The first of the Framework components that we are going to be looking at is central authorization. This component contains two classes, the login and logout classes. Not only do these classes log a user in and out, they also record the times and dates that a user logged in and logged out.
These records will then be viewed by the department heads and the employees themselves if there is any doubt about whether a particular employee was at work that day or under any other circumstances. So let's take a look at the login class code.
The Login Class
Below is the code for the login class:
<?php /* connect to db Check if user exists log successful login */
class authorization{ function authorization($email=null,$dbpath=null,$pass=null){ global $dbtype, $dbusername; global $dbpass, $dbhost; global $dbname, $dbtbl,$date_time;
//set database connection details: $this->dbtbl=$dbtbl; $this ->dbp=$dbpath; if($dbpath == null){ $this ->dbp=sprintf("%s://%s:%s@%s/%s",$dbtype, $dbusername, $dbpass, $dbhost, $dbname); } //set login status $this ->loginstatus=FALSE; //set variables received from user $this->email=$email; $this->password=$pass; $this->errmsg="Your login details could not be found. Please try again."; //set date time value $this->dt=$date_time; } function check_user(){ global $userid,$uname,$access,$did,$err,$em; //connect to the db server with the user provided dbpath $dbcon = new DBAL($this->dbp); //see if the user password and email is in the table $query ="SELECT uid, upass,CONCAT(name,' ',sname) as name,access_level,depid FROM ".$this->dbtbl." WHERE email = '".$this->email."'"; $query .="AND isActive = '1'"; $result =$dbcon->a_query($query); //set the authorization status according to if(!$result){ $this->loginstatus=FALSE; }else { $row=$result->fetchrow(); //compare user submitted password with the one from the database: if($this->password == $row->upass){ $this->userid=$row->uid; $this->uname = $row->name; $this->access =$row->access_level; $this->did =$row->depid; $this->em=$email; //$this->email=$row->email; $this->loginstatus=TRUE; } else{ $this->err=$dbcon->showerror(); $this->loginstatus=FALSE; }//password check } $dbcon->disconnect(); return $this->loginstatus; } function getid(){ return $this->userid; } function getname(){ return $this->uname; } function getlevel(){ return $this->access; } function geterr(){ return $this->errmsg; } function getdepid(){ return $this->did; } function getnewid(){ return $this->nid; } function getemail(){ return $this->em; }
The main aim of the login class is of course to verify that a user has a right to access the intranet. The class checks to see if the user exists in the database. If so, the user is directed to the main intranet page, otherwise an error message is generated and shown on the login page:
/ 10 
