Authenticating Users - Exercise

Contact Us or call 1-877-932-8228
Authenticating Users - Exercise

Authenticating Users

Duration: 25 to 35 minutes.

In this exercise, you will use mysqli to authenticate users.

  1. Open Authentication/Exercises/index.php in your editor. This file has been created for you and contains the underlying logic of the authentication application. You will see that it includes several of the scripts we saw in earlier exercises. Most of these are exactly the same, but a small change has been made to the pwEntry() function in Authentication/Exercises/Includes/fnFormPresentation.php. It now takes a fifth parameter: $repeat. When $repeat is set to true (default), the user will be asked to repeat her password (used for registration forms). When $repeat is set to false, she'll just get a single password field (used for login forms).
  2. Your job is to finish Authentication/Exercises/Includes/LoginForm.php and Authentication/Exercises/Includes/Login.php, which are currently both nearly empty. You may find it helpful to refer to ManagingData/Demos/Includes/EmployeeForm.php when creating LoginForm.php and to ManagingData/Demos/Includes/ProcessEmployee.php when creating Login.php.

Code Sample:

Authentication/Exercises/index.php
<?php
	require 'Includes/fnFormPresentation.php';
	require 'Includes/fnStrings.php';
	$errors = array();
	$dbEntries = array(	'Email'=>'',
						'Password'=>'');
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="UTF-8">
<title>Northwind Home Page</title>
</head>
<body>
<?php
	$msg='';
	require 'Includes/Header.php';
	if (array_key_exists('LoggingIn',$_POST))
	{
		require 'Includes/Login.php';
	}
	if (!array_key_exists('LoggingIn',$_POST))
	{
		require 'Includes/LoginForm.php';
	}
	if (strlen($msg) > 0)
	{
		echo "<div align='center'>$msg</div>";
	}
	require 'Includes/Footer.php';
?>
</body>
</html>

Solution:

Authentication/Solutions/Includes/LoginForm.php
<h1 align="center">Log in</h1>
<form method="post" action="index.php">
<input type="hidden" name="LoggingIn" value="true">
<table align="center">
	<?php
		echo textEntry('Email','Email',$dbEntries,$errors,25);
		echo pwEntry('Password','Password',$errors,10,false);
	?>
	<tr>
		<td colspan="2" align="right">
			<input type="submit" value="Login">
		</td>
	</tr>
</table>
</form>

Solution:

Authentication/Solutions/Includes/Login.php
<?php
	$dbEntries = $_POST;
	foreach ($dbEntries as &$entry)
	{
		$entry = dbString($entry);
	}

	@$db = new mysqli('localhost','root','pwdpwd','Northwind');
	if (mysqli_connect_errno())
	{
		echo 'Cannot connect to database: ' . mysqli_connect_error();
	}
	else
	{
		$query = "SELECT EmployeeID, FirstName, LastName
					FROM Employees
					WHERE Email = '" . $dbEntries['Email'] .
					"' AND Password = '" . $dbEntries['Password'] . "'";
		$result = $db->query($query);

		if ($result->num_rows)
		{
			$row = $result->fetch_assoc();
			$msg = 'Logged in as ' .
				$row['FirstName'] . ' ' . $row['LastName'];
		}
		else
		{
			$msg = 'Login Failed';
			unset($_POST['LoggingIn']);
			$dbEntries = $_POST;
		}
	}
?>
Next