advanced code snippet search

Login Class

Published in: PHP 

Plain TextExpand 
  1. class Auth
  2. {
  3. 	var $user_id;
  4. 	var $username;
  5. 	var $password;
  6. 	var $ok;
  7. 	var $salt = "34asdf34";
  8. 	var $domain = ".domain.com";
  9.  
  10. 	function Auth()
  11. 	{
  12. 		global $db;
  13.  
  14. 		$this->user_id = 0;
  15. 		$this->username = "Guest";
  16. 		$this->ok = false;
  17.  
  18. 		if(!$this->check_session()) $this->check_cookie();
  19.  
  20. 		return $this->ok;
  21. 	}
  22.  
  23. 	function check_session()
  24. 	{
  25. 		if(!empty($_SESSION['auth_username']) && !empty($_SESSION['auth_password']))
  26. 			return $this->check($_SESSION['auth_username'], $_SESSION['auth_password']);
  27. 		else
  28. 			return false;
  29. 	}
  30.  
  31. 	function check_cookie()
  32. 	{
  33. 		if(!empty($_COOKIE['auth_username']) && !empty($_COOKIE['auth_password']))
  34. 			return $this->check($_COOKIE['auth_username'], $_COOKIE['auth_password']);
  35. 		else
  36. 			return false;
  37. 	}
  38.  
  39. 	function login($username, $password)
  40. 	{
  41. 		global $db;
  42. 		$db->query("SELECT user_id FROM users WHERE username = '$username' AND password = '$password'");
  43. 		if(mysql_num_rows($db->result) == 1)
  44. 		{
  45. 			$this->user_id = mysql_result($db->result, 0, 0);
  46. 			$this->username = $username;
  47. 			$this->ok = true;
  48.  
  49. 			$_SESSION['auth_username'] = $username;
  50. 			$_SESSION['auth_password'] = md5($password . $this->salt);
  51. 			setcookie("auth_username", $username, time()+60*60*24*30, "/", $this->domain);
  52. 			setcookie("auth_password", md5($password . $this->salt), time()+60*60*24*30, "/", $this->domain);
  53.  
  54. 			return true;
  55. 		}
  56. 		return false;
  57. 	}		
  58.  
  59. 	function check($username, $password)
  60. 	{
  61. 		global $db;
  62. 		$db->query("SELECT user_id, password FROM users WHERE username = '$username'");
  63. 		if(mysql_num_rows($db->result) == 1)
  64. 		{
  65. 			$db_password = mysql_result($db->result, 0, 1);
  66. 			if(md5($db_password . $this->salt) == $password)
  67. 			{
  68. 				$this->user_id = mysql_result($db->result, 0, 0);
  69. 				$this->username = $username;
  70. 				$this->ok = true;
  71. 				return true;
  72. 			}
  73. 		}			
  74. 		return false;
  75. 	}
  76.  
  77. 	function logout()
  78. 	{
  79. 		$this->user_id = 0;
  80. 		$this->username = "Guest";
  81. 		$this->ok = false;
  82.  
  83. 		$_SESSION['auth_username'] = "";
  84. 		$_SESSION['auth_password'] = "";
  85.  
  86. 		setcookie("auth_username", "", time() - 3600, "/", $this->domain);
  87. 		setcookie("auth_password", "", time() - 3600, "/", $this->domain);
  88. 	}
  89.  
  90. }

Report this snippet 

Comments

RSS Icon Subscribe to comments
Posted By: IanLewis on May 19, 2007

Unfortunately if you call the login or check functions without first escaping the username and password you could fall victim to SQL injection. You should make sure you escape those strings before placing them in a SQL query.

Also, whoever uses this class will need to implement the database class that you are using. Is that included somewhere on Snipplr?

Posted By: llbbl on May 27, 2007

check out :

http://phpmylogon.sourceforge.net/

It is way better than this code.

Posted By: the_coder on February 18, 2008

I don't know if it is a good idea to store(even the md5hash) the password in the cookie! It would be better if you'd store a newly generated fakesessionid in the database and the cookie.

You need to login to post a comment.