6 Replies - 741 Views - Last Post: 14 August 2008 - 04:30 AM Rate Topic: -----

#1 kummu4help  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 4
  • View blog
  • Posts: 245
  • Joined: 05-August 08

how to design a userclass in php

Posted 13 August 2008 - 03:01 AM

hi ,

i'm newly recruited in our company. i know a little bit of php. i've a requirement to design a class for maintaining users for a site. i just have to identify the suitable functions that the class may supposed to have in order to maintain user's who r coming to our site. i've identified the following functions till now. can u pls add any more additions or can suggest any modifications..

>a function that identifies whether user is a registered user or visitor.

>a function that validates whether user has permission to view the requested page.

>a function that allows us to store user information in log file. This function stores all the actions performed by user in his session.

>a function that allows creation of new user
>a function to update user information
>a function to remove a specified user from mailing list etc...

>A function that allows us to identify no.of failed login attempts by a user, so that we can block the user from logging in for a particular period of time.

This post has been edited by kummu4help: 13 August 2008 - 03:03 AM


Is This A Good Question/Topic? 0
  • +

Replies To: how to design a userclass in php

#2 no2pencil  Icon User is offline

  • Admiral Fancy Pants
  • member icon

Reputation: 5379
  • View blog
  • Posts: 27,350
  • Joined: 10-May 07

Re: how to design a userclass in php

Posted 13 August 2008 - 03:07 AM

Logging, & security. Check & verify all $_POST or $_GET values.
Was This Post Helpful? 0
  • +
  • -

#3 kummu4help  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 4
  • View blog
  • Posts: 245
  • Joined: 05-August 08

Re: how to design a userclass in php

Posted 13 August 2008 - 03:38 AM

View Postno2pencil, on 13 Aug, 2008 - 03:07 AM, said:

Logging, & security. Check & verify all $_POST or $_GET values.


i've functions for logging but tell me what type of security functions should i add to my class.. i don't know much about security
Was This Post Helpful? 0
  • +
  • -

#4 pemcconnell  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 54
  • View blog
  • Posts: 472
  • Joined: 05-August 08

Re: how to design a userclass in php

Posted 14 August 2008 - 04:04 AM

Can you post the code you currently have?
Was This Post Helpful? 0
  • +
  • -

#5 kummu4help  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 4
  • View blog
  • Posts: 245
  • Joined: 05-August 08

Re: how to design a userclass in php

Posted 14 August 2008 - 04:09 AM

hi pemcconnell,

my assignment is to identify the required functions. that's it. i haven't started anycoding . i have to submit documentation to my superior. i did that as in the forum. he is asking some more improvement.. so searching forums.
as i already told in the forum i am very new in this arena.. it is my 1st month with this language rather any real time development.. :blink:
Was This Post Helpful? 0
  • +
  • -

#6 pemcconnell  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 54
  • View blog
  • Posts: 472
  • Joined: 05-August 08

Re: how to design a userclass in php

Posted 14 August 2008 - 04:21 AM

Allo there :)

This will need a lot of work, and would be better if you broke it up into pages as a pose to keeping it all in one class:

>a function that identifies whether user is a registered user or visitor.

Assuming there is a login page - get that page to assign a SESSION to the user upon successful login.
(Standard sessions include username, userid, userlevel)
Then you can check if the session exists.
i.e.
if($_SESSION['username']){
$userstatus = 'user';
}else{
$userstatus = 'visitor';
}

>a function that validates whether user has permission to view the requested page.
Assuming there is a login page - get that page to assign a SESSION to the user upon successful login. - Assign a user level to the user database table
if((int)$_SESSION['userlevel']>1){
$userlevel = 'Admin';
}else{
$userlevel = 'Non-Admin';
}
>a function that allows us to store user information in log file. This function stores all the actions performed by user in his session.
It would probibly be easier / more secure to log this info into the database

E.g. When a user has posted a topic
$sql = "INSERT INTO tblstats (userId, action, time) VALUES (".$_SESSION['userid'].", 'postedtopic', NOW())";
mysql_query($sql);

>a function that allows creation of new user
This will need to be a page of its own - Simple MySQL INSERT statement to insert the users information into the database

>a function to update user information
This will need to be a page of its own - Simple MySQL UPDATE statement to insert the users information into the database
You can use the $_SESSION['userid'] in the WHERE statement

>a function to remove a specified user from mailing list etc...
$sql = 'DELETE FROM tbluser WHERE userid = '.$_SESSION['userid']; //removes user completely
$sql = 'DELETE FROM tblmailinglist WHERE userid = '.$_SESSION['userid']; //removes user from mailing list
mysql_query($sql);

>A function that allows us to identify no.of failed login attempts by a user, so that we can block the user from logging in for a particular period of time.
You can use a $_SESSION for this, and increment the value per failed login

e.g.
$_SESSION['failedlogin'] = (int)$_SESSION['failedlogin'] + 1;

This post has been edited by pemcconnell: 14 August 2008 - 04:26 AM

Was This Post Helpful? 0
  • +
  • -

#7 pemcconnell  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 54
  • View blog
  • Posts: 472
  • Joined: 05-August 08

Re: how to design a userclass in php

Posted 14 August 2008 - 04:30 AM

As for security add a function that will clean your strings, and for any integers simply add a (int) before the variable to force hacker injection strings to a 0.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1