Revision: 42391
Updated Code
at March 4, 2011 06:29 by ahandy
Updated Code
<?php
session_start();
DEFINE("USED_LOCALLY", "1");
include("functions.php");
interface post_data {
// Create interface that the main class will rely on
function login_get_data();
function login_clean_data();
function login_check_data();
function register_get_clean_data();
function register_add_data();
function logout();
}
abstract class sql_server {
// Class that handles the SQL connection
public $cnx;
public function __construct() {
$this -> cnx = mysql_connect("localhost", "root", "password");
mysql_select_db("login", $this -> cnx);
}
}
class post_data_class extends sql_server implements post_data {
// Creating the main variables and setting them to private for security
private $login_vars = array("Username" => NULL,
"Password" => NULL);
private $register_vars = array("Full Name" => NULL,
"Country" => NULL,
"Phone Number" => NULL,
"Address" => NULL,
"Email" => NULL,
"User_Name" => NULL,
"Pass_Word" => NULL);
// Getting the POST data automatically and setting them to the private variables.
public function __construct() {
parent::__construct();
if(isset($_POST["login_submit"])) {
// Stating the process by collecting data
$this -> login_get_data();
}
else {
// Logging off if no form has been submitted and there's a GET in the URL
if(isset($_GET["logout"])) {
// Logging out
$this -> logout();
}
}
if(isset($_POST["register_submit"])) {
// Working on the register script if the register form was submitted
$this -> register_get_clean_data();
}
else {
redirect("index.php");
die();
}
}
public function login_get_data() {
// Giving error if any of the fields are empty
if(empty($_POST["username"]) || empty($_POST["password"])) {
$_SESSION["login"]["error"] = "Make sure none of the fields are empty";
redirect("index.php");
die();
}
// Else, processing
else {
$this -> login_vars["Username"] = $_POST["username"];
$this -> login_vars["Password"] = $_POST["password"];
$this -> login_clean_data();
}
}
public function register_get_clean_data() {
// Giving error in case any of the fields are empty
if(empty($_POST["full_name"]) || empty($_POST["phone_number"]) || empty($_POST["email"]) || empty($_POST["address"]) || empty($_POST["user_name"]) || empty($_POST["pass_word"]) || empty($_POST["pass_word_verification"])) {
$_SESSION["register"]["error"] = "Make sure none of the fields are empty.";
redirect("index.php");
die();
}
// Verifying information
// Full Name
if(!preg_match("/(.*)\\s(.*)/", $_POST["full_name"]) || strlen($_POST["full_name"]) < 5) {
$_SESSION["register"]["error"] = "Make sure your full name is a valid one.";
}
// Phone Number
if(!is_numeric($_POST["phone_number"]) || strlen($_POST["phone_number"]) < 5) {
$_SESSION["register"]["error"] .= "<br />" . "Make sure your phone number is a valid one.";
}
// Email
if(!is_valid_email($_POST["email"])) {
$_SESSION["register"]["error"] .= "<br />" . "Make sure your e-mail is a valid one.";
}
else {
$clean_email = sanitize($_POST["email"]);
$clean_email_check = mysql_query("SELECT * FROM Users WHERE 'Email' = '" . $clean_email . "'");
if(mysql_num_rows($clean_email_check) > 0) {
$_SESSION["register"]["error"] .= "<br />" . "Your email is already taken.";
}
}
// Address
if(!preg_match("/(.*)\\s(.*)/", $_POST["address"]) || strlen($_POST["address"]) < 10) {
$_SESSION["register"]["error"] .= "<br />" . "Make sure your address is a valid one.";
}
// Username
if(strlen($_POST["user_name"]) > 15) {
$_SESSION["register"]["error"] .= "<br />" . "Your username is too long.";
}
else {
$clean_user_name = sanitize($_POST["user_name"]);
$user_name_check = mysql_query("SELECT * FROM Users WHERE 'Username' = '" . $clean_user_name . "'");
if(mysql_num_rows($user_name_check) > 0) {
$_SESSION["register"]["error"] .= "<br />" . "Your username is already taken.";
}
}
// Password
if($_POST["pass_word"] !== $_POST["pass_word_verification"]) {
$_SESSION["register"]["error"] .= "<br />" . "Make sure your passwords match.";
}
if(isset($_SESSION["register"]["error"])) {
redirect("index.php");
die();
}
// Sanitizing the results
$temporary_register_array = array("Full Name" => $_POST["full_name"],
"Country" => $_POST["country"],
"Email" => $_POST["email"],
"Address" => $_POST["address"],
"Phone Number" => $_POST["phone_number"],
"User_Name" => $_POST["user_name"],
"Pass_Word" => hash('sha512', $_POST["pass_word"]));
$clean_register_results = array_map("sanitize", $temporary_register_array);
$this -> register_vars = $clean_register_results;
$this -> register_add_data();
}
public function login_clean_data() {
// Function that sanitizes the POST data
$clean_results = array_map("sanitize", $this -> login_vars);
$this -> login_vars["Username"] = $clean_results["Username"];
$this -> login_vars["Password"] = hash('sha512', $clean_results["Password"]);
// Processing the last step which is checking to see if what is provided is correct
$this -> login_check_data();
}
public function login_check_data() {
// Checking the database for the given information
$query = "SELECT * FROM Users
WHERE `Username` = '" . $this -> login_vars["Username"] . "' && `Password` = '" . $this -> login_vars["Password"] . "'";
$query = mysql_query($query);
if(mysql_num_rows($query) > 0) {
// If information is valid
$_SESSION["id"] = 1;
$_SESSION["username"] = $this -> login_vars["Username"];
$_SESSION["password"] = $this -> login_vars["Password"];
redirect("index.php");
die();
}
else {
$_SESSION["login"]["error"] = "Username/Password combination is invalid.";
redirect("index.php");
die();
}
}
public function register_add_data() {
// Adding the values to the database
mysql_query("INSERT INTO Users
(`Username`, `Password`, `Full Name`, `Phone Number`, `Address`, `Country`, `Email`)
VALUES ('" . $this -> register_vars["User_Name"] . "', '" . $this -> register_vars["Pass_Word"] . "', '" . $this -> register_vars["Full Name"] . "', '00" . $this -> register_vars["Phone Number"] . "', '" . $this -> register_vars["Address"] . "', '" . $this -> register_vars["Country"] . "', '" . $this -> register_vars["Email"] . "')");
redirect("index.php");
}
public function logout() {
// Exiting if user is not logged in
if(!is_logged_in()) {
die("You are not logged in.");
}
else {
$_SESSION = array();
session_destroy();
redirect("index.php");
die();
}
}
}
$start = new post_data_class();
?>
Revision: 42390
Updated Code
at March 4, 2011 06:28 by ahandy
Updated Code
<?php
session_start();
DEFINE("USED_LOCALLY", "1");
include("functions.php");
interface post_data {
// Create interface that the main class will rely on
function login_get_data();
function login_clean_data();
function login_check_data();
function register_get_clean_data();
function register_add_data();
function logout();
}
abstract class sql_server {
// Class that handles the SQL connection
public $cnx;
public function __construct() {
$this -> cnx = mysql_connect("localhost", "root", "password");
mysql_select_db("login", $this -> cnx);
}
}
class post_data_class extends sql_server implements post_data {
// Creating the main variables and setting them to private for security
private $login_vars = array("Username" => NULL,
"Password" => NULL);
private $register_vars = array("Full Name" => NULL,
"Country" => NULL,
"Phone Number" => NULL,
"Address" => NULL,
"Email" => NULL,
"User_Name" => NULL,
"Pass_Word" => NULL);
// Getting the POST data automatically and setting them to the private variables.
public function __construct() {
parent::__construct();
if(isset($_POST["login_submit"])) {
// Stating the process by collecting data
$this -> login_get_data();
}
else {
// Logging off if no form has been submitted and there's a GET in the URL
if(isset($_GET["logout"])) {
// Logging out
$this -> logout();
}
}
if(isset($_POST["register_submit"])) {
// Working on the register script if the register form was submitted
$this -> register_get_clean_data();
}
else {
redirect("index.php");
die();
}
}
public function login_get_data() {
// Giving error if any of the fields are empty
if(empty($_POST["username"]) || empty($_POST["password"])) {
$_SESSION["login"]["error"] = "Make sure none of the fields are empty";
redirect("index.php");
die();
}
// Else, processing
else {
$this -> login_vars["Username"] = $_POST["username"];
$this -> login_vars["Password"] = $_POST["password"];
$this -> login_clean_data();
}
}
public function register_get_clean_data() {
// Giving error in case any of the fields are empty
if(empty($_POST["full_name"]) || empty($_POST["phone_number"]) || empty($_POST["email"]) || empty($_POST["address"]) || empty($_POST["user_name"]) || empty($_POST["pass_word"]) || empty($_POST["pass_word_verification"])) {
$_SESSION["register"]["error"] = "Make sure none of the fields are empty.";
redirect("index.php");
die();
}
// Verifying information
// Full Name
if(!preg_match("/(.*)\\s(.*)/", $_POST["full_name"]) || strlen($_POST["full_name"]) < 5) {
$_SESSION["register"]["error"] = "Make sure your full name is a valid one.";
}
// Phone Number
if(!is_numeric($_POST["phone_number"]) || strlen($_POST["phone_number"]) < 5) {
$_SESSION["register"]["error"] .= "<br />" . "Make sure your phone number is a valid one.";
}
// Email
if(!is_valid_email($_POST["email"])) {
$_SESSION["register"]["error"] .= "<br />" . "Make sure your e-mail is a valid one.";
}
else {
$clean_email = sanitize($_POST["email"]);
$clean_email_check = mysql_query("SELECT * FROM Users WHERE 'Email' = '" . $clean_email . "'");
if(mysql_num_rows($clean_email_check) > 0) {
$_SESSION["register"]["error"] .= "<br />" . "Your email is already taken.";
}
}
// Address
if(!preg_match("/(.*)\\s(.*)/", $_POST["address"]) || strlen($_POST["address"]) < 10) {
$_SESSION["register"]["error"] .= "<br />" . "Make sure your address is a valid one.";
}
// Username
if(strlen($_POST["user_name"]) > 15) {
$_SESSION["register"]["error"] .= "<br />" . "Your username is too long.";
}
else {
$clean_user_name = sanitize($_POST["user_name"]);
$user_name_check = mysql_query("SELECT * FROM Users WHERE 'Username' = '" . $clean_user_name . "'");
if(mysql_num_rows($user_name_check) > 0) {
$_SESSION["register"]["error"] .= "<br />" . "Your username is already taken.";
}
}
// Password
if($_POST["pass_word"] !== $_POST["pass_word_verification"]) {
$_SESSION["register"]["error"] .= "<br />" . "Make sure your passwords match.";
}
if(isset($_SESSION["register"]["error"])) {
redirect("index.php");
die();
}
// Sanitizing the results
$temporary_register_array = array("Full Name" => $_POST["full_name"],
"Country" => $_POST["country"],
"Email" => $_POST["email"],
"Address" => $_POST["address"],
"Phone Number" => $_POST["phone_number"],
"User_Name" => $_POST["user_name"],
"Pass_Word" => hash('sha512', $_POST["pass_word"]));
$clean_register_results = array_map("sanitize", $temporary_register_array);
$this -> register_vars = $clean_register_results;
$this -> register_add_data();
}
public function login_clean_data() {
// Function that sanitizes the POST data
$clean_results = array_map("sanitize", $this -> login_vars);
$this -> login_vars["Username"] = $clean_results["Username"];
$this -> login_vars["Password"] = hash('sha512', $clean_results["Password"]);
// Processing the last step which is checking to see if what is provided is correct
$this -> login_check_data();
}
public function login_check_data() {
// Checking the database for the given information
$query = "SELECT * FROM Users
WHERE `Username` = '" . $this -> login_vars["Username"] . "' && `Password` = '" . $this -> login_vars["Password"] . "'";
$query = mysql_query($query);
if(mysql_num_rows($query) > 0) {
// If information is valid
$_SESSION["id"] = 1;
$_SESSION["username"] = $this -> login_vars["Username"];
$_SESSION["password"] = $this -> login_vars["Password"];
redirect("index.php");
die();
}
else {
$_SESSION["login"]["error"] = "Username/Password combination is invalid.";
redirect("index.php");
die();
}
}
public function register_add_data() {
// Adding the values to the database
mysql_query("INSERT INTO Users
(`Username`, `Password`, `Full Name`, `Phone Number`, `Address`, `Country`, `Email`)
VALUES ('" . $this -> register_vars["User_Name"] . "', '" . $this -> register_vars["Pass_Word"] . "', '" . $this -> register_vars["Full Name"] . "', '00" . $this -> register_vars["Phone Number"] . "', '" . $this -> register_vars["Address"] . "', '" . $this -> register_vars["Country"] . "', '" . $this -> register_vars["Email"] . "')");
}
public function logout() {
// Exiting if user is not logged in
if(!is_logged_in()) {
die("You are not logged in.");
}
else {
$_SESSION = array();
session_destroy();
redirect("index.php");
die();
}
}
}
$start = new post_data_class();
?>
Revision: 42389
Initial Code
Initial URL
Initial Description
Initial Title
Initial Tags
Initial Language
at March 4, 2011 06:12 by ahandy
Initial Code
<?php
session_start();
DEFINE("USED_LOCALLY", "1");
include("functions.php");
interface post_data {
// Create interface that the main class will rely on
function login_get_data();
function login_clean_data();
function login_check_data();
function register_get_clean_data();
function register_add_data();
function logout();
}
abstract class sql_server {
// Class that handles the SQL connection
public $cnx;
public function __construct() {
$this -> cnx = mysql_connect("localhost", "root", "password");
mysql_select_db("login", $this -> cnx);
}
}
class post_data_class extends sql_server implements post_data {
// Creating the main variables and setting them to private for security
private $login_vars = array("Username" => NULL,
"Password" => NULL);
private $register_vars = array("Full Name" => NULL,
"Country" => NULL,
"Phone Number" => NULL,
"Address" => NULL,
"Email" => NULL,
"User_Name" => NULL,
"Pass_Word" => NULL);
// Getting the POST data automatically and setting them to the private variables.
public function __construct() {
parent::__construct();
if(isset($_POST["login_submit"])) {
// Stating the process by collecting data
$this -> login_get_data();
}
else {
// Logging off if no form has been submitted and there's a GET in the URL
if(isset($_GET["logout"])) {
// Logging out
$this -> logout();
}
}
if(isset($_POST["register_submit"])) {
// Working on the register script if the register form was submitted
$this -> register_get_clean_data();
}
else {
redirect("index.php");
die();
}
}
public function login_get_data() {
// Giving error if any of the fields are empty
if(empty($_POST["username"]) || empty($_POST["password"])) {
$_SESSION["login"]["error"] = "Make sure none of the fields are empty";
redirect("index.php");
die();
}
// Else, processing
else {
$this -> login_vars["Username"] = $_POST["username"];
$this -> login_vars["Password"] = $_POST["password"];
$this -> login_clean_data();
}
}
public function register_get_clean_data() {
// Giving error in case any of the fields are empty
if(empty($_POST["full_name"]) || empty($_POST["phone_number"]) || empty($_POST["email"]) || empty($_POST["address"]) || empty($_POST["user_name"]) || empty($_POST["pass_word"]) || empty($_POST["pass_word_verification"])) {
$_SESSION["register"]["error"] = "Make sure none of the fields are empty.";
redirect("index.php");
die();
}
// Verifying information
// Full Name
if(!preg_match("/(.*)\\s(.*)/", $_POST["full_name"]) || strlen($_POST["full_name"]) < 5) {
$_SESSION["register"]["error"] = "Make sure your full name is a valid one.";
}
// Phone Number
if(!is_numeric($_POST["phone_number"]) || strlen($_POST["phone_number"]) < 5) {
$_SESSION["register"]["error"] .= "<br />" . "Make sure your phone number is a valid one.";
}
// Email
if(!is_valid_email($_POST["email"])) {
$_SESSION["register"]["error"] .= "<br />" . "Make sure your e-mail is a valid one.";
}
else {
$clean_email = sanitize($_POST["email"]);
$clean_email_check = mysql_query("SELECT * FROM Users WHERE 'Email' = '" . $clean_email . "'");
if(mysql_num_rows($clean_email_check) > 0) {
$_SESSION["register"]["error"] .= "<br />" . "Your email is already taken.";
}
}
// Address
if(!preg_match("/(.*)\\s(.*)/", $_POST["address"]) || strlen($_POST["address"]) < 10) {
$_SESSION["register"]["error"] .= "<br />" . "Make sure your address is a valid one.";
}
// Username
if(strlen($_POST["user_name"]) > 15) {
$_SESSION["register"]["error"] .= "<br />" . "Your username is too long.";
}
else {
$clean_user_name = sanitize($_POST["user_name"]);
$user_name_check = mysql_query("SELECT * FROM Users WHERE 'Username' = '" . $clean_user_name . "'");
if(mysql_num_rows($user_name_check) > 0) {
$_SESSION["register"]["error"] .= "<br />" . "Your username is already taken.";
}
}
// Password
if($_POST["pass_word"] !== $_POST["pass_word_verification"]) {
$_SESSION["register"]["error"] .= "<br />" . "Make sure your passwords match.";
}
if(isset($_SESSION["register"]["error"])) {
redirect("index.php");
die();
}
// Sanitizing the results
$temporary_register_array = array("Full Name" => $_POST["full_name"],
"Country" => $_POST["country"],
"Email" => $_POST["email"],
"Address" => $_POST["address"],
"User_Name" => $_POST["user_name"],
"Pass_Word" => hash('sha512', $_POST["pass_word"]));
$clean_register_results = array_map("sanitize", $temporary_register_array);
$this -> register_vars = $clean_register_results;
$this -> register_vars["Phone Number"] = "96170198017";
$this -> register_add_data();
}
public function login_clean_data() {
// Function that sanitizes the POST data
$clean_results = array_map("sanitize", $this -> login_vars);
$this -> login_vars["Username"] = $clean_results["Username"];
$this -> login_vars["Password"] = hash('sha512', $clean_results["Password"]);
// Processing the last step which is checking to see if what is provided is correct
$this -> login_check_data();
}
public function login_check_data() {
// Checking the database for the given information
$query = "SELECT * FROM Users
WHERE `Username` = '" . $this -> login_vars["Username"] . "' && `Password` = '" . $this -> login_vars["Password"] . "'";
$query = mysql_query($query);
if(mysql_num_rows($query) > 0) {
// If information is valid
$_SESSION["id"] = 1;
$_SESSION["username"] = $this -> login_vars["Username"];
$_SESSION["password"] = $this -> login_vars["Password"];
redirect("index.php");
die();
}
else {
$_SESSION["login"]["error"] = "Username/Password combination is invalid.";
redirect("index.php");
die();
}
}
public function register_add_data() {
// Adding the values to the database
mysql_query("INSERT INTO Users
(`Username`, `Password`, `Full Name`, `Phone Number`, `Address`, `Country`, `Email`)
VALUES ('" . $this -> register_vars["User_Name"] . "', '" . $this -> register_vars["Pass_Word"] . "', '" . $this -> register_vars["Full Name"] . "', '00" . $this -> register_vars["Phone Number"] . "', '" . $this -> register_vars["Address"] . "', '" . $this -> register_vars["Country"] . "', '" . $this -> register_vars["Email"] . "')");
}
public function logout() {
// Exiting if user is not logged in
if(!is_logged_in()) {
die("You are not logged in.");
}
else {
$_SESSION = array();
session_destroy();
redirect("index.php");
die();
}
}
}
$start = new post_data_class();
?>
Initial URL
Initial Description
Initial Title
[PHP] OOP Login/Register script (with no HTML form)
Initial Tags
login, php
Initial Language
PHP