Authentication Class

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi guys,

well, I wrote a class for a big project (a framework), and here it is, I was wondering if someone have any suggestions regarding flexibility and security.

Course it uses specific framework classes but it's quite understable..

==================================================================
<?php
/**
* Project: BBBM Framework
* File: authentication.class.php
*
* @desc Main Authentication Class
* @link http://www.bbbm.com.br/
* @copyright 2004 Bruno B B Magalhaes
* @author Bruno B B Magalhaes <brunomagalhaes@xxxxxxxxxxx>
* @package BBBM Framework
* @version 0.5dev
*/
class authentication
{
	var $domain;
	
	var $database;
	
	var $authenticated = false;
	
	var $access_section = '';
	var $access_level = '0';
	
	var $post;
	var $session;
	var $cookie;

var $userid;
var $username;
var $password;
var $sessionid;
var $remember_me;

var $errormsg;

var $tables = array('users','usersgroups');

/**
* PHP 4 Constructor
*/
function authentication(&$database)
{
$this->database =& $database;
$this->database->build_table($this->tables);
$this->domain = $_SERVER['HTTP_HOST'];
}

/**
* Start Authentication Process
*/
function authenticate($access_section='',$access_level=0)
{
if($access_level > 0)
{
$this->access_level = $access_level;
$this->access_section = $access_section;

$this->check_post();
$this->check_session();
$this->check_cookie();

if($this->post == true)
{
$this->auth($this->username,$this->password,$this->access_level);
}
elseif($this->cookie == true)
{
$this->auth_check($this->username,$this->sessionid,$this- >access_level);
}
elseif($this->session == true)
{
$this->auth_check($this->username,$this->sessionid,$this- >access_level);
}
else
{
$this->authenticated = false;
}
}
else
{
$this->authenticated = true;
}
}

	/**
	* Authentication Process
	*/
	function auth($username='',$password='',$accesslevel=0)
	{
		$query = 'SELECT
				*
			    FROM
				'.$this->database->table['users'].' AS users,
				'.$this->database->table['usersgroups'].' AS groups
			    WHERE
				users.userGroup=groups.groupId
			    AND
				users.userName=\''.$username.'\'
			    AND
				users.userPassword=\''.$password.'\'
			    AND
				users.userStatus > \'0\'
			    AND
				groups.groupStatus > \'0\'
			    LIMIT
				1';

$this->database->query($query);

if($this->database->num_rows() > 0)
{
$this->database->fetch_array();

if($this->database->row['groupLevel'] >= $accesslevel)
{
$this->authenticated = true;

$this->userid = $this->database->row['userId'];
$this->session_write('username',$this->database->row['userName']);
$this->session_write('userlevel',$this->database- >row['groupLevel']);

if(isset($this->remember_me))
{
$this->cookie_write('username',$this->database->row['userName']);
$this->cookie_write('sessionid',session_id());
}

$update_query = 'UPDATE
'.$this->database->table['users'].'
SET
userSession=\''.session_id().'\',
userLastvisit = NOW()
WHERE
userId=\''.$this->database->row['userId'].'\'';

				$this->database->query($update_query);
			}
			else
			{
				$this->logout();
				$this->authenticated = false;
				$this->errormsg = 'error_noaccessprivileges';
			}

		}
		else
		{
			$this->logout();
			$this->authenticated = false;
			$this->errormsg = 'error_unauthorized';
		}
	}

	/**
	* Authentication Check Process
	*/
	function auth_check($username='',$sessionid='',$accesslevel=0)
	{
		$query = 'SELECT
				users.userId,
				groups.groupLevel
			    FROM
				'.$this->database->table['users'].' AS users,
				'.$this->database->table['usersgroups'].' AS groups
			    WHERE
				users.userGroup=groups.groupId
			    AND
				users.userName=\''.$username.'\'
			    AND
				users.userSession=\''.$sessionid.'\'
			    AND
				users.userStatus > \'0\'
			    AND
				groups.groupStatus > \'0\'
			    LIMIT
				1';

$this->database->query($query);

if($this->database->num_rows() > 0)
{
$this->database->fetch_array();
if($this->database->row['groupLevel'] >= $accesslevel)
{
$this->authenticated = true;

$this->userid = $this->database->row['userId'];

$this->session_write('userlevel',$this->database- >row['groupLevel']);

if(isset($this->remember_me))
{
$this->cookie_write('username',$this->database->row['userName']);
$this->cookie_write('sessionid',session_id());
}

$update_query = 'UPDATE
'.$this->database->table['users'].'
SET
userSession=\''.$sessionid.'\'
userLastvisit = NOW()
WHERE
userId=\''.$this->database->row['userId'].'\'';

$this->database->query($update_query);
}
else
{
$this->logout();
$this->authenticated = false;
$this->errormsg = 'error_noaccessprivileges';
}

		}
		else
		{
			$this->logout();
			$this->authenticated = false;
			$this->errormsg = 'error_unauthorized';
		}
	}
	
	/**
	* Logout Process
	*/
	function logout()
	{
		if(isset($this->session) || isset($this->cookie))
		{
			$update_query = 'UPDATE
						'.$this->database->table['users'].'
					     SET
						userSession=\'\'
					     WHERE
						userName=\''.$this->username.'\'
					     AND
						userSession\''.$this->sessionid.'\'
					     ';
			
			$this->database->query($update_query);
		
			if(isset($this->session))
			{
				session_unset();
				session_destroy();
			}
			
			if(isset($this->cookie))
			{
				setcookie('username','',time() - 3600,'/',$this->domain);
				setcookie('sessionid','',time() - 3600,'/',$this->domain);
			}
		}
	}
	
	/**
	* Session Write Function
	*/
	function session_write($var='',$val='')
	{
		$_SESSION[$var] = $val;
	}
	
	/**
	* Cookie Write Function
	*/
	function cookie_write($var='',$val='')
	{
		setcookie($var,$val,time()+24*3600*7,'/',$this->domain);
	}
	
	/**
	* Session Check Function
	*/
	function check_session()
	{
		if(isset($_SESSION))
		{
			$this->sessionid = session_id();
			if(isset($_SESSION['username']) & isset($this->sessionid))
			{
				if($_SESSION['username'] !='' & $this->sessionid !='')
				{
					$this->session = true;
					$this->username = addslashes(strip_tags($_SESSION['username']));
					$this->remember_me =  false;
				}
				else
				{
					$this->session = false;
					$this->errormsg = 'error_sessionerror';
				}
			}
			else
			{
				$this->session = false;
			}
		}
		else
		{
			$this->session= false;
		}
	}
	
	/**
	* Cookie Check Function
	*/
	function check_cookie()
	{
		if(isset($_COOKIE))
		{
			if(isset($_COOKIE['username']) & isset($_COOKIE['sessionid']))
			{
				if($_COOKIE['username'] !='' & $_COOKIE['sessionid'] !='')
				{
					$this->cookie= true;
					$this->username = addslashes(strip_tags($_COOKIE['username']));
					$this->sessionid = addslashes(strip_tags($_COOKIE['sessionid']));
					$this->remember_me =  true;
				}
				else
				{
					$this->cookie= false;
					$this->errormsg = 'error_cookieerror';
				}
			}
			else
			{
				$this->cookie = false;
			}
		}
		else
		{
			$this->cookie = false;
		}
	}
	
	/**
	* Cookie Check Post
	*/
	function check_post()
	{
		if(isset($_POST))
		{
			if(isset($_POST['username']) & isset($_POST['password']))
			{
				if($_POST['username'] !='' & $_POST['password'] !='')
				{
					$this->post = true;
					$this->username = addslashes(strip_tags($_POST['username']));
					$this->password = md5($_POST['password']);
					if(isset($_POST['rememberme']))
					{
						$this->remember_me =  true;
					}
					else
					{
						$this->remember_me =  false;
					}
				}
				else
				{
					$this->post = false;
					$this->errormsg = 'error_unfilledfield';
				}
			}
			else
			{
				$this->post = false;
			}
		}
		else
		{
			$this->post = false;
		}
	}
}
?>
============================================================

Best Regards,
Bruno B B Magalhaes

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux