Home arrow PHP arrow Page 5 - User Authentication with patUser (part 1)

Breaking It Down - PHP

Need to add authentication to your PHP-based Web application? Getit done in a jiffy with patUser, a PHP class which makes it possible torapidly add powerful user management capabilities to your Web application.

  1. User Authentication with patUser (part 1)
  2. Power User
  3. Dump Truck
  4. Zone Six
  5. Breaking It Down
  6. A Different Realm
  7. Icing On The Cake
By: icarus, (c) Melonfire
Rating: starstarstarstarstar / 15
April 23, 2003

print this article


Let's take a closer look at the code to see how this works.

1. The first step is to include the patUser class in your script:

<?php include("../include/patUser.php"); ?>
patUser uses the patDbc class to connect to the user database, and the patTemplate engine to render its pages - so let's include those as well here:

<?php include("../include/patDbc.php"); include("../include/patTemplate.php"); ?>
2. Next, the database layer needs to be initialized. This is accomplished by creating an instance of the patDbc class and providing it with the access parameters needed to connect to the MySQL database holding the user data. This object instance is stored in the PHP variable $db.

<?php $db = new patMySqlDbc("localhost", "db111", "us111", "secret"); ?>
3. Once the database connection has been initialized, the patTemplate engine also needs to be initialized. Here too, an instance of the patTemplate class is created, and provided with the location of the directory containing patUser's templates.

<?php $tmpl = new patTemplate(); $tmpl->setBasedir("../templates"); ?>
If you look in this directory, you'll see two templates, named "patUserLogin.tmpl" and "patUserUnauthorized.tmpl". The first of these templates contains the login box that is displayed whenever the system requires user credentials, while the second contains a generic "access denied" page that is displayed when an attempt is made to access a restricted page without appropriate privileges. Both these templates are included as part of the patUser distribution, and you are free to make changes to them so that they fit into the look and feel of your application.

4. Once both template engine and database connection are awake, it's time to initialize the patUser class itself.

<?php $u = new patUser(true); ?>
The "true" argument to the class constructor tells patUser to use PHP's session management capabilities to store user data in the session.

Once the object instance has been initialized, the methods setAuthDbc() and setTemplate() are used to connect it to the database connection and template engine respectively. patUser will use this information to send queries to the database and render page templates as needed.

<?php $u->setAuthDbc($db); $u->setTemplate($tmpl); ?>
The four steps above are fairly standard for all scripts using the patUser class, and so it's a good idea to encapsulate them into a single function, say init(), and call that function at the start of every script so as to eliminate unnecessary repetition. A single init() function reduces redundancy, and also makes changes easier.

Once all the formalities are concluded, the requireAuthentication() method may be called to verify the user's credentials.

<?php $u->requireAuthentication("displayLogin"); ?>
This method tells patUser that what follows is a restricted page, and access should only be allowed if appropriate user credentials are available. In case these credentials are not available in the session, patUser will automatically display the contents of the "patUserLogin.tmpl" template, usually a login box. Once user credentials have been submitted, patUser will internally verify them and either permit access or display an error message.

The actual mechanics of the authentication are performed internally and automatically by the requireAuthentication() method, and you don't really need to worry about it - although if you're really interested, feel free to pop open the class file and inspect the code.

By encapsulating the business logic of user verification into a single function, patUser makes life much easier for the harried application developer - all that's needed is to add a single function call at the top of all such sensitive pages, and patUser automatically takes care of the rest.

>>> More PHP Articles          >>> More By icarus, (c) Melonfire

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates


Dev Shed Tutorial Topics: