<?php// Some general notes: arguments (aka parameters) are whats sent in to a

1. <?php
2. // Some general notes: arguments (aka parameters) are whats sent in to a function (aka method), properties (aka instance variables) are the variables belonging to an object, static variables would be ones ones that exist throughout each instance
3. // This is the User class, a blueprint of what makes up a user
4. class User{
5.     // These are the properties a user will have, we are "declaring" them using a modifier (public) which means we can access them using $userobject->property once we've made a user
6.     public $id;
7.     public $username;
8.     public $password;
9.     public $email;
10.     public $permission;
11.  
12.     //__construct is a built in php function called when we instantiate a user object (new User())
13.     function __construct($user){
14.         // we take an associative array as input
15.         foreach($user as $key => $value){
16.             // for every element in the array, check if there is a corresponding property in User, if so assign its value
17.             if(property_exists('User', $key))
18.                 $this->$key = $value;
19.         }
20.     }
21.     //result $user = array($id,$username,$password,$email,$permission);
22.  
23.     //static method is in essence a method which does not directly affect any object
24.     //as you can see it does not alter any properties of an existing user object
25.     //all it does it get stuff from an existing object and go further (doesn't save over it)
26.    
27.     // log_in is a static function, it will not change any property of a user as it is not part of a particular instance of user,
28.     // since it's not part of an instance we can't use "$this" (reference to current instance), we can only act on the
29.     // arguments sent to the method and return some value, in this case we construct a User instance from a username and password
30.     static function log_in($username, $password){
31.         //extract the values from the array once they have been escaped
32.         // NOTE: i had made a mistake here, since we're using func_get_args in esc() we don't need to send in an array
33.         extract($this->esc($username, $password));
34.         if(!empty($username) && !empty($password) && ctype_alnum($username)){
35.             $query =  mysql_query("SELECT * FROM users_tbl WHERE username = '$username' AND password = '".sha1($password)."'");
36.             if($query){
37.                 $row = mysql_fetch_assoc($query);
38.                 if($row){
39.                     // we construct a new user from the array we got back from the query
40.                     $currentuser = new User($row);
41.                     // we merge the session variable with the properties of our new user, this
42.                     // will allow us to reconstruct said user from the session variables at a later time
43.                     $_SESSION = array_merge($_SESSION, get_object_vars($currentuser));
44.                     return $currentuser;
45.                 }
46.             }
47.         }
48.         // note: false is a result! in fact false is a very useful result, for example it means we can say if(!log_in($usn, $psw)) or if(log_in($usn, $psw)) rather than checking for null or empty etc
49.         return false;
50.     }
51.  
52.     // gets the arguments it has been given and makes them all safe
53.     private function esc($array){
54.         $args = func_get_args();
55.         foreach($args as &$value){
56.             $value = mysql_real_escape_string($value);
57.         }
58.         //returns the results in a useable state now that they have been filtered
59.         return $args;
60.     }
61. }
62.  
63. class Controller{
64.     public $user;
65.     public $signed_in;
66.  
67.     function handle_actions(){
68.         if(isset($_POST['login'])){
69.             //We're using the static function log_in which will return an instance of user (a user object created from our blueprint of what makes up a user) using the username and password provided
70.             $user = User::log_in($_POST['username'], $_POST['password']);
71.             if($user)
72.                 //if you're logged in it sets the variables and redirects
73.                 header('Location: /admin/index');
74.             else
75.                 //if not it takes you back to the error page
76.                 header('Location: /login/error');
77.             exit;
78.         }
79.         // if the use has not just logged in, we check if they were already logged in, we construct a user object from the session variables instead
80.         elseif(isset($_SESSION['id'], $_SESSION['username'], $_SESSION['password'], $_SESSION['email'], $_SESSION['permission'])){
81.             $user = new User($_SESSION);
82.                 // Note that i had made a mistake here, the construct won't return a boolean i had copy pasted this from above where log_in does so.
83.             $this->user = $user;
84.             $this->signed_in = true;
85.         }
86.     }
87. }
88. // We have declared above that in our world, there is a type of object called controller
89. // $ctrl is said to be one particular instance of such an object. It is a "new Controller".
90. // if you like you could think of it as a class being the definition of a species, and instantiation as saying
91. // $pedro = new Lion(); where lion is a class and pedro is an object (animal) of that class (species)
92. $ctrl = new Controller();
93. // $ctrl->handle_actions calls the handle_actions function belonging to the $ctrl object
94. $ctrl->handle_actions();
95. if($ctrl->signed_in)
96.     echo "I'm a little teapot, short and stout.";
97. else
98.     echo "Tip me over and pour me out!";
99. ?>