Here is a login class I recently wrote. It's not complete, nor is it perfect, but it might help you get started. Just create a database with the fields id, username, user_password (length 40 to hold sha1 password).
<?php
include("dataLayer.class.php");
class User {
var $dl; // DATALAYER OBJECT
var $errors = array(); // HOLDS ERRORS
var $table; // NAME OF TABLE THAT HOLDS USERS TO BE AUTHENTICATED
function user( )
{
$this->dl = new DataLayer( );
$this->dl->debug = true;
$this->table = "members";
}
function ValidateLoginForm($user="", $pass="")
{
if( (!$this->ValidInput($user)) || (!$this->ValidInput($pass)) )
{
if( !$this->ValidInput($user) )
{
$this->setError("You must enter a username");
}
if( !$this->ValidInput($pass) )
{
$this->setError("You must enter a password");
}
return false;
}
else
{
return true;
}
}
function ValidInput($input)
{
if( ($input == "") || (strlen(trim($input)) == 0) || (!isset($input)) )
{
return false;
}
else
{
return true;
}
}
function CheckLogin($username, $password)
{
// Prevent SQL Injection
$username = $this->dl->safe_string($username);
$password = $this->dl->safe_string($password);
$this->dl->connect() or die( $dl->getError() );
// Setup Query String
$strSQL = "SELECT COUNT(username) FROM " . $this->table . " WHERE username='".$username."' AND user_password='".sha1($password)."'";
if($result = $this->dl->_query($strSQL))
{
if(mysql_result($result, 0) == 1)
{
return true;
}
else
{
$this->SetError("Login Failed. Please try again.");
return false;
}
}
else
{
$this->SetError("There was a problem processing your query");
return false;
}
}
function logout($username)
{
session_destroy();
header("Location: index.php");
}
function getError( ) {
return $this->errors[count($this->errors)-1];
}
function setError( $str ) {
array_push( $this->errors, $str );
}
function grabError( )
{
$error = "<span class=\"error-notice\">The Following errors must be corrected</span>:";
$error .= "<ul class=\"error\">\n";
foreach($this->errors as $value)
{
$error .= "<li>".$value."</li>\n";
}
$error .= "</ul>\n";
return $error;
}
}
?>
And here's how I used it
<?php
// Include Classes
require_once("lib/user.class.php");
require_once("lib/form.class.php");
require_once("lib/template.class.php");
// Start Session
session_start();
// New Form and LoginTemplate Classess
$f = new Form;
$t = new LoginTPL("tpl/login.tpl");
if(!isset($_POST["submit"]))
{
$t->OutputLogin();
}
else
{
@$username = $_POST["username"];
@$user_password = $_POST["user_password"];
$User = new User;
if( $User->ValidateLoginForm($username, $user_password) )
{
// Fields look Good. Try to log user in.
if( $User->CheckLogin($username, $user_password) )
{
$_SESSION["username"] = $username;
header("Location: interface.php");
}
else
{
$t->OutputLogin($username, $User->grabError() );
}
}
else
{
// Fields were left Blank
$t->OutputLogin($username, $User->grabError() );
}
}
?>
$t->OutputLogin simply displays the form back to the user with any error messages, and with the username field prefilled as they had it ($_POST["username"] is the value.) You can manually type out your form there if you want.
Here's how I add users (just a snippet). I don't have this integrated into the class yet.
$password = sha1("test");
$result = $db->query("INSERT INTO " . $db->users . " (username, user_password) VALUES('cgraz', '$password')") or die(mysql_error());
Hope this helps.
