User login and management integration into single page site

Question

So I finally finished designed and building my website, it is a single page (Front.php) that displays all the menu options including register where the user can register and then the information gets stored into a database. The thing I need to understand and implement now is the idea of a user account. I'm not understanding how I should go about having login and account management. I understand that they can login, and i can just search the database for their username, and if there's a match then they can login. But where should that be handled, Front.php? Or should I have another file called Login.php, but then does it redirect back to Front.php if the login was successfull?

I'm really kind of lost on the basic file structure. Can someone explain how I should go about this?

My page is 95% jquery/html, with php only doing the inserting into the database function.

possible duplicate of [Login/Registration System with php and mysql](http://stackoverflow.com/questions/4011097/login-registration-system-with-php-and-mysql) — John Carter, Sep 29 '12 at 01:15
you need to check that the password and username they provide match with what you have in the database and save a cookie on their computer, and then every page is going to read that cookie. if the cookie is there and the data in it is fine, then display the logged in page, else display the non logged in page. — Ionut Hulub, Sep 29 '12 at 01:16
@therefromhere hmm that kind of helps, about passwords and sessions. Will keep in mind but I have question about that. When inserting information into the database, do I encrypt the password then store it? If so, how will I be able to read the password if I ever need to if it's encrypted? — John Bernal, Sep 29 '12 at 01:20
@IonutHulub so Front.php could be my non-logged in page and then Front2.php could be my logged in page? Is that what you mean? Is it possible just to hide content on Front.php until the user logs in? — John Bernal, Sep 29 '12 at 01:21
There's multiple ways to do this; if you use an [MVC pattern](http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller), there is no "page" construct per se; if you utilize something like [Backbone.js](http://stackoverflow.com/questions/6300450/how-to-handling-ui-state-for-single-page-app-with-backbone), then again there's not a concept of "multiple page" contexts. However, the "login and redirect" is certainly simpler to understand from a process point of view. My question: Why aren't you using a framework or CMS instead of rolling your own system? — Jared Farrish, Sep 29 '12 at 01:23
yes, that's what you have to do. check if the user is logged in or not (by reading the data in the cookie) and display different content based on that fact. a simple if statement. if user logged_id echo 'this' else echo 'that' — Ionut Hulub, Sep 29 '12 at 01:24
@JohnBernal you should salt + hash your passwords (sort of a one-way encryption). See http://php.net/manual/en/faq.passwords.php , http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords — John Carter, Sep 29 '12 at 01:24
[Backbone.js demos](https://github.com/documentcloud/backbone/wiki/Tutorials%2C-blog-posts-and-example-sites) — Jared Farrish, Sep 29 '12 at 01:26
You don't "read" a password from the database and compare it to the entered password; it's not an eyeball exercise. You're taking what the user gave you (user id, password), then applying the same "scrambling method" to that password (e.g., hashing with BLOWFISH using `crypt()`), and then *comparing* that hashed value to the value found for that user id in the database. As @therefromhere mentions, salting is becoming important, since it adds variance to the resulting hash stored in the database so that brute force dictionary attacks to "acquire" the passwords for the user ids is more "random". — Jared Farrish, Sep 29 '12 at 01:30

score 1 · Accepted Answer · answered Sep 29 '12 at 03:01

you'll need to use php. usually, i create a functions.php file to store all my functions then i include it on the head of each page. in my functions file, I always put a function to check if the login exists. here it is verbatim:

function checkLogin($data) {
    global $con;
    extract($data);
    $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    $result = mysql_query($sql, $con) or exit('Eror selecting users database: '.mysql_error());
    $num_rows = mysql_num_rows($result);
    if ($num_rows==0) {
        return false;
    }
    else {
        return true;
    }
}

$con is a global variable I store which creates the MySQL connection. It looks like:

$con = mysql_connect($host, $user, $pass);

This way I only have to define it once. Then on front.php you submit the form to itself (front.php) and do something like:

if (isset($_POST['submit']) && isset($_POST['loginForm'])) {
    if (!checkLogin($_POST)) {
        $valid = false;
    }
    else {
        Header('Location: dashboard.php');
    }
}

I put this code in a file called session.php, and include it at the head of every page. So in this case the top of your front.php file would look like:

<?php
  include('session.php');include('functions.php');

The reason I keep them separate is because you don't need to check for the login on every page the functions are in. in this example, I have my login form action set to loginForm and if successful, I am redirecting them to dashboard.php. You should probably put something in that else statement that stores their session as a cookie so they dont have to keep logging back in every time they close the tab or exit the browser.

User login and management integration into single page site

1 Answers1