Revision: 26616
Initial Code
Initial URL
Initial Description
Initial Title
Initial Tags
Initial Language
at May 4, 2010 07:17 by cigraphics
Initial Code
<?php /* # # Copyright Iulian Ciobanu (CIGraphics) 2009 # Email: [email protected] # Please leave the copyright and email intact. # # DATABASE TABLE: CREATE TABLE `users` ( `id` int(11) NOT NULL AUTO_INCREMENT, `user` varchar(200) NOT NULL, `password` varchar(40) NOT NULL, `email` varchar(200) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC; # LETS INSERT SOME DATA FOR TESTING PURPOSES: INSERT INTO `users` (`id`, `user`, `password`, `email`) VALUES (1, 'user', '20ccbe71c69cb25e4e0095483cb63bd394a12b23', '[email protected]'); # FOR TESTING PURPOSES: The user is: user The password is: 123456 # USAGE: $auth = new Auth('database', 'user', 'password', 'host'); // This must be placed at the top of your document you don't need to start the session this script will do it. $auth->type = session or cookie; // If you want to use sessions you don't need to write it else write cookie. $auth->emailAuth = false or true; // If you want users to login with email instead of username set it to true or don't write this because is set to false by default $auth->minval = integer; // The minimum chars for username. Write this only if you want to change the value because it's set by default 6. $auth->maxval = integer; // The maximum chars for username. Write this only if you want to change the value because it's set by default 22. $auth->minpass = integer; // The minimum chars for password. Write this only if you want to change the value because it's set by default 6. $auth->salt = 'LOTS OF CHARS OF ANY TYPE'; // Change this. This is for security hashing. I strongly recommed to change this in the script or write this with other random chars. $auth->login($user, $password); // Place this in the part where you get the post vars from your login forms $auth->logout(); // Place this after $auth = new Auth(..) or if you setup type and emailAuth place it below them. Like in example. If you add it without that then you will never be able to login $auth->error(); // Place this in your document. This function will display the errors from validation and other like mysql errors. */ class Auth { var $type = 'cookie'; private $connection; private $errors = array(); var $minval = 6; var $maxval = 22; var $minpass = 6; var $salt = '#@()DIJK#)(F#&*()DS#@JKS)@(I()#@DU)*(&@#)(#U)J'; var $emailAuth = false; function __construct($db, $user, $pass, $host) { if ( $this->type == 'session' ) { session_start(); } $this->mysqlconnect($user, $pass, $host); $this->mysqldb($db); $this->check(); } private function mysqlconnect($user, $pass, $host) { $conn = @mysql_connect($host, $user, $pass); if ( !$conn ) { die('There is a problem with your mysql connection'); } else { $this->connection = $conn; } } private function mysqldb($db) { if ( !@mysql_select_db($db, $this->connection) ) { die('The database doesn\'t exist'); } } private function query($sql) { $result = @mysql_query($sql, $this->connection); if ( !$result ) { $this->errors[] = 'SQL Error'; } else { return $result; } } private function fobj($result) { return mysql_fetch_object($result); } private function fnum($result) { return mysql_num_rows($result); } private function fescape($value) { return mysql_real_escape_string($value); } public function login($user, $pass) { $email = $this->emailAuth; $err = false; $user = strtolower($user); $password = $this->encrypt($pass); if ( $email == true ) { if ( !$this->email($user) ) { $this->errors[] = 'Email invalid.'; $err = true; } else { $col = 'email'; } } else { if ( !$this->name($user) ) { $this->errors[] = 'Name invalid. Min chars: '.$this->minval.'. Max chars: '.$this->maxval; $err = true; } else { $col = 'user'; } } if ( strlen($pass) < $this->minpass ) { $this->errors[] = 'Password min value is 6 chars.'; $err = true; } if ( $err == false ) { $sql = sprintf("SELECT * FROM users WHERE %s = '%s'", $col, $this->fescape($user)); $result = $this->query($sql); if ( $this->fnum($result) == 0 ) { $this->errors[] = ucfirst($col).' doesn\'t exist.'; } else { $row = $this->fobj($result); if ( $row->password == $password ) { if ( $this->type == 'session' ) { $this->set_session($col, $user); $this->set_session('password', $password); } elseif ( $this->type == 'cookie' ) { $this->set_cookie($col, $user); $this->set_cookie('password', $password); } header('Location: ./auth.php'); } else { $this->errors[] = 'Incorrect password'; } } } } private function encrypt($value) { $enc = md5($this->salt.md5($value)); return sha1($enc); } // Email validation private function email($email) { $reg = "#^(((([a-z\d][\.\-\+_]?)*)[a-z0-9])+)\@(((([a-z\d][\.\-_]?){0,62})[a-z\d])+)\.([a-z\d]{2,6})$#i"; if ( !preg_match($reg, $email) ) { return false; } else { return true; } } // Name validation private function name($name) { $min = $this->minval - 2; if ( !preg_match("#^[a-z][\da-z_]{".$min.",".$this->maxval."}[a-z\d]\$#i", $name) ) { return false; } else { return true; } } private function set_session($name, $value) { $_SESSION[$name] = $value; } private function destroy_session() { session_unset(); session_destroy(); } private function set_cookie($name, $value, $time = 3600 ) { setcookie($name, $value, time()+$time, '/'); } private function destroy_cookie($name) { setcookie($name, '', time()-1, '/'); } public function logout() { if ( $this->emailAuth == false ) { $col = 'user'; } else { $col = 'email'; } if ( $this->type == 'session' ) { $this->destroy_session(); } elseif ( $this->type == 'cookie' ) { $this->destroy_cookie('password'); $this->destroy_cookie($col); } header ( 'Location: ./auth.php' ); } private function check() { if ( $this->emailAuth == false ) { $col = 'user'; } else { $col = 'email'; } if ( $this->type == 'cookie' ) { if ( isset($_COOKIE['password']) ) { $sql = sprintf("SELECT * FROM users WHERE %s = '%s'", $col, $this->fescape($_COOKIE[$col]) ); $result = $this->query($sql); $row = $this->fobj($result); if ( $row->{$col} !== $_COOKIE[$col] || $row->password !== $_COOKIE['password'] ) { $this->logout(); } } } elseif ( $this->type == 'session' ) { if ( isset($_SESSION['password']) ) { $sql = sprintf("SELECT * FROM users WHERE %s = '%s'", $col, $this->fescape($_SESSION[$col]) ); $result = $this->query($sql); $row = $this->fobj($result); if ( $row->{$col} !== $_SESSION[$col] || $row->password !== $_SESSION['password'] ) { $this->logout(); } } } } public function error() { if ( is_array($this->errors) && !empty($this->errors) ) { echo '<div style="border:1px solid #CCC; background-color:#FAFAFA; color:#FF0000">'; foreach ( $this->errors as $value ) { echo $value."<br />"; } echo '</div>'; } } public function isLoggedIn() { $ret = false; if ( $this->emailAuth == false ) { $col = 'user'; } else { $col = 'email'; } if ( $this->type == 'cookie' ) { if ( isset($_COOKIE['password']) ) { $ret = true; } } elseif ( $this->type == 'session' ) { if ( isset($_SESSION['password']) ) { $ret = true; } } return $ret; } } ?> Example: login.php <?php include 'class_auth.php'; $auth = new Auth('database', 'user', 'password', 'host'); // This order: Database User Password Host if ( isset($_GET['logout']) ) { $auth->logout(); } if ( isset($_POST['login']) ) { $auth->login($_POST['user'], $_POST['pass']); // This order: User/Email Password True/False (if you want to use email as auth } ?> HERE HTML STUFF <?php if ( $auth->isLoggedIn() ) : ?> <h1>Welcome</h1> <a href="<?=$_SERVER['PHP_SELF'];?>?logout=true">Logout</a> <?php else : ?> <h1>Please login</h1> <form action="<?=$_SERVER['PHP_SELF'];?>?auth" method="post"> <input type="text" name="user" /> User/Email<br /> <input type="password" name="pass" /> Password<br /> <input type="submit" name="login" value="Login" /> </form> <?php $auth->error(); endif; ?>
Initial URL
Initial Description
Here is an old Auth class that i made :)
Initial Title
Authentication class using cookies or sessions
Initial Tags
mysql, class, php
Initial Language
PHP