<?php class Login{ private $_id; private $_username; private $_pass

1. <?php
2. class Login{
3. private $_id;
4. private $_username;
5. private $_password;
6. private $_passmd5;
7. private $_errors;
8. private $_access;
9. private $_login;
10. private $_token;
11.  
12. public function __construct(){
13. $this->_errors = array();
14. $this->_login = isset($_POST['login']) ? 1 : 0;
15. $this->_access = 0;
16. $this->_token = $_POST['token'];
17.  
18. $this->_id = 0;
19. $this->_username = ($this->_login) ? $this->filter($_POST['username']) : $_SESSION['username'];
20. $this->_password = ($this->_login) ? $this->filter($_POST['password']) : '';
21. $this->_passmd5 = ($this->_login) ? md5($this->_password) : $_SESSION['password'];
22. }
23. public function isLoggedIn(){
24. ($this->_login) ? $this->verifyPost() : $this->verifySession();
25. return $this->_access;
26. }
27. public function filter($var){
28. return preg_replace('/[^a-zA-z0-9]/','',$var);
29. }
30. public function verifyPost(){
31. try{
32. if(!$this->isTokenValid())
33. throw new Exception('Invalid Form Submission!');
34. if(!$this->isDataValid())
35. throw new Exception('Invalid Form Data!');
36. if(!$this->verifyDatabase())
37. throw new Exception('Invalid Form Username/Password!');
38. $this->_access = 1;
39. $this->registerSession();
40. }catch(Exception $e){
41. $this->_errors[] = $e->getMessage();
42. }
43.  
44. }
45. public function verifySession(){
46. if($this->sessionExist() && $this->verifyDatabase()){
47. $this->_access = 1;
48. }
49. }
50. public function verifyDatabase(){
51. mysqli_connect("localhost","root","") or die(mysql_error());
52. mysqli_select_db("zite_daygostar") or die(mysql_error());
53. $data = mysqli_query("SELECT id FROM admins WHERE username = '($this->_username)' AND password = '($this->_passmd5)'");
54. if(mysqli_num_rows($data)){
55. list($this->_id) = @array_values(mysqli_fetch_assoc($data));
56. return true;
57. }
58. }
59. public function isDataValid(){
60. return (preg_match('/[^a-zA-Z0-9]{5,12}$/',$this->_username) && preg_match('/[^a-zA-Z0-9]{5,12}$/',$this->_password)) ? 1 : 0;
61. }
62. public function isTokenValid(){
63. return (!isset($_SESSION['token']) || $this->_token != $_SESSION['token']) ? 0 : 1;
64. }
65. public function registerSession(){
66. $_SESSION['id'] = $this->_id;
67. $_SESSION['username'] = $this->_username;
68. $_SESSION['password'] = $this->_passmd5;
69. }
70. public function sessionExist(){
71. return (isset($_SESSION['username']) && isset($_SESSION['password'])) ? 1 : 0;
72. }
73. public function showErrors(){
74. echo "<h3>Errors</h3>";
75. foreach($this->_errors as $key=>$value){
76. echo $value."</br>";
77. }
78. }
79.  
80. }
81. ?>
82.  
83. <form class="login" method="POST" action="action.php">
84. <p class="title">Sign In</p>
85. <input type="text" name="username" placeholder="Username" autofocus/>
86. <i class="fa fa-user"></i>
87. <input type="password" name="password" placeholder="Password" />
88. <i class="fa fa-key"></i>
89. <a href="#">Forgot Your Password?</a></br>
90. <a href="#">Having a Different Problem?</a></p>
91. <input type="hidden" name="token" value="<?php=$token; ?>"></input>
92. <input class="submititon" type="submit" value="Submit" name="submit"></input>
93. </form>
94.  
95. <?php
96. session_start();
97. if (isset($_POST['submit'])){
98. include 'maint/php/libs/classes/Login.class.php';
99. $login = new Login();
100. if($login->isLoggedIn())
101. echo "Success!";
102. else
103. $login->showErrors();
104. }
105. $token = $_SESSION['token'] = md5(uniqid(mt_rand(),true));
106. ?>
107.  
108. $this->_username = ($this->_login) ? $this->filter($_POST['username']) : $_SESSION['username'];
109.  
110. $this->_passmd5 = ($this->_login) ? md5($this->_password) : $_SESSION['password'];