This is a little class I wrote that will allow you to do user authorization on your site. It includes the ability to mail the user first and have them follow a link back to verify their signup. This includes a small db class to support the authorize class.

By : Matt

<?
class db {

var $db_type;
var $db_server;
var $db_name;
var $db_user;
var $db_pass;
var $db_persistent;
var $dbh;

function db() {


$this->db_type = 1;
$this->db_server = 'localhost';
$this->db_name = 'db';
$this->db_user = 'user';
$this->db_pass = 'pass';
$this->db_persistent = 0;
$this->db_connect();

} //end constructor

function db_connect () {

// mySQL
if($this->db_type == 1) {
if ($this->db_persistent)
$this->dbh = @mysql_pconnect($this->db_server, $this->db_user, $this->db_pass);
else
$this->dbh = @mysql_connect($this->db_server, $this->db_user, $this->db_pass);

if (!$this->dbh) {
printf("Error: Connection to MySQL server '%s' failed.<BR>\n", $this->db_server);
return;
}

if (!@mysql_select_db($this->db_name, $this->dbh)) {
printf("Error: Connection to MySQL database '%s' failed.<BR>\n>%s: %s<BR>\n", $this->db_name, @mysql_errno($this->dbh), @mysql_error($this->dbh));
return;
}
}
//end mySQL
} //end db_connect()

function db_query ($query) {

// mySQL
if($this->db_type == 1) {
$result = mysql_query($query, $this->dbh)
or die ("Error: A problem was encountered while executing this query.");

return $result;
}
//end mySQL
} //end db_query()

function db_numrows ($result) {

switch($this->db_type) {
case 1: //mySQL
return mysql_num_rows($result);

} //end switch
} // end db_numrows()

function db_fetch_array (&$result) {

switch($this->db_type) {
case 1: //mySQL
return mysql_fetch_array($result);
} //end switch
} //end db_fetch_array()


} //end class db

class authenticate {

var $db;
var $salt;

function authenticate() {


$this->db = new db;
$this->salt = 'a552avf1ss';


} //end constructor


function login($uname, $pword) {

$query = "SELECT username FROM users WHERE username = '" . $uname . "' AND password = '" . crypt($pword, $this->salt) . "'";
$result = $this->db->db_query($query);
if($this->db->db_numrows($result) > 0) {
$secret = crypt($uname,$this->salt);
setcookie("mysite", "$uname:$secret");
return 1;
} else {
return 0;
}
} //end login()

function createUser($uname,$pword,$email) {
srand(make_seed());
$randval = rand();
$query = "INSERT authorize(username,password,accesslevel,email,id) VALUES ('" . $uname . "','" . crypt($pword,$this->salt) . "',0,'" . $email ."','" . $randval . "')";
$result = $this->db->db_query($query);
$message = "This message has been sent to you because you requested a login for mysite.com.\n\n";
$message .= "Please use the following URL to verify your email address and be added to the userlist.\n\n";
$message .= "http://mysite.com/newuser.php?email=" . $email . "&id=" . $randval . "\n\n";
$message .= "Please note that if you have recieved this message in error, or you do not want to sign up, you do not need to do anything.\nYou will not be added to the listing unless you use the proceeding URL.\n\n";
$message .= "Thanks for visiting our site!\n";
mail($email, "mysite.com - account confirmation", $message, "From: register@mysite.com");

}

function checkUsername($uname) {
$query = "SELECT * FROM users where username='" . $uname ."'";
$result = $this->db->db_query($query);
if($this->db->db_numrows($result) > 0) {
return 0;
} else {
return 1;
}
}

function validateUser($email,$id) {
$query = "SELECT * FROM authorize WHERE email='" . $email . "' AND id='" . $id ."'";
$result = $this->db->db_query($query);
if($this->db->db_numrows($result) > 0) {
$row = $this->db->db_fetch_array($result);
$query = "INSERT users(user_id,username,password,accesslevel,email) VALUES ('','" . $row['username'] . "','" . $row['password'] . "',1,'" . $row['email'] ."')";
$result = $this->db->db_query($query);
$query = "SELECT user_id FROM users WHERE username='" . $row['username'] ."'";
$result = $this->db->db_query($query);
$row = $this->db->db_fetch_array($result);
$query = "DELETE FROM authorize WHERE id='" . $id ."'";
$result = $this->db->db_query($query);
return 1;
} else {
return 0;
}
}

function logout() {

setcookie("mysite");
} //end logout()

function checkLogin() {
global $HTTP_COOKIE_VARS;

$array = explode(":", $HTTP_COOKIE_VARS['mysite']);
if(crypt($array[0], $this->salt) == $array[1]) {
return 1;
} else {
return 0;
}
} //end checkLogin()

function getName() {
global $HTTP_COOKIE_VARS;
$array = explode(":", $HTTP_COOKIE_VARS['mysite']);
return $array[0];
}

function getLevel() {
$logged = $this->checkLogin();
if($logged) {
$username = $this->getName();
$query = "SELECT accesslevel FROM users WHERE username='" . $username . "'";
$result = $this->db->db_query($query);
$row = $this->db->db_fetch_array($result);
return $row['accesslevel'];
} else {
return 0;
}
}

function getID() {
$logged = $this->checkLogin();
if($logged) {
$username = $this->getName();
$query = "SELECT user_id FROM users WHERE username='" . $username . "'";
$result = $this->db->db_query($query);
$row = $this->db->db_fetch_array($result);
return $row['user_id'];
} else {
return 0;
}
}


} //end class authenticate
?>
####table structures
CREATE TABLE authorize (
username varchar(15) NOT NULL default '',
password varchar(20) NOT NULL default '',
accesslevel tinyint(4) NOT NULL default '0',
email varchar(30) NOT NULL default '',
id varchar(30) NOT NULL default '',
PRIMARY KEY (username)
) TYPE=MyISAM;
CREATE TABLE users (
user_id int(10) unsigned NOT NULL auto_increment,
username varchar(15) NOT NULL default '',
password varchar(20) NOT NULL default '',
accesslevel tinyint(4) NOT NULL default '0',
email varchar(30) NOT NULL default '',
PRIMARY KEY (username),
KEY user_id (user_id)
) TYPE=MyISAM;

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

More User Management Code Articles
More By Codewalkers

 

developerWorks - FREE Tools!

NEW! "ebook: Exploring IBM SOA Technology & Practice Learn field-tested SOA principles, methodology, technology and implementation from the global SOA market leader - in a new e-book by an IBM SOA expert. Written by IBM Certified SOA Solution Designer Bobby Woolf, "Exploring IBM SOA Technology & Practice" is the ultimate insider's guide to SOA - a PDF e-book packed cover to cover with IBM's specific advice on how to make your SOA implementation a success. FREE! Go There Now!

NEW! Build Web services with transport-level security using Rational Application Developer V7, Part 1: Build Web services and Web services clients Build secure Web services with transport-level security using IBM Rational Application Developer V7 and IBM WebSphere Application Server V6.1. Follow this three-part series for step-by-step instructions about how to develop Web services and clients, configure HTTP basic authentication, and configure HTTP over SSL (HTTPS). This first part of the series walks you through building a Web service for a simple calculator application. You generate and test two different types of Web services clients: a Java Platform, Enterprise Edition (Java EE) client and a stand-alone Java client. You also handle user-defined exceptions in Web services. FREE! Go There Now!

NEW! Download IBM WebSphere Portal V6.1 beta code Download the IBM WebSphere Portal V6.1 beta code and learn more about the rich features and enhancements in IBM WebSphere Portal V6.1. WebSphere Portal provides a composite application or business mashup framework and the advanced tooling needed to build flexible, SOA-based solutions, and scalability to meet the needs of any size organization. FREE! Go There Now!

NEW! IBM Enterprise Modernization Sandbox for System z: Architecture Analysts, architects, and developers who have existing COBOL or PL/I skills and want to extend those skills to deploy new workloads on the mainframe can use the IBM Enterprise Modernization Sandbox for System z to find hands-on walkthroughs of common real world scenarios. The scenarios provide examples of how to rapidly design, create, assemble, test, and deploy high-quality Web, Web services, portal, and SOA applications for IBM CICS, IBM IMS, and IBM WebSphere Application Server. FREE! Go There Now!

NEW! Rational Talks to You:Per Kroll on Rational Method Composer Plug-in customization Join this Rational Talks to You teleconference on December 11 at 1:00 pm ET to get tips on building your own plugins with Rational Method Composer. Get your questions answered! FREE! Go There Now!

NEW! Run your first CICS application on a PC using TXSeries for Windows Learn the basics of the IBM Customer Information Control System (CICS). With a hands-on exercise, learn how to get your first CICS application up and running on your desktop using TXSeries V6.1 for Windows. The tutorial shows you how to download and install a free trial version of TXSeries V6.1. FREE! Go There Now!

NEW! The dirty dozen: preventing common application-level hack attacks As organizations have grown increasingly dependent on online software, the risk of malicious attacks has also become far more serious. Fortunately, well-governed organizations can protect their Web applications by injecting vulnerability assessments and ethical hacks into their software development and delivery processes. This paper describes 12 of the most common hacker attacks and provides basic rules that you can follow to help create more hack-resistant Web applications. FREE! Go There Now!

NEW! Webcast: Striking the right balance between manual and automated testing Join this webcast to learn how IBM Rational's Functional Testing solution enables you to implement automation your way, at your pace, with your existing staff. In this webcast, you’ll learn how you can eliminate redundancy of manual test scripts, reduce errors, and increase test coverage through test automation. After this presentation you will understand how IBM Rational Functional Testing solution can streamline your manual testing and make test automation easily attainable. FREE! Go There Now!

NEW! Webcast: WebSphere Process Server WebSphere Process Server delivers a unique integration framework that simplifies existing IT resources. Often, as IT assets grow to support business demand, so too does their complexity and manageability. In this webcast, we’ll discuss how WebSphere Process Server helps deliver an SOA infrastructure that provides a common model to orchestrate, mediate, connect, map, and execute the underlying IT functions. Discover how WebSphere Process Server simplifies integration of business processes by leveraging existing IT assets as reusable services without the complexities of traditional integration methodologies. FREE! Go There Now!

Refresh! IBM Rational Systems Development Solution eKit With IBM Rational Systems Development Solution, you can deliver products faster with higher quality. Within this kit, Read the “Model Driven Systems Development” white paper to see how to improve product quality and communication. Then check out the rest of the e-Kit to learn more about important topics that can affect the success of any software project through customer examples, tutorials, informative Webcasts, and best practices for designing, building and managing systems. From start to finish, at every stage in your projects, Rational Systems Development Solution can help your company reach its full potential. FREE! Go There Now!

All FREE IBM® developerWorks Tools!