Location: PHPKode > scripts > User Checker > user-checker/userchecker.class.php
<?php

class User {
	//User variables
	private $username = '';
	private $password = '';
	private $passwordcheck = '';
	
	//DB variables
	private $dbaddr = '';
	private $dbuser = '';
	private $dbpass = '';
	private $connection;
	private $query = '';
	private $foundusers;
	
	//DB field and table variables
	private $username_field = '';
	private $password_field = '';
	private $cred_table = '';
	
	//Session and validation variables
	private $valid = -2;
	private $session_hash = '';
	
	//Constructor gets the username, the password and the function for getting the password hash
	//If $passcheck is empty (ie. = ''), the password is presumed to be plain-text
	//The constructor will return False if the hash function does not exist or could not be initiated
	//It will also start a new session if no session ID is given or found
	function __construct($user, $pass, $passcheck = 'md5', $session = FALSE)
	{
		if (!$session)
		{
			$session = session_id();
		}
		
		if (!empty($user) && !empty($pass))
		{
			if (!empty($passcheck))
			{
				if (!function_exists($passcheck))
				{
					trigger_error("Function $passcheck does not exist", E_USER_ERROR);
					return False;
				}
				
				if (!$this->passwordcheck = eval($passcheck.'('.$pass.');'))
				{
					trigger_error("Could not execute function $passcheck", E_USER_ERROR);
					return False;
				}
			}
			else
			{
				$this->passwordcheck = $pass;
			}
			
			$this->username = $user;
			$this->password = $pass;
			
			if (!$session)
			{
				session_start();
				$session = session_id();
			}
			
			return True;
		}
		return False;
	}
	
	function set_db_connection($addr, $user, $pass, $name)
	{
		$this->dbaddr = $addr;
		$this->dbuser = $user;
		$this->dbpass = $pass;
		$this->dbname = $name;
	}
	
	//This is really a private function for connecting to the MySQL server and choosing database
	//It returns false if it could not connect or select
	function connect()
	{
		if (!$this->connection = mysql_connect($this->dbaddr, $this->dbuser, $this->dbpass))
		{
			trigger_error("Could not connect to DB!", E_USER_ERROR);
			return False;
		}
		
		if (!mysql_select_db($this->connection, $this->dbname))
		{
			trigger_error("Could not select DB!", E_USER_ERROR);
			return False;
		}
		
		return True;
	}
	
	//This function selects which table the username and password should be checked from
	function set_table($dbtable)
	{
		$this->cred_table = $dbtable;
	}
	
	//And this one allows you to set which fields the username and password is placed in
	function set_fields($userfield, $passfield)
	{
		$this->username_field = $userfield;
		$this->password_field = $passfield;
	}
	
	//Function for preventing SQL injection
	function quotator($string)
	{
		if (is_numeric($string))
		return $string;
		
		if (get_magic_quotes_gpc())
		{
			$string = stripslashes($string);
		}
		
		$string = "'".mysql_real_escape_string($string, $this->connection)."'";
		return $string;
	}
	
	//This is the function that checks the user credentials
	//It returns one of four values
	//	-1 - An error occured, see error log
	//	0 - No valid users found. Can also mean that
	//	1 - One valid user found, certain positive login
	//	2 - Multiple users found, triggers error
	function validate()
	{
		//This prevents the script from running the MySQL query multiple times except if there has been an error
		if ($this->valid > -1)
		{
			return $this->valid;
		}
		
		//Connect to database if no connection is present
		if (!$this->connection)
		{
			if (!$this->connect())
			{
				return False;
			}
		}
		
		//If one of the required fields have not been filled in, return an error
		if (empty($this->cred_table) || empty($this->username_field) || empty($this->password_field))
		{
			trigger_error("Table, username field or password field has not been set!", E_USER_ERROR);
			$this->validate = -1;
			return -1;
		}
		
		//Construct the MySQL query
		construct_query();
		
		//If the query could not be executed, trigger, return and set an error
		if (!$this->foundusers = mysql_query($this->query, $this->connection))
		{
			trigger_error("Could not execute query ".$this->query." because: ".mysql_error($this->connection), E_USER_ERROR);
			$this->validate = -1;
			return -1;
		}
		
		if (mysql_num_rows($this->foundusers) == 1)
		{
			$this->valid = 1;
			return 1;
		}
		else if (mysql_num_rows($this->foundusers) > 1)
		{
			trigger_error("More than one user found with username ".$this->username, E_USER_NOTICE);
			$this->valid = 2;
			return 2;
		}
		else
		{
			$this->valid = 0;
			return 0;
		}
		
		//Close connection since it will not be used any more
		mysql_close($this->connection);
	}
	
	//Mainly for debugging purposes, prints the query used by validate()
	function print_query()
	{
		if (!empty($this->query))
		{
			return $this->query;
		}
		else
		{
			echo "Query has not yet been constructed, run validate() first";
			return False;
		}
	}
	
	//Construct the MySQL query, save it, and make sure to run quotator() to prevent SQL injection
	function construct_query()
	{
		$this->query = sprintf("SELECT * FROM '%s' WHERE %s = %s AND %s = %s",
					$this->cred_table,
					$this->username_field,
					$this->quotator($this->username),
					$this->password_field,
					$this->quotator($this->passwordcheck)
					);
	}
	
	
	//Returns either an array with name indexes or a multi-dimensional array with information about each of the members found
	//It can also return False if no users are found, validate() has not been run, or an error has occured
	function get_user_info()
	{
		//Only run this script if the script has been run and users have been found
		if ($this->valid > 0)
		{
			//return mysql_fetch_array() if one user was found
			if ($this->valid == 1)
			{
				return mysql_fetch_array($this->foundusers);
			}
			//return an array with each of the elements containing the result of the individual mysql_fetch_array() results
			else if ($this->valid == 2)
			{
				$all_users = array();
				$idx = 0;
				while ($returner = mysql_fetch_array($this->foundusers))
				{
					$all_users[$idx] = $returner;
					$idx++;
				}
				return $all_users;
			}
		}
		//Else, trigger an error and return False
		else
		{
			trigger_error("User not yet validated or user not valid", E_USER_ERROR);
			return False;
		}
	}
};

?>
Return current item: User Checker