Exploits in authentication class and procedural code... ?

[cgm225]

The following is my authentication class and procedural code.  Does it appear to be secure and well written, or are there holes that could be exploited?

 

Thanks in advance!

 

 

<?php

class MysqliAuthentication {
    
    //Declaring variables
    private $connection;
    private $username;
    private $password;
    private static $referrer;
    private static $instance;

    /* Sets username and raw password for authentication, as well as the 
     * mysqli connection object WITH database selected
     */
    public function __construct(mysqli $connection, $username, $password,
            $referrer) {
        $this->connection = $connection;
        $this->username   = $username;
        $this->password   = $password;
        self::$referrer   = isset($referrer) ? $referrer : '';
        self::$instance   = $this;
    }
    
    public static function getInstance() {
        return self::$instance;
    }
    
    public static function getReferrer() {
        return self::$referrer;
    }

    /* Checks provided username and password against a MySQL database table and
     * returns true if login is successful, followed with setting of username
     * and password session variables.
     */
    public function doLogin() {
        $query = "SELECT COUNT(*) FROM users
            WHERE username = ? AND password = ?";
        $statement = $this->connection->prepare($query);
        $statement->bind_param('ss', $this->username, md5($this->password));
        $statement->execute();
        $statement->bind_result($count);
        $statement->fetch();
        if ($count == 1) {
            return $this->setSession($this->username, $this->password);
        } else {
            return false;
        }
        $statement->close();
    }

    /* Checks if a username has a given permission found within a MySQL database
     * table, returning true if the username has the given permission.
     */
    public function checkPermission($permission) {
        $query = "SELECT COUNT(*) FROM permissions
            WHERE username = ? AND permission_for = ?";
        $statement = $this->connection->prepare($query);
        $statement->bind_param('ss', $this->username, $permission);
        $statement->execute();
        $statement->bind_result($count);
        $statement->fetch();
        return $count == 1;
        $statement->close();
    }

    /* Sets the provided username and password to session variables
     */
    private function setSession($username, $password) {
        $_SESSION['username'] = $username;
        $_SESSION['password'] = $password;
        return true;
    }
    
}


/* Procedurally establishing username, password, and referrer variables,
* followed with instantiation of a new MysqliAuthentication class 
*/

if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
    //Login already present
    $username = $_SESSION['username'];
    $password = $_SESSION['password'];
    $referrer = null;
} else {
    //Username & password NOT set, so setting username, password, referring URL
    $username = isset($_POST['username']) ? $_POST['username'] : null;
    $password = isset($_POST['password']) ? $_POST['password'] : null;
    $referrer = isset($_POST['referrer']) ? $_POST['referrer'] : null;
}

/* Selecting database containing authentication data from previously established
* $mysqli object
*/
$mysqli->select_db(AUTH_DB);

//Instantiating a new MysqliAuthentication class
new MysqliAuthentication($mysqli, $username, $password, $referrer); 
$auth = MysqliAuthentication::getInstance();

?>