Review User Login/Logout Class?

[szezulak]

Hello everyone,

 

I'm hoping I can get some help reviewing this class I wrote to handle user logins for my project. I've never written a proper class to do so before and, while this one is simple, I'm hoping you can give me a couple pointers and iron out any errors. I just finished writing this and haven't had an opportunity to test it, so beware!

 

<?php

class User
{
    public $id = 0;
    public $name = '';
    public $url = '';
    public $email = '';
    public $logincount = 0;
    public $lastlogin = null;
    public $loggedin = false;
    private $password = '';
    
    private $db = null;
    
    public function __construct ( &$db, $id = 0 )
    {
        $this->db = $db;
        
        if ( is_integer ( $id ) && ( $id > 0 ) )
        {
            $this->load_user ( $id );
        }
    }
    
    private function load_user ( $id )
    {
        if ( is_array ( $id ) )
        {
            $this->id = $id['id'];
            $this->name = $id['name'];
            $this->url = $id['url'];
            $this->email = $id['email'];
            $this->logincount = $id['logincount'];
            $this->lastlogin = $id['lastlogin'];
            $this->password = $id['password'];
            
            return true;
        }
        
        $user_query = $this->db->query ( "SELECT * FROM `{$this->db->prefix}users` WHERE `id`='{$id}' LIMIT 1;" );
        
        if ( $this->db->num_rows ( $user_query ) == 1 )
        {
            $user = $this->db->fetch_array ( $user );
            $this->id = $id;
            $this->name = $user['name'];
            $this->url = $user['url'];
            $this->email = $user['email'];
            $this->logincount = $user['logincount'];
            $this->lastlogin = $user['lastlogin'];
            $this->password = $user['password'];
        }
        
        return true;
    }
    
    public function validate_login ( $id, $hash )
    {
        // See if the user has a session open
        $loggedin_query = $this->db->query ( "SELECT * FROM `{$this->db->prefix}sessions` WHERE `user`='{$id}' LIMIT 1;" );
        
        if ( $this->db->num_rows ( $loggedin_query ) == 1 )
        {
            // User has a session open... Check if the hash is valid
            $this->load_user ( $id );
            
            if ( $hash == $this->generate_user_hash () )
            {
                $this->loggedin = true;
                return true;
            }
            
            $this->logout ();
            return false;
        }
        
        return false;
    }
    
    private function generate_user_hash ()
    {
        return sha1 ( $this->id . $this->username . $this->email . date ( 'W' ) );
    }
    
    public function login ( $name, $password )
    {
        $password = sha1 ( $password );
        
        $login_query = $this->db->query ( "SELECT * FROM `{$this->db->prefix}users` WHERE `name`='{$name}' AND `password`='{$password}' LIMIT 1;" );
        
        if ( $this->db->num_rows ( $login_query ) == 1 )
        {
            $this->load_user ( $this->db->fetch_array ( $login_query ) );
            
            $_SESSION['ozitri_id'] = $this->id;
            $_SESSION['ozitri_hash'] = $this->generate_user_hash ();
            
            $ip = $_SERVER['REMOTE_ADDR'];
            $this->db->query ( "INSERT INTO `{$this->db->prefix}sessions` (`user`,`ip`) VALUES ('{$this->id}','{$ip}');" );
            
            $this->loggedin = true;
            
            return true;
        }
        
        return false;
    }
    
    public function logout ()
    {
        $_SESSION = array();
        $this->db->query ( "DELETE FROM `{$this->db->prefix}sessions` WHERE `user`='{$this->id}';" );
        $this->clear ();
    }
    
    private function clear ()
    {
        $this->id = 0;
        $this->name = '';
        $this->url = '';
        $this->email = '';
        $this->logincount = 0;
        $this->lastlogin = null;
        $this->loggedin = false;
        $this->password = '';
    }
}

?>