This is a little class I wrote that will allow you to do user authorization on your site. It includes the ability to mail the user first and have them follow a link back to verify their signup. This includes a small db class to support the authorize class.

By : Matt

<?
class db {

var $db_type;
var $db_server;
var $db_name;
var $db_user;
var $db_pass;
var $db_persistent;
var $dbh;

function db() {


$this->db_type = 1;
$this->db_server = 'localhost';
$this->db_name = 'db';
$this->db_user = 'user';
$this->db_pass = 'pass';
$this->db_persistent = 0;
$this->db_connect();

} //end constructor

function db_connect () {

// mySQL
if($this->db_type == 1) {
if ($this->db_persistent)
$this->dbh = @mysql_pconnect($this->db_server, $this->db_user, $this->db_pass);
else
$this->dbh = @mysql_connect($this->db_server, $this->db_user, $this->db_pass);

if (!$this->dbh) {
printf("Error: Connection to MySQL server '%s' failed.<BR>\n", $this->db_server);
return;
}

if (!@mysql_select_db($this->db_name, $this->dbh)) {
printf("Error: Connection to MySQL database '%s' failed.<BR>\n>%s: %s<BR>\n", $this->db_name, @mysql_errno($this->dbh), @mysql_error($this->dbh));
return;
}
}
//end mySQL
} //end db_connect()

function db_query ($query) {

// mySQL
if($this->db_type == 1) {
$result = mysql_query($query, $this->dbh)
or die ("Error: A problem was encountered while executing this query.");

return $result;
}
//end mySQL
} //end db_query()

function db_numrows ($result) {

switch($this->db_type) {
case 1: //mySQL
return mysql_num_rows($result);

} //end switch
} // end db_numrows()

function db_fetch_array (&$result) {

switch($this->db_type) {
case 1: //mySQL
return mysql_fetch_array($result);
} //end switch
} //end db_fetch_array()


} //end class db

class authenticate {

var $db;
var $salt;

function authenticate() {


$this->db = new db;
$this->salt = 'a552avf1ss';


} //end constructor


function login($uname, $pword) {

$query = "SELECT username FROM users WHERE username = '" . $uname . "' AND password = '" . crypt($pword, $this->salt) . "'";
$result = $this->db->db_query($query);
if($this->db->db_numrows($result) > 0) {
$secret = crypt($uname,$this->salt);
setcookie("mysite", "$uname:$secret");
return 1;
} else {
return 0;
}
} //end login()

function createUser($uname,$pword,$email) {
srand(make_seed());
$randval = rand();
$query = "INSERT authorize(username,password,accesslevel,email,id) VALUES ('" . $uname . "','" . crypt($pword,$this->salt) . "',0,'" . $email ."','" . $randval . "')";
$result = $this->db->db_query($query);
$message = "This message has been sent to you because you requested a login for mysite.com.\n\n";
$message .= "Please use the following URL to verify your email address and be added to the userlist.\n\n";
$message .= "http://mysite.com/newuser.php?email=" . $email . "&id=" . $randval . "\n\n";
$message .= "Please note that if you have recieved this message in error, or you do not want to sign up, you do not need to do anything.\nYou will not be added to the listing unless you use the proceeding URL.\n\n";
$message .= "Thanks for visiting our site!\n";
mail($email, "mysite.com - account confirmation", $message, "From: register@mysite.com");

}

function checkUsername($uname) {
$query = "SELECT * FROM users where username='" . $uname ."'";
$result = $this->db->db_query($query);
if($this->db->db_numrows($result) > 0) {
return 0;
} else {
return 1;
}
}

function validateUser($email,$id) {
$query = "SELECT * FROM authorize WHERE email='" . $email . "' AND id='" . $id ."'";
$result = $this->db->db_query($query);
if($this->db->db_numrows($result) > 0) {
$row = $this->db->db_fetch_array($result);
$query = "INSERT users(user_id,username,password,accesslevel,email) VALUES ('','" . $row['username'] . "','" . $row['password'] . "',1,'" . $row['email'] ."')";
$result = $this->db->db_query($query);
$query = "SELECT user_id FROM users WHERE username='" . $row['username'] ."'";
$result = $this->db->db_query($query);
$row = $this->db->db_fetch_array($result);
$query = "DELETE FROM authorize WHERE id='" . $id ."'";
$result = $this->db->db_query($query);
return 1;
} else {
return 0;
}
}

function logout() {

setcookie("mysite");
} //end logout()

function checkLogin() {
global $HTTP_COOKIE_VARS;

$array = explode(":", $HTTP_COOKIE_VARS['mysite']);
if(crypt($array[0], $this->salt) == $array[1]) {
return 1;
} else {
return 0;
}
} //end checkLogin()

function getName() {
global $HTTP_COOKIE_VARS;
$array = explode(":", $HTTP_COOKIE_VARS['mysite']);
return $array[0];
}

function getLevel() {
$logged = $this->checkLogin();
if($logged) {
$username = $this->getName();
$query = "SELECT accesslevel FROM users WHERE username='" . $username . "'";
$result = $this->db->db_query($query);
$row = $this->db->db_fetch_array($result);
return $row['accesslevel'];
} else {
return 0;
}
}

function getID() {
$logged = $this->checkLogin();
if($logged) {
$username = $this->getName();
$query = "SELECT user_id FROM users WHERE username='" . $username . "'";
$result = $this->db->db_query($query);
$row = $this->db->db_fetch_array($result);
return $row['user_id'];
} else {
return 0;
}
}


} //end class authenticate
?>
####table structures
CREATE TABLE authorize (
username varchar(15) NOT NULL default '',
password varchar(20) NOT NULL default '',
accesslevel tinyint(4) NOT NULL default '0',
email varchar(30) NOT NULL default '',
id varchar(30) NOT NULL default '',
PRIMARY KEY (username)
) TYPE=MyISAM;
CREATE TABLE users (
user_id int(10) unsigned NOT NULL auto_increment,
username varchar(15) NOT NULL default '',
password varchar(20) NOT NULL default '',
accesslevel tinyint(4) NOT NULL default '0',
email varchar(30) NOT NULL default '',
PRIMARY KEY (username),
KEY user_id (user_id)
) TYPE=MyISAM;

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

More User Management Code Articles
More By Codewalkers

 

developerWorks - FREE Tools!

NEW! Driving Business Success with Rational Process Library Join this webcast, to learn how the Rational Process Library can help with compliance issues, drive process improvement, and assist in service-oriented architecture (SOA) or Agile development. We will take a peek into the Rational Process Library with content around software and systems engineering (including RUP), operations and systems management, program and portfolio management, and asset and SOA governance. FREE! Go There Now!

NEW! Application Development Tools for the Mainframe Developer You probably have thousands of lines of COBOL code loaded with business intelligence and being used to run your business, along with an army of developers maintaining these applications. Learn how to prepare your applications and developers so you can keep that competitive edge and move to a service-oriented architecture with the IBM Rational Enterprise Modernization solutions. Replay is available for 9 months. FREE! Go There Now!

NEW! Evaluate Rational Host Access Transformation Services (HATS) Toolkit V7.1 Visit IBM developerWorks to download a free trial of the Rational Host Access Transformation Services (HATS) Toolkit. The HATS toolkit provides a set of plug-ins for the IBM Rational Software Delivery Platform to help you easily extend your legacy applications. HATS makes your 3270 and 5250 applications available as HTML through the most popular Web browsers, while converting your host screens to a Web look and feel and it also enables you to develop new Web, portal, and rich-client applications. FREE! Go There Now!

NEW! Evaluate WebSphere Extended Deployment Compute Grid V6.1 Visit IBM developerWorks to download a free trial version of WebSphere Extended Deployment Compute Grid, which lets you schedule, execute, and monitor batch jobs. Because online transaction processing and batch jobs execute simultaneously on the same server resources, you can avoid costly duplication of resources. Compute Grid supports job types of Java transactional batch, compute-intensive and a new type called "native execution", which enables non-Java workloads to run on distributed end points. FREE! Go There Now!

NEW! Rational Talks to You: Manage RUP-based CMMI initiatives Join this Rational Talks to You teleconference on December 4 at 1:00 pm ET to discuss how Rational Method Composer can help meet your compliance objectives. Get your questions answered! FREE! Go There Now!

NEW! Trial download: IBM Informix Dynamic Server Express Edition V11.0 Informix Dynamic Server (IDS) Express Edition offers outstanding online transaction processing (OLTP) database performance, while helping to simplify and automate many of the tasks associated with deploying databases for small business applications. IDS 11 further extends the ease of management and applications integration with the Admin API and Scheduler, high availability with Continuous Log Restore for backup server recovery in case of a primary server failure, and column level encryption to protect personal and company private data. FREE! Go There Now!

NEW! Webcast: Application security testing and Web compliance Join the IBM Watchfire team for an informative discussion on techniques and best practices to proactively manage Web application security and how to effectively build application security testing into the software development lifecycle (SDLC). In this Software Delivery Platform webcast you will learn: How to better understand potential web application security vulnerabilities, best practices and how to effectively integrate application security testing into the software development lifecycle, the importance of detecting and removing software vulnerabilities during application development. FREE! Go There Now!

NEW! Webcast: Calling All Testers! Find Application Vulnerabilities Early in the Development Process Where they are Easier to Fix and Less Risky to your Business In this webcast, IBM Rational will discuss the importance of Web application security and will share techniques and best practices to introduce application security testing into current QA processes including: understanding common security vulnerabilities and techniques to integrate security testing with defect tracking and remediation systems in an effort to safeguard sensitive online information. FREE! Go There Now!

NEW! Webcast: Quickly provide customized, integrated user interfaces with Lotus Notes 8 IBM Lotus Notes 8 provides a wide range of developers the ability to provide customized, integrated user interfaces via composite applications and via custom sidebar and toolbar plug-ins. This webcast provides you with tips and techniques to use with out-of-the-box capabilities of Lotus Notes 8, and survey how you can share useful components within your own company and within a larger community. FREE! Go There Now!

NEW! Whitepaper: Achieving consistency between business process models and operational guides Explore how Rational and WebSphere software enable enterprise documentation in SOA environments. Specifically, a new integration between IBM WebSphere® Business Modeler and IBM Rational® Method Composer software can help technical writers more easily keep enterprise operations manuals in sync with changes that are made to business processes, resulting in more accurate and timely documentation that benefits the entire enterprise. FREE! Go There Now!

All FREE IBM® developerWorks Tools!