https://github.com/eftec/pdoone_login
It is a library
https://github.com/eftec/pdoone_login
Last synced: 6 months ago
JSON representation
It is a library
- Host: GitHub
- URL: https://github.com/eftec/pdoone_login
- Owner: EFTEC
- License: mit
- Created: 2020-04-07T14:14:56.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2020-04-07T15:32:12.000Z (about 6 years ago)
- Last Synced: 2024-12-29T08:13:36.714Z (over 1 year ago)
- Language: PHP
- Homepage: https://www.eftec.cl
- Size: 181 KB
- Stars: 3
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# PdoOne_login
An example of a login page using php and mysql
This example code implements a login page that validates the user into the database. It is a basic example and it lacks some features (such as hash of the password).
## Initializing the project using composer
Run composer as follow
```composer init```
Then, add your information and add the next dependencies: eftec/pdoone, eftec/bladeone, eftec/validationone
* eftec/pdoone connects to the database
* eftec/bladeone renders the view
* eftec/validationone validates the user input. It's also a message container.
```composer init
Welcome to the Composer config generator
This command will guide you through creating your composer.json config.
Package name (/) [jorge/pdo-one_login]: eftec/pdoone_login
Description []: example of a login page
Author [<>, n to skip]:
Minimum Stability []:
Package Type (e.g. library, project, metapackage, composer-plugin) []: project
License []: mit
Define your dependencies.
Would you like to define your dependencies (require) interactively [yes]?
Search for a package: eftec/pdoone
Enter the version constraint to require (or leave blank to use the latest version):
Using version ^1.28 for eftec/pdoone
Search for a package: eftec/bladeone
Enter the version constraint to require (or leave blank to use the latest version):
Using version ^3.37 for eftec/bladeone
Search for a package: eftec/validationone
Enter the version constraint to require (or leave blank to use the latest version):
Using version ^1.23 for eftec/validationone
Search for a package:
Would you like to define your dev dependencies (require-dev) interactively [yes]? no
{
"name": "eftec/pdoone_login",
"description": "example of a login page",
"type": "project",
"require": {
"eftec/pdoone": "^1.28",
"eftec/bladeone": "^3.37",
"eftec/validationone": "^1.23"
},
"license": "mit",
"authors": [
{
"name": "",
"email": ""
}
]
}
Do you confirm generation [yes]?
```
## Edit composer.json
We need to add a default namespace for psr-4. Add the next content inside composer.json
```json
"autoload": {
"psr-4": {"PdoOne_login\\": ""}
},
```
And runs the next command
```composer dump-autoload```
To rebuild the autoload
## Creating the mysql table
```sql
CREATE TABLE `user` (
`userid` VARCHAR(50) NOT NULL,
`password` VARCHAR(60) NULL,
`fullname` VARCHAR(45) NULL,
PRIMARY KEY (`userid`));
```
## Generating the class Repo
No, we want to generate the class repository. [repo/UserRepo.php](repo/UserRepo.php) using PdoOne
```shell script
php vendor/eftec/pdoone/lib/PdoOne.php -database mysql -server 127.0.0.1 -user root -pwd abc.123 -db testdb -input "user" -output classcode
```
This connects to a mysql database located in the server 127.0.0.1, user root, password abc.123, database testdb and table "user" (table created in the previous step). It will generate the whole class.
Copy the code and save it inside a new code in a new folder folder called repo
๐ repo
โ ๐ UserRepo.php
## Finishing the Class Repo
While the class is complete but it misses a line, the namespace, so let's add the namespace to the class
```php
namespace PdoOne_login\repo;
```
why **PdoOne_login**? It is because psr-4 (the line added in composer.json)
And **why repo**? It is because the folder is called **repo**.
## Creating the views
๐ views
โ ๐ login.blade.php login template
โ ๐ start.blade.php start template (when we load)
I used the html code form https://bootsnipp.com/tags/login
I edited a bit and here, then I added the notation of Bladeone (check the library for more information)
## Boilerplate code
๐ app
โ ๐ app.php it is our common file
```php
logLevel=3; // it shows all errors.
$pdoOne->open();
}
return $pdoOne;
}
function validationOne() {
global $validationOne;
if($validationOne===null) {
$validationOne=new ValidationOne();
}
return $validationOne;
}
```
What does it do?
It creates the instance of PdoOne (database), ValidationOne (validation and message container) and BladeOne (template)
It also starts a new session and enable the composer's autoloader.
The functions are quite simple. The work as :
* If the variable is not defined, then it is created and initialized.
* And the variable is returned.
## Our login code
๐ index.php it is our login code
```
type('string')->def(false)->post('buttonlogin');
if($buttonlogin===false) {
$login='';
$password='';
} else {
$login=validationOne()->type('string')
->condition('minlen','The login must have at least 3 characters',3)
->condition('maxlen','The login must have at most 10 characters',10)
->post('login');
$password=validationOne()->type('string')
->condition('minlen','The password must have at least 3 characters',3)
->post('password');
if(validationOne()->messageList->errorcount===0) {
$userDB= UserRepo::get($login);
if($userDB===null || $userDB===false || $userDB['password']!=$password) {
validationOne()->messageList->addItem('general','User or password incorrect','error');
} else {
$_SESSION['user']=$userDB;
session_write_close();
header('location:start.php',true);
die(1);
}
}
}
echo bladeOne()->run('login'
,['login'=>$login,
'password'=>$password]);
```
It works as follow
* if **buttonlogin** is false (not pressed) then
* It sets some default values (empty user and password)
* If **buttonlogin** is not false then
* It reads the user and password.
* If it not fails (it could fail if the user has less than 3 characters or other conditions )
* We read from the database. We use the **UserRepo** class to read using the primary key.
* If the user (from the database) is false or if the password (read from the database) is not equals to the input password then
* It adds an error
* Otherwise
* It stores the user in the session
* Redirect to the login page
* Finally, it shows the template using the library **BladeOne**
## Final testing
We should not forget to add a new user into the database.
Login into our webserver and so we could test it.
## Security
The password is not hash-ed into the database.
How to hash it?
Change the code
```
$userDB['password']!=$password
```
as
```$userDB['password']!= hash('sha256', $password.$SALT)```
where $SALT is a secret value defined in app.php
`$SALT='asdk sk padk se4'3485'4385'ยก4reorekkhptrkhptrkhk trhyktrpkptrkh+d+';// It is an example`
The value must be also store hashed in the database.