User Management Code

  Home arrow User Management Code arrow User authorization class
USER MANAGEMENT CODE

User authorization class
By: Codewalkers
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 4 stars4 stars4 stars4 stars4 stars / 2
    2002-01-18

    Table of Contents:

     
     

    SEARCH CODEWALKERS

    Supports both admin and member mode. Has a small footprint so you can use it with sessions to keep track of members easily.

    By : smckone

    <?php
    /***********************************************************************
    User authorization:
    An easy object oriented way to keep users
    and admins from accessing off limit parts of
    your site.

    Sam McKone <sam@evilwalrus.com>
    2001
    ***********************************************************************/
    class USER{
    var $user_name = "";
    var $encripted_pass = "";
    var $db = -1;
    var $db_name = "database name";

    var $logged_in = false;
    var $member_type = "";
    //==================================================================
    // Initialization
    function USER($user,$pass){
    $this->db_connect();
    $this->log_in($user,$pass);
    }
    function db_connect(){
    if($this->db == -1){
    $this->db = mysql_connect("host.dot.com","username","pass")
    or die ("connection error");
    }
    }
    function db_close(){
    mysql_close($this->db);
    $this->db= -1;
    }
    //================================================================
    // information functions

    function is_admin(){
    if($this->logged_in && $this->member_type == "admin"){
    return true;
    }else{
    return false;
    }
    }
    function is_basic(){
    if($this->logged_in && $this->member_type == "basic"){
    return true;
    }else{
    return false;
    }
    }
    function get_user(){
    if($this->user_name != ""){
    return $this->user_name;
    }
    return false;
    }
    function get_pass(){
    if($this->encripted_pass != ""){
    return $this->user_name;
    }
    return false;
    }

    //================================================================
    // control functions

    function log_out(){
    $this->user_name = "";
    $this->member_type = "";
    $this->logged_in = false;
    }
    function log_in($user,$pass){

    // secret md5() variables to make this script harder to crack
    // got the idea from phpbuilder
    $key[basic] = "345hjk435oo4i2mdhndf";
    $key[admin] = "hajh389asdmf9291asd";
    $type = 0;

    // check to see if the users is in the database and
    // return the type of user they are.
    $query = "SELECT type FROM users WHERE username='"
    .$user."' AND password='".$pass."'";
    $result = mysql_db_query($this->db_name,$query,$this->db)
    or die ("Query error: getting username");


    if(mysql_num_rows($result) > 0){
    $type = mysql_fetch_assoc($result);
    $type = $type[type];

    $this->user_name = $user;
    $this->encripted_pass = md5($pass.$key[$type]);

    $this->logged_in = true;
    $this->member_type = $type;
    }else{
    $this->user_name = "";
    $this->encripted_pass = "";

    $this->logged_in = false;
    $this->member_type = "";
    }
    }
    function register($user,$pass){
    // check if user exists
    $query = "SELECT id FROM users WHERE username='"
    .$this->user_name."';";
    $result = mysql_db_query($this->db_name,$query,$this->db)
    or die ("Write 1 error");

    if(mysql_num_rows($result) <= 0){
    // if not than add user to the database
    $query = "INSERT INTO users VALUES('0','".$user
    . "','" . $pass . "','basic')";
    }

    if(mysql_db_query($db_name,$query,$db)){
    $this->log_in($user,$pass);
    return true;
    }
    return false;
    }
    }
    ?>
    //=================================================================
    //Examples
    //=================================================================
    <?php
    // user with a session
    session_start();
    if($_SESSION["user"]){
    $localuser = unserialize($_SESSION["user"]);
    }else{
    $localuser = new USER($_POST["username"],$POST["username"]);
    }

    // make sure you close the user if you use the db functions.
    $localuser->db_close();

    if(!$_SESSION["user"]){
    session_register("user");
    }
    $_SESSION["user"] = $localuser;
    ?>
    All you have to do once you get the users authorized is check
    them to see if they can do certen things on the site. ie
    <?php
    if($localuser->is_basic() || $localuser->is_admin()){
    // can add messages or something
    }
    ?>
    ======================== mysql table structure ===============================
    CREATE TABLE IF NOT EXISTS users VALUES(id INT UNSIGNED
    AUTO_INCREMENT PRIMARY KEY,username TEXT,password TEXT,type TEXT)
    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More User Management Code Articles
    More By Codewalkers

    blog comments powered by Disqus

    USER MANAGEMENT CODE ARTICLES

    - XCRYPT v1.0b
    - DB_eSession class stores sessions in a MySQL...
    - Ever Changing Dynamic Passcode Code
    - phpAutoMembersArea - create own members area
    - Azura Signup 2.5
    - Azura Signup 2.0
    - Azura Signup
    - Flexcustomer
    - PHP Quicksite 2.0
    - PHP Quicksite 1.0
    - random string generator (key generator)
    - Example Login system
    - Simple and Easy Security
    - Basic Security
    - UMA - User Management and Authentication

    Developer Shed Affiliates

     



    © 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap