Authentication class with "cumbersome" instantiation methods

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
kilbad
Forum Commoner
Posts: 28
Joined: Wed Apr 02, 2008 3:51 pm

Authentication class with "cumbersome" instantiation methods

Post by kilbad »

How does this authentication look? I wish my instantiation of the class, particularly the method arguments were shorter/easier to work with. Right now I feel like they are very cumbersome. Would you organize this class differently?

Any ideas?

Thank you all in advance.

Code: Select all

 
$mysqli = new mysqli(MYSQL_SERVER,MYSQL_SERVER_USERNAME,MYSQL_SERVER_PASSWORD);
 
 
class Authentication {
    
    //Declaring variables
    private $username;
    private $password;
 
    //Setting username and password
    public function __construct($username, $password) {
        $this->username = $username;
        $this->password = md5($password);
    } 
 
    /*
        The following passes the MySQLi connection, database, table, and field
        information to the class, which are then all used to generate a database
        query for finding a matching username and password in the table for
        login. Results of the query are then counted and, if equal to one, the
        provided username and password are passed to the setSession method.
    */
    public function doLogin($connection, $database, $table, $usernameField, $passwordField) {
        $connection->select_db($database);
        $statement = $connection->prepare("SELECT COUNT(*) FROM $table WHERE $usernameField = ? AND $passwordField = ?");
        $statement->bind_param('ss', $this->username, $this->password);
        $statement->execute();
        $statement->bind_result($count);
        $statement->fetch();
        if ($count == 1) {
             $this->setSession($this->username, $this->password);
        } else {
            return FALSE;
        }
    }
    
    //Setting the provided username and password to session variables
    private function setSession($username, $password) {
        $_SESSION['username'] = $username;
        $_SESSION['password'] = $password;
        return TRUE;
    }
    
    /*
        The following passes the MySQLi connection, database, table, and field
        information to the class, which are then all used to generate a database
        query for finding a matching username and permission in the table for
        permission granting. Results of the query are then counted and, if equal
        to one, TRUE is returned.
    */
    public function checkPermission($connection, $database, $table, $usernameField, $permissionField, $permission) {
        $connection->select_db($database);
        $statement = $connection->prepare("SELECT COUNT(*) FROM $table WHERE $usernameField = ? AND $permissionField = ?");
        $statement->bind_param('ss', $this->username, $permission);
        $statement->execute();
        $statement->bind_result($count);
        $statement->fetch();
        if ($count == 1) {
            return TRUE;
        } else {
            return FALSE;
        }
    }
}
 
 
$authentication = new Authentication("user1", "pass1");
$authentication->doLogin($mysqli, '_authentication', 'users', 'username', 'password');
$authentication->checkPermission($mysqli, '_authentication', 'permissions', 'username', 'permission_for', 'example_permission');
 
$mysqli->close();
 
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Authentication class with "cumbersome" instantiation methods

Post by Christopher »

The two things I immediately notice are:

- the doLogin() and checkPermission() are almost identical. It seem like either using a Gateway object or actually creating a UserModel class would be a better thing to do.

- You are using the methods in a procedural fashion. It should be ready to do its job once initialized -- the ask it what you want of it.
(#10850)
kilbad
Forum Commoner
Posts: 28
Joined: Wed Apr 02, 2008 3:51 pm

I've made some modifications; what do you think of class/imp

Post by kilbad »

I made some changes to the class, and I am implementing it as shown below. How does the class and implementation look? Everything works, but I wanted to know if you would do anything differently?

Authentication class::

Code: Select all

 
<?php
 
interface Authentication {
    public function doLogin();
    public function checkPermission($permission);
}
 
class MysqliAuthentication implements Authentication {
    
    /* Variable declaration
     */
    private $username;
    private $password;
    private $connection;
 
    /* Sets username and raw password for authentication, as well as the 
     * mysqli connection object WITH database selected
     */
    public function __construct($username, $password, mysqli $connection) {
        $this->username = $username;
        $this->password = md5($password);
        $this->connection = $connection;
    }
 
    /* Checks provided username and password against a MySQL database table and
     * returns true if login is successful, followed with setting of username
     * and password session variables.
     */
    public function doLogin() {
        $query = "SELECT COUNT(*) FROM users
            WHERE username = ? AND password = ?";
        $statement = $this->connection->prepare($query);
        $statement->bind_param('ss', $this->username, $this->password);
        $statement->execute();
        $statement->bind_result($count);
        $statement->fetch();
        if ($count == 1) {
            return $this->setSession($this->username, $this->password);
        } else {
            return false;
        }
    }
 
    /* Checks if a username has a given permission found within a MySQL database
     * table, returning true if the username has the given permission.
     */
    public function checkPermission($permission) {
        $query = "SELECT COUNT(*) FROM permissions
            WHERE username = ? AND permission_for = ?";
        $statement = $this->connection->prepare($query);
        $statement->bind_param('ss', $this->username, $permission);
        $statement->execute();
        $statement->bind_result($count);
        $statement->fetch();
        return $count == 1;
    }
 
    /* Sets the provided username and password to session variables
     */
    private function setSession($username, $password) {
        $_SESSION['username'] = $username;
        return true;
    }
}
 
?>
 
Implementation::

Code: Select all

 
<?php
 
/* Checks for existing login
 */
$login = isset($_SESSION['username']) ? true : false;
 
/* Sets username, password, and referring URL
 */ 
$username = isset($_POST['username']) ? $_POST['username'] : null;
$password = isset($_POST['password']) ? $_POST['password'] : null;
$referrer = isset($_POST['referrer']) ? $_POST['referrer'] : null;
 
/* Establishes a MySQLi connection WITH database selected
 */
$mysqli = new mysqli(MYSQL_SERVER, MYSQL_SERVER_USERNAME, MYSQL_SERVER_PASSWORD,
    'example_authentication');
 
/* Instantiates a new MysqliAuthentication class, a class required within
 * the index file
 */ 
$authentication = new MysqliAuthentication($username, $password, $mysqli);
 
/* If the username and password are verified and the username is logged in, or
 * if the username was already logged in, the following "refers" the user back
 * to the page he or she came from. If the login process fails, then the login
 * form is provided again.
 */
if (($authentication->doLogin()) || ($login)) {
 
    if (($referrer == "http://www.example.com/login") or ($referrer == "http://www.example.com/logout") or (empty($referrer))) {
        $this->setVar('loginMessage', 'successful');
    } elseif (($referrer == "http://www.example.com/") or ($referrer == "http://example.com/")) {
        header("Location:http://www.example.com");
    } else { 
        header("Location:$referrer");
    }
    
} elseif (isset($username) OR isset($password)) {
    $this->setVar('loginMessage', 'Login to Example.com FAILED, please try again');
} else {
    $this->setVar('loginMessage', 'Login to Example.com');
}
 
/* Closing MySQLi object
 */ 
$mysqli->close();
 
?>
 
Post Reply