Combining PHP Registration and Login into one class with multiple functions in one PHP file -
i'm trying combine registration, activation , login scripts php website backend script front end developer can pass variables different forms to. my question whether appropriate approach this. don't want have lot of php files different pieces of application developing. far have written following 2 functions login, register , activate user front end developer can call:
<?php /** * created phpstorm. * user: karl * date: 26/07/2016 * time: 02:25 */ class users { function register_user($email, $password, $user_name) { $server_name = "localhost"; $u_name = "root"; $db_password = "root"; $db_name = "betamath_graspe"; //email notification variable $from_address="info@slack.com"; //registration form $msg_reg_user='username taken. please choose different username'; $msg_reg_email='email registered'; $msg_reg_active='activation code has been sent email address'; //domain configuration $url = ((isset($_server['https']) && $_server['https'] == "on") ? "https" : "http"); $url .= "://".$_server['http_host']; $url .= str_replace(basename($_server['script_name']),"",$_server['script_name']); // create connection $conn = new mysqli($server_name, $u_name, $db_password, $db_name); // check connection if ($conn->connect_error) { die("connection failed: " . $conn->connect_error); } //prevent sql injection $user_name=mysqli_real_escape_string($conn,$_post["user_name"]); $password=mysqli_real_escape_string($conn,$_post["password"]); $email=mysqli_real_escape_string($conn,$_post["email"]); //check if user exist $query="select * users user_name='$user_name'"; $result=mysqli_query($conn,$query) or die('error'); if (mysqli_num_rows($result)) { die($msg_reg_user); } //check if user exist $query="select * users email='$email'"; $result=mysqli_query($conn,$query) or die('error'); if (mysqli_num_rows($result)) { die($msg_reg_email); } $active_key = sha1(mt_rand(10000,99999).time().$email); if(phpversion() >= 5.5) { $hashed_password=password_hash($password,password_default); } else { $hashed_password = crypt($password,'987654321'); //hash used suppress php notice } $query="insert users(username,password,email,active_key) values ('$user_name','$hashed_password','$email','$active_key')"; if (!mysqli_query($conn,$query)) { die('error: ' . mysqli_error($conn)); } //send email user password $to=$email; $subject="welcome graspe"; $body="hi ".$user_name. "<br /><br /> registration.<br />". "click below link activate account<br /><br />". "<a href=\"$url/activate_user_account.php?k=$active_key\"> activate account </a><br /><br /> thanks<br />"; $headers = 'mime-version: 1.0' . "\r\n"; $headers .= 'content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers .="from:".$from_address . "\r\n";; mail($to,$subject,$body,$headers); echo $msg_reg_active; } function login_user($username, $password) { $server_name = "localhost"; $user_name = "root"; $db_password = "root"; $db_name = "betamath_graspe"; // create connection $conn = new mysqli($server_name, $user_name, $db_password, $db_name); // check connection if ($conn->connect_error) { die("connection failed: " . $conn->connect_error); } //message strings $msg_pwd_error='password incorrect'; $msg_un_error='username doesn\'t exist'; $msg_email_1='user account not yet activated.'; $msg_email_2='click here resend activation email'; //domain configuration $url = ((isset($_server['https']) && $_server['https'] == "on") ? "https" : "http"); $url .= "://".$_server['http_host']; $url .= str_replace(basename($_server['script_name']),"",$_server['script_name']); //check if user exist $query="select * users username='$username'"; $result=mysqli_query($conn,$query) or die('error'); if (mysqli_num_rows($result)) //if exist check password { //pickup password compare encrypted password $query="select password,email users username='$username'"; $result=mysqli_query($conn,$query) or die('error'); $db_field = mysqli_fetch_assoc($result); //3.3 $hashed_password=crypt($password,$db_field['password']); if(phpversion() >= 5.5) { if(password_verify($password, $db_field['password'])) { //once password verified migrate password_hash crypt if(strlen($db_field['password']) < 60) { $hashed_password=password_hash($password,password_default); $query = "update users set password='$hashed_password' username='$username' , email='$db_field[email]'"; //echo $query; $result = mysqli_query($conn,$query) or die('error updating password hash'); } $query="select * users username='$username"; $result=mysqli_query($conn,$query) or die('error'); if(mysqli_num_rows($result)) { $_session['login'] = true; $_session['username']=$username; echo json_encode( array('result'=>1)); } else { echo json_encode( array('result'=>"$msg_email_1 <br /><a href=\"".$url."\\resend_activation_key.php?user=".$username."\">$msg_email_2</a>.")); // echo "user account not yet activated.check mail activation details."; } } else { echo json_encode( array('result'=>$msg_pwd_error)); } } else { $hashed_password=crypt($password,$db_field['password']); $query="select * users username='$username' , password='$hashed_password'"; $result=mysqli_query($conn,$query) or die('error'); if (mysqli_num_rows($result)) //if passwords match check activation status { $query="select * users username='$username' , password='$hashed_password' , active_status in(1)"; $result=mysqli_query($conn,$query) or die('error'); if(mysqli_num_rows($result)) { $_session['login'] = true; $_session['username']=$username; echo json_encode( array('result'=>1)); } else { echo json_encode( array('result'=>"$msg_email_1 <br /><a href=\"".$url."\\resend_activation_key.php?user=".$username."\">$msg_email_2</a>.")); // echo "user account not yet activated.check mail activation details."; } } else { echo json_encode( array('result'=>$msg_pwd_error)); // echo trim("password incorrect"); } } } else { echo json_encode( array('result'=>$msg_un_error)); // die("username doesn't exist"); die(); } } }
it can better actually, first of don't know if using mvc framework or not, if don't have migrate one, creating web site old way no longer practice, if don't have time this, there better way this.
here points:
- have configuration class won't need write configuration in each function
- you mixing database queries logic need separate need create mapper , model , service class, here example http://www.slideshare.net/aaronsaray/enterprise-php-mappers-models-and-services
- one more thing can consider orm framework doctrine, save lots of time
Comments
Post a Comment