Need help with a User class

maZtah · 01-09-2009, 11:32 AM

Recently I'm working on a User class. I need some help with this class to get it on track.

For example, I want a user to get logged in, how would I do this? Do I need to pass the HTML form to the login() function? Or do I need to pass all variables (like email and password) as variables, or?

Also, how to correctly interact with the Database class I've written? Should I do something like this?

PHP Code:


			
private $m_pConn;



function __construct()

{

    $m_pConn = new Database();

}

Or am I thinking in the wrong way? Oh well, someday I will fully understand the OOP way of thinking. Thanks in advance for your replies.

This is what I have thus far:

PHP Code:


			
class User

{

    private $m_iId;

    private $m_szName;

    private $m_szEmail;

    

    private $m_bLoggedIn;

    

    function login()

    {

        // Do login here.

    }

    

    function get_id()

    {

        return $this->m_iId;

    }

    

    function get_name()

    {

        return $this->m_szName;

    }

    

    function get_email()

    {

        return $this->m_szEmail;

    }

    

    function is_logged_in()

    {

        return (bool) $m_bLoggedIn;

    }

}

CoryMathews · 01-09-2009, 01:31 PM

you just need to pass in the username and password to the login then you do your query to check if its a valid login or not. the login function should return a true or false. The db class can be created like that, that is fine. You will have to store this class in a session variable to keep from reloading it every page as well.

maZtah · 01-10-2009, 09:58 AM

Thanks for your reply! It helps me out well.

Quote:

Originally Posted by CoryMathews

You will have to store this class in a session variable to keep from reloading it every page as well.

I assume - with 'this class' - you mean the User class. Should I store only the boolean $m_bLoggedIn in a session, or the whole object?

Like:

PHP Code:


			
$_SESSION['user'] = $pUser->is_logged_in();

// or
$_SESSION['user'] = $pUser;

Scottymeuk · 01-10-2009, 12:38 PM

I wouldnt do that.

You need to do things like

PHP Code:


			
$user->login($_POST)

That above bit goes in the bit that says, if post etc.

Then on the login bit you need to make sessions etc. I will post my one (Please note this wont work properly as it integrates methods etc that my framework has so you will need to change it a lot but you will be able to see what i mean):

Please note that its not perfect as i did code it at like 3am.

PHP Code:


			
<?php

function login($userData, $redirect = '')

{        

    if(!$this->isRegistered()) 

    {

        $this->core->session->destroy();

        if(!empty($userData['username']) and !empty($userData['password']))

        {

            $password = $this->core->app->generateHash($userData['password'], $userData['username']);

               

            $data = array('userId','username','password');

            

            $sql = "SELECT userId

                    FROM users

                    WHERE username = '" . $userData['username'] . "'

                        AND password = '$password'

                    LIMIT 1";

            

            $checkUser = $this->core->database->query($sql);

           

            if($this->core->database->getNumRows($checkUser) == 1)

            {

                while($userDetails = $this->core->database->getArray($checkUser))

                {

                    $sessionId = $this->core->app->generateHash(session_id(), $userData['username']);

                        

                    if($this->core->session->register('isregistered') == false)

                    {

                        $this->core->session->delete_all_var();

                        return false;

                    }

                    else

                    {

                        if($this->core->session->set_var('userid',$userDetails['userId']) == false)

                        {

                            $this->core->session->delete_all_var();

                            return false;

                        }

                        else

                        {

                            if($this->core->session->set_var('password',$password) == false)

                            {

                                $this->core->session->delete_all_var();

                                return false;

                            }

                            else

                            {

                                if($this->core->session->set_var('session_hash',$sessionId) == false)

                                {

                                    $this->core->session->delete_all_var();

                                    return false;    

                                }

                            }

                        }

                    }

                       

                    $expiresTime = time() + 3600;

                       

                    $sql = "INSERT INTO sessions

                            (userid,sessionhash,expires)

                            VALUES ('" . $userDetails['userId'] . "','$sessionId','$expiresTime')";

                    

                    $query = $this->core->database->query($sql);

                    

                    if($query)

                    {

                           if(!empty($redirect))

                           {

                               $this->core->app->redirect($redirect);

                           }

                        return true;

                    }

                    else

                    {

                        return false;

                    }

                }

            }

            return false;

        }

        return false;

    }

}

?>

maZtah · 01-10-2009, 04:57 PM

Thanks for your reply too. It's quite hard to read due to no commenting, but I get the trick.

I will soon post my new code.

Scottymeuk · 01-10-2009, 05:04 PM

Well basically it does:

Checks to see if the user details are ok
Starts A Session with session hash( not just the session id, but a mix of a lot of things), a password hash (for checking each time isRegistered() is called), and an expires time
Then it adds the session infomation to the database

I then have a isRegistered() function that checks all the information against database et.

CoryMathews · 01-11-2009, 02:20 AM

personally I just store the entire user class. Mine is pretty small with only about 8-10 vars and just a couple functions.

A second reason why I save the entire class is so that I don't have to keep doing the same sql queries every time I load the page to get the users name ect. I only run them once when the user logs in. and can then easily access them any time I need.

Scottymeuk · 01-11-2009, 01:47 PM

I do as well but I just don't want to send him my whole class.

maZtah · 01-12-2009, 10:04 AM

Thanks guys. I'm getting more and more into OOP.

At the moment I'm wondering if it's better do do something like this:

Create a Login class and a User class. First the user logs in via the Login class. If succesfully logins, the Login class creates a User class with the id of the user f.e. like $pUser = new User(1);. Then the Login class puts the User class in a session.

Shouldn't this be more logically (while thinking OOP)? Or am I just lost again? :-p

CoryMathews · 01-12-2009, 04:39 PM

That would work, however on one hand does your login class really have much to it? Personally I only have 2 functions and no vars that go with my login. So just adding those 2 to my user class is not much to store. But if you have quiet a few items that are only used in your login then it might make sense to split it up. I don't think it will make a difference one way or the other its really just how you want to do it.

Scottymeuk · 01-13-2009, 06:02 PM

No point in 2 classes. Just have a login function

PHP Code:


			
function login($username,$password)

{

    //DO LOGIN STUFF

}