Planning our Framework
[ 38 ]
User authentication
Our user authentication class needs to:
Process login requests
Check to see if the user is logged in
Log out the user
Maintain information about the currently logged-in user (we could extend
this to use a User object if we wish)
Firstly, we need our class and some methods:
<?php
/**
* Authentication manager
*
*
* @version 1.0
* @author Michael Peacock
*/
class authentication {
private $userID;
private $loggedIn = false;
private $admin = false;

private $groups = array();

private $banned = false;
private $username;
private $justProcessed = false;

public function __construct() {}
These are just the core properties we need to maintain, and will need to access. The

next stage is to check for any authentication requests or current login—this will be
called by our framework once the database has been connected to. This should rst
check to see if a user may be logged in; if this is the case, it should verify this. If not,
it should then check to see if a user is trying to log in. The following function does
this, and passes control to an appropriate method depending on the situation.
public function checkForAuthentication()
{
if( isset( $_SESSION['phpecomf_auth_session_uid'] ) &&
intval( $_SESSION['phpecomf_auth_session_uid'] ) > 0 )
{
$this->sessionAuthenticate( intval(
$_SESSION['phpecomf_auth_session_uid'] ) );
•
•
•
•
This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010
953 Quincy Drive, , Brick, , 08724
Chapter 2
[ 39 ]
}
elseif( isset( $_POST['ecomf_auth_user'] ) &&
$_POST['ecomf_auth_user'] != '' &&
isset( $_POST['ecomf_auth_pass'] ) &&
$_POST['ecomf_auth_pass'] != '')
{
$this->postAuthenticate(
PeacockCarterFrameworkRegistry::getObject('db')->
sanitizeData( $_POST['ecomf_auth_user'] ),
md5( $_POST['ecomf_auth_pass'] ) );

}
//echo $this->userID;
}
We can authenticate a user who is logged in from session data: if we store the user's
ID in a session, we can check this is valid and the user is active.
private function sessionAuthenticate( $uid )
{
$sql = "SELECT u.ID, u.username, u.active, u.email, u.admin,
u.banned, u.name, (SELECT GROUP_CONCAT( g.name SEPARATOR
'-groupsep-' ) FROM groups g, group_memberships gm
WHERE g.ID = gm.group AND gm.user = u.ID ) AS groupmemberships
FROM users u WHERE u.ID={$uid}";
PeacockCarterFrameworkRegistry::getObject('db')->
executeQuery( $sql );
if( PeacockCarterFrameworkRegistry::getObject('db')->
numRows() == 1 )
{
Even if the user exists, we can't just log them in. But, what if their user account is not
active, or has been marked as "banned"?
$userData = PeacockCarterFrameworkRegistry::getObject('db')->
getRows();
if( $userData['active'] == 0 )
{
$this->loggedIn = false;
$this->loginFailureReason = 'inactive';
$this->active = false;
}
elseif( $userData['banned'] != 0)
{
$this->loggedIn = false;

$this->loginFailureReason = 'banned';
$this->banned = false;
}
This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010
953 Quincy Drive, , Brick, , 08724
Planning our Framework
[ 40 ]
else
{
$this->loggedIn = true;
$this->userID = $uid;
$this->admin = ( $userData['admin'] == 1 ) ? true : false;
$this->username = $userData['username'];
$this->name = $userData['name'];
All of a user's group memberships are returned as a single eld from the user lookup
query. We can then split this into the individual groups and store them in the object.
$groups = explode( '-groupsep-',
$userData['groupmemberships'] );
$this->groups = $groups;
}

}
else
{
$this->loggedIn = false;
$this->loginFailureReason = 'nouser';
if( $this->loggedIn == false )
{
$this->logout();
}

}
If the user is trying to log in, we must look up his or her username and password to
verify them. This is very similar to the above function, except it uses the username
and password provided by the user, rather than a session-stored user ID.
private function postAuthenticate( $u, $p )
{
$this->justProcessed = true;
$sql = "SELECT u.ID, u.username, u.email, u.admin, u.banned,
u.active, u.name, (SELECT GROUP_CONCAT( g.name SEPARATOR
'-groupsep-' ) FROM groups g, group_memberships gm WHERE
g.ID = gm.group AND gm.user = u.ID ) AS groupmemberships
FROM users u WHERE u.username='{$u}'
AND u.password_hash='{$p}'";
//echo $sql;
PeacockCarterFrameworkRegistry::getObject('db')->
executeQuery( $sql );
if( PeacockCarterFrameworkRegistry::getObject('db')->
numRows() == 1 )
{
$userData = PeacockCarterFrameworkRegistry::getObject('db')->
getRows();
This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010
953 Quincy Drive, , Brick, , 08724
Chapter 2
[ 41 ]
As with before, once we nd a user, we must check to see that they are active, and
not banned from the site.
if( $userData['active'] == 0 )
{
$this->loggedIn = false;

$this->loginFailureReason = 'inactive';
$this->active = false;
}
elseif( $userData['banned'] != 0)
{
$this->loggedIn = false;
$this->loginFailureReason = 'banned';
$this->banned = false;
}
else
{
$this->loggedIn = true;
$this->userID = $userData['ID'];
$this->admin = ( $userData['admin'] == 1 ) ? true : false;
$_SESSION['phpecomf_auth_session_uid'] = $userData['ID'];
$groups = explode( '-groupsep-',
$userData['groupmemberships'] );
$this->groups = $groups;
}
}
else
{
$this->loggedIn = false;
$this->loginFailureReason = 'invalidcredentials';
}
}
Logging out can be done simply by cleaning the session data for the user.
function logout()
{
$_SESSION['phpecomf_auth_session_uid'] = '';

}
Finally, we need some getter methods to return various properties of the
current user.
public function getUserID()
{
return $this->userID;
This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010
953 Quincy Drive, , Brick, , 08724
Planning our Framework
[ 42 ]
}

public function isLoggedIn()
{
return $this->loggedIn;
}

public function isAdmin()
{
return $this->admin;
}

public function getUsername()
{
return $this->username;
}

public function isMemberOfGroup( $group )
{
if( in_array( $group, $this->groups )

{
return true;
}
else
{
return false;
}
}

}
?>
Template management
The template management functionality is easily broken down into two aspects: an
object to manage the actual content (a page object), and a template object to manage
the interaction with the content along with the parsing of the content within it.
Let's take a look at the code for template.class.php:
<?php
/**
* Views: Template manager
* Page content and structure is managed with a seperate page object.
*
* @version 1.0
* @author Michael Peacock
*/
class template {
This material is copyright and is licensed for the sole use by jackie tracey on 23rd February 2010
953 Quincy Drive, , Brick, , 08724