Application Framework Components: Login/Logout

The first of the Framework components that we are going to be looking at is central authorization. This component contains two classes, the login and logout classes. Not only do these classes log a user in and out, they also record the times and dates that a user logged in and logged out.

These records will then be viewed by the department heads and the employees themselves if there is any doubt about whether a particular employee was at work that day or under any other circumstances. So let’s take a look at the login class code.

The Login Class

Below is the code for the login class:

<?php
/* connect to db
Check if user exists
log successful login
*/

class authorization{
 
function authorization($email=null,$dbpath=null,$pass=null){
   
global $dbtype, $dbusername;
   
global $dbpass, $dbhost;
   
global $dbname, $dbtbl,$date_time;

    //set database connection details:
   
$this->dbtbl=$dbtbl;
   
$this ->dbp=$dbpath;
   
if($dbpath == null){
     
$this ->dbp=sprintf("%s://%s:%s@%s/%s",$dbtype,
$dbusername, $dbpass, $dbhost, $dbname);
   
}
   
//set login status
   
$this ->loginstatus=FALSE;
   
//set variables received from user
   
$this->email=$email;
   
$this->password=$pass;
   
$this->errmsg="Your login details could not be found. Please
try again.";
   
//set date time value
   
$this->dt=$date_time;
 
}
 
function check_user(){
   
global $userid,$uname,$access,$did,$err,$em;
   
//connect to the db server with the user provided dbpath
   
$dbcon = new DBAL($this->dbp);
   
//see if the user password and email is in the table
   
$query ="SELECT uid, upass,CONCAT(name,’ ‘,sname) as
name,access_level,depid FROM ".$this->dbtbl." WHERE email =
‘".$this->email."’";
   
$query .="AND isActive = ‘1’";
   
$result =$dbcon->a_query($query);
   
//set the authorization status according to
   
if(!$result){
     
$this->loginstatus=FALSE;
   
}else {
     
$row=$result->fetchrow();
     
//compare user submitted password with the one from the
database:
     
if($this->password == $row->upass){
       
$this->userid=$row->uid;
       
$this->uname = $row->name;
       
$this->access =$row->access_level;
       
$this->did =$row->depid;
       
$this->em=$email;
       
//$this->email=$row->email;
       
$this->loginstatus=TRUE;
      
}
     
else{
       
$this->err=$dbcon->showerror();
        
$this->loginstatus=FALSE;
     
}//password check
    
}
   
$dbcon->disconnect();
   
return $this->loginstatus;
  
}
 
function getid(){
   
return $this->userid;
 
}
 
function getname(){
   
return $this->uname;
 
}
 
function getlevel(){
   
return $this->access;
 
}
  function geterr(){
   
return $this->errmsg;
 
}
 
function getdepid(){
   
return $this->did;
 
}
 
function getnewid(){
   
return $this->nid;
 
}
 
function getemail(){
   
return $this->em;
 
}

The main aim of the login class is of course to verify that a user has a right to access the intranet. The class checks to see if the user exists in the database. If so, the user is directed to the main intranet page, otherwise an error message is generated and shown on the login page:

{mospagebreak title=Login Class Functions}

The class has nine functions. Let’s take a closer look, starting with the first one.

function authorization($email=null,$dbpath=null,$pass=null){
 
global $dbtype, $dbusername;
 
global $dbpass, $dbhost;
 
global $dbname, $dbtbl,$date_time;
 
//set database connection details:
 
$this->dbtbl=$dbtbl;
 
$this ->dbp=$dbpath;
 
if($dbpath == null){
   
$this ->dbp=sprintf("%s://%s:%s@%s/%s",$dbtype, $dbusername,
$dbpass, $dbhost, $dbname);
 
}
 
//set login status
 
$this ->loginstatus=FALSE;
 
//set variables received from user
 
$this->email=$email;
 
$this->password=$pass;
 
$this->errmsg="Your login details could not be found. Please
try again.";
 
//set date time value
 
$this->dt=$date_time;
}

The first function is what we call a constructor function. Its main aim is to initialize some of the variables that are going to be used throughout the class. This function has the same name as the class itself and takes three parameters: the email address, database path and pass (shortened for password). So whenever the class is used, it will need these three parameters to be passed. Two of these parameters, as you’ve probably worked out by now, are supplied by the user during login. You will also notice some global variables that I’ve declared:

global $dbtype, $dbusername;
global $dbpass, $dbhost;
global $dbname, $dbtbl,$date_time;

Most of these deal with the database abstraction layer that we haven’t discussed yet, so don’t worry if you do not understand it. The next bit of the function simply sets up the user supplied and internal variables:

//set login status
$this ->loginstatus=FALSE;
//set variables received from user
$this->email=$email;
$this->password=$pass;
$this->errmsg="Your login details could not be found. Please try
again.";
//set date time value
$this->dt=$date_time;

The $this->errmsg variable will of course be overridden depending on the kind of error generated. The check_user() function is at the heart of the authorization class. It does the job of checking to see if a user exists:

First we declare a couple of global variables:

function check_user(){
global $userid,$uname,$access,$did,$err,$em;

Then we connect to the database server — again, don’t worry if you don’t understand this part, we will get to it a bit later on. Notice that to connect to the database server you will need a URL coming in the form of dbpath that we initialized in the constructor function:

//connect to the db server with the user provided dbpath
$dbcon = new DBAL($this->dbp);

{mospagebreak title=Setting up the SQL Query}

Once we are successfully connected to the database, we continue to set up the SQL query. The query checks for two things. First, it checks to see if the email address that the user passed exists in the database, and then it checks to see if that account is active. So even if the email address exists, but the account is inactive, the function would return a error:

//see if the user password and email is in the table
$query ="SELECT uid, upass,CONCAT(name,’ ‘,sname) as
name,access_level,depid FROM ".$this->dbtbl." WHERE email =
‘".$this->email."’";
$query .="AND isActive = ‘1’";

The query is then executed:

$result =$dbcon->a_query($query);

If the result of the query is false, the user was not found in the database, so we set the login status to false:

//set the authorization status accordingly
if(!$result){
 
$this->loginstatus=FALSE;

If the result of the query is true, then the user does have an active account in the database. We then continue to further authenticate the user by comparing the user-submitted password with the one retrieved from the database:

}else {
 
$row=$result->fetchrow();
 
//compare user submitted password with the one from the database:
 
if($this->password == $row->upass){

If the two passwords are the same, then we assign the database-retrieved information to some of the global variables declared earlier:

  $this->userid=$row->uid;
  $this->uname = $row->name;
  $this->access =$row->access_level;
  $this->did =$row->depid;
  $this->em=$email;
  //$this->email=$row->email;
  $this->loginstatus=TRUE;
}

If the passwords don’t match, then the appropriate error is shown and the database connect is terminated:

    else{
     
$this->err=$dbcon->showerror();
     
$this->loginstatus=FALSE;
    }//password check
  }
  $dbcon->disconnect();
  return $this->loginstatus;
}

{mospagebreak title=The Remaining Login Class Functions}

The remaining seven functions simply retrieve individual bits of information based on the outcome of the check_user () function. If you go back to the function, you will notice that we stored some global variables and assigned values from the SQL query. Those values can now be retrieved by the program as and when needed:

This function retrieves the user id:

function getid(){
 
return $this->userid;
}

This function retrieves the user name:

function getname(){
 
return $this->uname;
}

This function retrieves the user access level:

function getlevel(){
 
return $this->access;
}

Retrieves the error message:

function geterr(){
 
return $this->errmsg;
}

This function retrieves the department id of the user concerned:

function getdepid(){
 
return $this->did;
}

This function retrieves the new user id:

function getnewid(){
 
return $this->nid;
}

This function retrieves the user email address:

function getemail(){
 
return $this->em;
}

These seven functions will be used to set up the sessions for the user at login. The next function simply logs the time and date that the user logged in.

First we set some global variables:

function log_access(){
 
global $uid,$nid;

Then we connect to the database server with the database path that I provided:

//connect to the db server with the user provided dbpath
$dbcon = new DBAL($this->dbp);

We then build the SQL query. The query simply inserts the date and time of login for a particular user. To make sure that the log in date and time is inserted for the correct user, the userid variable is used. If this userid does not exists, the query will return an error:

$query_ins = "INSERT INTO logtbl SET u_id=’".$this->userid."’,
start_sess=’".$this->dt."’,end_sess=’0000-00-00 00:00:00′,duration=’0’";

The query is then executed, like so:

$result =$dbcon->a_query($query_ins);

If the result of the query is false, we store  the error message as shown below:

if(!$result){
 
$this->errmsg=$dbcon->showError() . "n";
 
return FALSE;

Otherwise, if the result of the query is true, then we collect the new id of the record that we just inserted. This id will then be used when we log out the user:

    }else {
     
$this->nid=mysql_insert_id();
      
$dbcon->disconnect();
     
return TRUE;
    }
  }
}  //end class
?>

That covers the login class. Below is an outline of the configuration file for the login class. Some of the database variables that we used in the constructor function are stored here:

<?php
//db connection creds
$dbtype = ‘mysql’;
$dbhost = ‘localhost’;
$dbname = ‘intranet’;
$dbtbl = ‘users’;
$dbusername = ‘root’;
$dbpass = ”;
$dbpath = "$dbtype://$dbusername:$dbpass@$dbhost/$dbname";
$date_time=date("Y-m-d G:i:s");
?>

Hopefully some of the code in the constructor function will begin to make sense to you. The configuration information above sets up various variables that are used in the login and logout classes.

Conclusion

In the follow-up article will look at the logout class before writing a test application to test the login class. We will also discuss the database tables that are going to store the information about intranet users. Both of these tables have very simple structures, but are very effective in their functions. The logout class will also contain a function to record the time and date that the user is going to log out. We will look at this function in great detail.

[gp-comments width="770" linklove="off" ]

chat sex hikayeleri Ensest hikaye