I saw a script where the login system was created using a custom class. Is there any benefit of creating a login system this way versus just a functional design?

    There's nothing you can do functionally with OOP that you cannot do with procedural code, and vice versa. The advantages of using OOP for a login system would be the same as with any other functionality, such as re-usability, maintainability, and testability.

      Incidentally, I think you mean "procedural" design: functional programming and procedural (aka imperative) programming are two different things.

        Yes, sorry I meant procedural. Thanks for the responses.

          I used to be a pure procedural programmer than took the leap to OOP. You never hear of anyone going back.

          A quick example I through together in 5 min:

          This isn't a working model or by any means secure and needs ALOT more/better error reporting but it is an example of how OOP can work for a login class in a fairly simple way. If you have any questions ask away.

          <?php
          <?php
          class userLogin
          {
          	private $userId;
          	private $userName;
          	private $password;
          	private $hash;
          
          private $db;
          private $error;
          
          public function __construct($username='', $password='')
          	{
          		//connect to database
          		$this->db = database::getInstance();
          
          		//set the variables these can be used by any of the methods (functions)
          		//within the class without having to pass them in as an argument
          		$this->userName = (string) $username;
          		$this->password = (string) $password;
          		$this->userId = (int) 0;
          	}
          
          public function login()
          	{
          		$this->passwordHash();
          		if ($stmt = $this->db->prepare("SELECT `uId`, `password` FROM `users` WHERE `userName`=? LIMIT 1"))
          			{
          				$stmt->bind_param('s', $this->userName);
          
          				$stmt->execute();
          
          				$stmt->bind_result($this->userId, $password)
          				//fetch the result bound onto $this->id and $password
          				$stmt->fetch();
          
          				if ($this->password === $password)
          					{
          						//set the user as logged in
          						$this->setLoggedIn();
          						return 1;
          					}
          
          			}
          		$this->error = 'login failed';
          		return 0;
          	}
          
          public function logout()
          	{
          		unset($_SESSION['uId']);
          		return 1;
          	}
          
          //this can ONLY be accessed within this class ($this->setLoggedIn)	
          private function setLoggedIn()
          	{
          		//set sessions/cookies or whatever you want to log the user in
          		$_SESSION['uId'] = $this->userId;
          	}
          
          public function checkLoggedIn($userId)
          	{
          		//check the user is logged in
          		//do not do this (it is really insecure and just an example)
          		if ($userId > 0)
          			{
          				return 1;
          			}
          		$this->error = 'not logged in';
          		return 0;
          	}
          
          private passwordHash()
          	{
          		//hash the password
          		$this->password = md5($this->password.$this->hash);
          	}
          
          public function errors()
          	{
          		return $this->error;
          	}
          
          public function __destruct()
          	{
          		//unset all the object variables
          		unset($this->password, $this->userName, $this->userId, $this->hash);
          	}
          }
          ?>
          
          <?php
          session_start();
          //include the class file
          require_once 'class_user_login.php';
          $userName = 'user1'; //this would usually be from your form $_POST variables
          $password = 'password'; //this would usually be from your form $_POST variables
          //create the userLogin object (class name) to give you access to the methods (fucntions) within the class
          $l = new userLogin($userName, $password);
          if ($l->login())
          	{
          		echo 'user logged in';
          	}
          if ($l->checkLoggedIn())
          	{
          		echo 'user still logged in';
          	}
          $l->logout();
          if ($l->checkLoggedIn())
          	{
          		//user is not logged in
          		echo $l->errors();
          	}
          
          //example of private
          $l->setLoggedIn(); //this will return a fatal error as you can only access it from within the containing class
          echo $l->password // this will also return a fatal error because its set to private
          ?>
          
            Write a Reply...