else{
        $cookie = noQuotes($_COOKIE['token']);
        $Q = "SELECT * FROM `users` WHERE `token` = '{$cookie}' AND `tokenexpires` > '".date("Y-m-d H:i:s")."' LIMIT 1";
        $R = mysqli_connect($DB, $Q);
        if($R !== false){
            $A = dbFetchAssoc($R);
            $A = $A[0];
            $A['login'] = true;
            $A['DB'] = $DB;
        }else{
            $A['login'] = false;
            $A['DB'] = $DB;
        }
    }
}
?>

Following all that, you'll have an array declared as $A with the entry $A['login'] = true if he is logged in and false if he isn't so you can make things appear for logged in users and hidden for people who arn't eg. if($A['login']){echo commentBox();}

Member Avatar
vizz
Posting Pro in Training
427 posts since Dec 2009
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 9 [?]
 
0
 

@pritaeas

How to create login by setting cookies so that user can be treated as Guest if not logged in. Guest can read article but can not comment. Only logged in users can comment on article .

login from TABLE members using username

I have problem with cookies. Simple code needed. I didn't understood above code

Member Avatar
Biiim
Posting Pro
504 posts since Oct 2011
Reputation Points: 85 [?]
Q&As Helped to Solve: 86 [?]
Skill Endorsements: 9 [?]
 
0
 

pfft, leaving in 5 minutes so can't write out a simpler one.

basically the important bits is:

This is just a function to make a random string easily:

function randStr($len = 6){
    if(is_int($len) && $len > 0){
        $string = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',$len)),0,$len);
    }else{
        $string = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',6)),0,6);
    }
    return $string;
}

This sets the cookie:

setcookie("token", randStr(20), $expire, "/");

On the next page the cookie will be available as$_COOKIE['token'];

but of course you need something to compare it to so you have to write the token into the database as well hence:

$updtoken = "UPDATE `users` SET `token` = '$token',`tokendate` = '{$now}',`tokenexpires` = '{$expiresdate}' WHERE email in ('".$user."')";

so then you do a select on the table for the $_COOKIE['token'] and if theres a match he's logged in

The above is complex but functions basically do a lot of stuff in one line so you dont have to keep writing it out on every page - its best to understand it all if you use it or bad things happen

randStr(x) takes a number and gives back a random string x characters long based on what you put into it

Member Avatar
vizz
Posting Pro in Training
427 posts since Dec 2009
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 9 [?]
 
-1
 

Need Simple login with cookies please...
I want to hide comment forms only

Member Avatar
OsaMasw
Posting Whiz in Training
212 posts since Jan 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 4 [?]
Skill Endorsements: 0 [?]
 
0
 

I use SESSION so I think its the same,
when user logged in set varible $_SESSION['log'] = true;
and check for this variable

if ($_SESSION['log'])  {
// show comment
} else {
// don't show comment button , login to comment
}
Member Avatar
vizz
Posting Pro in Training
427 posts since Dec 2009
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 9 [?]
 
0
 

@OsaMasw
Thanks

You
This article has been dead for over three months: Start a new discussion instead
Post:
Start New Discussion
Tags Related to this Article