• These files are considered BETA. They are not fully developed or documented and are not ready for public use. However, several people have expressed interest in them so I am putting them up for anyone to play with.
• This is a database driven user management structure. It allows the creation of multiple users with different levels of permissions. The login class is a singleton that can easily force a "login" on any php file.

1. PHP MySQL wrapper v3 - PHP5 Singleton Class
2. Singleton Login class that checks users against a database. Default user info stored is user id, username, password, password salt, email, created date, accessed date, user status. Singleton meaning you can also easily call and use that user info inside another function or class.
3. A class structure to handle "user has basic limited control over their account" (NOTE: the class/functions/properties/etc exist to allow this. HOWEVER I have not written the actual forms/html to handle a user editing their own account).
4. A fully functional admin section for adding/editing/deleting users. This is a fully functional section (I've written both the class and forms) that extends the above limited class to allow the admin full administrative access to any account.

1. There is currently no way for users to create and edit their own account. The class structure was written with that in mind and it supports all that, there just is no form or code for the user-end account creation and editing (I've never needed it so I've never written it beyond the initial class design for it).
2. The meanings of the account status flag need better defined and not hardcoded into the class. Ideally it should be converted into some type of permission-based, database-driven "usergroup" but I haven't decided if that's beyond the scope of this project or not. There are currently 3 status (disabled, active, admin) that are set/controllable via the $status property in Account.class.php

• The Login.singleton.php allows you to easily force a login on any existing PHP file. You add the calls at the top of your page. If the login is required, it shows the login form and kills the rest of your page from being run until the user is logged in.
• You can also use a soft login where the user is not required to login to view the page, but if they are logged in you show conditional content like a different "user only" menu.

• ZIP with all files

• This script requires PHP5+ and MySQL 4.0+ to run.
• All current versions of this script are released under GNU General Public License. Basically this means you are free to use the script, modify it, and even redistribute versions of your own under the same license.

Instructions

• At the top of your page (or at the point where you don't want anything else to run unless they are logged in) call:
  <?php
session_start(); // start session cookies (otherwise won't remember login between pages)

require("includes/config.php");
require("includes/Database.singleton.php");
require("includes/Login.singleton.php");

// create initial singleton database connection and connect
$db = Database::obtain(DB_SERVER, DB_USER, DB_PASS, DB_DATABASE);
$db->connect();

// create login singleton object
$login = Login::obtain();

// force a user login
$login->hard();
?>

• There are two types of logins you can use. $login->hard() forces the user to login and will not run anything further on the page unless logged in. $login->soft() checks to see if the user is logged in, but will continue to show the rest of the page regardless of their status. This allows you to show the page to everyone, but show conditional content like a different "user only" menu if they are logged in. $login->hard(2) also allows you to force a user to be a certain status to login. You pass it the integer value of the minimum status that is required to log in.
• $login->soft()
  <?php
// simply check to see if user is logged in, but continue printing the current page regardless
$login->soft();

// if they are logged in, show them a "account only" message
if(!empty($login->info['user_id'])){
    echo "Welcome ".$login->info['username'];
}
?>
• $login->hard()
  <?php
// force a user login. nothing further on the page will be run until they are logged in
$login->hard();
?>
• $login->hard() with a status integer
  <?php
// force a user login, only allow users with this status of 'x' or higher to login (eg; admin only)
$login->hard(2);
?>

• Passwords are store in a one-way MD5 salted hash. This means that passwords can be compared if (md5($entered_password . $stored_salt) == $stored_md5_salted_password), passwords can be changed, and passwords can be reset. This also means there is no way to retrieve an existing password.
• A random 3-character salt is also stored with each password. This prevents someone from dumping the database and checking if there are any "5ebe2294ecd0e0f08eab7690d2a6ee69" passwords (then I know that user's password is "secret" because that is the value of md5("secret")). A salted passwords means that I would have to run every single word I want to check through the user's specific salt to even get a value to compare.

Install

• Upload the files to your server.
• Edit includes/config.php and set your database info.
• Create a database and Import the import.sql into your database to create the user table and create an initial admin user.
• Login to the admin/users.php using the info username: admin password: secret
• Create your own admin user and then delete the default one
• Examine optional-login.php and required-login.php for examples of how to call the login.