In this article I will briefly explain the setup for a simple php oop login system that you can easily embed in your applications. You can skip reading and go directly to the download link at the end of this article, but I suggest you go through this lesson to better understand how it works.
The elements that we need to make it work are:
To keep it simple we will take a top down approach (we are not building a CMS) where we have our classes for database, session, authorization, login, configuration and one file with the logic that it is included in every page, so we don’t have to repeat common code.
JSON format is native to PHP and can be used to store key value pairs with quick fetch from the disk. The important thing is to keep this file outside web root folder so no-one can access it. Our JSON file looks like this:
"app_name": "My Website",
You can change the databases' collation value to whatever fits your app's localization Don't mind the root login, as we work in our local dev environment. In porudction we must use a dedicated user with limited priveleges like: SELECT, INSERT, UPDATE, DELETE. To load the JSON file we use a few lines of code:
$str = file_get_contents('/path/to/config.json');
$json = json_decode($str);
In the config.php source code you can see how we read and assign the key pair values as private properties.
A note about the password format I use and also advise you to use. The function to generate a password is this one:
function encrypt_pwd($pwd, &$enc, &$salt)
$salt = hash('sha256', uniqid(rand(), true));
$enc = hash('sha256', md5($pwd.$salt));
First argument is the input password, second one is the encrypted password output and third one is the salt or hash output that is used to match the stored password with the provided one.
For simplicity’s sake our users table will consist only of a few fields:
CREATE TABLE IF NOT EXISTS `users` (
`ID` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
`fname` varchar(193) NOT NULL,
`lname` varchar(193) NOT NULL,
`email` varchar(128) CHARACTER SET ascii NOT NULL,
`password` char(64) CHARACTER SET ascii NOT NULL,
`salt` char(64) CHARACTER SET ascii NOT NULL,
PRIMARY KEY (`ID`),
KEY `email` (`email`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 ROW_FORMAT=COMPACT;
We will also add one record for testing with the password: 123
INSERT INTO `users` (`ID`, `fname`, `lname`, `email`, `password`, `salt`) VALUES
(1, 'First', 'User', 'firstname.lastname@example.org', 'e26031ccbbc89067a9f635a4aecae9e0873e1066712733d67592c2e740080fb6', '0b393990fb9000ef30f2b7b8ea4306d9108f6b0b8044554634191ee3ce44c07b');
The html folder is the website’s root directory. If you were to create a virtual host with name myexample.com the web root would be:
Outside the web root we have our JSON configuration file so no-one can access it. In the html web root directory we have two folders. One with our classes and one that is named account and has the webpages for the user area. On the root directory we have the index.php file which is our homepage and a file named login-system.php which holds common functionality for our app.
How all the source code files work together. We include on top of every page the file login_system.php file which has common functionality for all the pages. That is, a global object that holds references to our instantiated classes so we can pass them around to other objects and of course make them available to our webpages without having to do copy paste the logic we need.
After we have our global object variable we can call methods for login and authorization and have configuration variables available everywhere. If we were to embed the login system in our application, we would simple write our code below the login system code.
I don’t think I need to expand more on how each class works, you can study the PHP source code to get a better understanding. Here is the download link:
Download zip: php-oop-login-system.zip