This is a little class I wrote that will allow you to do user authorization on your site. It includes the ability to mail the user first and have them follow a link back to verify their signup. This includes a small db class to support the authorize class.

By : Matt

<?
class db {

var $db_type;
var $db_server;
var $db_name;
var $db_user;
var $db_pass;
var $db_persistent;
var $dbh;

function db() {


$this->db_type = 1;
$this->db_server = 'localhost';
$this->db_name = 'db';
$this->db_user = 'user';
$this->db_pass = 'pass';
$this->db_persistent = 0;
$this->db_connect();

} //end constructor

function db_connect () {

// mySQL
if($this->db_type == 1) {
if ($this->db_persistent)
$this->dbh = @mysql_pconnect($this->db_server, $this->db_user, $this->db_pass);
else
$this->dbh = @mysql_connect($this->db_server, $this->db_user, $this->db_pass);

if (!$this->dbh) {
printf("Error: Connection to MySQL server '%s' failed.<BR>\n", $this->db_server);
return;
}

if (!@mysql_select_db($this->db_name, $this->dbh)) {
printf("Error: Connection to MySQL database '%s' failed.<BR>\n>%s: %s<BR>\n", $this->db_name, @mysql_errno($this->dbh), @mysql_error($this->dbh));
return;
}
}
//end mySQL
} //end db_connect()

function db_query ($query) {

// mySQL
if($this->db_type == 1) {
$result = mysql_query($query, $this->dbh)
or die ("Error: A problem was encountered while executing this query.");

return $result;
}
//end mySQL
} //end db_query()

function db_numrows ($result) {

switch($this->db_type) {
case 1: //mySQL
return mysql_num_rows($result);

} //end switch
} // end db_numrows()

function db_fetch_array (&$result) {

switch($this->db_type) {
case 1: //mySQL
return mysql_fetch_array($result);
} //end switch
} //end db_fetch_array()


} //end class db

class authenticate {

var $db;
var $salt;

function authenticate() {


$this->db = new db;
$this->salt = 'a552avf1ss';


} //end constructor


function login($uname, $pword) {

$query = "SELECT username FROM users WHERE username = '" . $uname . "' AND password = '" . crypt($pword, $this->salt) . "'";
$result = $this->db->db_query($query);
if($this->db->db_numrows($result) > 0) {
$secret = crypt($uname,$this->salt);
setcookie("mysite", "$uname:$secret");
return 1;
} else {
return 0;
}
} //end login()

function createUser($uname,$pword,$email) {
srand(make_seed());
$randval = rand();
$query = "INSERT authorize(username,password,accesslevel,email,id) VALUES ('" . $uname . "','" . crypt($pword,$this->salt) . "',0,'" . $email ."','" . $randval . "')";
$result = $this->db->db_query($query);
$message = "This message has been sent to you because you requested a login for mysite.com.\n\n";
$message .= "Please use the following URL to verify your email address and be added to the userlist.\n\n";
$message .= "http://mysite.com/newuser.php?email=" . $email . "&id=" . $randval . "\n\n";
$message .= "Please note that if you have recieved this message in error, or you do not want to sign up, you do not need to do anything.\nYou will not be added to the listing unless you use the proceeding URL.\n\n";
$message .= "Thanks for visiting our site!\n";
mail($email, "mysite.com - account confirmation", $message, "From: register@mysite.com");

}

function checkUsername($uname) {
$query = "SELECT * FROM users where username='" . $uname ."'";
$result = $this->db->db_query($query);
if($this->db->db_numrows($result) > 0) {
return 0;
} else {
return 1;
}
}

function validateUser($email,$id) {
$query = "SELECT * FROM authorize WHERE email='" . $email . "' AND id='" . $id ."'";
$result = $this->db->db_query($query);
if($this->db->db_numrows($result) > 0) {
$row = $this->db->db_fetch_array($result);
$query = "INSERT users(user_id,username,password,accesslevel,email) VALUES ('','" . $row['username'] . "','" . $row['password'] . "',1,'" . $row['email'] ."')";
$result = $this->db->db_query($query);
$query = "SELECT user_id FROM users WHERE username='" . $row['username'] ."'";
$result = $this->db->db_query($query);
$row = $this->db->db_fetch_array($result);
$query = "DELETE FROM authorize WHERE id='" . $id ."'";
$result = $this->db->db_query($query);
return 1;
} else {
return 0;
}
}

function logout() {

setcookie("mysite");
} //end logout()

function checkLogin() {
global $HTTP_COOKIE_VARS;

$array = explode(":", $HTTP_COOKIE_VARS['mysite']);
if(crypt($array[0], $this->salt) == $array[1]) {
return 1;
} else {
return 0;
}
} //end checkLogin()

function getName() {
global $HTTP_COOKIE_VARS;
$array = explode(":", $HTTP_COOKIE_VARS['mysite']);
return $array[0];
}

function getLevel() {
$logged = $this->checkLogin();
if($logged) {
$username = $this->getName();
$query = "SELECT accesslevel FROM users WHERE username='" . $username . "'";
$result = $this->db->db_query($query);
$row = $this->db->db_fetch_array($result);
return $row['accesslevel'];
} else {
return 0;
}
}

function getID() {
$logged = $this->checkLogin();
if($logged) {
$username = $this->getName();
$query = "SELECT user_id FROM users WHERE username='" . $username . "'";
$result = $this->db->db_query($query);
$row = $this->db->db_fetch_array($result);
return $row['user_id'];
} else {
return 0;
}
}


} //end class authenticate
?>
####table structures
CREATE TABLE authorize (
username varchar(15) NOT NULL default '',
password varchar(20) NOT NULL default '',
accesslevel tinyint(4) NOT NULL default '0',
email varchar(30) NOT NULL default '',
id varchar(30) NOT NULL default '',
PRIMARY KEY (username)
) TYPE=MyISAM;
CREATE TABLE users (
user_id int(10) unsigned NOT NULL auto_increment,
username varchar(15) NOT NULL default '',
password varchar(20) NOT NULL default '',
accesslevel tinyint(4) NOT NULL default '0',
email varchar(30) NOT NULL default '',
PRIMARY KEY (username),
KEY user_id (user_id)
) TYPE=MyISAM;

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

More User Management Code Articles
More By Codewalkers

 

developerWorks - FREE Tools!

IBM DB2 Deep Compression ROI Tool The IBM DB2 Deep Compression ROI tool is designed for DBA’s and IT management personnel to perform a clinical analysis of the cost savings gained from the Storage Optimization feature of DB2 9 for Linux, UNIX and Windows. The feature, also known as Deep Compression, compresses data that lies within a database by up to 80% at times. FREE! Go There Now!

NEW! Addressing software-as-a-service challenges using Tivoli security and WebSphere solutions Building a software-as-a-service solution requires addressing a few key technical challenges. In this webcast, we'll focus on the role of IBM Tivoli Directory Server and WebSphere Portlet Factory in creating a Software as a Service solution. We will demonstrate how to use Tivoli Directory Server to prevent the user population of one tenant from accessing the virtual portal and portlet components of another tenant. We will also use the dynamic profile capability of WebSphere Portlet Factory to create multiple highly customized applications from one code base. FREE! Go There Now!

NEW! Develop Systems Software Assets with IBM Rational Asset Manager Join us for this on demand webcast to learn about developing complex systems more quickly and efficiently. We'll cover market drivers for developing, governing and reusing systems software assets and how you can develop system software assets with Rational Asset Manager. FREE! Go There Now!

NEW! Download a free trial of Lotus Quickr 8.0 Visit IBM developerWorks to download a free trial version of Lotus Quickr 8.0, which enables collaboration by transforming the way everyday business content such as documents, rich media, photos, and video can be shared. Lotus Quickr makes it faster and easier to share content of all types (not just documents) within virtual teams. It is designed to make it easier to collaborate across organizational boundaries, while continuing to work within the context of familiar desktop applications. FREE! Go There Now!

NEW! Evaluate IBM Lotus Sametime Standard V8.0 Visit IBM developerWorks to download a free trial of the latest release of IBM Lotus Sametime Standard V8.0. Lotus Sametime Standard V8.0 is a platform for unified communications and collaboration that combines security features with an extensible, open solution including integrated Voice over IP, geographic location awareness, mobile clients, and a robust Business Partner community offering telephony and video integration. FREE! Go There Now!

NEW! Evaluate Rational Host Access Transformation Services (HATS) Toolkit V7.1 Visit IBM developerWorks to download a free trial of the Rational Host Access Transformation Services (HATS) Toolkit. The HATS toolkit provides a set of plug-ins for the IBM Rational Software Delivery Platform to help you easily extend your legacy applications. HATS makes your 3270 and 5250 applications available as HTML through the most popular Web browsers, while converting your host screens to a Web look and feel and it also enables you to develop new Web, portal, and rich-client applications. FREE! Go There Now!

NEW! IBM Rational Systems Development e-Kit As systems increase in complexity, communication between systems and software teams becomes more and more difficult. Now, there’s a way to improve product quality and communication.<br />Read the “Model Driven Systems Development” white paper to see how. Also included in this kit are more educational white papers, customer examples, tutorials, informative Webcasts, and best practices for designing, building and managing systems.<br /> FREE! Go There Now!

NEW! Try the IBM SOA Sandbox for Connectivity Visit IBM developerWorks to try the IBM SOA Sandbox for connectivity. The SOA Sandbox for connectivity provides a trial environment with the tooling and components to help you explore how to effectively connect your infrastructure and integrate all of the people, processes and information in your company. Use the hosted sandbox to explore SOA techniques that streamline connecting existing IT assets together, as well as learn how to connect them to new business logic. FREE! Go There Now!

NEW! Try the IBM SOA Sandbox for People Visit IBM developerWorks to try the IBM SOA Sandbox for people. The SOA Sandbox for people provides a trial environment with the necessary tooling and components required to enable consistent human and process interaction and collaboration, showing how you can improve user experience and business productivity. FREE! Go There Now!

NEW! Webcast: WebSphere Process Server WebSphere Process Server delivers a unique integration framework that simplifies existing IT resources. Often, as IT assets grow to support business demand, so too does their complexity and manageability. In this webcast, we’ll discuss how WebSphere Process Server helps deliver an SOA infrastructure that provides a common model to orchestrate, mediate, connect, map, and execute the underlying IT functions. Discover how WebSphere Process Server simplifies integration of business processes by leveraging existing IT assets as reusable services without the complexities of traditional integration methodologies. FREE! Go There Now!

All FREE IBM® developerWorks Tools!