Subversion Repositories php_users

Rev

Rev 4 | Rev 10 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 4 Rev 6
Line 1... Line 1...
1 
By itself, the users class (with a data access class like the included UsersDataSourceMySQLi class) handles basic login/logout/editing functions.
 1 
By itself, the users class (with a data access class usersDataSource like the included UsersDataSourceMySQLi class) handles basic login/logout/editing functions.
2 
 
 2 
 
3 
The class(es) were, however, designed for extensibility and customization in mind. Some design considerations were made with this in mind.
 3 
The class(es) were, however, designed for extensibility and customization in mind. Some design considerations were made with this in mind.
4 
 
 4 
 
5 
This code uses the ternary and null coelescing shortcuts ?: and ??. I THINK these were introduced in PHP 5.3, but not sure. This code will not work on versions which do not have these shortcuts. See https://www.php.net/manual/en/language.operators.comparison.php
 5 
This code uses the ternary and null coelescing shortcuts ?: and ??. I THINK these were introduced in PHP 5.3, but not sure. This code will not work on versions which do not have these shortcuts. See https://www.php.net/manual/en/language.operators.comparison.php
6 
 
 6 
 
- 
 
 7 
You can get a copy of this from our subversion repository
- 
 
 8 
svn co http://svn.dailydata.net/svn/php_users/stable php_users
- 
 
 9 
My working copy is at
- 
 
 10 
http://svn.dailydata.net/svn/php_users/trunk
- 
 
 11 
but I recommend NOT using that as I use trunk as my personal playground and will commit broken code to it regularly
- 
 
 12 
 
7 
=== Basic System ===
 13 
=== Basic System ===
8 
 
 14 
 
9 
With no modification, the system will store username, password and two booleans, isAdmin and enabled. The default table is created as
 15 
With no modification, the system will store username, password and two booleans, isAdmin and enabled. The default table is created as
10 
 
 16 
 
11 
<code sql>
 17 
<code sql>
Line 22... Line 28...
22 
* login is filtered to alpha-numerics and the underscore character
 28 
* login is filtered to alpha-numerics and the underscore character
23 
* password is stored as a hash using PHP's password_hash
 29 
* password is stored as a hash using PHP's password_hash
24 
* users with isAdmin set will be able to add/edit other users
 30 
* users with isAdmin set will be able to add/edit other users
25 
* users with enabled set to false (0) will not be able to log in
 31 
* users with enabled set to false (0) will not be able to log in
26 
 
 32 
 
27 
NOTE: the UsersDataSourceMySQLi class has a public function, buildTable, which will build the table, so installation involves simply calling that function.
 33 
NOTE: the usersDataSource class has a public function, buildTable, which will build the table, so installation involves simply calling that function.
28 
 
 34 
 
29 
IMPORTANT: to allow the Users class to work with a wide variety of data types, it does no data access itself. It requires a data access class.
 35 
IMPORTANT: to allow the Users class to work with a wide variety of data types, it does no data access itself. It requires a data access class.
30 
 
 36 
 
31 
Basic use in a script involves instantiating a data access class object, then instantiating a Users class object.
 37 
Basic use in a script involves instantiating a data access class object, then instantiating a Users class object.
32 
 
 38 
 
Line 58... Line 64...
58 
      </div>
 64 
      </div>
59 
   </body>
 65 
   </body>
60 
</html>
 66 
</html>
61 
</code>
 67 
</code>
62 
 
 68 
 
63 
This example is using the UsersDataSourceMySQLi definition of  data access (included)
 69 
This example is using the usersDataSource definition of  data access (included)
64 
 
 70 
 
65 
If you run it the first time with <code php>$connection->buildTable( 'admin', 'admin' ); die;</code> uncommented, it will build the table. Comment that line out on the next run and you will be presented with a login screen.
 71 
If you run it the first time with <code php>$connection->buildTable( 'admin', 'admin' ); die;</code> uncommented, it will build the table. Comment that line out on the next run and you will be presented with a login screen.
66 
 
 72 
 
67 
Class function HTML() displays various things to allow login, then quits displaying anything. Setting $_REQUEST['logout'] = 1 before calling HTML() will initiate a log out which will destroy the session variable
 73 
Class function HTML() displays various things to allow login, then quits displaying anything. Setting $_REQUEST['logout'] = 1 before calling HTML() will initiate a log out which will destroy the session variable
68 
 
 74 
 
Line 84... Line 90...
84 
 
 90 
 
85 
First, everything is pretty basic. I tried to limit the number of fields to the absolute minimum, but also set it up to allow additional fields to be added programmatically. The example does this.
 91 
First, everything is pretty basic. I tried to limit the number of fields to the absolute minimum, but also set it up to allow additional fields to be added programmatically. The example does this.
86 
 
 92 
 
87 
If you open the class source, you'll find the private member $dbDefinition, which defines everything in the code (I hope). When you create a new instance, you can pass the constructor an array which will be merged with this member, optionally increasing the number and definition of the fields.
 93 
If you open the class source, you'll find the private member $dbDefinition, which defines everything in the code (I hope). When you create a new instance, you can pass the constructor an array which will be merged with this member, optionally increasing the number and definition of the fields.
88 
 
 94 
 
89 
WARNING: if you add new fields to the Users class, you must also add them to class UsersDataSourceMySQLi. See below
 95 
WARNING: if you add new fields to the Users class, you must also add them to class usersDataSource. See below
90 
 
 96 
 
91 
Let's add a new field, say we want to store the users e-mail address. In our PHP, create an array as follows:
 97 
Let's add a new field, say we want to store the users e-mail address. In our PHP, create an array as follows:
92 
 
 98 
 
93 
<code php>
 99 
<code php>
94 
   $customFields = array(
100 
   $customFields = array(
Line 123... Line 129...
123 
            )
 129 
            )
124 
      );
 130 
      );
125 
 ?>
 131 
 ?>
126 
 </code>
 132 
 </code>
127
133
128 
 Now, when we instantiate a new object of class Users AND class UsersDataSourceMySQLi, we simply pass this array in.
 134 
 Now, when we instantiate a new object of class Users AND class usersDataSource, we simply pass this array in.
129
135
130 
 <code php>
 136 
 <code php>
131 
    $connection = new usersDataSource(
137 
    $connection = new usersDataSource(
132 
         null,
 138 
         null,
133 
         $customFields,
139 
         $customFields,
Line 136... Line 142...
136 
   if ( ! isset( $_SESSION['user'] ) ) {
142 
   if ( ! isset( $_SESSION['user'] ) ) {
137 
      $_SESSION['user'] = new Users( $customFields );
 143 
      $_SESSION['user'] = new Users( $customFields );
138 
   }
 144 
   }
139 
</php>
 145 
</php>
140 
 
 146 
 
141 
Note that since we replicated the basic structure of $dbDefinition in Users and UsersDataSourceMySQLi, we can use the same hash to pass into both; they will store, but ignore values not relevant to them.
 147 
Note that since we replicated the basic structure of $dbDefinition in Users and usersDataSource, we can use the same hash to pass into both; they will store, but ignore values not relevant to them.
142 
 
 148 
 
143 
When the usersDataSource and Users objects are created, $customFields will be merged, with duplicates overwritten by the $customFields value.
 149 
When the usersDataSource and Users objects are created, $customFields will be merged, with duplicates overwritten by the $customFields value.
144 
 
 150 
 
145 
This is not limited to adding new columns; you can modify the display definitions also, ie how the information is stored on the screen, to some extent.
 151 
This is not limited to adding new columns; you can modify the display definitions also, ie how the information is stored on the screen, to some extent.
- 
 
 152 
 
- 
 
 153 
==== usersDataSource ====
- 
 
 154 
 
- 
 
 155 
This is our data access class. It really doesn't matter what it is called, though I plan to call it the same when I add more data access objects.
- 
 
 156 
 
- 
 
 157 
This code accesses the data (duh), and is consistently called $connection in the Users class. The only requirement is that it must be able to implement the following functions
- 
 
 158 
 
- 
 
 159 
getPassword( $username ) returns encrypted password
- 
 
 160 
getRecord( $username ) returns array containing the values for a user
- 
 
 161 
getAllUsers() returns an array of all user id's and names
- 
 
 162 
getARecord( array of key value pairs to limit what is retrieved ) returns all values
- 
 
 163 
update( array of key value pairs ) returns true/false on success/failure
- 
 
 164 
 
- 
 
 165 
It is also nice is it can A) handle new columns and B) create and initialize the necessary storage
- 
 
 166 
 
- 
 
 167 
I separated this out from the Users class because not all programs need database access. For instance, the favorites_urls app uses file based storage, so by writing a new access class for it, we will hopefully be able to get the same functionality, but with a different storage back end.
- 
 
 168 
 
- 
 
 169 
==== Future ====
- 
 
 170 
 
- 
 
 171 
This is only the initial part of this particular project. I now intend to extend both classes to allow boolean permissions which will be integrated into our new version of CAMP, giving very granular rights to users. It will be available as a second set of files in this repository and is planned for release by October 2021.