PHP PDO login system, user class. Also Includes a theming system {Source}

[xifyhosting]

Hello,


Before you look at the source I would like to say a huge thank you to Bennett's (http://btreptow.com/) who is one of my developer/beta tester for Graft Development. He has imputed allot of his own work into script, and i cannot take credit for the input he has put into this himself. Secondly I would like to thank Brad for help testing the script at each stage.

config.inc.php

PHP Code: 

<?php
define("MYSQL_HOST","localhost");
define("MYSQL_USER","username");
define("MYSQL_PASSWORD","password");
define("MYSQL_DATABASE","db_name");
define("CURRENT_DESIGN","default");

try {
$dbh = new PDO("mysql:host="MYSQL_HOST.";dbname=".MYSQL_DATABASE,MYSQL_USER,MYSQL_PASSWORD);
} catch(PDOException $e){

echo $e->getMessage();
}


?>

user.inc.php

PHP Code: 

<?php
class user {
public $uid = "";
public $userinfo;
       
      public function __construct($id = null)
  {
      if(null !== $id)
      {
          $this->getUserInfo($id);
          $this->uid = $id;
      }
  }
public function __destruct(){

}
public function getUserInfo($id){
global $dbh;
$st = $dbh->prepare("SELECT * FROM `users` WHERE `id` = :id LIMIT 1");
$st->execute(array(":id" => $id));
$this->userinfo = $st->fetch(PDO::FETCH_OBJ);
}
public function login($email,$password){
global $dbh;
$st = $dbh->prepare("SELECT * FROM `users` WHERE `email` = :email AND `password` = :password LIMIT 1");
$st->execute(array(":email" => $email,":password" => $password));
$result = $st->fetch(PDO::FETCH_OBJ);
if ($result > 0) { 
    $id = $result->id;
  $this->uid = $id;
  return $id;
  } 
  else { 
      return "Login error"; 
  } 
}
public function signup($fname,$lname,$email,$password,$ip){
global $dbh;
$st = $dbh->prepare("SELECT count(*) FROM `users` WHERE `email` = :email LIMIT 1");
$st->execute(array(":email" => $email));
$Data  = $st->fetchColumn();
if ($Data > 0) { 
  return "Error on email";
} else { 
try {

      $st = $dbh->prepare("INSERT INTO users (email, password, firstname, lastname, ip) value (:email, :password, :firstname, :lastname, :ip)"); 
      $st->execute(array(":email" => $email, ":password" => $password, ":firstname" => $fname, ":lastname" => $lname, ":ip" => $ip));
      } catch (PDOException $err) {
  return "Error " . $err->getMessage();
}
$st = $dbh->prepare("SELECT * FROM `users` WHERE `email` = :email AND `password` = :password LIMIT 1");
$st->execute(array(":email" => $email,":password" => $password));
$result = $st->fetch(PDO::FETCH_OBJ);
if ($result > 0) { 
    $id = $result->id;
  $this->uid = $id;
  return $id;
  }

  } 
}
}

?>

signup.php

PHP Code: 

<?php
session_start();
include("include/config.inc.php");
include("include/classes/user.inc.php");

if (isset($_POST['submit'])) {
$fname = htmlentities($_POST['fname']);
$lname = htmlentities($_POST['lname']);
$email = $_POST['email'];
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error = "This email address is not valid, sorry. Alternative this field could been left blank.";
} Else {
if(!filter_var($fname, FILTER_SANITIZE_STRIPPED)) {
$error = "This first name has been blocked by our filter, you cannot use miscellaneous characters. Alternative this field could been left blank.";
} Else {
if(!filter_var($lname, FILTER_SANITIZE_STRIPPED)) {
$error = "This last name has been blocked by our filter, you cannot use miscellaneous characters. Alternative this field could been left blank.";
} Else {
$pass = htmlentities($_POST['password']);
$password = md5($pass);
$ip = $_SERVER['REMOTE_ADDR'];


$user = New user;
$signup = $user->signup($fname,$lname,$email,$password,$ip);
if ($signup == "Error on email") {
$error = "This email address is already in use, sorry";
} Else {
$_SESSION['id']= $signup;
}}}}
}


$design = "include/designs/".CURRENT_DESIGN."/";
include($design."design.top.inc.php");
// Start of content


if(isset($_SESSION['id'])) {
  echo "<meta http-equiv='Refresh' content='0; url=https://website.com/'>
";
} else {
  include($design."design.signup.inc.php");
}


// end of content
include($design."design.bottom.inc.php");
?>

logout.php

PHP Code: 

<?php
session_start();
session_destroy();
include("include/config.inc.php");
include("include/classes/user.inc.php");
$design = "include/designs/".CURRENT_DESIGN."/";
include($design."design.top.inc.php");

  include($design."design.login.inc.php");



// end of content
include($design."design.bottom.inc.php");
?>

index.php

PHP Code: 

<?php
session_start();
include("include/config.inc.php");
include("include/classes/user.inc.php");
if (isset($_POST['submit'])) {

$email = htmlentities($_POST['email']);
$pass = htmlentities($_POST['password']);
$password = md5($pass);
$user = New user;
$login = $user->login($email,$password);
if ($login == "Login error") {
echo "wrong information";
} Else {
$_SESSION['id']= $login;
}}


$design = "include/designs/".CURRENT_DESIGN."/";
include($design."design.top.inc.php");
// Start of content


if(isset($_SESSION['id'])) {
  include($design."design.home.inc.php");
} else {
  include($design."design.login.inc.php");
}


// end of content
include($design."design.bottom.inc.php");
?>

design.home.inc.php

PHP Code: 

<?
$user = New user($_SESSION['id']);
$result = $user->userinfo;
echo $result->email."<br />";
echo $result->firstname."<br />";
echo $result->lastname."<br />";
echo $result->msn."<br />";
echo $result->aim."<br />";
echo $result->skype."<br />";
unset($user); 
?>

design.login.inc.php

PHP Code: 

<div id="login_holder">
<div class="login">
<span class="title"><span>Login</span></span>
<div class="content">

<form action="" method="post">
E-mail: <input type="email" name="email" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" />

</form>

</div>
</div>
</div> 


design.signup.inc.php

PHP Code: 

<div id="login_holder">
<div class="login">
<span class="title"><span>Signup</span></span>
<div class="content">
<? if ($error == "") {
} else {
echo  $error;
}
?>
<form action="" method="post">
Firstname: <input type="text" name="fname" /><br />
Lastname: <input type="text" name="lname" /><br />
E-mail: <input type="email" name="email" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" />

</form>

</div>
</div>
</div>

The design.top.inc.php and design.bottom.inc.php is the html code of the website for all the pages.

Lastly some tips this is what i use for my .htaccess

Code: 

#Start write engine
RewriteEngine on
#page 404 Page not found
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ 404.php

#Hide index
Options -Indexes

I hope this can come in handy for a few people. If you find any security issues please tell me and i'll fix them.

Regards,
Jordan

xifyhosting Reviewed by xifyhosting on 2nd Aug 2012. PHP PDO login system, user class. Also Includes a theming system {Source} Hello, Before you look at the source I would like to say a huge thank you to Bennett's (http://btreptow.com/) who is one of my developer/beta tester for Graft Development. He has imputed allot of his own work into script, and i cannot take credit for the input he has put into this himself. Secondly I would like to thank Brad for help testing the script at each stage. config.inc.php <?php define("MYSQL_HOST","localhost"); define("MYSQL_USER","username"); Rating: 5

[l0calh0st]

Looks good mate

[MrOSX]

Looks sweet, nice post Jordan.

[mnero]

very useful.