patternphpMinor
Review on a PHP login/authentication system
Viewed 0 times
phpsystemloginauthenticationreview
Problem
I am currently working on a small website for my scuba diving club, and it needs a "simple" login system to allow members-only features etc.
I've been using the php-login-minimal as the base for the PHP login: https://github.com/panique/php-login-minimal
It works by creating a session cookie if a user is logged in. This works just perfectly well on my local XAMPP server, but when uploaded to my external domain (one.com), logging in does not always work. It is as if no session cookie is being set. Eventually, after a bunch of tries, it'll work. These troubles do not occur on localhost, however, so I might just have to contact the domain support about that.
What I would also like to get feedback on, is if everything is done reasonably or if I should work on improving/changing various parts of my website system.
Any feedback in general is greatly appreciated. Have never done much PHP/HTML, so would love to improve.
Here's what a member-only page currently looks like:
members.php (shows the members in the diveclub, fetched from the MySQL db)
```
Medlemsliste -
Forsiden
Om klubben
Kontakt
Medlemsliste
Medlemmer af NSDK
Du kan sende mail til et medlem ved at sende en mail til fornavn.efternavn@nsdk.dk, f.eks. anders.and@nsdk.dk.
0);
if ($is_moderator)
echo 'NB: Du er logget ind som et bestyrelsesmedlem og bliver derfor også oplyst adresse på medlemmer!';
?>
Fornavn
Efternavn
Tlf. nr.
Certifikat
Adresse
query('SELECT id, firstname,
I've been using the php-login-minimal as the base for the PHP login: https://github.com/panique/php-login-minimal
It works by creating a session cookie if a user is logged in. This works just perfectly well on my local XAMPP server, but when uploaded to my external domain (one.com), logging in does not always work. It is as if no session cookie is being set. Eventually, after a bunch of tries, it'll work. These troubles do not occur on localhost, however, so I might just have to contact the domain support about that.
What I would also like to get feedback on, is if everything is done reasonably or if I should work on improving/changing various parts of my website system.
Any feedback in general is greatly appreciated. Have never done much PHP/HTML, so would love to improve.
Here's what a member-only page currently looks like:
members.php (shows the members in the diveclub, fetched from the MySQL db)
```
Medlemsliste -
Forsiden
Om klubben
Kontakt
Medlemsliste
Medlemmer af NSDK
Du kan sende mail til et medlem ved at sende en mail til fornavn.efternavn@nsdk.dk, f.eks. anders.and@nsdk.dk.
0);
if ($is_moderator)
echo 'NB: Du er logget ind som et bestyrelsesmedlem og bliver derfor også oplyst adresse på medlemmer!';
?>
Fornavn
Efternavn
Tlf. nr.
Certifikat
Adresse
query('SELECT id, firstname,
Solution
Overall your code looks fine
If you are having trouble with sessions, check the live server configuration, especially the cookie domain and path.
I have put some inline comments in the code, the changes I have done will make it a bit easier to maintain (in my opinion) but are not essential.
If you are having trouble with sessions, check the live server configuration, especially the cookie domain and path.
I have put some inline comments in the code, the changes I have done will make it a bit easier to maintain (in my opinion) but are not essential.
0);
// move database access to top of code
// if an error occurs you can show an error message before you render the page, rather then have a mess in the middle of the page
if (!empty($_GET['order']))
{
if ($_GET['order'] == 'certificate')
$queryResult = $db->query('SELECT id, firstname, lastname, phone, certificate, address FROM dc_members ORDER BY certificate, lastname, firstname;');
else if ($_GET['order'] == 'lastname')
$queryResult = $db->query('SELECT id, firstname, lastname, phone, certificate, address FROM dc_members ORDER BY lastname, firstname;');
else if ($_GET['order'] == 'firstname')
$queryResult = $db->query('SELECT id, firstname, lastname, phone, certificate, address FROM dc_members ORDER BY firstname, lastname;');
else
$queryResult = $db->query('SELECT id, firstname, lastname, phone, certificate, address FROM dc_members ORDER BY lastname, firstname;');
} else {
$queryResult = $db->query('SELECT id, firstname, lastname, phone, certificate, address FROM dc_members ORDER BY lastname, firstname;');
}
// i have re-written this part, there is nothing wrong with your code
// this is personal preference for readability, see what you think
$sql = 'SELECT id, firstname, lastname, phone, certificate, address FROM dc_members ORDER BY ';
$param_order = (!empty($_GET['order'])) ? $_GET['order'] : null;
switch($param_order) {
case 'certificate':
$order_by = 'certificate, lastname, firstname';
break;
case 'firstname':
$order_by = 'firstname, lastname';
break;
case 'lastname':
default:
$order_by = 'lastname, firstname';
break;
}
// only do query in one place, simpler if you want to handle errors
$queryResult = $db->query($sql.$order_by);
// mysqli_fetch_array returns a number indexed array and a associative array combined, mysqli_fetch_assoc is all you need
// while ($row = mysqli_fetch_array($queryResult)) {
$members = array();
while ($row = mysqli_fetch_assoc($queryResult)) {
$members[] = $row;
}
// $members_amount = 0; $members_amount++;
$members_amount = count($members);
// only put code for presentation logic below here
?>
Medlemsliste -
Forsiden
Om klubben
Kontakt
Medlemsliste
Medlemmer af NSDK
Du kan sende mail til et medlem ved at sende en mail til fornavn.efternavn@nsdk.dk, f.eks. anders.and@nsdk.dk.
0);
if ($is_moderator)
echo 'NB: Du er logget ind som et bestyrelsesmedlem og bliver derfor også oplyst adresse på medlemmer!';
?>
Fornavn
Efternavn
Tlf. nr.
Certifikat
Adresse
>
tag?
// Antal medlemmer i Nakskov Sportsdykkerklub: '.$members_amount.'' ?>
?>
Antal medlemmer i Nakskov Sportsdykkerklub:
Code Snippets
<?php
require_once('authorize.php');
?>
<!DOCTYPE html>
<?php
require_once('includes/load.php');
GLOBAL $db;
require_once('includes/functions.php');
$is_moderator = (get_access_from_username($_SESSION['username']) > 0);
// move database access to top of code
// if an error occurs you can show an error message before you render the page, rather then have a mess in the middle of the page
if (!empty($_GET['order']))
{
if ($_GET['order'] == 'certificate')
$queryResult = $db->query('SELECT id, firstname, lastname, phone, certificate, address FROM dc_members ORDER BY certificate, lastname, firstname;');
else if ($_GET['order'] == 'lastname')
$queryResult = $db->query('SELECT id, firstname, lastname, phone, certificate, address FROM dc_members ORDER BY lastname, firstname;');
else if ($_GET['order'] == 'firstname')
$queryResult = $db->query('SELECT id, firstname, lastname, phone, certificate, address FROM dc_members ORDER BY firstname, lastname;');
else
$queryResult = $db->query('SELECT id, firstname, lastname, phone, certificate, address FROM dc_members ORDER BY lastname, firstname;');
} else {
$queryResult = $db->query('SELECT id, firstname, lastname, phone, certificate, address FROM dc_members ORDER BY lastname, firstname;');
}
// i have re-written this part, there is nothing wrong with your code
// this is personal preference for readability, see what you think
$sql = 'SELECT id, firstname, lastname, phone, certificate, address FROM dc_members ORDER BY ';
$param_order = (!empty($_GET['order'])) ? $_GET['order'] : null;
switch($param_order) {
case 'certificate':
$order_by = 'certificate, lastname, firstname';
break;
case 'firstname':
$order_by = 'firstname, lastname';
break;
case 'lastname':
default:
$order_by = 'lastname, firstname';
break;
}
// only do query in one place, simpler if you want to handle errors
$queryResult = $db->query($sql.$order_by);
// mysqli_fetch_array returns a number indexed array and a associative array combined, mysqli_fetch_assoc is all you need
// while ($row = mysqli_fetch_array($queryResult)) {
$members = array();
while ($row = mysqli_fetch_assoc($queryResult)) {
$members[] = $row;
}
// $members_amount = 0; $members_amount++;
$members_amount = count($members);
// only put code for presentation logic below here
?>
<html>
<head>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="css/stylesheet.css">
<title>Medlemsliste - <?php echo SITE_TITLE ?></title>
</head>
<body>
<div id="container">
<div id="header">
<div id="header-menu">
<img id="logo" src="img/nsdk_logo_header.png">
<ul id="main-menu">
<li><a href="index.php">Forsiden</a></li>
<li><a href="omklubben.php">Om klubben</a></li>
<li><a href="kontakt.php">Kontakt</a></li>
</ul>
</div>
</div>
Context
StackExchange Code Review Q#40120, answer score: 2
Revisions (0)
No revisions yet.