Page 456 - Beginning PHP 5.3
P. 456
Part III: Using PHP in Practice
by the time you ’ ve finished reading the chapter you ’ ll have the skills to add some real - world
functionality to the members ’ area if desired.
Members need to log in to access the members ’ area, so you ’ ll create a script that lets them do just that.
The process involves displaying a login form, requesting their username and password. When they
submit the form, you check their details against their record in the members table. If they match, you
display a welcome page, welcoming them to the members ’ area; otherwise you prompt them to check
their login details and try again.
Similarly, you ’ ll create a script that allows members to logout from the members ’ area.
For each page within the members ’ area, you ’ ll include code to check that they are in fact logged in, and
redirect them to the login page if they ’ re not. At the same time, you ’ ll enhance the LogEntry class so that
the application can log page views within the members ’ area to the accessLog database table.
Adding an Authentication Method to the Member Class
First things first. For members to be able to log in to the members ’ area, you need to add a method to the
Member class that checks a member ’ s supplied username and password to make sure they ’ re correct.
This method will be used later by the login script to authenticate members when they login.
Open your Member.class.php file and add the following authenticate() method to the end of the
class, just after the existing insert() method:
public function authenticate() {
$conn = parent::connect();
$sql = “SELECT * FROM “ . TBL_MEMBERS . “ WHERE username = :username
AND password = password(:password)”;
try {
$st = $conn- > prepare( $sql );
$st- > bindValue( “:username”, $this- > data[“username”], PDO::PARAM_STR );
$st- > bindValue( “:password”, $this- > data[“password”], PDO::PARAM_STR );
$st- > execute();
$row = $st- > fetch();
parent::disconnect( $conn );
if ( $row ) return new Member( $row );
} catch ( PDOException $e ) {
parent::disconnect( $conn );
die( “Query failed: “ . $e- > getMessage() );
}
}
This method gets the username and password stored in the object ’ s username and password fields, and
looks for a record with that username and password in the members table. Notice that the query encrypts
the password with MySQL ’ s password() function; the password stored in the table is encrypted, so the
plain - text password stored in the object needs to be encrypted so that it can be compared with the
password in the table.
If a record is found that matches the username and password, that record is returned as a new Member
object. Otherwise, nothing is returned.
418
9/21/09 9:14:08 AM
c14.indd 418 9/21/09 9:14:08 AM
c14.indd 418
