My favorites | Sign in
Project Logo
Project Home
  
Downloads
  
Wiki
  
Issues
  
Source
    
Search
for
Updated May 27, 2008 by lukefx
Labels: Phase-Design, Phase-Implementation, Featured
UserAuthentication  
Authentication methods

Introduction

The framework have an abstract Authentication method, so you can implements your own in few simple step.

Details

Let's take a look to my authentication system. First of all, we have to create a User class, so we can describe the user. This is a really easy example. 

class User
{
    var $username;
    var $password;
    var $level;         // Administrator or so on...

    function User($username, $password)
    {
        $this->username = $username;
        $this->password = $password;
    }
}

Now, we must to create one user and store in the database, so later we can authenticate. 

$db = Persistent::getInstance();
$user = new User("Luke", md5("password"));
$db->store($user);

Now we have one user in the database, and it's ready for the authentication. What remain to do is create a class that extends the Login abstract class that it's in the framework. In this example I create a class called DBLogin that use our database to authenticate user. 

class DBLogin extends Login
{
    function DBLogin($user)
    {
        $this->user = $user;
    }
	
    function login()
    {
        $db = Persistent::getInstance();
        $where = sprintf("username='%s' and password='%s'", $this->user->username, md5($this->user->password));
        $news = $db->search("User", $where);
			
        if($news)
        {
            return true;
        }
        return false;
    }
}

How you can see it's really easy to do with the other class in the framework. At this point it's almost done because the package comes already with a Login page called login.php and looks like this. 

<?php

include("common.php");

if(isset($_POST) && !empty($_POST))
{
    $session = new Session();
    // no input validation...watch out for sql injections :-)
    $login = new DBLogin(new User($_POST['Username'], $_POST['Password']));
	
    if($login->login())
        $session->logged();
    throw new Exception("Login error");
}

$website = new love4web();
$website->addTemplate("login.tpl");
$website->run();

?>

As you can see, this page grab from POST the username and password and check if the user can authenticate itself. The login template it's a simple page with a Form with username and password.

Now it's done! If you want a private page... say it to the framework! Simply pass true at the Session costructor. 

<?php

include("common.php");

// This page require a valid user
$session = new Session(true);

$website = new love4web();
$website->addTemplate("other.tpl");
$website->run();

?>

Sign in to add a comment
Hosted by Google Code