User — A simple user authentication system
User is part of the User package.
class User { public string $browser public bool $check_browser public int $check_ip_prefix public array $cookie public string $cookie_domain public string $cookie_name public string $cookie_path public string $cookie_secure public string $cookie_time public array $data public DBAPI $db public string $db_sessions public string $db_users public IPAddress $ip private array $mixins private array $mixin_attributes private array $mixin_methods public array $session public int $session_length public User __construct ( DBAPI &$dbapi ); private bool auto_login ( void ); private void create ( void ); public void destroy ( void ); public void garbage_collect ( void ); private bool load_session ( void ); private bool load_user ( void ); public bool login ( string $username, string $password, bool $auto_login, bool $restrict_ip ); public bool mixin ( UserMixIn &$mixin ); public void set_cookie ( void ); public void start ( void ); public void unset_cookie ( void ); private bool validate ( void ); public mixed __call ( string $name, array $args ); public mixed __get ( string $name ); public bool __isset ( string $name ); public void __set ( string $name, mixed $value ); public void __unset ( string $name ); }
User
A simple user authentication system
This is a simple user authentication system. Users and sessions are stored in a database. Sesisons are only tracked for logged in users, so there's no need o track search bots and the like. The database needs to have a users table and a sessions table defined. The names of the tables can be overridden with the $db_users and $db_sessions properties.
CREATE TABLE sessions ( session_id VARCHAR(32) UNIQUE, user_id INTEGER, session_ip VARCHAR(32), session_start INTEGER, session_time INTEGER, session_browser VARCHAR(256) ) CREATE TABLE users ( user_id INTEGER PRIMARY KEY AUTOINCREMENT, user_name VARCHAR(64), user_password VARCHAR(32), user_salt VARCHAR(256), user_time INTEGER )The user_salt field is used in combination with the user_name and user_password field to generate a hash that can be stored in a user's cookie. It should be a 256 character random string. Because the resulting hash is much shorter than the other fields combined, it's impossible to retrieve the user's password from the information in the cookie. The information simply isn't there.
public string $browser
The user-agent string of the browser
public bool $check_browser
Set to true to check the user-agent string of the visitor's browser when validating sessions
Default value: empty string
public int $check_ip_prefix
How many prefix bits of the IP must be checked. Remember that this class uses IPv6 addresses so it has 128 bits instead of 32.
Default value: empty string
public array $cookie
The cookie data. Can be written to. Be sure to call set_cookie() afterwards.
Default value: empty string
public string $cookie_domain
Cookie settings
Default value: empty string
public string $cookie_name
Cookie settings
Default value: empty string
public string $cookie_path
Cookie settings
Default value: empty string
public string $cookie_secure
Cookie settings
Default value: empty string
public string $cookie_time
Cookie settings
Default value: empty string
public array $data
The user data.
Default value: empty string
public DBAPI $db
A DBAPI object for the database to store sessions in
public string $db_sessions
The name of the SQL table in the database used for storing sessions
Default value: empty string
public string $db_users
The name of the SQL table in the database that holds the users
Default value: empty string
public IPAddress $ip
The user's IP address
private array $mixins
An array containing all the mixins for the User object
Default value: empty string
private array $mixin_attributes
An index table containing all the mixin attributes
Default value: empty string
private array $mixin_methods
An index table containing all the mixin methods
Default value: empty string
public array $session
The session data. Should not be written to.
Default value: empty string
public int $session_length
Time after which a session expires (in seconds)
Default value: empty string
public User __construct ( DBAPI &$dbapi );
Initialize the Session class.
This does not actually start the session. Use the start() method for that.
private bool auto_login ( void );
Try to auto-login the user from the information in the cookie Note that auto-login is a security risk by default. This can be improved somewhat by restricting the IP address when using the auto-login feature.
see login() for more information.
private void create ( void );
Create a new session
public void destroy ( void );
Destroy the user's session
public void garbage_collect ( void );
Clean the sessions table
This function should be called occasionally from your application to clean the sessions database. About once an hour for the average website should be enough.
private bool load_session ( void );
Try to load and validate the session specified in the cookie data
private bool load_user ( void );
Try to load and validate the user specified in the session data
public bool login ( string $username, string $password, bool $auto_login, bool $restrict_ip );
Attempt to login a user. When login is succesfull a new session is created.
public bool mixin ( UserMixIn &$mixin );
Add a UserMixIn to the object
public void set_cookie ( void );
Set the user's session cookie
public void start ( void );
Start the session
This checks if the visitor has a session cookie set and if it's still valid. If not, it creates a new session.
public void unset_cookie ( void );
Unset the user's session cookie
private bool validate ( void );
Validate a session
This function checks if the loaded session is valid for this user by checking the IP address and user-agent string.
public mixed __call ( string $name, array $args );
Call A mixin method This raises an error when the method does not exists
public mixed __get ( string $name );
Get a mixin attributes
public bool __isset ( string $name );
Check if a mixin attribute is set
public void __set ( string $name, mixed $value );
Set a mixin attribute
public void __unset ( string $name );
Unset a mixin attribute