Page 1 of 1

New to PHP : Need Help to create a login page using classes

Posted: Tue Nov 11, 2008 12:19 am
by ssuresh07
Hi,
I'm new to PHP, I have just started to develop an application.

I want to use Classes to built a login page.

I'm here posting my coding which is incomplete.

Someone give idea of completing it with handling sessions and how to redirect to another page.

and when pressing back button it should not goto login page again.

<?
class Login
{
public function __construct($username, $password)
{
require_once("Connection/db.php");
session_start();
$this->username = $username;
$this->password = $password;
$this->Validate();
}
public function __destruct()
{
}
protected function Validate()
{
$Query = "SELECT * FROM master_login WHERE username = ". $txtUserName ."";
$Execute = mysql_query($Query) or die('Query failed1: ' . mysql_error());
$rs =mysql_fetch_row($Execute);

if($rs[1] == $txtUserName && $rs[2] == $txtPassword)
header('Location: index1.html');
}
}

$objLogin = new Login("Guest","guest");
?>
<html>
<head>
<title>Test</title>
</head>

<body>
<form name = "frmlogin" method = "post" action="index1.html">
<table align="center">
<tr>
<th><a href="index1.html">Login</a></th>
</tr>
<tr>
<td><input type = "text" name = "txtUserName" /></td>
</tr>
<tr>
<td><input type = "text" name = "txtPassword" /></td>
</tr>
<tr>
<td>
<input type = "submit" name = "submit" value = "Submit" />
<input type = "reset" name = "reset" value = "Reset" />
</td>
</tr>
</body>
</html>

Re: New to PHP : Need Help to create a login page using classes

Posted: Tue Nov 11, 2008 1:04 am
by pcoder
Please place the code inside a proper tag.

Re: New to PHP : Need Help to create a login page using classes

Posted: Tue Nov 11, 2008 2:18 am
by papa
Well first of all you not only want to redirect the user to the right place, you also want to create session variables so that you have something to validate on each page.

So you need to improve your validate() function a bit.

Quick example:

Code: Select all

 
if($login->validate()) {
$_SESSION['user_name'] = $_POST['txtUserName'];
// redirect user to correct page
} else {
    session_unset();
    session_destroy();
    $_SESSION = array();
   echo "Could not login...";
}
 
 
So I would change your validate function to return something when successful userinfo is added and separate that from the redirect function.

Re: New to PHP : Need Help to create a login page using classes

Posted: Tue Nov 11, 2008 5:34 am
by Stryks
I would have to agree that setting session variables would be rolled into this class, especially as the session variables will likely be the core of your whole validation / persistent login scheme.

But I personally would feel uncomfortable with setting session variables in an object without the same object containing the means for cleaning up that data. So if I was going to have a login function that stored the session data, I'd also want to include the logout function which will remove the session data.

Then I'd probably start thinking that I should interface them here too, so that I don't need to track where the session data is stored (because the object interface wont give me any idea where that data is). So I'll put in session save and load functions, so when the authentication class loads, it can either load the existing credentials from the session, or create some generic 'guest' ones.

Of course, it's not really a login class anymore ... more of a user authentication class. Something I'd probably sketch up as ...

Code: Select all

class user_authentication {
 
    public $user_id;
    public $user_name;
    public $logged_in;
    
    public function __construct() {
 
        // Load authentication data
        $this->getSession();
    }
 
    public function __destruct() {
        
    }
 
    public function login($username, $password) {
    
    }
    
    public function logout() {
    
    }
 
    private function setSession($user_id, $user_name, $logged_in) {
         // Change in credentials - regenerate session
        session_regenerate_id();
 
       // Update session data
        $_SESSION['USER'] = array('ID'=>$user_id, 'NAME'=>$user_name, 'LOGGED'=>$looged_in);
    }
    
    private function getSession() {
        if(!isset($_SESSION['USER'])) {
            // Set default user data
            $_SESSION['USER'] = array('ID'=>0, 'NAME'=>'Guest', 'LOGGED'=>false);
        }
        $this->user_id = $_SESSION['USER']['ID'];
        $this->user_name = $_SESSION['USER']['NAME'];
        $this->logged_in = $_SESSION['USER']['LOGGED'];        
    }
    
}
... imagining an interface along the lines of ...

Code: Select all

$user = new user_authentication();
 
// for login attempt
if($user->login('username', 'password')) {
    // login success
} else {
    // Login Failure
}
    
// For page by page authentication
if(!$user->logged_in) {
    // User not logged in - bounce to 'safe' page
    header('Location: index.php');
    exit;
}     
 
This of course introduces some problems. It requires sessions to be started for example. Easy enough to test if sessions have been started yet with session_id(), so I'd imagine writing in a test for that being pretty easy. I'd probably do something along the same lines with the database.

Then you just need to work out your login scheme, add some logout code, and you have a useful class.

This is of course by no means perfect ... actually, it's not even tested ... but it should be a bit of an overview on the use of sessions for your class.

Hope it helps anyhow.