A simple authentication class .......

whisher06

Hi anyOne.
Do you feel like checking out
my simple authentication class ?
Here it is.
As usual improvements and critiques are
welcome 😃
Take care.

halojoy

whisher06 wrote:
Do you feel like checking out my simple authentication class ?
Here it is.
As usual improvements and critiques are welcome.

There are 3 small classes, that deals with auth and database.

This is how private.php uses your class for authentication

<?php 

//require_once("config.php");
//start config.php
require_once("abstractDbClass.php");
require_once("getTablesClass.php");
require_once("authenticationClass.php");

$options=array('host'=>'localhost','user'=>'','password'=>'','database'=>'');
$priv = array('1','2');
$db = &new AbstractDb($options);
$authentication = &new Authentication($db);
// end config.php

if(isset($_GET['logOut'])){
	$authentication->logOut();
}
if(!$authentication->checkAuth()){
	header("Location: index.php"); 
	exit;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>

<body>
<h1 style="text-align:center ">PRIVATE</h1>
<a href="private.php?logOut=1">LOG OUT</a>
</body>
</html>

whisher06

Hi.
Tks for the ready reply 😉.
But I don't understand
what do you mean.
I included all the classes
in the config.php.
Than I included config.php
in all pages.
In my opinion is pretty much
the same and you can save
time.
I'm waiting for an enlightment.
Bye.

halojoy

HEY!
I just REALLY INCLUDED config.php
to let us see how your script work.

How many here, do you think bother to download, unzip and look at several files
just to reply to your topic???

But if I show them a bit HERE, and in application show WHAT IS happening in config.php
maybe you get some little response.
It is only from pedagogical reasons I have shown your code in this way.

NOT a rewrite!

If you want critique, you should show your code here,
same as in HELP forum - noone wants to surf around at websites
hunting for some scripts that somebody has got trouble with.
We better COPY and PASTE into forum, to make it easy on our advisors.

I published ALL My code in my first post,
(even if my script is very small in comparison with yours)
here: http://phpbuilder.com/board/showthread.php?t=10325578
.. and now I have published a second version in a later post.

🙂

whisher06

😃 Here the code
Authentication class:

<?php 
class Authentication extends getTables
{
	var $__DB;
	var $__userPrivId;
	function Authentication(&$db)
	{
		(is_object($db))?$this->__DB = &$db:exit('Could not connect');
		define('COOKIES_TIME',108000);
		parent::getTables();
		$this->__userPrivId = NULL;
	}
	function startAuth($username,$password,$invalidMsg) 
	{
    	$this->logOut();
		$password = md5($password);
		$query = "SELECT {$this->__tableName['user']['user_id']},
				  {$this->__tableName['user']['priv_id']},{$this->__tableName['user']['last_login']}
				  FROM {$this->__tableName['user']['table']} 
				  WHERE {$this->__tableName['user']['username']} = '".$username."' 
				  AND {$this->__tableName['user']['password']} = '".$password."' AND {$this->__tableName['user']['confirm']} = '1'";
		$result = $this->__DB->performQuery($query);
		if($result->getNumRows() !== 0)
		{
			$row = $result->fetchObject();
			$userId = $row->user_id;
			$this->__userPrivId = $row->priv_id;
			$lastLogin = $row->last_login;
			$loginTime = time();
			$uid = $this->_generateUid($loginTime);
			$this->_setAuthed($userId,$uid,$lastLogin,$loginTime);
		}
		else
		{
			$_SESSION['failed'] = $invalidMsg;
		}
	}
	function _setAuthed($userId,$uid,$lastLogin,$loginTime) 
	{
		$query = "UPDATE {$this->__tableName['user']['table']} 
				  SET {$this->__tableName['user']['last_login']}='".$loginTime."',
 				  {$this->__tableName['user']['userCookieUid']}='".$uid."',
				  {$this->__tableName['user']['is_online']}='1'
				  WHERE {$this->__tableName['user']['user_id']}='".$userId."'";
		$this->__DB->performQuery($query);
		setcookie("authenticationUserId","",time()-COOKIES_TIME);
		setcookie("authenticationUid","",time()-COOKIES_TIME);
		setcookie("lastLogin","",time()-COOKIES_TIME);
		unset($_COOKIE['authenticationUserId']);
		unset($_COOKIE['authenticationUid']);
		unset($_COOKIE['lastLogin']);
		setcookie("authenticationUserId",$userId,time()+COOKIES_TIME);
		setcookie("authenticationUid",$uid,time()+COOKIES_TIME);
		setcookie("lastLogin",$lastLogin,time()+COOKIES_TIME);
		unset($_SESSION['authenticationUserId']);
		unset($_SESSION['authenticationUid']);
		unset($_SESSION['lastLogin']);
		$_SESSION['authenticationUserId']=$userId;
        $_SESSION['authenticationUid']=$uid;
		$_SESSION['lastLogin']= $lastLogin;
	}
	function checkAuth()
	{
		$check = FALSE;	
		if(!isset($_SESSION['authenticationUserId']) || !isset($_SESSION['authenticationUid']))
		{
			(isset($_COOKIE['authenticationUserId']))?$_SESSION['authenticationUserId']=$_COOKIE['authenticationUserId']:$_SESSION['authenticationUserId']="";
			(isset($_COOKIE['authenticationUid']))?$_SESSION['authenticationUid']=$_COOKIE['authenticationUid']:$_SESSION['authenticationUid']="";
			(isset($_COOKIE['lastLogin']))?$_SESSION['lastLogin']=$_COOKIE['lastLogin']:$_SESSION['lastLogin']="";
		}
		$query = "SELECT {$this->__tableName['user']['priv_id']}
				  FROM {$this->__tableName['user']['table']} 
		          WHERE
				  {$this->__tableName['user']['user_id']} = '".$_SESSION['authenticationUserId']."' 
				  AND {$this->__tableName['user']['userCookieUid']} = '".$_SESSION['authenticationUid']."'";
		$result = $this->__DB->performQuery($query);
		if($result->getNumRows() !== 0)
		{
			$row = $result->fetchObject();
			$this->__userPrivId = $row->priv_id;
			$check = TRUE;
		}
		return $check;
	}
	function superCheckAuth($priv_array,$isAdmin=FALSE)
	{
		$superCheck = FALSE;
	 	if (!is_array($priv_array))
        {
            exit('Error! superCheckAuth() expects an array, string given');
        }
		if($isAdmin)
		{
			array_pop($priv_array);
		}
		if($this->checkAuth())
		{
			if(in_array($this->__userPrivId,$priv_array))
			{
				$superCheck = TRUE;
			}
			else
			{
				$superCheck = FALSE;
			}
		}
		return $superCheck;
	}
	function GetDetails() 
	{ 
		$query = "SELECT {$this->__tableName['user']['table']}.{$this->__tableName['user']['username']},
				{$this->__tableName['user']['table']}.{$this->__tableName['user']['last_post']},
				{$this->__tableName['user']['table']}.{$this->__tableName['user']['num_posts']},
				{$this->__tableName['privilege']['table']}.{$this->__tableName['privilege']['priv_type']}
			 	FROM {$this->__tableName['user']['table']},{$this->__tableName['privilege']['table']}
        		WHERE {$this->__tableName['user']['table']}.{$this->__tableName['user']['user_id']} = '".$_SESSION['authenticationUserId']."'
				AND {$this->__tableName['privilege']['table']}.{$this->__tableName['privilege']['priv_id']}='".$this->__userPrivId."'";
       	$result = $this->__DB->performQuery($query);
		$row = $result->fetchObject();
		return array($row->username,$row->priv_type,$_SESSION['lastLogin'],$row->last_post,$row->num_posts);
    }
	function logOut()
	{
		$query = "UPDATE {$this->__tableName['user']['table']}
				SET {$this->__tableName['user']['is_online']}='0'
				WHERE {$this->__tableName['user']['user_id']} = '".$_SESSION['authenticationUserId']."'"; 
		$this->__DB->performQuery($query);
		unset($_SESSION['authenticationUserId']);
		unset($_SESSION['authenticationUid']);
		unset($_SESSION['lastLogin']);
		setcookie("authenticationUserId",'',time()-COOKIES_TIME);
		setcookie("authenticationUid",'',time()-COOKIES_TIME);
		setcookie("lastLogin","",time()-COOKIES_TIME);
		unset($_COOKIE['authenticationUserId']);
		unset($_COOKIE['authenticationUid']);
		unset($_COOKIE['lastLogin']);
	}
	function _generateUid($time)
	{
		$id = md5($time.mt_rand(substr($time,-4),substr($time,-10)));
		return $id;
	}

}//END

?>

And a simple implementation:

//config
<?php
require_once("abstractDbClass.php");
require_once("getTablesClass.php");
require_once("authenticationClass.php"); 
$options=array('host'=>'localhost','user'=>'weelly','password'=>'alicebe','database'=>'__forum');
$priv = array('1','2');
$db = &new AbstractDb($options);
$authentication = &new Authentication($db);

?>
//index/login
<?php 
require_once("config.php");

/* INITIALIZE FAILED SESSION */
if(!isset($_SESSION['failed']))
{
	$_SESSION['failed'] = "";
}
/* END INITIALIZE FAILED SESSION */



if($authentication->checkAuth())
{
	header("Location: private.php"); 
	exit;
}
elseif(isset($_POST['username']))
{
	$authentication->startAuth($_POST['username'],$_POST['password'],"Invalid login");
	if(!$authentication->checkAuth())
	{
		header("Location: index.php"); 
		exit;;

}
else
{
	if($authentication->superCheckAuth($priv))
	{
		header("Location: admin.php"); 
		exit;;
	}



}
}
else
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>

<body>
<form id="loginfrm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="frmLogin">
	<p id="invalid"><?php echo $_SESSION['failed']; ?></p>
	<label>Username&nbsp;:&nbsp;</label>
	<input name="username"  type="text" value="" maxlength="32" />
	<label>Password&nbsp;:&nbsp;</label>
	<input name="password"  type="text" value="" maxlength="32" />
	<input name="login"  type="submit" value="Login" />
</form>
</body>
</html>
<?php } ?>
//private page
<?php 
require_once("config.php");
if(isset($_GET['logOut']))
{
	$authentication->logOut();
}
if(!$authentication->checkAuth())
{
	header("Location: index.php"); 
	exit;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>

<body>
<h1 style="text-align:center ">PRIVATE</h1>
<a href="private.php?logOut=1">LOG OUT</a>
</body>
</html>
// admin page
<?php 
require_once("config.php");
if(isset($_GET['logOut']))
{
	$authentication->logOut();
}
if(!$authentication->superCheckAuth($priv))
{
	header("Location: index.php"); 
	exit;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>

<body>
<h1 style="text-align:center ">ADMIN</h1>
<a href="private.php?logOut=1">LOG OUT</a>
</body>
</html>

And Tks a lot for the piece of advice 🙂
I'm taking a look to your script as well
Bye and take care.

whisher06

Uhmmmm I think this is
a better version of supercheck:

<?php 
function superCheckAuth($priv_array,$tasks=1,$isAdmin=FALSE)
	{
		$superCheck = FALSE;
	 	if (!is_array($priv_array))
        {
            exit('Error! superCheckAuth() expects an array, string given');
        }
		if($isAdmin)
		{
			$priv_array = array_slice($priv_array, 0, $tasks); 
		}
		if($this->checkAuth())
		{
			if(in_array($this->__userPrivId,$priv_array))
			{
				$superCheck = TRUE;
			}
			else
			{
				$superCheck = FALSE;
			}
		}
		return $superCheck;
	}
?>
//for admin only
$obj->superCheckAuth($priv_array,1,TRUE);
//for special tasks for instance
$obj->superCheckAuth($priv_array,2,TRUE)

Bye.

jdorsch

One thing you may want to consider is to store rights in a binary number, then fetch that number into a session variable. That way a query isn't done every time you run checkAuth().

<?php

// Some example rights
define( 'AUTH_ADMIN', 1 ) ;
define( 'AUTH_USER', 2 ) ;
define( 'AUTH_WRITE', 4 ) ;
define( 'AUTH_UPLOAD', 8 ) ;
define( 'AUTH_DELETE', 16 ) ;

// Give a user rights to upload and delete stuff
$myRights = AUTH_WRITE + AUTH_DELETE + AUTH_USER ;

// The above line will create a binary number like 11010, every multiple of 2
// signifies a position in the number, we set the 2nd , 4th, and 5th positions
// from right to left

// You can just store that number in the database as an INT.  To check someones
// auth you can use this funciton

function checkAuth( $testRights, $assignedRights )
{
   return( $testRights & $assignedRights ) ;
}

if( checkAuth( AUTH_WRITE, $myRights ) )  dostuff() ;

?>

Also, OMGWTFHOLYSHIT, your sql query is open to penetration wider than Paris Hilton. NEVER EVER take anything from the URL or POST and just shove it into a query, you are just asking for trouble.

whisher06

Tks a lot for the smart reply.
I could use (I found it in php.net):

<?php
// Quote variable to make safe
function quote_smart($value)
{
   // Stripslashes
   if (get_magic_quotes_gpc()) {
       $value = stripslashes($value);
   }
   // Quote if not a number or a numeric string
   if (!is_numeric($value)) {
       $value = "'" . mysql_real_escape_string($value) . "'";
   }
   return $value;
}

// Connect
$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
   OR die(mysql_error());

// Make a safe query
$query = sprintf("SELECT * FROM users WHERE user=%s AND password=%s",
           quote_smart($_POST['username']),
           quote_smart($_POST['password']));

mysql_query($query);
?>

Is it the best way ?
Could you give me a security best pratice link ?
Please of course 😃
Take care and thanks again.

PS.

number into a session variable

It should be safer store sessions in a DB and check
login all the time.
Do you agree ?

jdorsch

I don't know of a security best practices site offhand, but the most important thing is to never ever trust the user. Any and all input from the user must be checked for validity and escaped. The snippet you have that came from php.net is a good start. Another thing you can do is if you are using PHP 5 is to use PDO and prepared queries as that makes it a bit easier and more portable to other db types.

A few other tidbits, don't use eval() on user input and avoid it wherever you can, make it so that if any of your php files are executed outside of your framework don't break security, don't run any exec() commands unless you have no other choice. Don't ever store any passwords in clear text, always use a one way hash of some sort. There are other thing but just google for php security and you should find a treasure trove.

With regards to checkign the DB every time, it is not any more secure especially if you are storing some authentication ID in the session anyways. You should be storing any of your security info in server side sessions and not in cookies. The only cookie that is required is a unique php session id that automatically gets set and is sent to the server on each request. The server then uses that session id to load the correct session info. This is hackable if someone spoofs your id by guessing it (which is statistically improbable) or if they sniff your connection. If they are sniffing your connection though then they probably can break anything else you are doing, so you don't need to be querying the db every single time you check authentication.

whisher06

😃 That's help me, TKS buddy.
I'm working on a new class version and
than I'm going to post it.
I found this links dev_resources
and this in the php.net
Bye.

whisher06

I found the the following snippet on make a guess 😃

<?php

$Seperator = '--';
$uniqueID = 'Ju?hG&F0yh9?=/6*GVfd-d8u6f86hp';
$Data = 'Ahmet '.md5('123456789');

setcookie('VerifyUser', $Data.$Seperator.md5($Data.$uniqueID));

if ($_COOKIE) {
   $Cut = explode($Seperator, $_COOKIE['VerifyUser']);
   if (md5($Cut[0].$uniqueID) === $Cut[1]) {
       $_COOKIE['VerifyUser'] = $Cut[0];
   } else {
       die('Cookie data is invalid!!!');
   }
}

echo $_COOKIE['VerifyUser'];

?>

Create a unique id for your site and create a hash with md5($Data.$uniqueID). Attacker can understant that it must be re-hash after change cookie content.
But doesn't. Because cannot guess your unique id. Seperate your hash and data with seperator and send that cookie. Control that hash of returned value and your unique id's is same returned hash. Otherwise you have to stop attack. Sorry for my poor english!

I think it can the cookies use safer,can't it?
Bye 🙂

whisher06

Hi.
The new version of the simple authentication class:

<?php 
class Authentication extends getTables
{
	var $__DB;
	var $__listRights;
	function Authentication(&$db)
	{
		(is_object($db))?$this->__DB = &$db:exit('Could not connect');
		define('COOKIES_TIME',108000);
		parent::getTables();
		$this->__listRights = $this->_getListRights();
	}
	function startAuth($username,$password,$failedMsg,$setCookie=FALSE) 
	{
    	$this->logOut();
		settype($setCookie,"bool");
		$password = md5($password);
		$query = "SELECT {$this->__tableName['user']['user_id']},{$this->__tableName['user']['last_login']}
				  FROM {$this->__tableName['user']['table']} 
				  WHERE {$this->__tableName['user']['username']} = {$this->__DB->safeQuery($username)} 
				  AND {$this->__tableName['user']['password']} = {$this->__DB->safeQuery($password)} AND {$this->__tableName['user']['confirm']} = '1'";
		$result = $this->__DB->performQuery($query);
		if($result->getNumRows() !== 0)
		{
			$row = $result->fetchObject();
			$userId = $row->user_id;
			$lastLogin = $row->user_last_login;
			$loginTime = time();
			$uid = $this->_generateUid($loginTime);
			if($setCookie !== FALSE)
			{
				$this->_setAuthed($userId,$uid,$lastLogin,$loginTime,TRUE);
			}
			else
			{
				$this->_setAuthed($userId,$uid,$lastLogin,$loginTime,FALSE);
			}
		}
		else
		{
			/* I use session for failed login because of I use redirect */
			$_SESSION['failed'] = $failedMsg;
		}
	}
	function _setAuthed($userId,$uid,$lastLogin,$loginTime,$setCookie=FALSE) 
	{
		$query = "UPDATE {$this->__tableName['user']['table']} 
				  SET {$this->__tableName['user']['last_login']}='".$loginTime."',
 				  {$this->__tableName['user']['cookie_uid']}='".$uid."',
				  {$this->__tableName['user']['is_online']}='1'
				  WHERE {$this->__tableName['user']['user_id']}='".$userId."'";
		$this->__DB->performQuery($query);
		if($setCookie !== FALSE)
		{
			setcookie("authenticationUserId","",time()-COOKIES_TIME);
			setcookie("authenticationUid","",time()-COOKIES_TIME);
			setcookie("lastLogin","",time()-COOKIES_TIME);
			unset($_COOKIE['authenticationUserId']);
			unset($_COOKIE['authenticationUid']);
			unset($_COOKIE['lastLogin']);
			setcookie("authenticationUserId",$userId,time()+COOKIES_TIME);
			setcookie("authenticationUid",$uid,time()+COOKIES_TIME);
			setcookie("lastLogin",$lastLogin,time()+COOKIES_TIME);
		}
		unset($_SESSION['authenticationUserId']);
		unset($_SESSION['authenticationUid']);
		unset($_SESSION['lastLogin']);
		$_SESSION['authenticationUserId']=$userId;
        $_SESSION['authenticationUid']=$uid;
		$_SESSION['lastLogin']= $lastLogin;
	}
	function checkAuth($right)
	{
		settype($right,"int");
		$check = FALSE;	
		if(!isset($_SESSION['authenticationUserId']) || !isset($_SESSION['authenticationUid']))
		{
			(isset($_COOKIE['authenticationUserId']))?$_SESSION['authenticationUserId']=$_COOKIE['authenticationUserId']:$_SESSION['authenticationUserId']="";
			(isset($_COOKIE['authenticationUid']))?$_SESSION['authenticationUid']=$_COOKIE['authenticationUid']:$_SESSION['authenticationUid']="";
			(isset($_COOKIE['lastLogin']))?$_SESSION['lastLogin']=$_COOKIE['lastLogin']:$_SESSION['lastLogin']="";
		}
		$query = "SELECT {$this->__tableName['user']['right_id_sum']}
				  FROM {$this->__tableName['user']['table']} 
		          WHERE
				  {$this->__tableName['user']['user_id']} = '".$_SESSION['authenticationUserId']."' 
				  AND {$this->__tableName['user']['cookie_uid']} = '".$_SESSION['authenticationUid']."'";
		$result = $this->__DB->performQuery($query);
		if($result->getNumRows() !== 0)
		{
			$row = $result->fetchObject();
			$userRightSum = $row->user_right_id_sum;
			settype($userRightSum,"int");
			$check = (bool)( $right & $userRightSum );
		}
		return $check;
	}
	function GetDetails() 
	{ 
		$query = "SELECT {$this->__tableName['user']['table']}.{$this->__tableName['user']['username']},
				{$this->__tableName['user']['table']}.{$this->__tableName['user']['last_post']},
				{$this->__tableName['user']['table']}.{$this->__tableName['user']['num_posts']},
				{$this->__tableName['privilege']['table']}.{$this->__tableName['privilege']['priv_type']}
			 	FROM {$this->__tableName['user']['table']},{$this->__tableName['privilege']['table']}
        		WHERE {$this->__tableName['user']['table']}.{$this->__tableName['user']['user_id']} = '".$_SESSION['authenticationUserId']."'
				AND {$this->__tableName['privilege']['table']}.{$this->__tableName['privilege']['priv_id']}='".$this->__userPrivId."'";
       	$result = $this->__DB->performQuery($query);
		$row = $result->fetchObject();
		return array($row->username,$row->priv_type,$_SESSION['lastLogin'],$row->last_post,$row->num_posts);
    }
	function logOut()
	{
		$query = "UPDATE {$this->__tableName['user']['table']}
				SET {$this->__tableName['user']['is_online']}='0'
				WHERE {$this->__tableName['user']['user_id']} = '".$_SESSION['authenticationUserId']."'"; 
		$this->__DB->performQuery($query);
		unset($_SESSION['authenticationUserId']);
		unset($_SESSION['authenticationUid']);
		unset($_SESSION['lastLogin']);
		/*For good user who failed login ( ie typing a wrong password )*/
		unset($_SESSION['failed']);
		setcookie("authenticationUserId",'',time()-COOKIES_TIME);
		setcookie("authenticationUid",'',time()-COOKIES_TIME);
		setcookie("lastLogin","",time()-COOKIES_TIME);
		unset($_COOKIE['authenticationUserId']);
		unset($_COOKIE['authenticationUid']);
		unset($_COOKIE['lastLogin']);
	}
	function _generateUid($time)
	{
		$id = md5($time.mt_rand(substr($time,-4),substr($time,-10)));
		return $id;
	}
	function _getAllValuesRights()
	{
		$allValuesRights = array();
		$query = "SELECT * FROM {$this->__tableName['rights']['table']}";
		$result = $this->__DB->performQuery($query);
		while($row = $result->fetchRowNum())
		{
			$allValuesRights[] = $row;
		}
		return $allValuesRights;
	}
	function _getListRights()
	{
		$listRights = array();
		$allValuesRights = $this->_getAllValuesRights();
		foreach($allValuesRights as $values)
		{
			$listRights[$values[1]] = $values[0];
		}
		return $listRights;
	}

}//END

?>

and the snippet in abstractDb:

function safeQuery($value)
	{
	    if (get_magic_quotes_gpc()) 
		{
		   $value = stripslashes($value);
	    }
	    if (!is_numeric($value)) 
		{
		   $value = "'".mysql_real_escape_string($value)."'";
	    }
	   return $value;
	}

You can check ie with:

$authentication->checkAuth($authentication->__listRights['registered_guest'])

I'm waiting for comments 🙂
TKs again jdorsch.
Take care.
Bye.

jdorsch

One thing I can suggest is work to make your code a bit more readable, for instance this


$table = $this->__tableName['user']['table'] ;
$isOnlineField = $this->__tableName['user']['is_online'] ;
$userIDField  = $this->__tableName['user']['user_id'] ;
$userID = $_SESSION['authenticationUserId'] ;

$query = "
     UPDATE
         {$table}
     SET 
         {$isOnlineField} = '0'
     WHERE
          {$userIdField} = {$userID }" ;

is more readble than

$query = "UPDATE {$this->__tableName['user']['table']}
                SET {$this->__tableName['user']['is_online']}='0'
                WHERE {$this->__tableName['user']['user_id']} = '".$_SESSION['authenticationUserId']."'";

That will help especially in the larger queries.

whisher06

Hi.
Here the simple getTables class:

<?php 
class getTables
{
	var $__tableName = array();
 	function getTables()
	{
		$this->__tableName['user']['table'] = "_users";
		$this->__tableName['user']['user_id'] = "user_id";
		$this->__tableName['user']['username'] = "user_name";
		$this->__tableName['user']['password'] = "user_password";
		$this->__tableName['user']['user_role'] = "user_role";
		$this->__tableName['user']['right_id_sum'] = "user_right_id_sum";
		$this->__tableName['user']['last_login'] = "user_last_login";
		$this->__tableName['user']['last_post'] = "user_last_post";
		$this->__tableName['user']['num_posts'] = "user_num_posts";
		$this->__tableName['user']['cookie_uid'] = "user_cookie_uid";
		$this->__tableName['user']['confirm'] = "user_confirm";
		$this->__tableName['user']['is_online'] = "user_is_online";
		$this->__tableName['rights']['table'] = "_rights";
		$this->__tableName['rights']['right_id '] = "right_id";
		$this->__tableName['rights']['right_name'] = "right_name";
		$this->__tableName['rights']['right_description'] = "right_description";

}
}// 

?>

Thanks for the piece of advice.
😃