Authentication class
Level: ultralow
This is simple authentication class for your inspiration written in php. On this small example we will show the simplest way possible for restricting access only for logged-in users. We will use mysqli for database connection and phps builtin password_hash and password_verify for passwords. Also we will need to setup database and table for successful example.
Let's start with mysql database. If you don't have one, create it. We need one simple table (3 columns) for working example. Here is SQL I've used for mine for inspiration.
CREATE TABLE `my_table_name` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`username` varchar(255) COLLATE utf8_czech_ci NOT NULL DEFAULT '',
`password` varchar(255) COLLATE utf8_czech_ci NOT NULL DEFAULT '',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8 COLLATE=utf8_czech_ci;After you successfuly created the table, let's continue to the core of auth - the script. We will save it in our project as Authentication.php at first and then walk step by step through the code and explain what it does and how to use it in your actual code.
<?php
class Authentication {
/** SQL statement for auth table for inspiration
CREATE TABLE `my_table_name` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`username` varchar(255) COLLATE utf8_czech_ci NOT NULL DEFAULT '',
`password` varchar(255) COLLATE utf8_czech_ci NOT NULL DEFAULT '',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8 COLLATE=utf8_czech_ci;
*/
// DB server host, eg. localhost, 127.0.0.1
private $dbHost = '127.0.0.1';
// Username for connection
private $dbUser = 'root';
// Password for given username
private $dbPassword = '';
// Database name
private $dbName = 'my_db_name';
// DB port - 3306 as default
private $dbPort = 3306;
private $dbTable = 'my_table_name';
private $connection = null;
public function __construct() {
if ($this->connection === null) {
try {
$this->connection = new mysqli($this->dbHost, $this->dbUser, $this->dbPassword, $this->dbName, $this->dbPort);
} catch (Exception $e) {
error_log($e->getMessage());
}
}
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
}
public function __destruct() {
$this->connection->close();
}
public function register($username, $password): bool {
if ($this->findByUsername($username) === null) {
if ($stmt = $this->connection->prepare("INSERT INTO " . $this->dbTable . " (username, password) VALUES (?, ?)")) {
$hash = password_hash($password, PASSWORD_DEFAULT);
$stmt->bind_param("ss", $username, $hash);
$stmt->execute();
$affectedRows = $stmt->affected_rows;
$stmt->free();
return $affectedRows === 1 ? true : false;
}
}
return false;
}
public function unregister($username): bool {
if ($this->findByUsername($username) !== null) {
if ($stmt = $this->connection->prepare("DELETE FROM " . $this->dbTable . " WHERE username = ?")) {
$stmt->bind_param("s", $username);
$stmt->execute();
$affectedRows = $stmt->affected_rows;
$stmt->free();
return $affectedRows === 1 ? true : false;
}
}
return false;
}
public function login($username, $password): bool {
if ($stmt = $this->connection->prepare("SELECT password FROM " . $this->dbTable . " WHERE username = ? LIMIT 1")) {
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->bind_result($hash);
$stmt->store_result();
$stmt->fetch();
$numRows = $stmt->num_rows;
$stmt->free();
if ($numRows === 1) {
if (password_verify($password, $hash)) {
$_SESSION['username'] = $username;
return true;
}
}
}
return false;
}
public function logout(): void {
unset($_SESSION['username']);
}
public function isAuthed(): bool {
if (array_key_exists('username', $_SESSION) && $_SESSION['username'] !== null) {
return true;
} else {
return false;
}
}
public function getCurrentUser(): ?array {
if ($this->isAuthed()) {
return $this->findByUsername($_SESSION['username']);
}
return null;
}
public function findByUsername($username): ?array {
if ($stmt = $this->connection->prepare("SELECT id, username FROM " . $this->dbTable . " WHERE username = ? LIMIT 1")) {
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->bind_result($id, $found);
$stmt->store_result();
$stmt->fetch();
$numRows = $stmt->num_rows;
$stmt->free();
if ($numRows === 1) {
$a = ['id' => $id, 'username' => $found];
return $a;
}
}
return null;
}
}1) At the top of script is class definition with name Authentication 2) Under the class definition, we see configuration part, that needs to be filled-up 3) Under configuration, there's empty variable $connection, we will keep our connection here 4) Next is constructor, that takes care about properly connecting to DB when class is instantiated 5) Next is destructor, we destroy connection here when class is destructed 6) First method - register($username, $password) of logical type bool(ean) - you can register user by trigering this method 7) Second - unregister($username) - removes user from database 8) login($username, $password) - tries to login user with given credentials 9) logout() - well, does logout... 10) isAuthed() - tells you, if user is authenticated 11) getCurrentUser() - gives you basic informations about logged-in user 12) findByUsername($username) - gives you basic informations about any user by his name
Let's look at how to use this class for your current project
require_once 'Authentication.php';
$authentication = new Authentication();
$authentication->register("test", "testpass");
$authentication->findByUsername("test");
$authentication->getCurrentUser();
$authentication->login("test", "testpass");
if ($authentication->isAuthed()) {
echo "secret content";
} else {
echo "nonsecret content";
}
$authentication->logout();
$authentication->unregister("test");