09-20-2007, 09:04 PM
|
#1 (permalink)
|
|
The Frequenter
Join Date: Sep 2007
Posts: 360
Thanks: 24
|
Authentication class
PHP Code:
<?php
/*
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Title : Authentication class for users login
Author : Muhammad Haris
URL : http://www.mharis.net
CONTACT: isharis@gmail.com
Description : Class used for authentication of
the users login on secure pages.
Created : 20th September 2007
Modified: 21th September 2007
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*/
class Auth {
/*
* Summary: Starts session and sets default value
*/
public function __construct(){
session_start();
$_SESSION['logged'] = false;
$_SESSION['username'] = '';
$_SESSION['rank'] = '';
}
/*
* Summary: Authenticates a user and registers its sessions
* Parameters: Username | Passwords
* Return: Returns true if session is user is succesfully
authenticated else returns false
*
*/
public function authenticate($szUser, $szPassword){
$szSQL = sprintf("SELECT *
FROM
users
WHERE
user = '%s' LIMIT 0,1", $szUser);
$aResult = mysql_query($szSQL) or die(mysql_error());
while($row = mysql_fetch_array($aResult)){
$dbPass = $row['pass'];
$dbSalt = $row['salt'];
$dbRank = $row['rank'];
}
$szPassword = md5($dbSalt.$szPassword);
if($szPassword == $dbPass){
session_regenerate_id();
$_SESSION['logged'] = true;
$_SESSION['username'] = $szUser;
$_SESSION['rank'] = $dbRank;
return true;
}
else{
$_SESSION['logged'] = false;
$_SESSION['username'] = '';
$_SESSION['rank'] = '';
return false;
}
}
/*
* Summary: Checks if the user is logged in or not.
* Return: Returns true if session is user is logged
in else returns false
*
*/
public function check(){
if($_SESSION['logged'] == true){
return true;
}
else {
return false;
}
}
}
?>
I've finally made my own authentication class. I want to know if my class is secure enough. I know it's secure from sql injections and session hijacking.
What more? |
|
|
|
Join the friendly bunch on IRC...
Threaded Mode
