Geek asks and answers

Class design object oriented login system in php

I began to improve my OOP skills by solving some of the simpler problems when building a website. So, it started with the login system, I followed the youtube tutorial that helped me create the login class, but as he continued, it raised a lot of doubt (by the way, the code is 100 lines, so I will pass it in).

So, in this Login class, there are verification methods, etc., but it comes to the point where there is a session verification that cannot be used with the given parameters in the constructor (at least in this class):

    $this->_username = ($this->_login)? $this->filter($_POST['username']) : $_SESSION['username'];
    $this->_password = ($this->_login)? $this->filter($_POST['password']) : '';
    $this->_passmd5 = ($this->_login)? md5($this->_password) : $_SESSION['password'];

Thus, in this case, I cannot use the verifySession () method when there are no session variables set (in order to distinguish what the user was supposed to register on the main page).

So my question is: is this design right, and how do I build the rest of the login system: checking loggedIn on each page and logging out - if each of them is in a separate class (and what about methods that are repeated in particular, the class, should I always inherit them). I understand that there are different approaches to OOP, but are there any features that I should follow a newbie (this will help me understand how possible this is).

+5
source share
3 answers

"I followed the youtube tutorial" is the first issue. Only the three lines of code you inserted indicate that the video you watched was created by an amateur PHP developer.

", : , "

, , . , .

, , - , , , , . - - (), . . , , .

, . wiki wiki:

, wiki, :

http://barebonescms.com/documentation/sso/

SSO - , SSO_LoggedIn(), SSO_Login(), SSO_Logout() .. , - . . . , , , .

+3

, "login". -

class User
{
   private $username;
   private $password;

   public function __construct($username)
   {
     //load this user object here
   }

   private function hashPassword($password)
   {
      ///Dont do this has the hash, but im just keeping it simple
      return md5($password . 'a}{!@#' . $this->username);

   }

   public function authenticate ($password)
   {
      return $this->hashPassword($password) == $this->password;
   }

}

login.php

$user = new User($_POST['username']);
if($user->authenticate($_POST['password']))
{
 //do session initilization here (can be a class, or whatever)
 Session::createUserSession($user)
}
else
 echo 'bad login';

logout.php

Session::destroyUserSession();

, , , .

+4

$_SESSION['password']

You never need to store a password (plain text?) In a session. You must check if the user is allowed to log in, and if he does and gives the correct password, you no longer store in the session than "logged in". For convenience, you can also save the username of the user ID.

But after you compare it with the one in the database, a password is not needed.

0
source

More articles:


All Articles