A
Anonymous
Guest
Here are two simple user registration/login classes, well at least I think they are:
First one I called: Member.php
The second class I called: Registration.php:
The reason I didn't have this in one class is that I don't want the user getting the chance to know about the member class. You will still need to validate the data that comes into the Member class somehow, but I'll leave that up to you to figure out. 8)
Then all you would have to do is something like the following:
This is just a basic registration class, I plan to enhance by tighten the password security code, but seeing this I think one can see the benefits of Object-Oriented Programming.
First one I called: Member.php
Code:
<?php
class Member extends DBConnect {
// The member attributes containing required and optional information.
// The attributes must correspond to the database table columns:
private $userType=NULL; // Required (assigned)
private $username=NULL; // Required
private $email=NULL; // Required
private $pass=NULL; // Required
private $fullName=NULL;
private $address=NULL;
private $city=NULL;
private $state=NULL;
private $zipCode=NULL;
// Get the private attributes:
public function __get($property) {
if (property_exists($this, $property)) {
return $this->$property;
}
}
// Set the private attributes:
public function __set($property, $value) {
if (property_exists($this, $property)) {
$this->$property = $value;
}
return $this;
}
// Method returns the user ID:
public function getId() {
return $this->id;
}
// Method returns a Boolean if the user is an administrator:
public function isAdmin() {
return ($this->userType == 'admin');
}
// Method returns a Boolean indicating if the user is an administrator
// or if the user is the original author of the provided page:
public function canEditPage(Page $page) {
return ($this->isAdmin() || ($this->id == $page->getCreatorId()));
}
// Method returns a Boolean indicating if the user is an administrator or an author:
public function canCreatePage() {
return ($this->isAdmin() || ($this->userType == 'author'));
}
}
The second class I called: Registration.php:
Code:
<?php
class Registration extends Member {
// Make sure username isn't empty:
public function isUsernameValid() {
return ($this->username == NULL);
}
// Method checks to see if username isn't already taken and returns true if it is already taken:
public function isUsernameAvailable() {
// Connect to PDO database:
$pdo = parent::connect();
$query = "
SELECT
1
FROM users
WHERE
username = :username1
";
$query_params = array(
':username1' => $this->username
);
// These two statements run the query against your database table.
$stmt = $pdo->prepare($query);
$result = $stmt->execute($query_params);
// The fetch() method returns an array representing the "next" row from
// the selected results, or false if there are no more rows to fetch.
return $row = $stmt->fetch();
// If a row was returned, then we know a matching username was found in
// the database already and we should return a boolean value back.
}
// Verify that password is not null:
public function processPass($password) {
return ($password == NULL) ? NULL : sha1($password);
}
public function isPassBlank() {
return ($this->pass == null);
}
public function isPassLongEnough($pass) {
return (strlen($pass) < 6);
}
// Method returns a Boolean if the user's email is valid:
public function hasValidEmail() {
return (!filter_var($this->email, FILTER_VALIDATE_EMAIL));
}
public function isEmailUsed() {
$pdo = parent::connect();
$query = "
SELECT
1
FROM users
WHERE
email = :email1
";
$query_params = array(
':email1' => $this->email
);
// These two statements run the query against your database table.
$stmt = $pdo->prepare($query);
$result = $stmt->execute($query_params);
// The fetch() method returns an array representing the "next" row from
// the selected results, or false if there are no more rows to fetch.
return $row = $stmt->fetch();
// If a row was returned, then we know a matching email was found in
// the database already and we should return a boolean value back.
}
}
The reason I didn't have this in one class is that I don't want the user getting the chance to know about the member class. You will still need to validate the data that comes into the Member class somehow, but I'll leave that up to you to figure out. 8)
Then all you would have to do is something like the following:
Code:
<?php #register.php
// Need the utilities file:
require('includes/utilities.inc.php');
// Process form once user clicks on Register:
if (isset($_POST['action']) && $_POST['action'] == 'register') {
$guest = new Registration(); // Registration Class extends Members Class.
$errorMsg = NULL;
$data['userType'] = 'public'; // User has no rights to add or edit pages.
$data['username'] = htmlspecialchars($_POST['username']); // Required
$data['email'] = htmlspecialchars($_POST['email']); // Required
$password['pass'] = htmlspecialchars($_POST['pass']); // Do Not Store
$data['pass'] = $guest->processPass($password['pass']); // Required
$data['fullName'] = htmlspecialchars($_POST['fullName']);
$data['address'] = htmlspecialchars($_POST['address']);
$data['city'] = htmlspecialchars($_POST['city']);
$data['state'] = htmlspecialchars($_POST['state']);
$data['zipCode'] = htmlspecialchars($_POST['zipCode']);
// Validate length of password:
if ($guest->isPassLongEnough($password['pass'])) {
$errorMsg .= '<li class="stop-bullet">Password is too short, please re-enter</li>';
}
// Unset the user's unecrpyted password:
unset($password['pass']);
// Set the attributes (Member Class):
foreach($data as $property => $value) {
$guest->$property = $value;
}
// Validate username, email and pass attriutes:
if ($guest->isUsernameValid()) {
$errorMsg .= '<li class="stop-bullet">Username is empty, please enter.</li>';
}
if ($guest->isUsernameAvailable()) {
$errorMsg .= '<li class="stop-bullet">Username: ' . $guest->username . ' is already taken</li>';
}
if ($guest->isPassBlank()) {
$errorMsg .= '<li class="stop-bullet">Password is empty, please enter.</li>';
}
if ($guest->hasValidEmail()) {
$errorMsg .= '<li class="stop-bullet">' .$guest->email . ' is an invalid email address.</li>';
}
if ($guest->isEmailUsed()) {
$errorMsg .= '<li class="stop-bullet">' .$guest->email . ' is already registered.</li>';
}
// Store user's credentials if form data is validated:
if(!$errorMsg) {
$query = 'INSERT INTO users (userType, username, email, pass, fullName, address, city, state, zipCode, dateAdded) VALUES (:userType, :username, :email, :pass, :fullName, :address, :city, :state, :zipCode, NOW())';
$stmt = $pdo->prepare($query);
$result = $stmt->execute(array(':userType' => $guest->userType, ':username' => $guest->username, ':pass' => $guest->pass, ':email' => $guest->email, ':fullName' => $guest->fullName, ':address' => $guest->address, ':city' => $guest->city, ':state' => $guest->state, ':zipCode' => $guest->zipCode));
}
}
?>
This is just a basic registration class, I plan to enhance by tighten the password security code, but seeing this I think one can see the benefits of Object-Oriented Programming.