I accomplish my login by using the $_SESSION object.
My login class looks like this. What am I doing wrong, and what can I improve upon?
Code: Select all
<?php
class LoginManager
{
private $errorMessage = null;
public function isLoggedIn()
{
$valid = false;
if(isset($_SESSION['loginId']))
$valid = true;
return $valid;
}
public function logout()
{
session_destroy();
}
public function login($email, $password)
{
$valid = false;
if(!isset($_SESSION['loginId']))
{
$loginId = $this->authenticate($email, $password);
if ($loginId > 0)
//Authentication succesfull
{
$_SESSION['loginId'] = $loginId;
$valid = true;
}
}
else
$this->errorMessage = "User is already logged in, please logout";
return $valid;
}
private function authenticate($email, $password)
{
$loginId = 0;
$login = new Login();
$loginResult = $login->selectLoginDetailsByEmail($email);
unset($login);
if($loginResult->rowCount() == 1)
{
$loginRow = $loginResult->fetch();
if (strcmp($loginRow['password'], sha1($password . SALT)) == 0)
{
$loginId = $loginRow['loginId'];
}
else
$this->errorMessage = "The password entered is incorrect. If you need help recovering your password click <a href=\"forgotPassword.php\">here</a>";
}
else
$this->errorMessage = "The email entered is not in our system";
return $loginId;
}
public function errorMessage()
{
return $this->errorMessage;
}
}
?>