Documentation

Users
in package

User Login class

IMPORTANT: Requires a data source. See UsersDataSourceMySQLi.class.php for code which provides this for MySQLi

Users encapsulates a basic login and authentication package. It provides a login screen, authentication, the ability to edit oneself, and for users with the admin flag set, the ability to edit others.

It also allows a user to be disabled.

Users was designed to be extensible, adding new fields by the calling program, modifying the HTML elements, etc...

Tags
author

R. W. Rodolico rodo@unixservertech.com

version
0.9.0

(beta)

copyright

2021 Daily Data, Inc.

Table of Contents

$configuration  : array<string|int, string>
$data  : array<string|int, string>
$errors  : array<string|int, string>
$workingOn  : array<string|int, string>
__construct()  : mixed
constructor for an instance of the class
admin()  : string
Sets up the admin function which allows users to edit themselves and, optionally, others
allUsersHTML()  : string
Get all users from data source and put them in an HTML list
clearErrors()  : mixed
clears the errors array
editScreen()  : string
Creates an edit screen for display to user
errors()  : string
getter for $this->errors
HTML()  : string
Main display function.
isAdmin()  : bool
getter for isAdmin
logOut()  : mixed
Logs user out of system
name()  : string
getter for login name
addEdit()  : mixed
emptyWorkingOn()  : array<string|int, string>
Creates a variable designed to replace $this->workingOn
getNextScript()  : string
Simple helper script to calculate next script to call
initWorkingOn()  : mixed
logInScreen()  : string
Creates the fields needed for a login screen
makeHTMLField()  : string
Creates an HTML field for display
validate()  : mixed
Validates a connection and, on success, populates $data

Properties

$configuration

protected array<string|int, string> $configuration = array( /* * what to use for html input fields * These are passed to sprintf, with label, fieldname, title, placeholder and current value, in that order */ 'screens' => array('login form' => "<h1>Login</h1> <form class='login_form' action='%s' method='post'> %s <input type='submit' value='Login'></form> ", 'edit form' => "<form class='login_form' action='%s' method='post'> %s <input type='submit' name='btnUpdate' value='Update'> </form>", 'loginScreen' => "<div class='login_field'> <input class='login_field' type='text' name='username' placeholder='Username' required autofocus> </div> <div class='login_field'> <input class='login_field' type='password' name='password' placeholder='Password' required> </div>", 'adminScreen' => "<input type='hidden' name='doAdmin' value='1'> ", 'validateScript' => ''), 'html input fields' => array('text' => "<div class='login_field'> <label>%s <input class='login_field' type='text' name='%s' title='%s' placeholder='%s' value='~~%s~~'> </label> </div>", 'password' => "<div class='login_field'> <label>%s <input class='login_field' type='password' name='%s' title='%s' placeholder='%s'> </label> </div>", 'boolean' => "<div class='login_field'> <label>%s <input class='login_field' type='checkbox' name='%s' title='%s' value='1' %s ~~%s~~> </label> </div>", 'textarea' => "<div class='login_field'> <label>%s <textarea class='login_field' name='%s' title='%s' placeholder='%s'>~~%s~~</textarea> </label> </div>"), 'input prefix' => 'admin_', // prefix the name with this in a form 'tables' => array('users' => array( 'table' => '_users', // table name for user records 'id' => '_user_id', // ID column name 'display' => array( // fields which are displayed to select 'login', ), 'form test' => 'login', // field to test if form submitted 'fields' => array('login' => array( 'label' => 'Username', // login name column name 'html type' => 'text', 'filter' => '/^[a-zA-Z0-9_]+$/', 'instructions' => 'Username can only contain alpha numerics and an underscore', 'hint' => 'Change User Name', 'unique' => rue, ), 'pass' => array( 'label' => 'Password', // password column name 'html type' => 'password', 'instructions' => 'Leave blank to keep same password', 'hint' => 'Change Password', ), 'admin' => array('label' => 'isAdmin', 'html type' => 'boolean', 'restrict' => rue, 'instructions' => 'If checked, user will be able to add/edit users'), 'enabled' => array('label' => 'Enabled', 'html type' => 'boolean', 'restrict' => rue, 'instructions' => 'Uncheck to disable log in')), )), )

Contains the configuration for the class

May be modified by the calling program. Must be replicated in userDataSource class

$data

protected array<string|int, string> $data = array()

Contains the information for the current logged in user

$errors

protected array<string|int, string> $errors = array()

Contains errors that can occur

$workingOn

protected array<string|int, string> $workingOn = array()

During administration, contains the record being modified

Methods

__construct()

constructor for an instance of the class

public __construct([array<string|int, string> $customFields = array() ]) : mixed

Anything in $customFields will be recursively merged with $configuration, overwriting as necessary.

Parameters
$customFields : array<string|int, string> = array()

array to merge into $configuration

Return values
mixed

admin()

Sets up the admin function which allows users to edit themselves and, optionally, others

public admin(usersDataSource $connection[, mixed $nextScript = null ]) : string

This should be called the first time, then repeatedly called until it is done (it returns the string "Updated", "Failed" or "No changes".

The first iteration returns an edit screen displaying the users information for them to edit. It will display an HTML INPUT for each field that is not restricted. The user can then edit the chosen entries and press the button, which will call the script again, and update the record.

If the user has the admin right, the Edit screen also displays a list of all users as an unsigned list of anchors. If the user clicks on one of those, it will choose that user, load their data and allow the user to edit that users record. NOTE: this is the only way to edit fields with the restrict flag set.

Parameters
$connection : usersDataSource

A connection to the data source

$nextScript : mixed = null
Return values
string

This may be an HTML table or a single screen

allUsersHTML()

Get all users from data source and put them in an HTML list

public allUsersHTML(usersDataSource $connection[, string $nextPage = null ]) : string

Will retrieve the ID and login name of all users, putting them in a list of anchors to allow an admin to select one for editing

Parameters
$connection : usersDataSource

A connection to the data source

$nextPage : string = null

The URL of the page to be used in the link

Return values
string

an unordered list (UL) containing links with names

clearErrors()

clears the errors array

public clearErrors() : mixed
Return values
mixed

editScreen()

Creates an edit screen for display to user

public editScreen(mixed $connection) : string

This function will create an edit screen which, when displayed to the user, allows them to edit a users record. The record is stored in $this->workingOn

Function will go through each field in the users table and call makeHTMLField for it, unless the field is restricted and the user is editing their own entry. It will also create a hidden input field with the users ID

NOTE: this will not create the form; the form is created someplace else

Parameters
$connection : mixed
Return values
string

HTML containing all of the INPUT records a user can edit

errors()

getter for $this->errors

public errors() : string
Return values
string

html div containing one paragraph for every error

HTML()

Main display function.

public HTML(usersDataSource $connection[, string $nextScript = null ]) : string

This function should be called to perform the login. It performs all functions needed to log in and validate, but once logged in, will return an empty string.

Parameters
$connection : usersDataSource

A connection to the data source

$nextScript : string = null

The url to be run when logged in

Return values
string

A (possibly empty) HTML div

isAdmin()

getter for isAdmin

public isAdmin() : bool
Return values
bool

true if user is an admin, false if not

logOut()

Logs user out of system

public logOut([string $nextScript = null ]) : mixed

destroys itself ($_SESSION['user'], then session, then calls $nextScript by doing a header call.

Parameters
$nextScript : string = null

URL of next script to call

Return values
mixed

name()

getter for login name

public name() : string
Return values
string

user name

addEdit()

protected addEdit(mixed $connection) : mixed
Parameters
$connection : mixed
Return values
mixed

emptyWorkingOn()

Creates a variable designed to replace $this->workingOn

protected emptyWorkingOn() : array<string|int, string>

Initializes all fields to something non-null and sets id to -1

Return values
array<string|int, string>

An array initialized with all records needed

getNextScript()

Simple helper script to calculate next script to call

protected getNextScript([string $nextScript = null ]) : string

Returns one of three URL strings, in order of precedence $nextScript $configuration['screens']['validateScript'] PHP_SELF

Parameters
$nextScript : string = null

URL to call

Return values
string

URL

initWorkingOn()

protected initWorkingOn(mixed $connection, mixed $id) : mixed
Parameters
$connection : mixed
$id : mixed
Return values
mixed

logInScreen()

Creates the fields needed for a login screen

protected logInScreen([string $nextScript = null ]) : string

Populates %s's in 'login form' with values for $nextScript and 'loginScreen'

Parameters
$nextScript : string = null

URL to call form

Return values
string

HTML code for display

makeHTMLField()

Creates an HTML field for display

protected makeHTMLField(string $field, array<string|int, string> $record, string $value) : string

Retrieves the template for the record type, then populates it from $record, $value and $field. The template MUST have %s's in the following order for an HTML INPUT field label= name= title= placeholder= value

Knows how to handle INPUT types TEXT, TEXTAREA, PASSWORD and special html type boolean, which is checkboxes.

Parameters
$field : string

name of the field to populate

$record : array<string|int, string>

Record from $configuration[...][fields]

$value : string

the current value to put in INPUT

Return values
string

An HTML INPUT entity

validate()

Validates a connection and, on success, populates $data

protected validate(string $username, string $password, usersDataSource $connection) : mixed

Function will validate the username and password passed in, using data connection $connection. On success, populates class member $data with the values from the database (only those listed in $configuration)

On Failure, appends $error with a failure string

Parameters
$username : string

The username to be matched in database

$password : string

The password (unencrypted) the user entered

$connection : usersDataSource

A connection to the data source

Return values
mixed

Search results