Revision: 42669
Updated Code
at March 8, 2011 18:13 by cdog
Updated Code
<?php
/**
* User class
*
* A class to login users via username and password,
* facebook connect, or from a saved cookie.
* This is my first ever class built as a start
* to learning PHP OOP. Might not be "perfect" but
* it works.
*
* To call the class in your files do the following
* *************************************************************
* include("class.user.php");
* include("facebook.php") // need facebook PHP SDK Link below
* // http://snipplr.com/view/50300/facebook-connect-script/
* // initiate the object
* $UI = new user($fbid, $fbinfo);
// logging someone in via form or facebook connect when they
* CLICK login. Should be on a login page
*
* $_POST['username'] = INPUT VALUE FROM A LOGIN FORM
* $_POST['password'] = INPUT VALUE FROM A LOGIN FORM
* $fbid = FACEBOOK ID FROM FACEBOOK SCRIPT
* $fbinfo = FACEBOOK INFO FROM FACEBOOK SCRIPT
* (int)$_GET['liwfb'] = used on a "fake" facebook login button when we don't log a user out of facebook
* $_POST'remember'] = form value for people that want a cookie set
*
* how to call the login method
* most likely you'll have a session started (you should have session_start() first thing on every page
* with logged in users) so cookie is set outside of the class
*
* $UI->login($_POST['username'], $_POST['password'], $fbid, $fbinfo, (int)$_GET['liwfb'], $remember);
if($UI->_loggedIn) {
if($_POST['remember'])
{
$cid = $UI->setCookie();
$redurl = "link to an external page for setting the cookie.php?cid=cid checked against the database
}
* *************************************************************
* @author Clint Chaney <[email protected]>
* @copyright 2011 ONIT Industries
* @license http://www.php.net/license/3_01.txt PHP License 3.01
* This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
*/
class user
{
public $_info = array(); // array of user profile information
public $_loggedIn = false; // true or false if user is logged in
public $_loggedInFB = false; // true or false if user used facebook to login
public $_errors = array(); // errors
private $_username;
private $_password;
private $_facebook_id;
private $_facebook_info = array();
private $_facebook_login = false;
/**
* CONSTRUCT
*
* Aaccepts facebook id and info
*/
public function __construct($fbid='', $fbinfo='')
{
$this->_facebook_id = $fbid;
$this->_facebook_info = $fbinfo;
($_COOKIE['usercook']) ? $this->login('','','','','','', $_COOKIE['usercook']) : '';
$this->_loggedIn = ($_SESSION['uinfo']) ? true : false;
$this->_info = ($this->_loggedIn) ? $_SESSION['uinfo'] : '';
$this->_loggedInFB = $_SESSION['uinfo']['loggedInFB'];
}
/**
* login mehod
*
* this should be called on a login page
* as explained above.
*
*/
public function login($username='', $password='', $facebook_id='', $facebook_info='', $liwfb=false, $remember = false, $cookie = false)
{
$this->_username = $username;
$this->_password = $password;
$this->_facebook_id = $facebook_id;
$this->_facebook_info = $facebook_info;
$this->_facebook_login = $liwfb;
// check to see if there is a session already, if not execute a login
if(!$_SESSION['uinfo'])
{
// if the user has a cookie verify and log them in with it
if($cookie)
{
// check the database cookie information
$check = $this->getDBInfo('cookie');
// if the check returns an active member
if($check['mem_id'] && $check['mem_active'])
{
// register the session
$this->sessionRegister($check);
// make sure to let the script know were not using facebook
$this->_loggedInFB = false;
// do updates to the member database
mysql_query("UPDATE members SET mem_last_active = '".time()."' WHERE mem_id = '".$check['mem_id']."' LIMIT 1");
}
// if we have a facebook id and no username and password it's a facebook login
} elseif($this->_facebook_id && !$this->_username && !$this->_password)
{
// check to see if user is already registered
$check = $this->getDBInfo('facebook');
// if they are lets log them in
if($check['mem_id'])
{
// if they haven't manually logged out or hit our fake login button
if(($check['mem_manual_logout'] != 1 && $this->_facebook_id && !$this->_loggedIn) || $this->_facebook_login)
{
// setfacebook login to true
$this->_loggedInFB = true;
// register session
$this->sessionRegister($check);
// change manul logout to 0, gets reset on logout
mysql_query("UPDATE members SET mem_manual_logout = '0' WHERE mem_id = '".$check['mem_id']."' LIMIT 1");
}
// they are not a member yet? let's register them
} else {
// register facebook user into the database
$this->registerFB();
// get info from the database, most importantly their new member id
$check = $this->getDBInfo('facebook');
// set facebook login as true
$this->_loggedInFB = true;
// register our own sessioon for the user
$this->sessionRegister($check);
}
// if they entered a username and password lets check it and log them in
} elseif($this->_username && $this->_password)
{
// person is entering a username and password lets check it against the database
$check = $this->getDBInfo('unp');
// if there is an id for the user let's set the session up
if($check['mem_id'] && $check['mem_active'])
{
// set session variables
$this->sessionRegister($check);
// not logged in through facebook
$this->_loggedInFB = false;
// update lsst acivity date, probably might be a good idea to make a method for this. oh well
mysql_query("UPDATE members SET mem_last_active = '".time()."' WHERE mem_id = '".$check['mem_id']."' LIMIT 1");
} else {
// bad username and password, set error
$this->_errors[] = "Invalid username and password.";
}
}
// return the session info
return $this->_info;
// we already have a session. lets check the facebook info on it and return the session
} else {
$this->_loggedInFB = $_SESSION['uinfo']['loggedInFB'];
return $_SESSION['uinfo'];
}
}
/**
* register a new facebook user
*
* either adds a new member or
* checks for an existing member with same email
* and updates it.
*
*/
private function registerFB()
{
$fbinfo = $this->_facebook_info;
// lets get location information from facebook. city and state
$location = explode(',', $fbinfo['location']['name']);
$city = addslashes(trim($location[0]));
$state = addslashes(trim(substr($location[1], 0, 3)));
// check database for zipcode information
$zipinfo = mysql_fetch_array(mysql_query("SELECT * FROM zip_code WHERE city = '".$city."' && state = '".$state."' LIMIT 1"));
// see if email already exists
$checku = mysql_fetch_array(mysql_query("SELECT mem_id FROM members WHERE mem_email = '".filter_var($fbinfo['email'], FILTER_SANITIZE_EMAIL)."' LIMIT 1"));
if(!$checku['mem_id'])
{
// facebok user not in the database, add them
mysql_query("INSERT INTO members SET
mem_email = '".filter_var($fbinfo['email'], FILTER_SANITIZE_EMAIL)."',
mem_real = '1',
mem_ip = '".$_SERVER['REMOTE_ADDR']."',
mem_date_joined = '".time()."',
mem_last_active = '".time()."',
mem_firstname = '".$this->clean($fbinfo['first_name'])."',
mem_lastname = '".$this->clean($fbinfo['last_name'])."',
mem_city = '".$zipinfo['city']."',
mem_state = '".$zipinfo['state']."',
mem_zipcode = '".$zipinfo['zip_code']."',
mem_lat = '".$zipinfo['lat']."',
mem_lon = '".$zipinfo['lon']."',
mem_gender = '".$this->clean($fbinfo['gender'])."',
mem_timezone = '".$this->clean($fbinfo['timezone'])."',
mem_oauth_provider = 'facebook',
mem_oauth_uid = '".$this->_facebook_id."'");
} else {
mysql_query("UPDATE members SET
mem_last_active = '".time()."',
mem_firstname = '".$this->clean($fbinfo['first_name'])."',
mem_lastname = '".$this->clean($fbinfo['last_name'])."',
mem_city = '".$zipinfo['city']."',
mem_state = '".$zipinfo['state']."',
mem_zipcode = '".$zipinfo['zip_code']."',
mem_lat = '".$zipinfo['lat']."',
mem_lon = '".$zipinfo['lon']."',
mem_oauth_provider = 'facebook',
mem_oauth_uid = '".$this->_facebook_id."'
WHERE mem_id = '".$checku['mem_id']."' LIMIT 1");
}
}
/**
* generate a random cookie id
*
* generates a cookie id and ads it to the database
*/
function setCookie()
{
$cookie = $this->create_pcookie(50);
mysql_query("UPDATE members SET mem_cookie_id = '".$cookie."' WHERE mem_id = '".$this->_info['id']."' LIMIT 1");
return $cookie;
}
/**
* logout a user
*
* destroy cookie on a seoerate page without session_start
*
*/
public function logout()
{
mysql_query("UPDATE members SET mem_manual_logout = '1' WHERE mem_id = '".$this->_info['id']."' LIMIT 1");
session_destroy();
$this->_loggedIn = false;
$this->_loggedInFB = false;
}
/**
* register a session for a successful login
*
*/
private function sessionRegister($memberArray)
{
$this->_info = $_SESSION['uinfo'] = array(
'id' => $memberArray['mem_id'],
'email' => $memberArray['mem_email'],
'username' => $memberArray['mem_nick'],
'active' => $memberArray['mem_active'],
'level' => $memberArray['mem_level'],
'facebook_id' => $memberArray['mem_oauth_uid'],
'loggedInFB' => $this->_loggedInFB
);
$this->_loggedIn = true;
}
/**
* checks for different login methods
*
*/
public function getDBInfo($method)
{
if($method == 'facebook')
{
return mysql_fetch_array(mysql_query("SELECT * FROM members WHERE mem_oauth_provider = 'facebook' && mem_oauth_uid = '".$this->_facebook_id."' LIMIT 1"));
} elseif($method == 'unp') {
$cleanUsername = $this->clean($this->_username);
$cleanPassword = md5($this->_password);
return mysql_fetch_array(mysql_query("SELECT * FROM members WHERE mem_nick = '".$cleanUsername."' && mem_password = '".$cleanPassword."' LIMIT 1"));
} elseif($method == 'email') {
$cleanUsername = $this->clean($this->_username);
return mysql_fetch_array(mysql_query("SELECT * FROM members WHERE mem_nick = '".$cleanUsername."' && mem_password = '".$cleanPassword."' LIMIT 1"));
} elseif($method == 'cookie') {
// cookie string has user_id| added to the beginning of it so split it up
$cookieArr = explode("|", $_COOKIE['usercook']);
$cmem = (int)$cookieArr[0];
$ccid = $cookieArr[1];
return mysql_fetch_array(mysql_query("SELECT * FROM members WHERE mem_id = '".$cmem."' && mem_cookie_id = '".$this->clean($ccid)."' LIMIT 1"));
} else {
return false;
}
}
/**
*
*
* method to clean information for the database
*
*
*/
private function clean($textToClean)
{
return addslashes(filter_var($textToClean, FILTER_SANITIZE_STRING));
}
/**
* display erros if requested
**/
public function showErrors()
{
for($i=0; $i<count($this->_errors); $i++)
{
print ($this->_errors[$i].'<br />');
}
}
/**
* get a users information
**/
public function getInfo($id)
{
$info = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE mem_id = ".$id." LIMIT 1"));
return $info;
}
/**
* method for member only psages
*/
public function requireLogin()
{
if(!$this->_info['id'])
{
echo '<div class="fullWidth">'.
'<h1>You must be logged in to view this page</h1><hr />';
include('includes/forms/login.php');
echo '<div class="clear"></div>'.
'</div>';
exit();
}
}
// random cookie generator
function create_cookie($length=8) {
#creates random 8-char alphanumeric password
$length=$length;
$list=array_merge(range('a','z'),range(0,9));
shuffle($list);
$passwd=substr(join($list),0,$length);
return $passwd;
}
}
?>
Revision: 42668
Initial Code
Initial URL
Initial Description
Initial Title
Initial Tags
Initial Language
at March 8, 2011 18:11 by cdog
Initial Code
<?php
/**
* User class
*
* A class to login users via username and password,
* facebook connect, or from a saved cookie.
* This is my first ever class built as a start
* to learning PHP OOP. Might not be "perfect" but
* it works.
*
* To call the class in your files do the following
* *************************************************************
* include("class.user.php");
* include("facebook.php") // need facebook PHP SDK Link below
* // http://snipplr.com/view/50300/facebook-connect-script/
* // initiate the object
* $UI = new user($fbid, $fbinfo);
// logging someone in via form or facebook connect when they
* CLICK login. Should be on a login page
*
* $_POST['username'] = INPUT VALUE FROM A LOGIN FORM
* $_POST['password'] = INPUT VALUE FROM A LOGIN FORM
* $fbid = FACEBOOK ID FROM FACEBOOK SCRIPT
* $fbinfo = FACEBOOK INFO FROM FACEBOOK SCRIPT
* (int)$_GET['liwfb'] = used on a "fake" facebook login button when we don't log a user out of facebook
* $_POST'remember'] = form value for people that want a cookie set
*
* how to call the login method
* most likely you'll have a session started (you should have session_start() first thing on every page
* with logged in users) so cookie is set outside of the class
*
* $UI->login($_POST['username'], $_POST['password'], $fbid, $fbinfo, (int)$_GET['liwfb'], $remember);
if($UI->_loggedIn) {
if($_POST['remember'])
{
$cid = $UI->setCookie();
$redurl = "link to an external page for setting the cookie.php?cid=cid checked against the database
}
* *************************************************************
* @author Clint Chaney <[email protected]>
* @copyright 2011 ONIT Industries
* @license http://www.php.net/license/3_01.txt PHP License 3.01
* This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
*/
class user
{
public $_info = array(); // array of user profile information
public $_loggedIn = false; // true or false if user is logged in
public $_loggedInFB = false; // true or false if user used facebook to login
public $_errors = array(); // errors
private $_username;
private $_password;
private $_facebook_id;
private $_facebook_info = array();
private $_facebook_login = false;
/**
* CONSTRUCT
*
* Aaccepts facebook id and info
*/
public function __construct($fbid='', $fbinfo='')
{
$this->_facebook_id = $fbid;
$this->_facebook_info = $fbinfo;
($_COOKIE['usercook']) ? $this->login('','','','','','', $_COOKIE['usercook']) : '';
$this->_loggedIn = ($_SESSION['uinfo']) ? true : false;
$this->_info = ($this->_loggedIn) ? $_SESSION['uinfo'] : '';
$this->_loggedInFB = $_SESSION['uinfo']['loggedInFB'];
}
/**
* login mehod
*
* this should be called on a login page
* as explained above.
*
*/
public function login($username='', $password='', $facebook_id='', $facebook_info='', $liwfb=false, $remember = false, $cookie = false)
{
$this->_username = $username;
$this->_password = $password;
$this->_facebook_id = $facebook_id;
$this->_facebook_info = $facebook_info;
$this->_facebook_login = $liwfb;
// check to see if there is a session already, if not execute a login
if(!$_SESSION['uinfo'])
{
// if the user has a cookie verify and log them in with it
if($cookie)
{
// check the database cookie information
$check = $this->getDBInfo('cookie');
// if the check returns an active member
if($check['mem_id'] && $check['mem_active'])
{
// register the session
$this->sessionRegister($check);
// make sure to let the script know were not using facebook
$this->_loggedInFB = false;
// do updates to the member database
mysql_query("UPDATE members SET mem_last_active = '".time()."' WHERE mem_id = '".$check['mem_id']."' LIMIT 1");
}
// if we have a facebook id and no username and password it's a facebook login
} elseif($this->_facebook_id && !$this->_username && !$this->_password)
{
// check to see if user is already registered
$check = $this->getDBInfo('facebook');
// if they are lets log them in
if($check['mem_id'])
{
// if they haven't manually logged out or hit our fake login button
if(($check['mem_manual_logout'] != 1 && $this->_facebook_id && !$this->_loggedIn) || $this->_facebook_login)
{
// setfacebook login to true
$this->_loggedInFB = true;
// register session
$this->sessionRegister($check);
// change manul logout to 0, gets reset on logout
mysql_query("UPDATE members SET mem_manual_logout = '0' WHERE mem_id = '".$check['mem_id']."' LIMIT 1");
}
// they are not a member yet? let's register them
} else {
// register facebook user into the database
$this->registerFB();
// get info from the database, most importantly their new member id
$check = $this->getDBInfo('facebook');
// set facebook login as true
$this->_loggedInFB = true;
// register our own sessioon for the user
$this->sessionRegister($check);
}
// if they entered a username and password lets check it and log them in
} elseif($this->_username && $this->_password)
{
// person is entering a username and password lets check it against the database
$check = $this->getDBInfo('unp');
// if there is an id for the user let's set the session up
if($check['mem_id'] && $check['mem_active'])
{
// set session variables
$this->sessionRegister($check);
// not logged in through facebook
$this->_loggedInFB = false;
// update lsst acivity date, probably might be a good idea to make a method for this. oh well
mysql_query("UPDATE members SET mem_last_active = '".time()."' WHERE mem_id = '".$check['mem_id']."' LIMIT 1");
} else {
// bad username and password, set error
$this->_errors[] = "Invalid username and password.";
}
}
// return the session info
return $this->_info;
// we already have a session. lets check the facebook info on it and return the session
} else {
$this->_loggedInFB = $_SESSION['uinfo']['loggedInFB'];
return $_SESSION['uinfo'];
}
}
/**
* register a new facebook user
*
* either adds a new member or
* checks for an existing member with same email
* and updates it.
*
*/
private function registerFB()
{
$fbinfo = $this->_facebook_info;
// lets get location information from facebook. city and state
$location = explode(',', $fbinfo['location']['name']);
$city = addslashes(trim($location[0]));
$state = addslashes(trim(substr($location[1], 0, 3)));
// check database for zipcode information
$zipinfo = mysql_fetch_array(mysql_query("SELECT * FROM zip_code WHERE city = '".$city."' && state = '".$state."' LIMIT 1"));
// see if email already exists
$checku = mysql_fetch_array(mysql_query("SELECT mem_id FROM members WHERE mem_email = '".filter_var($fbinfo['email'], FILTER_SANITIZE_EMAIL)."' LIMIT 1"));
if(!$checku['mem_id'])
{
// facebok user not in the database, add them
mysql_query("INSERT INTO members SET
mem_email = '".filter_var($fbinfo['email'], FILTER_SANITIZE_EMAIL)."',
mem_real = '1',
mem_ip = '".$_SERVER['REMOTE_ADDR']."',
mem_date_joined = '".time()."',
mem_last_active = '".time()."',
mem_firstname = '".$this->clean($fbinfo['first_name'])."',
mem_lastname = '".$this->clean($fbinfo['last_name'])."',
mem_city = '".$zipinfo['city']."',
mem_state = '".$zipinfo['state']."',
mem_zipcode = '".$zipinfo['zip_code']."',
mem_lat = '".$zipinfo['lat']."',
mem_lon = '".$zipinfo['lon']."',
mem_gender = '".$this->clean($fbinfo['gender'])."',
mem_timezone = '".$this->clean($fbinfo['timezone'])."',
mem_oauth_provider = 'facebook',
mem_oauth_uid = '".$this->_facebook_id."'");
} else {
mysql_query("UPDATE members SET
mem_last_active = '".time()."',
mem_firstname = '".$this->clean($fbinfo['first_name'])."',
mem_lastname = '".$this->clean($fbinfo['last_name'])."',
mem_city = '".$zipinfo['city']."',
mem_state = '".$zipinfo['state']."',
mem_zipcode = '".$zipinfo['zip_code']."',
mem_lat = '".$zipinfo['lat']."',
mem_lon = '".$zipinfo['lon']."',
mem_oauth_provider = 'facebook',
mem_oauth_uid = '".$this->_facebook_id."'
WHERE mem_id = '".$checku['mem_id']."' LIMIT 1");
}
}
/**
* generate a random cookie id
*
* generates a cookie id and ads it to the database
*/
function setCookie()
{
$cookie = $this->create_pcookie(50);
mysql_query("UPDATE members SET mem_cookie_id = '".$cookie."' WHERE mem_id = '".$this->_info['id']."' LIMIT 1");
return $cookie;
}
/**
* logout a user
*
* destroy cookie on a seoerate page without session_start
*
*/
public function logout()
{
mysql_query("UPDATE members SET mem_manual_logout = '1' WHERE mem_id = '".$this->_info['id']."' LIMIT 1");
session_destroy();
$this->_loggedIn = false;
$this->_loggedInFB = false;
}
/**
* register a session for a successful login
*
*/
private function sessionRegister($memberArray)
{
$this->_info = $_SESSION['uinfo'] = array(
'id' => $memberArray['mem_id'],
'email' => $memberArray['mem_email'],
'username' => $memberArray['mem_nick'],
'active' => $memberArray['mem_active'],
'level' => $memberArray['mem_level'],
'facebook_id' => $memberArray['mem_oauth_uid'],
'loggedInFB' => $this->_loggedInFB
);
$this->_loggedIn = true;
}
/**
* checks for different login methods
*
*/
public function getDBInfo($method)
{
if($method == 'facebook')
{
return mysql_fetch_array(mysql_query("SELECT * FROM members WHERE mem_oauth_provider = 'facebook' && mem_oauth_uid = '".$this->_facebook_id."' LIMIT 1"));
} elseif($method == 'unp') {
$cleanUsername = $this->clean($this->_username);
$cleanPassword = md5($this->_password);
return mysql_fetch_array(mysql_query("SELECT * FROM members WHERE mem_nick = '".$cleanUsername."' && mem_password = '".$cleanPassword."' LIMIT 1"));
} elseif($method == 'email') {
$cleanUsername = $this->clean($this->_username);
return mysql_fetch_array(mysql_query("SELECT * FROM members WHERE mem_nick = '".$cleanUsername."' && mem_password = '".$cleanPassword."' LIMIT 1"));
} elseif($method == 'cookie') {
// cookie string has user_id| added to the beginning of it so split it up
$cookieArr = explode("|", $_COOKIE['usercook']);
$cmem = (int)$cookieArr[0];
$ccid = $cookieArr[1];
return mysql_fetch_array(mysql_query("SELECT * FROM members WHERE mem_id = '".$cmem."' && mem_cookie_id = '".$this->clean($ccid)."' LIMIT 1"));
} else {
return false;
}
}
/**
*
*
* method to clean information for the database
*
*
*/
private function clean($textToClean)
{
return addslashes(filter_var($textToClean, FILTER_SANITIZE_STRING));
}
/**
* display erros if requested
**/
public function showErrors()
{
for($i=0; $i<count($this->_errors); $i++)
{
print ($this->_errors[$i].'<br />');
}
}
/**
* get a users information
**/
public function getInfo($id)
{
$info = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE mem_id = ".$id." LIMIT 1"));
return $info;
}
/**
* method for member only psages
*/
public function requireLogin()
{
if(!$this->_info['id'])
{
echo '<div class="fullWidth">'.
'<h1>You must be logged in to view this page</h1><hr />';
include('includes/forms/login.php');
echo '<div class="clear"></div>'.
'</div>';
exit();
}
}
// random cookie generator
function create_cookie($length=8) {
#creates random 8-char alphanumeric password
$length=$length;
$list=array_merge(range('a','z'),range(0,9));
shuffle($list);
$passwd=substr(join($list),0,$length);
return $passwd;
}
}
?>
Initial URL
Initial Description
probably confusing. it's my first class. not pretty but it works
Initial Title
PHP user / facebook login class
Initial Tags
login, php, user, facebook
Initial Language
PHP