Home arrow PHP arrow Page 4 - Building a Site Engine Using PHP, Part 3

Insert Username Here - PHP

In this third article of the series, Iíll show you how the database and directories should be set up. Iíll also talk about the how to create, install, and use a content block, which mostly relies on arrays and array functions. I'll cover proper authentication methods for such a project so that multiple sites can run off the same users table in the database, while not barring a username from being used on a site because it is being use on another, all the while keeping the authentication accurate and secure from break-ins. (For part 2, see here.)

  1. Building a Site Engine Using PHP, Part 3
  2. Wanna Go Out on a Data?
  3. Stop Blocking Me
  4. Insert Username Here
By: James Murray
Rating: starstarstarstarstar / 48
June 28, 2004

print this article



The user authentication is relatively easy to work with -- easier than the blocks. The most important thing about the user authentication is the security behind the login. The password is the most vulnerable piece of information because thatís what everyone wants to get too. Setting cookies can be a security risk, if you donít use them correctly. With the following authentication methods, youíll be able to set a cookie that is secure, and on top of that you can use this authentication for every site that you host with the site engine not the mention you make one array that you can use anywhere in the engine to get information about the user. So let's get started.

First we need to define our class and the variables weíll be using. $usr will hold all the information about a user in an array. $username will hold the username passed to the class by the login form, and $userpass will, of course, hold the userís password that is passed to the script by the login form.

class user{
    public $user;

    public $username;
    public $userpass;

Unlike the other classes in the site engine, we want to name the actual login function something different than the class name because we donít want the login function to be called when the class is called. So, I named it __check_login().n Also set up the global variables weíll be using and set up the password to match the md5ís password thatís stored in the database. MD5 isnít really an encoding, rather itís the calculated hash of the string thatís passed to it.

     function __check_login(){
        global $sql,$site;

  $pass = md5($this->userpass)

Now get all our user's information from the database. Put the query function into the fetch_row() function to kill two birds with one stone. After the query has been run, check to make sure that the data returned is an array -- as it should be if it was a successful login. Then set the information in the $user with the corresponding information that we got from the database.
        $cl=$sql->_fetch_row($sql->_query("SELECT `users`.`user_ID`,`users`.`user_name`,`users`.`user_pass`,`users`.
`site_ID`FROM`users`WHERE (`users`.`site_ID` = '{$site->site['ID']}') AND (`users`.`user_name` = '$this->username') AND (`users`.`user_pass` = '$pass') limit 1"));
            $this->user['ID'] = $cl[0];
            $this->user['name'] = $cl[1];
            $this->user['pass'] = $cl[2];
            $this->user['site'] = $cl[3];

In comes the group users table in the database; we wouldnít be able to do the next step with out it. After the userís information is pulled from the users table in the database successfully, run the following query to get the information about what authentication groups the user belongs too. Since all users belong to at least two user groups, the result would be an array, so once again use the fetch_object function to get the results, only this time put it in a while loop. Then during the while loop, set the values to the user[Ďgidsí] array.

            $gids=$sql->_query("SELECT `groups`.`group_ID `FROM`group_users`,`groups`WHERE(`groups`.`group_ID` = `group_users`.`group_ID`) AND (`group_users`.`user_ID` = '{$this->user['ID']}') AND (`group_users`.`site_ID` = '{$this->usr['site']}')ORDER BY`groups`.`group_ID` DESC");
                $this->user['gids'][] = $gid[0];

After the while loop, check to see if the user[Ďgidsí] has any values in it, if it doesnít, assign the group IDís for a visitor, manually.

                $this->user['gids'][] = "1";
                $this->user['gids'][] = "2";

Finally after the group IDís are taken care of, end the if statement that we started when checking to see if the results from selecting the users information, with an else so that way, if the userís login wasnít successful, manually apply the information for a visitor to the user array. This doesnít bar the user from trying to login again; it just sets the user array to what I like to think of as ďdefault settingsĒ.     

            $this->user['ID'] = 0;
            $this->user['name'] = "Guest";
            $this->user['site'] = $site->site['ID'];
            $this->user['gids'][] = "1";
            $this->user['gids'][] = "2";


Final Thoughts

If you thought the blocks plug-in was confusing, just keep looking at it and thinking of it line by line. Follow the variables and youíll understand it really fast. Itís quite logical in the way it works, and it teaches a lot about arrays and how they work. The authentication plug-in also shows a few nice ways to work with and utilize arrays in your everyday scripts.

The file system can be changed to your likings -- just remember if you change it, that youíll have to update the plug-ins and module systems, and the blocks plug-in. If you have any confusion when working with the file system, itís always a good idea to make a test plug-in, a test module, and a test block. That way you can follow it by replacing the variables with the name of your test files to be sure of where the file should be.
In the next article, Iíll be telling you about the template system and how to get your actual engine up and running in different environments. In the fifth and final article I can walk you through making a small site on your site engine, and hopefully by then youíll be able to see fully what it does, how it does it, and why it does those things. By then you should be able the expand it to fit your needs.

>>> More PHP Articles          >>> More By James Murray

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates


Dev Shed Tutorial Topics: