A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Snippets Functions Classes
Home | PHP Resources | MySQL Zipbase | Forums
File: class_auth.php
<?php
/*
#
# Copyright Iulian Ciobanu (CIGraphics) 2009
# Email: cigraphics@gmail.com
# Please leave the copyright and email intact.
#
# DATABASE TABLE:
CREATE TABLE `users` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`user` varchar(200) NOT NULL,
`password` varchar(40) NOT NULL,
`email` varchar(200) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC;
# LETS INSERT SOME DATA FOR TESTING PURPOSES:
INSERT INTO `users` (`id`, `user`, `password`, `email`) VALUES (1, 'user', '20ccbe71c69cb25e4e0095483cb63bd394a12b23', 'user@email.com');
# FOR TESTING PURPOSES:
The user is: user
The password is: 123456
# USAGE:
$auth = new Auth('database', 'user', 'password', 'host'); // This must be placed at the top of your document you don't need to start the session this script will do it.
$auth->type = session or cookie; // If you want to use sessions you don't need to write it else write cookie.
$auth->emailAuth = false or true; // If you want users to login with email instead of username set it to true or don't write this because is set to false by default
$auth->minval = integer; // The minimum chars for username. Write this only if you want to change the value because it's set by default 6.
$auth->maxval = integer; // The maximum chars for username. Write this only if you want to change the value because it's set by default 22.
$auth->minpass = integer; // The minimum chars for password. Write this only if you want to change the value because it's set by default 6.
$auth->salt = 'LOTS OF CHARS OF ANY TYPE'; // Change this. This is for security hashing. I strongly recommed to change this in the script or write this with other random chars.
$auth->login($user, $password); // Place this in the part where you get the post vars from your login forms
$auth->logout(); // Place this after $auth = new Auth(..) or if you setup type and emailAuth place it below them. Like in example. If you add it without that then you will never be able to login
$auth->error(); // Place this in your document. This function will display the errors from validation and other like mysql errors.
*/
class Auth {
var $type = 'cookie';
private $connection;
private $errors = array();
var $minval = 6;
var $maxval = 22;
var $minpass = 6;
var $salt = '#@()DIJK#)(F#&*()DS#@JKS)@(I()#@DU)*(&@#)(#U)J';
var $emailAuth = false;
function __construct($db, $user, $pass, $host) {
if ( $this->type == 'session' ) {
session_start();
}
$this->mysqlconnect($user, $pass, $host);
$this->mysqldb($db);
$this->check();
}
private function mysqlconnect($user, $pass, $host) {
$conn = @mysql_connect($host, $user, $pass);
if ( !$conn ) {
die('There is a problem with your mysql connection');
} else {
$this->connection = $conn;
}
}
private function mysqldb($db) {
if ( !@mysql_select_db($db, $this->connection) ) {
die('The database doesn\'t exist');
}
}
private function query($sql) {
$result = @mysql_query($sql, $this->connection);
if ( !$result ) {
$this->errors[] = 'SQL Error';
} else {
return $result;
}
}
private function fobj($result) {
return mysql_fetch_object($result);
}
private function fnum($result) {
return mysql_num_rows($result);
}
private function fescape($value) {
return mysql_real_escape_string($value);
}
public function login($user, $pass) {
$email = $this->emailAuth;
$err = false;
$user = strtolower($user);
$password = $this->encrypt($pass);
if ( $email == true ) {
if ( !$this->email($user) ) {
$this->errors[] = 'Email invalid.';
$err = true;
} else {
$col = 'email';
}
} else {
if ( !$this->name($user) ) {
$this->errors[] = 'Name invalid. Min chars: '.$this->minval.'. Max chars: '.$this->maxval;
$err = true;
} else {
$col = 'user';
}
}
if ( strlen($pass) < $this->minpass ) {
$this->errors[] = 'Password min value is 6 chars.';
$err = true;
}
if ( $err == false ) {
$sql = sprintf("SELECT * FROM users WHERE %s = '%s'", $col, $this->fescape($user));
$result = $this->query($sql);
if ( $this->fnum($result) == 0 ) {
$this->errors[] = ucfirst($col).' doesn\'t exist.';
} else {
$row = $this->fobj($result);
if ( $row->password == $password ) {
if ( $this->type == 'session' ) {
$this->set_session($col, $user);
$this->set_session('password', $password);
} elseif ( $this->type == 'cookie' ) {
$this->set_cookie($col, $user);
$this->set_cookie('password', $password);
}
header('Location: ./auth.php');
} else {
$this->errors[] = 'Incorrect password';
}
}
}
}
private function encrypt($value) {
$enc = md5($this->salt.md5($value));
return sha1($enc);
}
// Email validation
private function email($email) {
$reg = "#^(((([a-z\d][\.\-\+_]?)*)[a-z0-9])+)\@(((([a-z\d][\.\-_]?){0,62})[a-z\d])+)\.([a-z\d]{2,6})$#i";
if ( !preg_match($reg, $email) ) {
return false;
} else {
return true;
}
}
// Name validation
private function name($name) {
$min = $this->minval - 2;
if ( !preg_match("#^[a-z][\da-z_]{".$min.",".$this->maxval."}[a-z\d]\$#i", $name) ) {
return false;
} else {
return true;
}
}
private function set_session($name, $value) {
$_SESSION[$name] = $value;
}
private function destroy_session() {
session_unset();
session_destroy();
}
private function set_cookie($name, $value, $time = 3600 ) {
setcookie($name, $value, time()+$time, '/');
}
private function destroy_cookie($name) {
setcookie($name, '', time()-1, '/');
}
public function logout() {
if ( $this->emailAuth == false ) {
$col = 'user';
} else {
$col = 'email';
}
if ( $this->type == 'session' ) {
$this->destroy_session();
} elseif ( $this->type == 'cookie' ) {
$this->destroy_cookie('password');
$this->destroy_cookie($col);
}
header ( 'Location: ./auth.php' );
}
private function check() {
if ( $this->emailAuth == false ) {
$col = 'user';
} else {
$col = 'email';
}
if ( $this->type == 'cookie' ) {
if ( isset($_COOKIE['password']) ) {
$sql = sprintf("SELECT * FROM users WHERE %s = '%s'", $col, $this->fescape($_COOKIE[$col]) );
$result = $this->query($sql);
$row = $this->fobj($result);
if ( $row->{$col} !== $_COOKIE[$col] || $row->password !== $_COOKIE['password'] ) {
$this->logout();
}
}
} elseif ( $this->type == 'session' ) {
if ( isset($_SESSION['password']) ) {
$sql = sprintf("SELECT * FROM users WHERE %s = '%s'", $col, $this->fescape($_SESSION[$col]) );
$result = $this->query($sql);
$row = $this->fobj($result);
if ( $row->{$col} !== $_SESSION[$col] || $row->password !== $_SESSION['password'] ) {
$this->logout();
}
}
}
}
public function error() {
if ( is_array($this->errors) && !empty($this->errors) ) {
echo '<div style="border:1px solid #CCC; background-color:#FAFAFA; color:#FF0000">';
foreach ( $this->errors as $value ) {
echo $value."<br />";
}
echo '</div>';
}
}
public function isLoggedIn() {
$ret = false;
if ( $this->emailAuth == false ) {
$col = 'user';
} else {
$col = 'email';
}
if ( $this->type == 'cookie' ) {
if ( isset($_COOKIE['password']) ) {
$ret = true;
}
} elseif ( $this->type == 'session' ) {
if ( isset($_SESSION['password']) ) {
$ret = true;
}
}
return $ret;
}
}
?>
Example:
login.php
<?php
include 'class_auth.php';
$auth = new Auth('database', 'user', 'password', 'host'); // This order: Database User Password Host
if ( isset($_GET['logout']) ) {
$auth->logout();
}
if ( isset($_POST['login']) ) {
$auth->login($_POST['user'], $_POST['pass']); // This order: User/Email Password True/False (if you want to use email as auth
}
?>
HERE HTML STUFF
<?php if ( $auth->isLoggedIn() ) : ?>
<h1>Welcome</h1>
<a href="<?=$_SERVER['PHP_SELF'];?>?logout=true">Logout</a>
<?php else : ?>
<h1>Please login</h1>
<form action="<?=$_SERVER['PHP_SELF'];?>?auth" method="post">
<input type="text" name="user" /> User/Email<br />
<input type="password" name="pass" /> Password<br />
<input type="submit" name="login" value="Login" />
</form>
<?php $auth->error(); endif; ?>
Suggested Difficulty Level: Beginner
Current Score: 4
Total votes: 4
Total Views: 1382
Other top snippets by cigraphics:
1. Auth Class with (2.83 of 87)
2. Test Please Delete (2.83 of 30)
3. Return all repeated (3.64 of 72)
4. Convert an integer (3.3 of 71)
5. URL Shortening for (2.75 of 52)
6. Monthly Content Sorting (3 of 45)
7. Show String Trimmed (2.97 of 65)
8. Human readable file (2.01 of 70)
9. Randomize array values (2.8 of 82)
10. Create a recursive (3.35 of 55)
1. Parse RFC822 date (4 of 1)
2. Dynamic Image Uploading (5 of 1)
3. Spam Filter (0 of 0)
4. Is Multiple (0 of 0)
5. Base64 Encode / (0 of 0)
6. URL Encode / (0 of 0)
7. temp openbills (0 of 0)
8. Php Iban Validator (0 of 0)
9. Mysql Table Builder (0 of 0)
10. File size of (1.75 of 4)
11. Mail from your (1 of 1)
12. OddEven Class (0 of 0)
13. Detect if a (1 of 1)
14. MB CopyMCF-DIR :: (5 of 1)
15. Upper/Lower Case Accented (0 of 0)
16. Zodiac Signs (3 of 1)
17. Really useful code (2.5 of 2)
18. Calculate Central European (0 of 0)
19. Email Attachment (4 of 1)
20. ImageMagick Image Upload (0 of 0)
21. convert plain html (2 of 2)
22. Tag Builder (3.25 of 4)
23. Get Inserted ID (4.33 of 3)
24. Watermark An Image (3.33 of 3)
25. Check Prime Numbers (1.5 of 8)
2009-11-21 00:00:00