________________________________________________
PASSWORDS IN COOKIES ARE SAVED MD5 ENCRYPTED.
PASSWORDS IN DATABASES SHOULD BE MD5 ENCRYPTED.
________________________________________________
USE ON PAGES FOR LOGGED IN MEMBERS:
$class = new userAut();
$loggedin = $class->loggedin();
If the user isn't logged on or there aren't any
cookies or the session terminated, the user
will be redirected to the login page.
________________________________________________
USE ON LOGIN PAGE:
$class = new userAut();
$login = $class->login();
If the user is already logged on or if there
are cookies or there is a valid session, he
will be redirected to the member page. If the
log in form isn't complete or the username or
the password is wrong, the function will
return the error variable.
________________________________________________
USE ON LOGOUT PAGE:
$class = new userAut();
$logout = $class->logout();
The user will be logged out.
______________________________________________________
class userAut {
// declare $_SESSION variables:
// The value is the name of the $_SESSION variable.
// example: $_SESSION[$this->session_username] is equal to $_SESSION["username"].
// You can change these variables to your desired value.
var $session_username = "username";
var $session_email = "email";
var $session_ip = "ip";
// declare $_COOKIE variables:
// The value is the name of the $_COOKIE variable.
// example: $_COOKIE[$this->cookie_username] is equal to $_COOKIE["username"].
// You can change these variables to your desired value.
var $cookie_username = "username";
var $cookie_password = "password";
// declare $_POST variables:
// The value is the name of the $_POST variable.
// example: $_POST[$this->post_username] is equal to $_COOKIE["username"].
// You can change these variables to your desired value.
var $post_username = "username";
var $post_password = "password";
var $post_cookie = "remember"; // not necesary
// declare database variables:
// Change these values.
var $DB_host = "host";
var $DB_user = "username";
var $DB_pass = "password";
var $DB_db = "database";
var $DB_table_name = "users"; // enter the name of the table where the user data is saved
var $DB_field_username = "username"; // enter the name of the field where the usernames are stored
var $DB_field_password = "password"; // enter the name of the field where the passwords are stored
var $DB_field_email = "email"; // enter the name of the field where the emails are stored
// declare other variables:
// Change these values.
var $member_area = "memberarea"; // page only for logged in members
var $login_page = "login"; // page with the login form
var $error_form = "Please complete the form"; // the error message when form is incomplete
var $error_user = "Username or password wrong"; // the error message when user doesn't exist or when the password is wrong
// ||
// ||
// _ || _ !!!DON'T CHANGE ANYTHING FROM THIS POINT ON!!!
// \ || //
// \||//
// /
// /
var $username;
var $password;
var $email;
/**
* @return bool
* @desc Verify if user has got a session and if the user's IP corresonds to the IP in the session.
*/
function verifySession() {
if (!isset($_SESSION[$this->session_username]) || !isset($_SESSION[$this->session_email]) || !isset($_SESSION[$this->session_ip]) || $_SESSION[$this->session_ip] != $_SERVER['REMOTE_ADDR']) {
return false;
} else {
return true;
}
}
/**
* @return bool
* @desc Verify if cookies exist.
*/
function verifyCookie() {
if (isset($_COOKIE[$this->cookie_username]) && isset($_COOKIE[$this->cookie_password])) {
$this->username = $_COOKIE[$this->cookie_username];
$this->password = $_COOKIE[$this->cookie_password];
return true;
} else {
return false;
}
}
/**
* @return void
* @param string $page
* @desc Redirect the browser to the value in $page.
*/
function redirect($page) {
header("Location: ".$page);
exit();
}
/**
* @return bool
* @desc Verify username and password with MySQL database.
*/
function verifyDB() {
mysql_connect($this->DB_host,$this->DB_user,$this->DB_pass);
mysql_select_db($this->DB_db);
$sql = "SELECT * FROM `".$this->DB_table_name."` WHERE `".$this->DB_field_username."` = '".$this->username."' AND `".$this->DB_field_password." = '".$this->password."';";
$query = mysql_query($sql);
$row = mysql_fetch_assoc($query);
$num = mysql_num_rows($query);
if($num == 1) {
$this->email = $row[$this->DB_field_email];
return true;
} else {
return false;
}
}
/**
* @return void
* @desc Write username, email and IP into the session.
*/
function writeSession() {
$_SESSION[$this->session_username] = $this->username;
$_SESSION[$this->session_email] = $this->email;
$_SESSION[$this->session_ip] = $_SERVER['REMOTE_ADDR'];
}
/**
* @return void
* @desc Write cookie with username and md5 encrypted password.
*/
function writeCookie() {
setcookie($this->cookie_username,$this->username);
setcookie($this->cookie_password,$this->password);
}
/**
* @return bool
* @desc Verify if login form fields were filled out.
*/
function verifyForm() {
if (isset($_POST[$this->post_username]) && isset($_POST[$this->post_password]) && $_POST[$this->post_username] != "" && $_POST[$this->post_password] != "") {
$this->username = $_POST[$this->post_username];
$this->password = md5($_POST[$this->post_password]);
return true;
} else {
return false;
}
}
/**
* @return string
* @desc If the user is already logged in or if there
* are cookies or there is a valid session, he
* will be redirected to the member page. If the
* log in form isn't complete or the username or
* the password is wrong, the function will
* return the error variable.
*/
function login() {
// verify if user is already logged in
$v_session = $this->verifySession();
if ($v_session) {
$this->redirect($this->member_area);
}
// verify if cookies are set and if cookies' data corespond to database's data
$v_cookie = $this->verifyCookie();
if ($v_cookie) {
$v_db = $this->verifyDB();
if ($v_db) {
$this->writeSession();
$this->redirect($this->member_area);
}
}
// verify if login form is complete
$v_form = $this->verifyForm();
if (!$v_form) {
if (isset($_POST[$this->post_username]) && isset($_POST[$this->post_password])) {
return $this->error_form;
}
}
// verify if form's data coresponds to database's data
if ($v_form) {
$v_db = $this->verifyDB();
if (!$v_db) {
return $this->error_user;
} else {
$this->writeSession();
if ($_POST[$this->post_cookie]) {
$this->writeCookie();
}
$this->redirect($this->member_area);
}
}
}
/**
* @return void
* @desc The user will be logged out.
*/
function logout() {
$_SESSION = array();
session_destroy();
header("Location: ".$this->login_page);
}
/**
* @return void
* @desc If the user isn't logged on or there aren't
* any cookies or the session terminated, the
* user will be redirected to the login page.
*/
function loggedin() {
// verify if user is already logged in
$v_session = $this->verifySession();
if (!$v_session) {
// verify if cookies are set and if cookies' data corespond to database's data
$v_cookie = $this->verifyCookie();
if ($v_cookie) {
$v_db = $this->verifyDB();
if ($v_db) {
$this->writeSession();
}
} else {
$this->redirect($this->login_page);
}
}
}
}
Copyright Ayon Baidya
No comments:
Post a Comment