[STUCK] Create a Auth class

Hello everyone,

I am creating a Auth class for my MVC. ( this is gonna be used by me alone )
Now while I was thinking about how i could make a good auth class for my system I got stuck.

How can I do this the best ?
What functions should I have and how would I do a GOOD check ?

I also made a c9.io page where I am gonna make the Auth class.
I will share the link with you guys so that hopefully somebody can help me.

c9.io auth class

Best regards,
Wouter van Marrum.

Your link requires a sign in. No thanks. Perhaps we could clarify the requirements a bit by explaining what Auth means? Authentication perhaps? Maybe Authorization? Authority?

Maybe I am reading too much into your question. Here is an example of creating an Auth class.

class Auth
$auth = new Auth();

Use the following:


Then you would just get the username/email + hash from the table and compare with the username/password provided. Return false (logged out by default) or True if there is a match.

if (password_verify($password, $hashfromtable)
    return true;
return false;

Presumably you mean “verify” in this case.

[quote=“djsmithme, post:3, topic:196071”]```
if (password_varify($password, $hashfromtable)
return true;
return false;


    return password_verify($password, $hashfromtable);

would be less verbose in that case.

yep i did :), ill edit that

True but I wasn’t sure that it seemed obviouse that false would be returned as thats kinda the crux.

you could add the boolean typecast. return !!password_verify($password, $hashfromtable);

Thanks for your replies,
and for @ahundiak sorry but thats a main website I use to throw small codes up that I am testing.
If you have a other site please send me a link.

As for what I mean with Auth : Authentication class.
I want to make a static class which will hold all the functions that you need to login, register, forgot password. (and all other stuff that is needed)

Now I am running into the problem that I cannot get my head around the “check” function.
This function needs to check if the user exists and if the username/email is active and the password matches.

So my question is, Can somebody help me in the right direction or help me built one together so I know why you do it like that.

That’s probably far more logic than any one class should contain. Implementing those features typically involves sending an HTML form, validating the submission, calling the database, sending emails, and so forth. And as such, those features should be implemented through a combination of controllers, templates, validators, entities, repositories, and a variety of other services such as mailers and password encoders.

maybe you are right.
But I am still stuck which makes thinking about this a real pain.

So far I made a small beginning (very small).
Maybe you can check it out and see if I am getting somewhere.


looks puzzled and makes note of !!

…several minutes later…

I would argue that thats even more verbose :stuck_out_tongue: as password_verify will always return bool/int, and I’m not sure it’s any more obviouse that false is returned

Consider making an account on github.com. They have a gist functionality which works well for sharing snippets of code.

As far as your Authentication class goes, the scope of your question is way too broad for me.

Thanks I already have a github account.

I can share what I have now so you have a better idea ?
Here is the gist link.

What you have looks like it will work. It’s not static but you don’t really want it to be static anyways. So what is the problem? I am assuming your query is working and that the hash has been set.

yeah finally got a break trough in my head.
Now I am looking which function I still need.

I think I would need these :

  1. check
  2. login
  3. logout
  4. register
  5. forgotPassword
  6. activateAccount
  7. setRole

Now is the question is this correct or am I completely wrong ?

What version of PHP are you using? 5.5 and newer has got functions built in for dealing with password hashes. For PHP versions older (5.4 and older) there’s a backwards compatible library available (sorry don’t have the link to it to hand)

I think you got the basic plan except for item 7, getRoles. Roles are part of Authorization and not Authentication. Really should plan from the start to keep the Authorization code separate from Authentication.

@SpacePhoenix you mean password_compact library with the password_hash/verify functions.

@ahundiak So getRoles needs to go I suppose.
But I still need to know which user may enter for example the admin area.

So I suposse I need to make a extra class to get that working ?

Get your login stuff going then see if roles really do fit in. As Jeff Mott pointed out in an earlier post, adding too much functionality into a single class can cause problems.

On the other hand, as long as you have a good suite of unit tests then things might work out.