Object oriented login system

[DeaconDesperado]

Hello all!

 

After muddling about writing authorization systems a few times, I've decided to try my hand at an Object oriented auth system.

 

I understand everyone sits in a different corner when it comes to the OOP debate, but if there is anyone here who could better explain the logic/best practices to me, I'd really appreciate it!

 

What I have as a blue print is this -

 

A class called user - which within that class would be methods for:

Register : To add new users to the account database, hash their passwords, verify their data and send a confirmation email

Login : To query the database when a login is entered and return as a flag for success an ID to be used as a session variable

Update:  To change data in the database regarding a user who is logged in.

 

I know/can work my way through all the relevant code for all these methods - I'm just having difficulty understanding the proper relationship between the calling scripts, the sessions, and the classes involved.

 

Would I be instantiating the class 'user' every time one of these actions is necessary?  That seems counter-intuitive if the objective is each instance of user to be an individual request.  Obviously all the different forms for login and registration will be in different pages, most likely includes that will be selectively accesses conditionally depending on whether a valid session exists or not.

 

I guess what I am struggling with is understanding the proper, best practice structure of logic separation in an OOP context.  Any clarification would rock!

 

Thanks!

 

[mikesta707]

instead of instantiating the object each time (which would make the class kind of worthless in my opinion) you could just make a session to hold the object, and use that whenever you need to do user based actions

[DeaconDesperado]

How would I get the object into the session?  Should I just pass its properties individually?

 

ex.

$_SESSION['fname'] = $fname

$_SESSION['lname'] = $lname

 

Or is there a way to pass the object as a whole?

 

Forgive me if my understanding is still poor...

[mikesta707]

you can just pass the object as a whole

[DeaconDesperado]

So then...

 

$_SESSION['user'] = $user //this being the instance of the class with all the properties.

 

Can be called on other pages as....

 

$userinfo = $_SESSION['user'];

$userinfo->fname;

 

Without causing an error?  Does it matter that the $_SESSION array is essentially binding multiple values (all the fname and lname variables etc.) within one entry of the array?

[mikesta707]

yep that should be fine. You may want to make sure that you set the session again after you use the object, IE

 

$userinfo = $_SESSION['user'];
$userinfo->fname;

$userinfo->update(whatever)

//other stuff with userinfo

$_SESSION['user'] = $userinfo;

 

because variables inside the object may change, and you want to make sure that your session object is up to date.

 

I believe you can also just use the session instead of copying its value to a variable, IE

 

$_SESSION['user']->update();

 

[mikesta707]

also, a few things I forgot to say. Whenever you would pass the object to a new variable, you need to re-initialize the object. And remember to include the file with the object's class in every page. so for example

 

this wouldn't work:

<?php
session_start();
include "class.php";

$object = new Class();
$object->function();
$_SESSION['object']=$object;
?>

page2.php
<?php
session_start();
$object = $_SESSION['object'];
$object->function();
?>

 

this would work:

 

<?php
include "class.php";
session_start();

$object = new Class();
$object->function();
$_SESSION['object']=$object;
?>

page2.php
<?php
include "class.php";
session_start();

$object = new Class();
$object = $_SESSION['object'];
$object->function();
?>

 

also remember to include the page before you start the session.