Platinum Partner

PHP Authentication

Modulo di Autenticazione in PHP 

File: class_auth.php

type = session or cookie; // If you want to use sessions you don't need to write it else write cookie.
$auth->emailAuth = false or true; // If you want users to login with email instead of username set it to true or don't write this because is set to false by default
$auth->minval = integer; // The minimum chars for username. Write this only if you want to change the value because it's set by default 6.
$auth->maxval = integer; // The maximum chars for username. Write this only if you want to change the value because it's set by default 22.
$auth->minpass = integer; // The minimum chars for password. Write this only if you want to change the value because it's set by default 6.
$auth->salt = 'LOTS OF CHARS OF ANY TYPE'; // Change this. This is for security hashing. I strongly recommed to change this in the script or write this with other random chars.

$auth->login($user, $password); // Place this in the part where you get the post vars from your login forms

$auth->logout(); // Place this after $auth = new Auth(..) or if you setup type and emailAuth place it below them. Like in example. If you add it without that then you will never be able to login

$auth->error(); // Place this in your document. This function will display the errors from validation and other like mysql errors.



*/
class Auth {
    
    var $type = 'cookie';
    private $connection;
    private $errors = array();
    var $minval = 6;
    var $maxval = 22;
    var $minpass = 6;
    var $salt = '#@()DIJK#)(F#&*()DS#@JKS)@(I()#@DU)*(&@#)(#U)J';
    var $emailAuth = false;
    
    function __construct($db, $user, $pass, $host) {
        if ( $this->type == 'session' ) {
            session_start();
        }
        $this->mysqlconnect($user, $pass, $host);
        $this->mysqldb($db);
        $this->check();
    }
    
    private function mysqlconnect($user, $pass, $host) {
        $conn = @mysql_connect($host, $user, $pass);
        if ( !$conn ) {
            die('There is a problem with your mysql connection');
        } else {
            $this->connection = $conn;
        }
    }
    
    private function mysqldb($db) {
        if ( !@mysql_select_db($db, $this->connection) ) {
             die('The database doesn\'t exist');
        }
        
    }
    
    private function query($sql) {
        $result = @mysql_query($sql, $this->connection);
        if ( !$result ) {
            $this->errors[] = 'SQL Error';
        } else {
            return $result;
        }
    }
    
    private function fobj($result) {
        return mysql_fetch_object($result);
    }
    
    private function fnum($result) {
        return mysql_num_rows($result);
    }
    
    private function fescape($value) {
        return mysql_real_escape_string($value);
    }
    
    public function login($user, $pass) {
        $email = $this->emailAuth;
        $err = false;
        $user = strtolower($user);
        $password = $this->encrypt($pass);
        if ( $email == true ) {
            if ( !$this->email($user) ) {
                $this->errors[] = 'Email invalid.';
                $err = true;
            } else {
                $col = 'email';
            }
        } else {
            if ( !$this->name($user) ) {
                $this->errors[] = 'Name invalid. Min chars: '.$this->minval.'. Max chars: '.$this->maxval;
                $err = true;
            } else {
                $col = 'user';
            }
        }
        if ( strlen($pass) < $this->minpass ) {
            $this->errors[] = 'Password min value is 6 chars.';
            $err = true;
        }
        
        if ( $err == false ) {
            
            $sql = sprintf("SELECT * FROM users WHERE %s = '%s'", $col, $this->fescape($user));
            $result = $this->query($sql);
            if ( $this->fnum($result) == 0 ) {
                $this->errors[] = ucfirst($col).' doesn\'t exist.';
            } else {
                $row = $this->fobj($result);
                if ( $row->password == $password ) {
                    if ( $this->type == 'session' ) {
                        $this->set_session($col, $user);
                        $this->set_session('password', $password);
                    } elseif ( $this->type == 'cookie' ) {
                        $this->set_cookie($col, $user);
                        $this->set_cookie('password', $password);
                    }
                    header('Location: ./auth.php');
                } else {
                    $this->errors[] = 'Incorrect password';
                }
            }
                        
        }
    }
    
    private function encrypt($value) {
        $enc = md5($this->salt.md5($value));
        return sha1($enc);
    }
    
    // Email validation
    private function email($email) {
        $reg = "#^(((([a-z\d][\.\-\+_]?)*)[a-z0-9])+)\@(((([a-z\d][\.\-_]?){0,62})[a-z\d])+)\.([a-z\d]{2,6})$#i";
        if ( !preg_match($reg, $email) ) {
            return false;
        } else {
            return true;
        }
    }
    
    // Name validation
    private function name($name) {
        $min = $this->minval - 2;
        if ( !preg_match("#^[a-z][\da-z_]{".$min.",".$this->maxval."}[a-z\d]\$#i", $name) ) {
            return false;
        } else {
            return true;
        }
    }
    
    private function set_session($name, $value) {
        $_SESSION[$name] = $value;
    }
    
    private function destroy_session() {
        session_unset();
        session_destroy();
    }
    
    private function set_cookie($name, $value, $time = 3600 ) {
        setcookie($name, $value, time()+$time, '/');
    }
    
    private function destroy_cookie($name) {
        setcookie($name, '', time()-1, '/');
    }
    
    public function logout() {
        if ( $this->emailAuth == false ) {
            $col = 'user';
        } else {
            $col = 'email';
        }
        if ( $this->type == 'session' ) {
            $this->destroy_session();
        } elseif ( $this->type == 'cookie' ) {
            $this->destroy_cookie('password');
            $this->destroy_cookie($col);
        }
        header ( 'Location: ./auth.php' );
    }
    
    private function check() {
        if ( $this->emailAuth == false ) {
            $col = 'user';
        } else {
            $col = 'email';
        }
        if ( $this->type == 'cookie' ) {
            if ( isset($_COOKIE['password']) ) {
                $sql = sprintf("SELECT * FROM users WHERE %s = '%s'", $col, $this->fescape($_COOKIE[$col]) );
                $result = $this->query($sql);
                $row = $this->fobj($result);
                if ( $row->{$col} !== $_COOKIE[$col] || $row->password !== $_COOKIE['password'] ) {
                    $this->logout();
                }
            } 
        } elseif ( $this->type == 'session' ) {
            if ( isset($_SESSION['password']) ) {
                $sql = sprintf("SELECT * FROM users WHERE %s = '%s'", $col, $this->fescape($_SESSION[$col]) );
                $result = $this->query($sql);
                $row = $this->fobj($result);
                if ( $row->{$col} !== $_SESSION[$col] || $row->password !== $_SESSION['password'] ) {
                    $this->logout();
                }
            }
        }
    }
    
    public function error() {
        if ( is_array($this->errors) && !empty($this->errors) ) {
            echo '
'; foreach ( $this->errors as $value ) { echo $value."
"; } echo '
'; } } public function isLoggedIn() { $ret = false; if ( $this->emailAuth == false ) { $col = 'user'; } else { $col = 'email'; } if ( $this->type == 'cookie' ) { if ( isset($_COOKIE['password']) ) { $ret = true; } } elseif ( $this->type == 'session' ) { if ( isset($_SESSION['password']) ) { $ret = true; } } return $ret; } } ?>
Example: login.php logout(); } if ( isset($_POST['login']) ) { $auth->login($_POST['user'], $_POST['pass']); // This order: User/Email Password True/False (if you want to use email as auth } ?> HERE HTML STUFF isLoggedIn() ) : ?>

Welcome

Logout

Please login

User/Email
Password
error(); endif; ?>
{{ tag }}, {{tag}},

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}
{{ parent.authors[0].realName || parent.author}}

{{ parent.authors[0].tagline || parent.tagline }}

{{ parent.views }} ViewsClicks
Tweet

{{parent.nComments}}