This is a little class I wrote that will allow you to do user authorization on your site. It includes the ability to mail the user first and have them follow a link back to verify their signup. This includes a small db class to support the authorize class.
By : Matt
<?
class db {
var $db_type;
var $db_server;
var $db_name;
var $db_user;
var $db_pass;
var $db_persistent;
var $dbh;
function db() {
$this->db_type = 1;
$this->db_server = 'localhost';
$this->db_name = 'db';
$this->db_user = 'user';
$this->db_pass = 'pass';
$this->db_persistent = 0;
$this->db_connect();
} //end constructor
function db_connect () {
// mySQL
if($this->db_type == 1) {
if ($this->db_persistent)
$this->dbh = @mysql_pconnect($this->db_server, $this->db_user, $this->db_pass);
else
$this->dbh = @mysql_connect($this->db_server, $this->db_user, $this->db_pass);
if (!$this->dbh) {
printf("Error: Connection to MySQL server '%s' failed.<BR>\n", $this->db_server);
return;
}
if (!@mysql_select_db($this->db_name, $this->dbh)) {
printf("Error: Connection to MySQL database '%s' failed.<BR>\n>%s: %s<BR>\n", $this->db_name, @mysql_errno($this->dbh), @mysql_error($this->dbh));
return;
}
}
//end mySQL
} //end db_connect()
function db_query ($query) {
// mySQL
if($this->db_type == 1) {
$result = mysql_query($query, $this->dbh)
or die ("Error: A problem was encountered while executing this query.");
return $result;
}
//end mySQL
} //end db_query()
function db_numrows ($result) {
switch($this->db_type) {
case 1: //mySQL
return mysql_num_rows($result);
} //end switch
} // end db_numrows()
function db_fetch_array (&$result) {
switch($this->db_type) {
case 1: //mySQL
return mysql_fetch_array($result);
} //end switch
} //end db_fetch_array()
} //end class db
class authenticate {
var $db;
var $salt;
function authenticate() {
$this->db = new db;
$this->salt = 'a552avf1ss';
} //end constructor
function login($uname, $pword) {
$query = "SELECT username FROM users WHERE username = '" . $uname . "' AND password = '" . crypt($pword, $this->salt) . "'";
$result = $this->db->db_query($query);
if($this->db->db_numrows($result) > 0) {
$secret = crypt($uname,$this->salt);
setcookie("mysite", "$uname:$secret");
return 1;
} else {
return 0;
}
} //end login()
function createUser($uname,$pword,$email) {
srand(make_seed());
$randval = rand();
$query = "INSERT authorize(username,password,accesslevel,email,id) VALUES ('" . $uname . "','" . crypt($pword,$this->salt) . "',0,'" . $email ."','" . $randval . "')";
$result = $this->db->db_query($query);
$message = "This message has been sent to you because you requested a login for mysite.com.\n\n";
$message .= "Please use the following URL to verify your email address and be added to the userlist.\n\n";
$message .= "http://mysite.com/newuser.php?email=" . $email . "&id=" . $randval . "\n\n";
$message .= "Please note that if you have recieved this message in error, or you do not want to sign up, you do not need to do anything.\nYou will not be added to the listing unless you use the proceeding URL.\n\n";
$message .= "Thanks for visiting our site!\n";
mail($email, "mysite.com - account confirmation", $message, "From: register@mysite.com");
}
function checkUsername($uname) {
$query = "SELECT * FROM users where username='" . $uname ."'";
$result = $this->db->db_query($query);
if($this->db->db_numrows($result) > 0) {
return 0;
} else {
return 1;
}
}
function validateUser($email,$id) {
$query = "SELECT * FROM authorize WHERE email='" . $email . "' AND id='" . $id ."'";
$result = $this->db->db_query($query);
if($this->db->db_numrows($result) > 0) {
$row = $this->db->db_fetch_array($result);
$query = "INSERT users(user_id,username,password,accesslevel,email) VALUES ('','" . $row['username'] . "','" . $row['password'] . "',1,'" . $row['email'] ."')";
$result = $this->db->db_query($query);
$query = "SELECT user_id FROM users WHERE username='" . $row['username'] ."'";
$result = $this->db->db_query($query);
$row = $this->db->db_fetch_array($result);
$query = "DELETE FROM authorize WHERE id='" . $id ."'";
$result = $this->db->db_query($query);
return 1;
} else {
return 0;
}
}
function logout() {
setcookie("mysite");
} //end logout()
function checkLogin() {
global $HTTP_COOKIE_VARS;
$array = explode(":", $HTTP_COOKIE_VARS['mysite']);
if(crypt($array[0], $this->salt) == $array[1]) {
return 1;
} else {
return 0;
}
} //end checkLogin()
function getName() {
global $HTTP_COOKIE_VARS;
$array = explode(":", $HTTP_COOKIE_VARS['mysite']);
return $array[0];
}
function getLevel() {
$logged = $this->checkLogin();
if($logged) {
$username = $this->getName();
$query = "SELECT accesslevel FROM users WHERE username='" . $username . "'";
$result = $this->db->db_query($query);
$row = $this->db->db_fetch_array($result);
return $row['accesslevel'];
} else {
return 0;
}
}
function getID() {
$logged = $this->checkLogin();
if($logged) {
$username = $this->getName();
$query = "SELECT user_id FROM users WHERE username='" . $username . "'";
$result = $this->db->db_query($query);
$row = $this->db->db_fetch_array($result);
return $row['user_id'];
} else {
return 0;
}
}
} //end class authenticate
?>
####table structures
CREATE TABLE authorize (
username varchar(15) NOT NULL default '',
password varchar(20) NOT NULL default '',
accesslevel tinyint(4) NOT NULL default '0',
email varchar(30) NOT NULL default '',
id varchar(30) NOT NULL default '',
PRIMARY KEY (username)
) TYPE=MyISAM;
CREATE TABLE users (
user_id int(10) unsigned NOT NULL auto_increment,
username varchar(15) NOT NULL default '',
password varchar(20) NOT NULL default '',
accesslevel tinyint(4) NOT NULL default '0',
email varchar(30) NOT NULL default '',
PRIMARY KEY (username),
KEY user_id (user_id)
) TYPE=MyISAM;
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More User Management Code Articles
More By Codewalkers
 developerWorks - FREE Tools!
|
Hold your calendar on January 30, 2008 for this free webcast on the new i5/OS. Rational's Enterprise Modernization products will be discussed at this webcast as they help to drive the application development environment for this new System i OS. <br />And learn how i5/OS will take you to the next step of efficient, resilient business processing. You will hear about the new i5/OS capabilities as it will be the most significant i5/OS release in years. If you cannot join the webcast on 1/30/08 you can still use this link to listen to the replay.<br />
FREE! Go There Now!
|
|
|
|
Building a software-as-a-service solution requires addressing a few key technical challenges. In this webcast, we'll focus on the role of IBM Tivoli Directory Server and WebSphere Portlet Factory in creating a Software as a Service solution. We will demonstrate how to use Tivoli Directory Server to prevent the user population of one tenant from accessing the virtual portal and portlet components of another tenant. We will also use the dynamic profile capability of WebSphere Portlet Factory to create multiple highly customized applications from one code base.
FREE! Go There Now!
|
|
|
|
Poor Requirements Management capabilities in an Enterprise have been linked to excessive project failures, escalating IT costs, and failure to deliver competitive advantage into the marketplace. Join Brianna M Smith from IBM Rational and learn about how successful organizations align IT and Business stakeholders through collaborative processes and tools for effective requirements management, and how an integrated approach across the IT lifecycle can provide unparalleled visibility and traceability to ensure that project teams are delivering on the business vision by "doing the right things" and "doing things right."
FREE! Go There Now!
|
|
|
|
Download a free trial version of IBM Rational Developer for System z, software that can help you deliver core development capabilities; the power of Java Platform, Enterprise Edition (Java EE); and rapid application development support to diverse enterprise application development teams. With comprehensive development tools to help create, deploy and maintain traditional enterprise and composite applications, Rational Developer for System z enables developers with different technical backgrounds to easily participate in important technology projects.
FREE! Go There Now!
|
|
|
|
Download a free trial version of IBM Rational Software Analyzer Developer Edition V7.0 to identify bug defects earlier in the software development cycle. Rational Software Analyzer is an extensible software development solution that reduces the expense of bug-fixes by enabling static analysis code reviews and bug identification very early in the development cycle.
FREE! Go There Now!
|
|
|
|
Join this Rational Talks to You teleconference on December 4 at 1:00 pm ET to discuss how Rational Method Composer can help meet your compliance objectives. Get your questions answered!
FREE! Go There Now!
|
|
|
|
As organizations have grown increasingly dependent on online software, the risk of malicious attacks has also become far more serious. Fortunately, well-governed organizations can protect their Web applications by injecting vulnerability assessments and ethical hacks into their software development and delivery processes. This paper describes 12 of the most common hacker attacks and provides basic rules that you can follow to help create more hack-resistant Web applications.
FREE! Go There Now!
|
|
|
|
Get a free trial download of the latest version of IBM Rational Performance Tester V7.0.1, a load and performance testing solution for teams concerned about the scalability of their Web-based applications. Combining multiple ease-of-use features with granular detail, Rational Performance Tester simplifies the test-creation, load-generation and data-collection processes that help teams ensure the ability of their applications to accommodate required user loads.
FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to try the IBM SOA Sandbox for people. The SOA Sandbox for people provides a trial environment with the necessary tooling and components required to enable consistent human and process interaction and collaboration, showing how you can improve user experience and business productivity.
FREE! Go There Now!
|
|
|
|
WebSphere Process Server delivers a unique integration framework that simplifies existing IT resources. Often, as IT assets grow to support business demand, so too does their complexity and manageability. In this webcast, we’ll discuss how WebSphere Process Server helps deliver an SOA infrastructure that provides a common model to orchestrate, mediate, connect, map, and execute the underlying IT functions. Discover how WebSphere Process Server simplifies integration of business processes by leveraging existing IT assets as reusable services without the complexities of traditional integration methodologies.
FREE! Go There Now!
|
|
|
|
All FREE IBM® developerWorks Tools!
|
/ 2 
