PHP MYSQL login system - From the ground up - Page 2

As I said,
I would like to make a PHP login /Register system that would be free for anyone. Here I have started. Since Iam not expert, then I will be adding small pieces until something emerges.

I hope DW guys will help until it grows to mature. I want to apply some OOP.

Feel free to criticize and add/remove anything, but state why you did that and explain where you do complex stuffs so that I don't get lost. After it mature I will do host it somewhere (google code or SF)

Thanks

I have 5 PHP programs that work as web sites.

All login to the respective data base
window XP Prof SP3
(1) pilot's logbook access MySQL
(2) pilot's logbook access Oracle
(3) pilot's logbook access sql server 2008 express
Fedora 12
(1) pilot's logbook access MySQL
(2) pilot's logbook access Oracle

I can email

Voltaire: If God did not exist, it would be necessary for us to invent Him
GOD: If Voltaire did not exist, it would be necessary for us to invent him

I have 5 PHP programs that work as web sites.

All login to the respective data base
window XP Prof SP3
(1) pilot's logbook access MySQL
(2) pilot's logbook access Oracle
(3) pilot's logbook access sql server 2008 express
Fedora 12
(1) pilot's logbook access MySQL
(2) pilot's logbook access Oracle

I can email

I would like to have that. As you know login System is integral and heart of security to web! Also one thing, would you like it to go public, at least techniques?

Voltaire: If God did not exist, it would be necessary for us to invent Him
GOD: If Voltaire did not exist, it would be necessary for us to invent him

Hahaha! I don't get your point here. Anyway I have pmed you with my address, you can tell me also what you think of my signature
;)

Looks like this just kind of died off? Would love to see if any more progress has been made. I'm learning from things that have been posted here.

Not dead of course. For some weeks I was having other commitments and didn't have time to code. I will soon start the Register class, then login class then Some security tightening and other goodies

S stay tuned. :)

I Have done function that combines the above functions and validate POST variables.
Scrutinize it to see any improvements needed and I'm definitely shifting to Register class.

So far thanks for your inputs all of you guys!

public  function cleanMe($postArray){
            //the post values submitted are fname, lname, email, username and passwd
            $newPostArray[];
            $newPostArray["fname"] = $this->cleanNames($postArray["fname"]);
            $newPostArray["lname"] = $this->cleanNames($postArray["lname"]);
            $newPostArray["email"] = $this->cleanEmail($postArray["email"]);
            $newPostArray["username"] = $this->cleanNames($postArray["username"]);
            $newPostArray["password"] = $this->cleanNames($postArray["password"]);

            //loop through the array looking for any false value and terminate
            foreach ($newPostArray as $key => $value) {
                if($value==false) {
                    $returnValue =  false;
                    break;
                }//endif

            }//end foreach loop

            if(!$returnValue) {
                return $returnValue;
            }
            else {
                //everything is validated and is fine
                return $newPostArray;
            }
    }

The Class Register will depend on this for cleaning. So what do you say guys? Is this ok to proceed?

As I said,
I would like to make a PHP login /Register system that would be free for anyone. Here I have started. Since Iam not expert, then I will be adding small pieces until something emerges.

I hope DW guys will help until it grows to mature. I want to apply some OOP.

Feel free to criticize and add/remove anything, but state why you did that and explain where you do complex stuffs so that I don't get lost. After it mature I will do host it somewhere (google code or SF)

Thanks

Where is the current effort? Has this been posted anywhere? Please advise as to the current status? Thank you.

Where is the current effort? Has this been posted anywhere? Please advise as to the current status? Thank you.

Currently, I will be writing Register class. It is not yet published (I will start actually writing today). So the above was the function I wanted to be sure of because it will be used in cleaning variables

Anyway I will proceed

Currently, I will be writing Register class. It is not yet published (I will start actually writing today). So the above was the function I wanted to be sure of because it will be used in cleaning variables

Anyway I will proceed

Thank you for your reply and assistance.

Just wondering... Is there a reason you only clean the ones you need. You could clean all values in the post array, or use an array with the values you need to clean, so it could be extended if needed. You would then just need to add an entry to an array to add and clean a new field. I prefer the array option.

public  function cleanMe($postArray){
            //the post values submitted are fname, lname, email, username and passwd
            $newPostArray[];
            $newPostArray["fname"] = $this->cleanNames($postArray["fname"]);
            $newPostArray["lname"] = $this->cleanNames($postArray["lname"]);
            $newPostArray["email"] = $this->cleanEmail($postArray["email"]);
            $newPostArray["username"] = $this->cleanNames($postArray["username"]);
            $newPostArray["password"] = $this->cleanNames($postArray["password"]);

            //loop through the array looking for any false value and terminate
            foreach ($newPostArray as $key => $value) {
                if($value==false) {
                    $returnValue =  false;
                    break;
                }//endif

            }//end foreach loop

            if(!$returnValue) {
                return $returnValue;
            }
            else {
                //everything is validated and is fine
                return $newPostArray;
            }
    }

Just wondering... Is there a reason you only clean the ones you need. You could clean all values in the post array, or use an array with the values you need to clean, so it could be extended if needed.

Indeed, being modula is one of my aims. That is because you make something bigger out of plugins. I'm not good at plugin architecture thing but I will be learning as I go ;)

You would then just need to add an entry to an array to add and clean a new field. I prefer the array option.

Adding it should not be difficult and here is how to do that:
1. Create a method in same class responsible for cleaning new item from post let say birthdate

function cleanBirthDate($argument_is_birth_date){
//.....your code
}

2. Then add a line to above method

$this->cleanBirthDate($postArray["birthdate"]);

NOTE: The variable birthdate should be somewhere in your register form

Any suggestions are welcomed

Like this so much

For this to have any merit, it has to be very flexible.

The way you are sanitizing the inputs is going to cause a lot of problems for someone trying to add/modify/remove something.

The way I would set something like this up would be:

Database Class - Handles db connection and queries
Form Class - Handles forms. Could build forms dynamically from configuration array. Will sanitize all input data.
Template Class - Handles template files. Would be very basic.
Login Class - Handles login form and displaying the login template.
Register Class - Handles registration obviously. Would handle registration form and displaying registration template.

That would make integrating it with a site pretty easy.

For this to have any merit, it has to be very flexible.

Sure! modularity is in my plann but I'm not very good at planning yet!

The way you are sanitizing the inputs is going to cause a lot of problems for someone trying to add/modify/remove something.

Mhh! I don't understand. can you point it directly what I'm doing wrong? Thanks for pointing that!

The way I would set something like this up would be:

Database Class - Handles db connection and queries

I have that although for now it only connects to the database. I plan to put more queries there. I hope it will be ok

Form Class - Handles forms. Could build forms dynamically from configuration array. Will sanitize all input data.

I have no idea how to do that! Do you mean I should mix HTML in my PHP Class, that is require array to be passed to a constructor that in turn will build up the form? I currently use separate form with JS/JQuery pre-validation plus PHP validation. I need major help here

Template Class - Handles template files. Would be very basic.

Login Class - Handles login form and displaying the login template.

Also I would be happy to hear your suggestion on how login class should handle the login (with return only boolean values or return error code? or build error array?). I will be happy to hear more from you on this

Register Class - Handles registration obviously. Would handle registration form and displaying registration template.

I have just started writting this. I'm stucked on how to implement encryption. I will have to read some stuffs on web and open another thread for the case. Also your suggestion on this is apprciated!

That would make integrating it with a site pretty easy.

Your suggestions are practical and I'm impressed. But I need major help on many if not all of them.

Thanks for reply

So far this is all I have in my class. Mind you I have also a Form file that utilizes JS/JQuery. Here is the full code. Feel free to pint weakness or change them (no one have pocked around yet. I will be happy if one just did it. May be it is still immature heheh!)

<?php
//class for db connections and manipulations
/*
 * so far the post values submitted are fname, lname, email, username and passwd
 * db field includes those plus isadmin, active -- for checking if logged user is admin and if accoun is activated
*/

class Connectdb {
    //private values
    private $dbuser="user";
    private $dbpass="pass";
    private $dbhost="localhost";
    private $dbname="testdb";

    public function __construct() {
        $conn = mysql_connect($this->dbuser, $this->dbpass , $this->dbhost) or die("Cannot connect to database: Error - ".mysql_error());
        mysql_select_db($this->dbname);
        return $conn;
    }

}//end connectdb

class Cleaning extends Connectdb {
    public function __construct() {
        parent::__construct();

    }

    private  function  cleanValue($arrayValue) {
        $value = array_map("mysql_real_escape_string", $arrayValue);
        return $value ;
    }

    //to sanitize Names/string like username
    private  function cleanNames($badVariable) {
        if(empty($badVariable)) {
            return false;
        }
        else {
            $cleaned =  filter_var($badVariable, FILTER_SANITIZE_STRING);
            if(!$cleaned) {
                return false;
            }
            else {
                $cleaned = $this->cleanValue($cleaned);
                if(!$cleaned) {
                    return false;
                }
                else {
                    return $cleaned;
                }//inner else
            }//end else

        }//main else ends here

    }

    //sanitize and validate email
    private  function cleanEmail($badVariable) {
        if(empty($badVariable)) {
            return false;
        }
        else {

            $cleaned =  filter_var($badVariable, FILTER_SANITIZE_EMAIL);
            if (!$cleaned) {
                return false;
            }
            else {
                $cleaned =  filter_var($badVariable, FILTER_VALIDATE_EMAIL);
                if (!$cleaned) {
                    return false;
                }
                else {
                    $cleaned = $this->cleanValue($cleaned);
                    return $cleaned;
                }//inner else
            }//END ELSE
        }//main else ends here

        }


        //to be called by class functions only
        private  function cleanMe($postArray){
            //the post values submitted are fname, lname, email, username and passwd
            $newPostArray[];
            $newPostArray["fname"] = $this->cleanNames($postArray["fname"]);
            $newPostArray["lname"] = $this->cleanNames($postArray["lname"]);
            $newPostArray["email"] = $this->cleanEmail($postArray["email"]);
            $newPostArray["username"] = $this->cleanNames($postArray["username"]);
            $newPostArray["password"] = $this->cleanNames($postArray["password"]);
            $newPostArray["rpassword"] = $this->cleanNames($postArray["rpassword"]);

            //loop through the array looking for any false value and terminate
            foreach ($newPostArray as $key => $value) {
                if($value==false) {
                    $returnValue =  false;
                    break;
                }//endif

            }//end foreach loop

            if(!$returnValue) {
                return $returnValue;
            }
            else {
                //everything is validated and is fine
                return $newPostArray;
            }
    }



}//end cleaning

class Register extends Cleaning{
    private $username;
    private $passwd;
    private $rpasswd;
    private $fname;
    private $lname;
    private $email;

    public function __construct() {
        parent::__construct();

    }

    /*
     * Functions
     * 1. Get input
     * 2. Clean it and init variables
     * 3. Encrypt password
     * 4. Create random string
     * 5. Store in database
     */
    public function getSetInput($postArray){
        $ret = $this->cleanMe($postArray);
        if(!$ret){
            return $ret;
        }
        else{
            //set global variables
            $this->fname = $ret["fname"];
            $this->lname = $ret["lname"];
            $this->username = $ret["username"];
            $this->passwd = $ret["password"];
            $this->rpasswd = $ret["rpassword"];
            $this->email = $ret["email"];
        }

    }

    //encrypt passwords if they match
    //public encryptPass(){

    //}

}//end register

?>

I need to sit down and think how to implement keith's ideas

$conn = mysql_connect($this->dbuser, $this->dbpass , $this->dbhost) or die("Cannot connect to database: Error - ".mysql_error());

I don't like this. In my code I would like to know if something succeeds/fails, so additional handling can be done (e.g. logging). A die() will also stop my own code. Either use a return value or property to read the outcome, or throw an exception.

$conn = mysql_connect($this->dbuser, $this->dbpass , $this->dbhost) or die("Cannot connect to database: Error - ".mysql_error());

I don't like this. In my code I would like to know if something succeeds/fails, so additional handling can be done (e.g. logging). A die() will also stop my own code. Either use a return value or property to read the outcome, or throw an exception.

Ooops! Such a foolish mistake ;)
I have to change that to return either true or false in case of any error! Thanks for pointing that

Ok, I'm rebuilding everything according to Kay's idea. First thing is to build a form dynamically. After thinking a lot I produced this class and works. But I have no Idea how to add labels without adding complexity to the arrays. Currently it is as simple as you see. So please advise me how to add labels without making it totally convoluted. Also there might be another way of doing it so I'm waiting to hear from you guys
Thanks

inc.form.php

class MyForm{
    private  $formArray;
    //pass array to build a form in form of name=>type eg username=>text to a constructor
    public  function   __construct($postArray) {
        //make the form POST variables available to the class
        $this->formArray = $postArray;
        //print_r($this->formArray);
    }

    //construct a form
    public  function  buildForm($actionFilePath='login.php'){
        echo "<form action='$actionFilePath' method='POST' id='loginform'>";
        echo "<table border='1', cellpadding='5'> ";
        foreach ($this->formArray as $name => $type) {
            echo "<tr>
                 <td><input type='$type' name='$name' id='$name' /></td>
                 </tr>";
            

        }//end foreach

        echo "</table>";
    }



}// end form class

and this is the code that you can use to test. put the files in one dir
index.php

<html>
    <head><title>Test Login Form</title></head>

    <body>
        <?php

            require('inc.form.php');
            echo '<h1>Register</h1>';
            $formArray = array('username'=>'text', 'password'=>'password', 'submit'=>'submit');
            //print_r($formArray);
            $form = new MyForm($formArray);
            $form->buildForm('inc.form.php');
        ?>


    </body>



</html>

Learning.... I am....patiently