Lone Wolves
Web, game, and open source development
Reference Manuals
User
User — A simple user authentication system
User is part of the User package.
Synopsis
class User {
public string $browser
public bool $check_browser
public int $check_ip_prefix
public array $cookie
public string $cookie_domain
public string $cookie_name
public string $cookie_path
public string $cookie_secure
public string $cookie_time
public array $data
public DBAPI $db
public string $db_sessions
public string $db_users
public IPAddress $ip
private array $mixins
private array $mixin_attributes
private array $mixin_methods
public array $session
public int $session_length
public User __construct ( DBAPI &$dbapi );
private bool auto_login ( void );
private void create ( void );
public void destroy ( void );
public void garbage_collect ( void );
private bool load_session ( void );
private bool load_user ( void );
public bool login ( string $username,
string $password,
bool $auto_login,
bool $restrict_ip );
public bool mixin ( UserMixIn &$mixin );
public void set_cookie ( void );
public void start ( void );
public void unset_cookie ( void );
private bool validate ( void );
public mixed __call ( string $name,
array $args );
public mixed __get ( string $name );
public bool __isset ( string $name );
public void __set ( string $name,
mixed $value );
public void __unset ( string $name );
}
Object Hierarchy
User
Description
A simple user authentication system
This is a simple user authentication system. Users and sessions are stored in a database. Sesisons are only tracked for logged in users, so there's no need o track search bots and the like. The database needs to have a users table and a sessions table defined. The names of the tables can be overridden with the $db_users and $db_sessions properties.
CREATE TABLE sessions ( session_id VARCHAR(32) UNIQUE, user_id INTEGER, session_ip VARCHAR(32), session_start INTEGER, session_time INTEGER, session_browser VARCHAR(256) ) CREATE TABLE users ( user_id INTEGER PRIMARY KEY AUTOINCREMENT, user_name VARCHAR(64), user_password VARCHAR(32), user_salt VARCHAR(256), user_time INTEGER )The user_salt field is used in combination with the user_name and user_password field to generate a hash that can be stored in a user's cookie. It should be a 256 character random string. Because the resulting hash is much shorter than the other fields combined, it's impossible to retrieve the user's password from the information in the cookie. The information simply isn't there.
Attribute Details
$browser
public string $browser
The user-agent string of the browser
$check_browser
public bool $check_browser
Set to true to check the user-agent string of the visitor's browser when validating sessions
Default value: empty string
$check_ip_prefix
public int $check_ip_prefix
How many prefix bits of the IP must be checked. Remember that this class uses IPv6 addresses so it has 128 bits instead of 32.
Default value: empty string
$cookie
public array $cookie
The cookie data. Can be written to. Be sure to call set_cookie() afterwards.
Default value: empty string
$cookie_domain
public string $cookie_domain
Cookie settings
Default value: empty string
$cookie_name
public string $cookie_name
Cookie settings
Default value: empty string
$cookie_path
public string $cookie_path
Cookie settings
Default value: empty string
$cookie_secure
public string $cookie_secure
Cookie settings
Default value: empty string
$cookie_time
public string $cookie_time
Cookie settings
Default value: empty string
$data
public array $data
The user data.
Default value: empty string
$db
public DBAPI $db
A DBAPI object for the database to store sessions in
$db_sessions
public string $db_sessions
The name of the SQL table in the database used for storing sessions
Default value: empty string
$db_users
public string $db_users
The name of the SQL table in the database that holds the users
Default value: empty string
$ip
public IPAddress $ip
The user's IP address
$mixins
private array $mixins
An array containing all the mixins for the User object
Default value: empty string
$mixin_attributes
private array $mixin_attributes
An index table containing all the mixin attributes
Default value: empty string
$mixin_methods
private array $mixin_methods
An index table containing all the mixin methods
Default value: empty string
$session
public array $session
The session data. Should not be written to.
Default value: empty string
$session_length
public int $session_length
Time after which a session expires (in seconds)
Default value: empty string
Method Details
__construct()
public User __construct ( DBAPI &$dbapi );
Initialize the Session class.
This does not actually start the session. Use the start() method for that.
- &$dbapi
- A DBAPI object for the database to store sessions in
auto_login()
private bool auto_login ( void );
Try to auto-login the user from the information in the cookie Note that auto-login is a security risk by default. This can be improved somewhat by restricting the IP address when using the auto-login feature.
see login() for more information.
create()
private void create ( void );
Create a new session
destroy()
public void destroy ( void );
Destroy the user's session
garbage_collect()
public void garbage_collect ( void );
Clean the sessions table
This function should be called occasionally from your application to clean the sessions database. About once an hour for the average website should be enough.
load_session()
private bool load_session ( void );
Try to load and validate the session specified in the cookie data
load_user()
private bool load_user ( void );
Try to load and validate the user specified in the session data
login()
public bool login ( string $username,
string $password,
bool $auto_login,
bool $restrict_ip );
Attempt to login a user. When login is succesfull a new session is created.
- $username
- The username given
- $password
- The password given
- $auto_login
- Whether to log in automatically after the session has expired.
- $restrict_ip
- Whether to retsrict the IP address to the current addres for autologin
mixin()
public bool mixin ( UserMixIn &$mixin );
Add a UserMixIn to the object
- &$mixin
- The objcet to mix in
set_cookie()
public void set_cookie ( void );
Set the user's session cookie
start()
public void start ( void );
Start the session
This checks if the visitor has a session cookie set and if it's still valid. If not, it creates a new session.
unset_cookie()
public void unset_cookie ( void );
Unset the user's session cookie
validate()
private bool validate ( void );
Validate a session
This function checks if the loaded session is valid for this user by checking the IP address and user-agent string.
__call()
public mixed __call ( string $name,
array $args );
Call A mixin method This raises an error when the method does not exists
- $name
- The name of the method
- $args
- The arguments for the function
__get()
public mixed __get ( string $name );
Get a mixin attributes
- $name
- The attribute's name
__isset()
public bool __isset ( string $name );
Check if a mixin attribute is set
- $name
- The attribute's name
__set()
public void __set ( string $name,
mixed $value );
Set a mixin attribute
- $name
- The attribute's name
- $value
- The attribute's value
__unset()
public void __unset ( string $name );
Unset a mixin attribute
- $name
- The attribute's name