I saw a script where the login system was created using a custom class. Is there any benefit of creating a login system this way versus just a functional design?
[RESOLVED] OOP or functional login system?
There's nothing you can do functionally with OOP that you cannot do with procedural code, and vice versa. The advantages of using OOP for a login system would be the same as with any other functionality, such as re-usability, maintainability, and testability.
Incidentally, I think you mean "procedural" design: functional programming and procedural (aka imperative) programming are two different things.
Yes, sorry I meant procedural. Thanks for the responses.
I used to be a pure procedural programmer than took the leap to OOP. You never hear of anyone going back.
A quick example I through together in 5 min:
This isn't a working model or by any means secure and needs ALOT more/better error reporting but it is an example of how OOP can work for a login class in a fairly simple way. If you have any questions ask away.
<?php
<?php
class userLogin
{
private $userId;
private $userName;
private $password;
private $hash;
private $db;
private $error;
public function __construct($username='', $password='')
{
//connect to database
$this->db = database::getInstance();
//set the variables these can be used by any of the methods (functions)
//within the class without having to pass them in as an argument
$this->userName = (string) $username;
$this->password = (string) $password;
$this->userId = (int) 0;
}
public function login()
{
$this->passwordHash();
if ($stmt = $this->db->prepare("SELECT `uId`, `password` FROM `users` WHERE `userName`=? LIMIT 1"))
{
$stmt->bind_param('s', $this->userName);
$stmt->execute();
$stmt->bind_result($this->userId, $password)
//fetch the result bound onto $this->id and $password
$stmt->fetch();
if ($this->password === $password)
{
//set the user as logged in
$this->setLoggedIn();
return 1;
}
}
$this->error = 'login failed';
return 0;
}
public function logout()
{
unset($_SESSION['uId']);
return 1;
}
//this can ONLY be accessed within this class ($this->setLoggedIn)
private function setLoggedIn()
{
//set sessions/cookies or whatever you want to log the user in
$_SESSION['uId'] = $this->userId;
}
public function checkLoggedIn($userId)
{
//check the user is logged in
//do not do this (it is really insecure and just an example)
if ($userId > 0)
{
return 1;
}
$this->error = 'not logged in';
return 0;
}
private passwordHash()
{
//hash the password
$this->password = md5($this->password.$this->hash);
}
public function errors()
{
return $this->error;
}
public function __destruct()
{
//unset all the object variables
unset($this->password, $this->userName, $this->userId, $this->hash);
}
}
?>
<?php
session_start();
//include the class file
require_once 'class_user_login.php';
$userName = 'user1'; //this would usually be from your form $_POST variables
$password = 'password'; //this would usually be from your form $_POST variables
//create the userLogin object (class name) to give you access to the methods (fucntions) within the class
$l = new userLogin($userName, $password);
if ($l->login())
{
echo 'user logged in';
}
if ($l->checkLoggedIn())
{
echo 'user still logged in';
}
$l->logout();
if ($l->checkLoggedIn())
{
//user is not logged in
echo $l->errors();
}
//example of private
$l->setLoggedIn(); //this will return a fatal error as you can only access it from within the containing class
echo $l->password // this will also return a fatal error because its set to private
?>