How and where to add code to login page

Report · Sep 29, 2009

I have a login page which uses the Dreamweaver Login Behavior. I want to add code to:

Check the status of the person loging in (status is the last field in the mySQL authentication table).

a. If the person is already logged in, display an error message, and reject the attempt.

b. If the person is NOT currently logged in, set his status accordingly, and log him in.

Since the behavior is generated code, and well above my head, I don't know what code to enter, and where to enter it. Here's the code for the form:

<?php require_once('Connections/login.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }
  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "WOTCPg1.php";
  $MM_redirectLoginFailed = "loginerror.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_login, $login);
  
  $LoginRS__query=sprintf("SELECT UserID, Password FROM authentication WHERE UserID=%s AND Password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $login) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;       
    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; 
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/javascript">
function setFocus()
{
document.getElementById("username").focus();
}
</script>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Log-in to IOD</title>
<style type="text/css">
<!--
#apDiv3 {
 position:absolute;
 left:5px;
 top:101px;
 width:760px;
 height:612px;
 z-index:2;
 font-family: Arial, Helvetica, sans-serif;
 font-size: 14pt;
 font-style: normal;
 line-height: normal;
 font-weight: normal;
 font-variant: normal;
 text-transform: none;
 color: #009;
 text-align: center;
 background-image: url(images/grid_gray.gif);
 border: medium ridge #009;
}
#apDiv1 {
 position:absolute;
 left:94px;
 top:227px;
 width:629px;
 height:282px;
 z-index:3;
 font-family: Arial, Helvetica, sans-serif;
 font-size: 14pt;
 font-style: normal;
 line-height: normal;
 font-weight: bold;
 font-variant: normal;
 text-transform: none;
 color: #009;
 text-align: center;
}
#apDiv2 {
 position:absolute;
 left:178px;
 top:248px;
 width:564px;
 height:254px;
 z-index:3;
 font-family: Arial, Helvetica, sans-serif;
 font-size: 14pt;
 font-style: normal;
 line-height: normal;
 font-weight: bold;
 font-variant: normal;
 text-transform: none;
 color: #009;
 text-align: left;
 border: medium groove #036;
}
#apDiv4 {
 position:absolute;
 left:178px;
 top:245px;
 width:566px;
 height:242px;
 z-index:3;
 border: medium groove #009;
 text-align: center;
 font-family: Arial, Helvetica, sans-serif;
 font-size: 14pt;
 font-style: normal;
 line-height: normal;
 font-weight: bold;
 font-variant: normal;
 text-transform: capitalize;
 color: #009;
}
.SubmitButton {
 color: #009;
}
-->
</style>
</head>
<body onLoad="setFocus()" >
<span style="position:absolute; left:3px; top:2px; width:758; height:89;"><img src="sitebuilder/preview/sitebuilder/clipart/bars/regular/horizontal/sleekLines_blue.gif" width="760" height="90" alt="" /></span>
<div id="e2" style="position:absolute; left:13px; top:14px; width:670px; height:32;"><span class="text"><b><span style="font-size: 22px"><font color="#FFFFFF">Sign-in to Information On Demand</font></span><font color="#FFFFFF" size="4"><span style="font-size:22px;line-height:26px;"><br soft="soft" />
</span></font></b></span></div>
<div id="apDiv3">
  <p><span style="text-align: center; text-decoration: underline; color: #009; text-transform: capitalize; font-variant: normal; font-weight: bold; line-height: normal; font-style: normal; font-size: 18pt; font-family: Arial, Helvetica, sans-serif;">Customer Sign-In</span><span style="position:absolute; left:12px; top:23px; width:151px; height:65;"><img src="sitebuilder/images/redInfoOnDemandLogo-150x65.jpg" width="149" height="65" alt="" /></span></p>
</div>
<div id="apDiv4">
<form ACTION="<?php echo $loginFormAction; ?>" id="login" name="login" method="POST">
    <p>     </p>
    <p>User Name:<br /><input name="username" type="text" id="username" tabindex="1" size="30" maxlength="30" />
    </p>
    <p>User's Password:<br />
      <input type="password" name="password" id="password" tabindex="2" />
    </p>
    <p>
      <input name="submit" type="submit" class="SubmitButton" id="submit" tabindex="3" style="color:#009; font-weight:bold" value="Sign-in" />
   <input type="reset" name="reset" id="reset" value="Reset" tabindex="4" style="color:#009; font-weight:bold">
    </p>
  </form>
</div>
<br />
</div>
</body>
</html>

Here's the code for the script "included" in the first line of the page:

<?php
# FileName="Connection_php_mysql.htm"
# Type="MYSQL"
# HTTP="true"
$hostname_login = "localhost";  // Change to "mysql" when uploaded to Yahoo
$database_login = "infoondemand";
$username_login = "root";   // Change to "creacontech" when uploaded to Yahoo
$password_login = "raisin4312";
$login = mysql_pconnect($hostname_login, $username_login, $password_login) or trigger_error(mysql_error(),E_USER_ERROR); 
?>

Could someone help me with this? I'd very much appreciate any assistance.

Report · Sep 29, 2009

My discovered solution to my "Rock and Hard Place" question partly answered this one as well. However, I still need to know where, what kind & how to add code to change the status field in my login database from "Out" to "In" on login, so that someone else can't login with the same user/password until the one loged in logs out. Then, of course visa versa on logout.

Report · Oct 09, 2009

PLEASE, someone help me with this problem. The "authentication" table also has a customer id field "CustID", that I need to pass via session variables, to the succeeding pages, in order for them to access the customer and applicant tables. I've tried to add code to the (DW Generated code) above, but every time I do, the Dreamweaver "Server Behaviors" panel duplicates the behavior, and I get error messages indicating that DW can't tell which one to use. For example:

First, I added CustID to the SELECT line as follows:

  $LoginRS__query=sprintf("SELECT UserID, Password, UserLevel, CustID FROM authentication WHERE UserID=%s AND Password=%s",
  GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));

and that didn't cause any problems yet. But then when I added a line to fetch the field:

    $loginStrGroup  = mysql_result($LoginRS,0,'UserLevel');
 $custid   = mysql_result($LoginRS,0,'CustID'); // this is the line that I added

the server behavior panel showed duplicate "Log In User" entries, and I got the error message. I also tried other code, such as:

  $arrLogin=mysql_fetch_assoc($LoginRS);
  $custid  = $arrLogin[CustID];

but that gave me the same result. I then tried to edit the behavior, but when I selected that from the behavior panel plus sign drop menu, the "Server Behaviors" box was empty, and wouldn't accept anything, and the "Edit" & "Remove" buttons were greyed out.

What can I do to make this work?

Report · Oct 09, 2009

>I've tried to add code to the (DW Generated code)

>above, but every time I do, the Dreamweaver "Server

>Behaviors" panel duplicates the behavior, and I get

>error messages indicating that DW can't tell which

>one to use.

That's the problem with server behaviors. Once you modify them, it can confuse DW. The server behaviors usually don't provide enough functionality for me to be really useful, and modifying them causes problems. So I usually code by hand.

Report · Oct 09, 2009

That's the problem with server behaviors. Once you modify them, it can confuse DW.

Well that answers a lot of questions in my mind, and removes a lot of my confusions.

The server behaviors usually don't provide enough functionality for me to be really useful, and modifying them causes problems. So I usually code by hand.

I could agree with that if I were experience enough to correctly write the manual code. The fact that I'm a dunce learner entices me to use generated code when it's available.

The fact is that when DW started giving me these problems, I tried to code it myself and failed miserably. I cut an pasted code I found on various helpful websites, such as w3schools, homeandlearn, html-form-guide and others. I must have tried dozens of these, but non of them worked.

In any event, after correcting some glaring errors, now when I run the login page, everything seems to work OK in the browsers, so I guess it doesn't matter that the behavior panel is screwy.

Thanks for the reply, however. At least you've put a blessing on what's happening, and I appreciate it.

Report · Oct 09, 2009

There's no sense in beating a dead horse. We've pretty much chased this problem as far as it can go, so thanks everyone for the help

Report · Oct 09, 2009

I guess I'm not clear on why a database field needs to be checked to see if the user is logged in or not. This can be done very easily just by checking for the existence of the session variable that DW created when someone logs in using the standard behavior. What am I missing?

Report · Oct 10, 2009

More likely that I'm the one who's unclear about the whole schmear, being a dinosaur newbie (50 years of programming and brand new to web programming). After all that time, when I look at these web languages, I get the distinct impression that I've never seen a computer in my life. That said, I guess I'm unclear about your answer.

For example, if User-A logs in, admittedly certain session variables are created, but I was under the impression that they were ONLY for that session. So are you saying then, that if User-B logs in while User-A is still in, that User-B will get the EXACT SAME session variables? I would have thought each user would have his own session, hence his own session variables. Please 'splain this to me. My only concern is to disallow two users to concurrently use the same login (i.e. username & password), and that's why I included a "login status" field in the MySQL authentication table.

If there's a better way to do that then my "hammer & tongs" methodology, by all means, please tell me what it is, because I'm learning and very much appreciate any and all the help that I can get.

Report · Oct 10, 2009

Sounds like you're on the right track. Each session is unique to each user while they are logged in and remains active until they are logged out by timing out, closing the browser, manually logging out, etc.

If User A logs in a sessions is created. User B, can also log in on the same computer in a new browser window or tab, and each User and session are independent of each other. This assumes that User A and User B are using distinct ID's and password, two seperate accounts.

Now, if User A logs in, then goes to another computer, he or she may log in from the second computer using the same credentials. This is technically two separate sessions, but any changes made from one computer to that account (updating records, etc) will refliect on both computers because it's updating the database records for that User.

The main reason I can think of for creating a "Is user already logged in" field in the databse would be to check if the user is logged in on antoher computer and display a message as such with the option of logging off and ending the first session. I imagine it may be useful if people were sharing credentials. For example, we have a work account for Lynda.com for online training, and we all use the same account.

What happens tho is, for the databse record to be updated to toggle the field the "Logged out" the user would have to manually log out. Closing the browser does end the session, but doesn't update the record as such. I have seen instances where when you try to close the window, you get a dialog that asks you to log out as well, but I haven't actually implented such a procedure.

So is this what you're trying to do or is there another purpose you have in mind?

Report · Oct 11, 2009

Yup! You pretty much nailed it. This page set will be accessed from recruiters and human resources departments for the purpose of running background checks. A user must log in, fill out the three page questionnaire, and then either log out or return to page 1 to enter another questionnaire for another applicant. Each rectuiter/human resources rep will have his/her own username/password with which to access the system. I want to make sure that there are NO concurrent sessions with the same user/password. I don't want Susie Highskirts to be able to use the same login data, at the same time that Rodunda Bunhanger is using.

I wanted to be able to set the status field to "IN" when a user logs in, then toggle it to "OUT", when he/she logs out. I can then check that field when someone logs in, to make sure they're not using one that's currently in use, and if they are, to give them an error message, and log them off immediately.

My problem is, where do I put that code?

Report · Oct 11, 2009

I should have warned you ealier that I don't know PHP very well, but if I can help nail down the process then hopefully one of the PHP experts can jump in.

I'm still a little fuzzy on what is going on. If Susie and Rodunda both have their own UserIDs and Passwords, then they can both be logged in at the same time, insert records til their hearts content and there will be abolutely no confict at all. The only issue here that may present a problem is if one of them attameps to update a record while the other one is looking at it, or getting ready to make their own modifications.

Also, if Susie and Rodunda have their own user accounts with their own credentials, how is it that one would try to log in using the others' credentials?

At any rate, and hopefully to get closer to a solutions for you, When a user is successfully authenticated, the session variable MM_Username is created. So, simpy by checking for the existence of this session variable can tell you if that use is logged in or not. This check can be placed before any of the login script so that it doesn't interfere with the behavior generated code. And you can choose what to do depending on the condition that exists - such as redirecting immediately to another page, or displaying or hiding a certain region on the page.

Keep in mind that when the page first loads, thel login code is placed in an IF statement that checks the form action, so at first it's ignored and loads the form. When the form is submitted, the IF conditino is met and the code executes. To update the database with a "Logged in or out" value, you first have to place a recordset just after the IF statement that checks the form action, wirte another IF statement to check the value of the field, and then redirect to a logout page or continue with the login.

If you continue with the login, you'll need an Update statement to change the field in the database just before the successful redirect. If you've redirected to a log out page, you'll also need s similar update statement there.

To write the recordset code, you can use DW's wizard and just move the code to where it needs to go. But the DW's update code depend on predeifned recordsets and form actions, so you'll need to find a script or hand code it, I wouldn't recommend trying to use DW's code and then modify it.

So, what do you think, are we getting closer?

Report · Oct 12, 2009

YUP! We're getting a lot closer, but I guess I used a poor example. And maybe it's my 50 years experience giving me a tendency toward paranoia. I think, for want of a better example, maybe here's more like what I had in mind, Susie and Rodunda are working away. Susie gets up to go to the ladies room, leaving here computer logged in. So Betty Broadbeam, who doesn't have her own login, but decides to help out, and sign in with Susie's information. I know it's kind of far fetched, but while I can't remember the actual events, I can remember cases where this protection wasn't afforded and people ended up having the same record updated by two different people, and the last one in wins.

That said, thank you again for your input; it's most appreciated, and you did, in fact, put a blessing on where I was sort of figuring that the code should be. You mentioned, however, about using DW's wizard for writing the code; where is this guy, and how do I find him?

Report · Oct 12, 2009

Ah. the wizard. He's lurking about with his trusty staff and he pops up every once is a while.

Another security measure you could take is to reduce the session length. I think by default they're like 20 minutes, but depending on your web host you may be able to decrease this time using PHP script. Then if yoiu want to get really fancy, you could use a redirect once the script detects the timeout to a page saying something like, you've timed out, and we've logged you out. You know, like the online banking sites use.

Report · Oct 13, 2009

Is there some way to tell if there was activity during the session period (20 min or whatever)? I wouldn't want to log someone off while they're working.