Reference Manuals

User

User — A simple user authentication system

User is part of the User package.

Synopsis

class User {
        public         string              $browser
        public         bool                $check_browser
        public         int                 $check_ip_prefix
        public         array               $cookie
        public         string              $cookie_domain
        public         string              $cookie_name
        public         string              $cookie_path
        public         string              $cookie_secure
        public         string              $cookie_time
        public         array               $data
        public         DBAPI               $db
        public         string              $db_sessions
        public         string              $db_users
        public         IPAddress           $ip
        private        array               $mixins
        private        array               $mixin_attributes
        private        array               $mixin_methods
        public         array               $session
        public         int                 $session_length

        public         User                __construct               ( DBAPI &$dbapi );
        private        bool                auto_login                ( void );
        private        void                create                    ( void );
        public         void                destroy                   ( void );
        public         void                garbage_collect           ( void );
        private        bool                load_session              ( void );
        private        bool                load_user                 ( void );
        public         bool                login                     ( string $username,
                                                                       string $password,
                                                                       bool $auto_login,
                                                                       bool $restrict_ip );
        public         bool                mixin                     ( UserMixIn &$mixin );
        public         void                set_cookie                ( void );
        public         void                start                     ( void );
        public         void                unset_cookie              ( void );
        private        bool                validate                  ( void );
        public         mixed               __call                    ( string $name,
                                                                       array $args );
        public         mixed               __get                     ( string $name );
        public         bool                __isset                   ( string $name );
        public         void                __set                     ( string $name,
                                                                       mixed $value );
        public         void                __unset                   ( string $name );
}

Object Hierarchy

User

Description

A simple user authentication system

This is a simple user authentication system. Users and sessions are stored in a database. Sesisons are only tracked for logged in users, so there's no need o track search bots and the like. The database needs to have a users table and a sessions table defined. The names of the tables can be overridden with the $db_users and $db_sessions properties.

 CREATE TABLE sessions (
   session_id VARCHAR(32) UNIQUE,
   user_id INTEGER,
   session_ip VARCHAR(32),
   session_start INTEGER,
   session_time INTEGER,
   session_browser VARCHAR(256)
 )

 CREATE TABLE users (
   user_id INTEGER PRIMARY KEY AUTOINCREMENT,
   user_name VARCHAR(64),
   user_password VARCHAR(32),
   user_salt VARCHAR(256),
   user_time INTEGER
 )
The user_salt field is used in combination with the user_name and user_password field to generate a hash that can be stored in a user's cookie. It should be a 256 character random string. Because the resulting hash is much shorter than the other fields combined, it's impossible to retrieve the user's password from the information in the cookie. The information simply isn't there.

Attribute Details

$browser

public         string         $browser

The user-agent string of the browser


$check_browser

public         bool           $check_browser

Set to true to check the user-agent string of the visitor's browser when validating sessions

Default value: empty string


$check_ip_prefix

public         int            $check_ip_prefix

How many prefix bits of the IP must be checked. Remember that this class uses IPv6 addresses so it has 128 bits instead of 32.

Default value: empty string


$cookie

public         array          $cookie

The cookie data. Can be written to. Be sure to call set_cookie() afterwards.

Default value: empty string


$cookie_domain

public         string         $cookie_domain

Cookie settings

Default value: empty string


$cookie_name

public         string         $cookie_name

Cookie settings

Default value: empty string


$cookie_path

public         string         $cookie_path

Cookie settings

Default value: empty string


$cookie_secure

public         string         $cookie_secure

Cookie settings

Default value: empty string


$cookie_time

public         string         $cookie_time

Cookie settings

Default value: empty string


$data

public         array          $data

The user data.

Default value: empty string


$db

public         DBAPI          $db

A DBAPI object for the database to store sessions in


$db_sessions

public         string         $db_sessions

The name of the SQL table in the database used for storing sessions

Default value: empty string


$db_users

public         string         $db_users

The name of the SQL table in the database that holds the users

Default value: empty string


$ip

public         IPAddress      $ip

The user's IP address


$mixins

private        array          $mixins

An array containing all the mixins for the User object

Default value: empty string


$mixin_attributes

private        array          $mixin_attributes

An index table containing all the mixin attributes

Default value: empty string


$mixin_methods

private        array          $mixin_methods

An index table containing all the mixin methods

Default value: empty string


$session

public         array          $session

The session data. Should not be written to.

Default value: empty string


$session_length

public         int            $session_length

Time after which a session expires (in seconds)

Default value: empty string

Method Details

__construct()

public         User           __construct               ( DBAPI &$dbapi );

Initialize the Session class.

This does not actually start the session. Use the start() method for that.

&$dbapi
A DBAPI object for the database to store sessions in

auto_login()

private        bool           auto_login                ( void );

Try to auto-login the user from the information in the cookie Note that auto-login is a security risk by default. This can be improved somewhat by restricting the IP address when using the auto-login feature.

see login() for more information.


create()

private        void           create                    ( void );

Create a new session


destroy()

public         void           destroy                   ( void );

Destroy the user's session


garbage_collect()

public         void           garbage_collect           ( void );

Clean the sessions table

This function should be called occasionally from your application to clean the sessions database. About once an hour for the average website should be enough.


load_session()

private        bool           load_session              ( void );

Try to load and validate the session specified in the cookie data


load_user()

private        bool           load_user                 ( void );

Try to load and validate the user specified in the session data


login()

public         bool           login                     ( string $username,
                                                          string $password,
                                                          bool $auto_login,
                                                          bool $restrict_ip );

Attempt to login a user. When login is succesfull a new session is created.

$username
The username given
$password
The password given
$auto_login
Whether to log in automatically after the session has expired.
$restrict_ip
Whether to retsrict the IP address to the current addres for autologin

mixin()

public         bool           mixin                     ( UserMixIn &$mixin );

Add a UserMixIn to the object

&$mixin
The objcet to mix in

public         void           set_cookie                ( void );

Set the user's session cookie


start()

public         void           start                     ( void );

Start the session

This checks if the visitor has a session cookie set and if it's still valid. If not, it creates a new session.


public         void           unset_cookie              ( void );

Unset the user's session cookie


validate()

private        bool           validate                  ( void );

Validate a session

This function checks if the loaded session is valid for this user by checking the IP address and user-agent string.


__call()

public         mixed          __call                    ( string $name,
                                                          array $args );

Call A mixin method This raises an error when the method does not exists

$name
The name of the method
$args
The arguments for the function

__get()

public         mixed          __get                     ( string $name );

Get a mixin attributes

$name
The attribute's name

__isset()

public         bool           __isset                   ( string $name );

Check if a mixin attribute is set

$name
The attribute's name

__set()

public         void           __set                     ( string $name,
                                                          mixed $value );

Set a mixin attribute

$name
The attribute's name
$value
The attribute's value

__unset()

public         void           __unset                   ( string $name );

Unset a mixin attribute

$name
The attribute's name