Help with OOP login function

[chopps]

 

Hello All,

 

So I need a little help with the login functionality of a site.  Basically, I am using PHP OOP and have an authenticate function for logging in with the follwoing properties:

 

        protected static $table_name="users";

        protected static $db_fields = array('id', 'username', 'password', 'user_type', 'first_name', 'last_name', 'is_verified', 'email', 'member_since', 'user_token');

        public $id;

        public $username;

        public $password;

        public $user_type = "user";

        public $first_name;

        public $last_name;

        public $email;

        public $is_verified="0";

        public $member_since;

        public $user_token;

 

The authentication function:

 

  public static function authenticate($username="", $password="") {

      global $db;

      $username = $db->escape_value($username);

      $password = $db->escape_value($password);

  $password = sha1($password);

 

      $sql  = "SELECT * FROM users ";

  $sql .= "WHERE username = '{$username}' ";

      $sql .= "AND password = '{$password}' ";

      $sql .= "LIMIT 1";

      $result_array = self::find_by_sql($sql);

         

          $user_type = $result_array['user_type'];

          $is_verified = $result_array['is_verified'];

 

          if(($user_type = "user") && ($is_verified = "1")) {

              $verified = !empty($result_array) ? array_shift($result_array) : false;

          } else {

              $message = "Please verify your account by checking your inbox for the verification message";

              $verified = $message;

          }

          return $verified;

        }

 

The SQL functions being used within Authentication are below:

 

public static function find_by_sql($sql="") {

  global $db;

  $result_set = $db->query($sql);

  $object_array = array();

  while ($row = $db->fetch_array($result_set)) {

    $object_array[] = self::instantiate($row);

      }

  return $object_array;

    }

 

private static function instantiate($record) {

  $object = new self;

  foreach($record as $attribute=>$value) {

    if($object->has_attribute($attribute)) {

      $object->$attribute = $value;

        }

      }

  return $object;

    }

 

Basically I want to make an array out of the entire row that is selected with MySQL and use it to check the additional field of 'is_verified'.  If the value is equal to 1 then the user can be authenticated; Otherwise, there email address has not been verified and they cannot authenticate.  But I'm a little confused because from what I can tell the $result_array being used int he Authenticate function should return an associative array with id and key values the same as the column names in the table but it doesn't appear to be working.  I tried with a username that was not verified and they were able to authenticate just the same.  Am I doing something wrong?  Also, if there is a better way to do this I am all ears.  Thanks.

[PHPTOM]

Hello, I haven't ran your code. However, I quickly saw that you have used single equals sign in your if statement:

if(($user_type = "user") && ($is_verified = "1")) {

 

What you should do is use double equals to create an 'is equal to' condition. For example:

if($user_type == 'user' && $is_verified == 1) {

[chopps]

Thanks for the fast reply but the issue is still the same even with the changes you suggested.  It still allows me to login with a user who has not yet been verified.

[ignace]

Show us the code where you call ::authenticate() with the username and password.

 

PS You may want to brush up on your OO since their is nothing OO about your code.

 

1) You use globals

2) All your properties are public

3) Every single method is static

 

You could have saved yourself the trouble of having to write "class" everytime and just wrote procedural instead.

[chopps]

 

Sorry I haven't replied in a while (been a bit busy).  Thank you very much for the replies.  Turns out the problem was with an If statement being used to handle the authenticate function.  The original code was:

 

**********************************

if($session->is_logged_in()) {

  redirect_to("index.php");

}

 

if (isset($_POST['submit'])) {

  $username = trim($_POST['username']);

  $password = trim($_POST['password']);

 

  $found_user = User::authenticate($username, $password);

 

  if ($found_user) {

    $session->login($found_user);

    log_action('Login', "{$found_user->username} logged in.");

    redirect_to("index.php");

  } else {

    $message = "Username/password combination incorrect.";

  }

} else {

  $username = "";

  $password = "";

}

**********************************

 

So, no matter what the outcume of the function they would be logged in as long as the username and password matched.  I changed it to this:

 

**********************************

if($session->is_logged_in()) {

  $message = "You are logged in!";

}

 

if (isset($_POST['submit'])) {

  $username = trim($_POST['username']);

  $password = trim($_POST['password']);

 

  $found_user = User::authenticate($username, $password, $is_verified);

 

  If ($found_user->is_verified == 1 ) {

    $session->login($found_user);

    log_action('Login', "{$found_user->username} logged in.");

    redirect_to("index.php");

  } elseif ($found_user->is_verified == 0 )  {

    $message = "You have not been verified";

  } else {

    $message = "Username or Password incorrect.";

  }

} else {

  $username = "";

  $password = "";

}

**********************************

 

Once I changed that I was able to get it working. 

 

P.S. @ignace - I am actually just trying to learn OOP PHP and am still an amateur but if you know of any good tutorials or books please let me know so I can improve. =-)