SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Wizard
    Join Date
    Jul 2006
    Location
    New Zealand
    Posts
    1,300
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Creating a PHP Session Class Does it need improvement

    Hello,

    I am having some issues of my session class i am trying to develop i am trying to learn how to create my own session class for login and logout and other details only issue is that im not sure what i am doing wrong to check either i am logged in or not on the page that requires people to login

    not sure if my class i have created so far is the way i should be going about it ive made an attempt on my class but not sure on how to check if the user has logged in without doing OOP Progrmaming

    My class is the following

    PHP Code:
    class Sessions extends BCCMS
    {
        
    //
        
    private $LoggedIn false;
        public 
    $user_id;
        public 
    $userExists false;
        public 
    $passMatch false;
        public 
    $con;
        
        function 
    _construct()
        {
            
        }
        public function 
    CheckLogin()
        {
            if(
    $this->LoggedIn true)
            {
                return 
    $this->LoggedIn true;    
            }
            else
            {
                return 
    $this->LoggedIn false;    
            }
            
    //    
        
    }//
        
    public function ConnectDB($dbhost,$dbuser,$pass,$dbname)
        {
            
    //
            
    $this->con=mysqli_connect($dbhost,$dbuser,$pass,$dbname);
            if(!
    $this->con)
            {
                die(
    "Unable to connect to MYSQL Database on ".$dbhost."");
            }
            else
            {
                
    //echo "Connected to DB".$dbname."";
            
    }    
            
    //
        
    }
        
    //
        
    public function is_logged_in()
        {
            return 
    $this->LoggedIn;
        }
        public function 
    login($user,$password)
        {
            
    //
            
    $msg_pass="";
            
    $msg_user="";
            
    $user mysqli_real_escape_string($this->con,stripslashes(trim($user)));
            
    $password mysqli_real_escape_string($this->con,stripslashes(trim($password)));
            
    $Q=$this->Query("SELECT * FROM members WHERE username='".$user."' AND Password='".$password."'");
            echo 
    $Q;
            if(
    $this->LoggedIn true)
            {
                
    $this->SuccessLogin($user);
            }
            else
            {
                
    //
                
    if($this->UsernameMatch($user) == true)
                    {
                        if(
    $this->PasswordMatch($password) == true)
                        {
                            
    $this->SuccessLogin($user);
                        }
                        else
                        {
                            echo 
    "Your Username matches but your password does not match the username in the database";    
                        }    
                    }
                    else
                    {
                        echo 
    "Username Does not match";
                    }
                    
    //
                
    }
        }
        public function 
    logout()
        { 
            unset(
    $_SESSION['user']);
            unset(
    $this->user_id);
            
    $this->LoggedIn false;    
        }
        public function 
    UsernameMatch($user)
        {
            
    //
            
    $this->Query("SELECT username FROM members WHERE username='".$user."'");
            
    $count=mysqli_num_rows($rs);
            if(
    $count=1)
            {
                
                return 
    $this->userExists true;
            }
            else
            {
                return 
    $this->userExists false;    
            }
            
    //
        
    }
        
    //
        
    public function PasswordMatch($user)
        {
            
    //
            
    $this->Query("SELECT password FROM members WHERE username='".$user."'");
            
    $count=mysqli_num_rows($rs);
            if(
    $count=1)
            {
                return 
    $this->passMatch true;
            }
            else
            {
                return 
    $this->passMatch false;    
            }
            
    //
        
    }
        
    //
        
    private function SuccessLogin($user)
        {
            
    //
            
    $_SESSION['user'] = $user;
            
    $this->LoggedIn true;
            echo 
    "Logged in";
            
    //
        
    }
        
    //    

    Is this correct anything else i can do to improve it?

  2. #2
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Here are some initial thoughts.

    What is a BCCMS and why does this class need to extend it?

    The whole UsernameMatch/Password match forking and messaging - don't do this, you are giving too much info to someone who might be trying to force their way in - "Your Username matches but your password does not match the username in the database" <- whoopee, I'm 50% there!

    So refactor all of that out, simplify it.

    Overall this class is doing too much -- especially with all the db connection stuff, that means the script calling this has to hold db credentials.

    I'd tend towards passing a db object to this class, maybe in the constructor.

    If you are serious about adopting OOP then I would urge you to look at using PDO (or mysqli using OOP methods).

    dbconfig.php
    PHP Code:
    $PDO = new PDO // set your pdo object here 
    userland.php
    PHP Code:
    include 'dbconfig.php';

    // now you db connection is already instantiated and ready to be used


    $sess = new Sesssion($PDO);

    // pass the connection to your Session object

    if( !$sess->isLoggedIn() )
             
    // send away 
    Is one way of dealing with the dependency on the connection, it is a type of "aggregation".

    Think about the signatures of the methods in terms of how you'd use them in your userland code, make sure they are easy to read and describe what you object is doing on your behalf.

    HTH

  3. #3
    SitePoint Enthusiast NuttySkunk's Avatar
    Join Date
    Jan 2012
    Location
    United Kingdom
    Posts
    71
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    @Cups - Can you personally reccomend any training resources regarding PDO?

  4. #4
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    The original docs I learned from were those by the guy who wrote it, his slides and presentations Wez Furlong PDO.

    I am sure there are better tuts around than that now of course.

    Possibly the main thing to grasp is that there are 2 classes working in tandem PDO and PDOStatement.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •