I have it on my user.php page which contains;
<?php
class Users {
public $username = null;
public $password = null;
public $salt = "Zo4rU5Z1YyKJAASY0PT6EUg7BBYdlEhPaNLuxAwU8lqu1ElzHv0Ri7EM6irpx5w";
public $email = null;
public $first = null;
public $middle = null;
public $last = null;
public $question = null;
public $answer = null;
public function __construct( $data = array() ) {
if( isset( $data['username'] ) ) $this->username = stripslashes( strip_tags( $data['username'] ) );
if( isset( $data['password'] ) ) $this->password = stripslashes( strip_tags( $data['password'] ) );
if( isset( $data['email'] ) ) $this->email = stripslashes( strip_tags( $data['email'] ) );
if( isset( $data['first'] ) ) $this->first = stripslashes( strip_tags( $data['first'] ) );
if( isset( $data['middle'] ) ) $this->middle = stripslashes( strip_tags( $data['middle'] ) );
if( isset( $data['last'] ) ) $this->last = stripslashes( strip_tags( $data['last'] ) );
if( isset( $data['question'] ) ) $this->question = stripslashes( strip_tags( $data['question'] ) );
if( isset( $data['answer'] ) ) $this->answer = stripslashes( strip_tags( $data['answer'] ) );
}
public function storeFormValues( $params ) {
//store the parameters
$this->__construct( $params );
}
public function userLogin() {
$success = false;
try{
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "SELECT * FROM users WHERE username = :username AND password = :password LIMIT 1";
$stmt = $con->prepare( $sql );
$stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->execute();
$valid = $stmt->fetchColumn();
if( $valid ) {
$success = true;
}
$con = null;
return $success;
}catch (PDOException $e) {
echo $e->getMessage();
return $success;
}
}
public function register() {
$correct = false;
try {
$con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "INSERT INTO users (username, password, email, first, middle, last, question, answer)
VALUES(:username, :password, :email, :first, :middle, :last, :question, :answer)";
$stmt = $con->prepare( $sql );
$stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
$stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR );
$stmt->bindValue( "email", $this->email, PDO::PARAM_STR );
$stmt->bindValue( "first", $this->first, PDO::PARAM_STR );
$stmt->bindValue( "middle", $this->middle, PDO::PARAM_STR );
$stmt->bindValue( "last", $this->last, PDO::PARAM_STR );
$stmt->bindValue( "question", $this->question, PDO::PARAM_STR );
$stmt->bindValue( "answer", $this->answer, PDO::PARAM_STR );
$stmt->execute();
return "Registration Successful <br/> <a href='index.php'>Login Now</a>";
}catch( PDOException $e ) {
return $e->getMessage();
}
}
}
?>