class USER{
var $user_name = "";
var $encripted_pass = "";
var $db = -1;
var $db_name = "database name";
var $logged_in = false;
var $member_type = "";
=
// Initialization
function USER($user,$pass){
$this->db_connect();
$this->log_in($user,$pass);
}
function db_connect(){
if($this->db == -1){
$this->db = mysql_connect("host.dot.com","username","pass")
or die ("connection error");
}
}
function db_close(){
mysql_close($this->db);
$this->db= -1;
}
// information functions
function is_admin(){
if($this->logged_in && $this->member_type == "admin"){
return true;
}else{
return false;
}
}
function is_basic(){
if($this->logged_in && $this->member_type == "basic"){
return true;
}else{
return false;
}
}
function get_user(){
if($this->user_name != ""){
return $this->user_name;
}
return false;
}
function get_pass(){
if($this->encripted_pass != ""){
return $this->user_name;
}
return false;
}
// control functions
function log_out(){
$this->user_name = "";
$this->member_type = "";
$this->logged_in = false;
}
function log_in($user,$pass){
// secret md5() variables to make this script harder to crack
// got the idea from phpbuilder
$key[basic] = "345hjk435oo4i2mdhndf";
$key[admin] = "hajh389asdmf9291asd";
$type = 0;
// check to see if the users is in the database and
// return the type of user they are.
$query = "SELECT type FROM users WHERE username='"
.$user."' AND password='".$pass."'";
$result = mysql_db_query($this->db_name,$query,$this->db)
or die ("Query error: getting username");
if(mysql_num_rows($result) > 0){
$type = mysql_fetch_assoc($result);
$type = $type[type];
$this->user_name = $user;
$this->encripted_pass = md5($pass.$key[$type]);
$this->logged_in = true;
$this->member_type = $type;
}else{
$this->user_name = "";
$this->encripted_pass = "";
$this->logged_in = false;
$this->member_type = "";
}
}
function register($user,$pass){
// check if user exists
$query = "SELECT id FROM users WHERE username='"
.$this->user_name."';";
$result = mysql_db_query($this->db_name,$query,$this->db)
or die ("Write 1 error");
if(mysql_num_rows($result) <= 0){
// if not than add user to the database
$query = "INSERT INTO users VALUES('0','".$user
. "','" . $pass . "','basic')";
}
if(mysql_db_query($db_name,$query,$db)){
$this->log_in($user,$pass);
return true;
}
return false;
}
}
?>
//Examples
// user with a session
session_start();
if($_SESSION["user"]){
$localuser = unserialize($_SESSION["user"]);
}else{
$localuser = new USER($_POST["username"],$POST["username"]);
}
// make sure you close the user if you use the db functions.
$localuser->db_close();
if(!$_SESSION["user"]){
session_register("user");
}
$_SESSION["user"] = $localuser;
?>
All you have to do once you get the users authorized is check
them to see if they can do certen things on the site. ie
if($localuser->is_basic() || $localuser->is_admin()){
// can add messages or something
}
?>
= mysql table structure =
CREATE TABLE IF NOT EXISTS users VALUES(id INT UNSIGNED
AUTO_INCREMENT PRIMARY KEY,username TEXT,password TEXT,type TEXT)