1 row in set (0.00 sec) After logging out: mysql> select * from sessions; Empty set (0.00 sec) You can see that the session is started after login.php and the session is removed once the user runs logout.php. Summary In this chapter you learned about a central authentication system which involves a login and logout application and a central authentication database. All PHP appli- cations in your intranet or Web can use this central authentication facility. When an application is called directly by entering the URL in the Web browser, it can check for the existence of a session for the user and if an existing session is found, she is allowed access or else she is redirected to the login form. The logout applica- tion can be linked from any PHP application to allow the user log out at any time. Once logged out the session is removed. Having a central authentication system such as this helps you reduce the amount of code and maintenance you need to do for creating a seamless authentication process throughout your entire Web or intranet environment. Chapter 5: Central Authentication System 155 08 549669 ch05.qxd 4/4/03 9:24 AM Page 155 08 549669 ch05.qxd 4/4/03 9:24 AM Page 156 Chapter 6 Central User Management System IN THIS CHAPTER ◆ Designing a user management system for the central authentication system ◆ Implementing a user management system ◆ Managing administrator and regular users ◆ Creating a user-password application ◆ Creating a forgotten-password recovery application A CENTRAL USER MANAGEMENT system is a set of applications that enables you to manage users for your PHP applications in a central manner. Using the applications developed in this chapter you will be able to manage user accounts that are stored in the central authentication database created in the previous chapter. Identifying the Functionality Requirements First, let’s define the functionality requirements for the user management system. The user manager must provide the following functionality: ◆ Central user database: The user manager must use a central user data- base. This is a requirement because of our central authentication architec- ture. If the user database is not central, we can’t centrally authenticate the users. ◆ Root user support: A user should be identified as the root user, which cannot be deleted or deactivated by anyone including the root user itself. ◆ Administrative user support: The root user should be able to create other administrative users. ◆ Standard user support: A root or administrative user can create, modify, or delete a standard user account. 157 09 549669 ch06.qxd 4/4/03 9:24 AM Page 157 ◆ User password support: A standard user can change her password at any time after logging in. ◆ Password recovery support: If a user forgets her password, she can recover it. To implement these features we need a User object that can permit all of these operations on a user account. Creating a User Class The very first class that we need to build here is the User class, which will provide methods to add, modify, delete user accounts and also return various other infor- mation about an user. User() is the constructor method for the User class. It sets the variables shown in Table 6-1. TABLE 6-1 MEMBER VARIABLES SET IN User() METHOD Member Variable Value user_tbl Set to $USER_TBL, which is a global variable set in the user_mngr.conf file to point to the user table in the central authentication database. dbi Set to the DBI object passed as a parameter to the constructor. minimum_username_size Set to the user_mngr.conf configuration file variable, $MIN_USERNAME_SIZE, which sets the minimum size of the username allowed. min_pasword_size Set to the user_mngr.conf configuration file variable, MIN_PASSWORD_SIZE, which sets the minimum size of the password allowed. USER_ID Set to null or the user ID passed as parameter (if any). user_tbl_fields Set to an associative array, which creates a key value pair for each of the fields and field types (text or number) for the user table. If the user ID is set in the constructor then it loads the user information by call- ing the getUserInfo() method in the class. The status of the getUserInfo() 158 Part II: Developing Intranet Solutions 09 549669 ch06.qxd 4/4/03 9:24 AM Page 158 method is stored as is_user, which can be TRUE or FALSE depending on whether user information was retrieved from the database. A User class needs the following methods to implement all the operations needed for user management: Methods Description isUser() Returns TRUE if the current user_id number is really a user ID. If no user ID was supplied to the constructor method or the supplied-user ID does not point to a real user, this method returns FALSE. getUserID() Returns the current user ID. setUserID() Sets the current user ID if it is supplied or else it returns the current user ID set by the constructor method. getUserIDByName() Returns the user ID by given user name. When a valid username is given as the parameter, the method queries the user table to retrieve the appropriate user ID. getUserTypeList() Returns an associative array called $USER_TYPE, which is loaded from the user_mngr.conf file. The array defines the types of users allowed in the central user management system, and appears as follows: $USER_TYPE = array(‘1’ => ‘Administrator’, ‘2’ => ‘Standard User’); getUID() Returns the user ID (USER_ID) for the current User object. getEMAIL() Returns the e-mail address (EMAIL) for the current User object. getPASSWORD() Returns the password (PASSWORD) for the current User object. getACTIVE() Returns the active flag status of a User object. getTYPE() Returns the user type of the User object. getUserFieldList() Returns the array of user table fields. Continued Chapter 6: Central User Management System 159 09 549669 ch06.qxd 4/4/03 9:24 AM Page 159 Methods Description getUserInfo() Returns user fields for a given or current user ID. getUserList() Returns a list of users in the current user table. The associative array returned contains each user’s ID ( USER_ID) as the key and username (EMAIL) as the value. makeUpdateKeyValuePairs() This is a utility method that returns a comma separated list of key =>value pairs, which can be used to update a user record. updateUser() Updates an user data. User data is passed to this method as an associative array called $data. This array is passed to the makeUpdateKeyValuePairs() method which returns a comma separated list of key=>value pairs used in SQL update statement inside the updateUser() method. This method returns TRUE if the update is successful and returns FALSE otherwise. addUser() Adds a new user in the user table in the central authentication database. New user record is passed to the method using the $data variable. The method first escapes and quotes the textual data and makes a list of key=>value pairs to be used in the insert statement. This method returns TRUE if the update is successful and returns FALSE otherwise. deleteUser() Returns the chosen (or current) user from the database. getReturnValue() Returns TRUE if the result parameter ($r) is set to DB_OK or else it returns FALSE. This method is used to see if a database query was successful or not. Listing 6-1 shows a User class that provides the methods to implement all the oper- ations needed for user management. 160 Part II: Developing Intranet Solutions 09 549669 ch06.qxd 4/4/03 9:24 AM Page 160 Listing 6-1: class.User.php <?php class User { function User($dbi = null, $uid = null) { global $AUTH_DB_TBL, $MIN_USERNAME_SIZE, $MIN_PASSWORD_SIZE, $ACTIVITY_LOG_TBL; $this->user_tbl = $AUTH_DB_TBL; $this->user_activity_log = $ACTIVITY_LOG_TBL; $this->dbi = $dbi; //print_r($this->dbi); $this->minmum_username_size = $MIN_USERNAME_SIZE; $this->minmum_pasword_size = $MIN_PASSWORD_SIZE; $this->USER_ID = $uid; //$this->debugger = $debugger; $this->user_tbl_fields = array(‘EMAIL’ => ‘text’, ‘PASSWORD’ => ‘text’, ‘TYPE’ => ‘number’, ‘ACTIVE’ => ‘number’ ); if (isset($this->USER_ID)) { $this->is_user = $this->getUserInfo(); } else { $this->is_user = FALSE; } } Continued Chapter 6: Central User Management System 161 09 549669 ch06.qxd 4/4/03 9:24 AM Page 161 Listing 6-1 (Continued) function isUser() { return $this->is_user; } function getUserID() { return $this->USER_ID; } function setUserID($uid = null) { if (! empty($uid)) { $this->USER_ID = $uid; } return $this->USER_ID; } function getUserIDByName($name = null) { if (! $name ) return null; $stmt = “SELECT USER_ID FROM $this->user_tbl WHERE EMAIL = ‘$name’”; $result = $this->dbi->query($stmt); if ($result != null) { $row = $result->fetchRow(); return $row->USER_ID; } return null; } function getUserTypeList() { global $USER_TYPE; return $USER_TYPE; 162 Part II: Developing Intranet Solutions 09 549669 ch06.qxd 4/4/03 9:24 AM Page 162 } function getUID() { return (isset($this->USER_ID)) ? $this->USER_ID : NULL; } function getEMAIL() { return (isset($this->EMAIL)) ? $this->EMAIL : NULL; } function getPASSWORD() { return (isset($this->PASSWORD)) ? $this->PASSWORD : NULL; } function getACTIVE() { return (isset($this->ACTIVE)) ? $this->ACTIVE : NULL; } function getTYPE() { return (isset($this->TYPE)) ? $this->TYPE : NULL; } function getUserFieldList() { return array(‘USER_ID’, ‘EMAIL’, ‘PASSWORD’, ‘ACTIVE’, ‘TYPE’); } function getUserInfo($uid = null) { $fields = $this->getUserFieldList(); $fieldStr = implode(‘,’, $fields); $this->setUserID($uid); $stmt = “SELECT $fieldStr FROM $this->user_tbl “ . “WHERE USER_ID = $this->USER_ID”; //echo “$stmt <P>”; Continued Chapter 6: Central User Management System 163 09 549669 ch06.qxd 4/4/03 9:24 AM Page 163 Listing 6-1 (Continued) $result = $this->dbi->query($stmt); if ($result->numRows() > 0) { $row = $result->fetchRow(); foreach($fields as $f) { $this->$f = $row->$f; } return TRUE; } return FALSE; } function getUserIDbyEmail($email = null) // needed for EIS { $stmt = “SELECT USER_ID FROM $this->user_tbl “ . “WHERE EMAIL = ‘$email’”; $result = $this->dbi->query($stmt); if($result->numRows() > 0) { $row = $result->fetchRow(); return $row->USER_ID; } else { return 0; } } function getUserList() { 164 Part II: Developing Intranet Solutions 09 549669 ch06.qxd 4/4/03 9:24 AM Page 164 [...]... $PHPLIB =$_SERVER[‘DOCUMENT_ROOT’] ‘/phplib’; // Insert the path in the PHP include_path so that PHP // looks for PEAR, PHPLIB and our application framework // classes in these directories ini_set( ‘include_path’, ‘:’ $PEAR ‘:’ $PHPLIB ‘:’ $APP_FRAMEWORK_DIR ‘:’ ini_get(‘include_path’)); $AUTHENTICATION_URL = “/login/login .php ; $LOGOUT_URL = “/logout/logout .php ; $APP_MENU = ‘/home/home .php ;... $USER_CLASS; require_once $TEMPLATE_CLASS; $MIN_USERNAME_SIZE= 3; $MIN_PASSWORD_SIZE= 3; $DUMMY_PASSWD = ‘1 234 567890’; $ROOT_USER = ‘kabir@evoknow.com’; $SECRET = 916489; $CHAR_SET = ‘charset=iso-8859-1’; // Application names $USERMNGR_MNGR = ‘user_mngr .php ; $USERMNGR_FORGOTTEN_APP = ‘user_mngr_forgotten_pwd .php ; $USERMNGR_CHANGE_PWD_APP = ‘user_mngr_passwd .php ; /* START TABLE NAMES */ $APP_DB_URL... manager application called user_mngr .php Listing 6-2: user_mngr .php < ?php require_once “user_mngr.conf”; require_once $USER_CLASS; class userManagerApp extends PHPApplication { function run() { global $USERMNGR_MNGR; $cmd = $this->getRequestField(‘cmd’); if (! $this->authorize()) { $this->alert(‘UNAUTHORIZED_ACCESS’); } Continued 171 09 549669 ch06.qxd 172 4/4/ 03 9:24 AM Page 172 Part II: Developing... user $USER_TYPE Associative array defining the relationship between the numeric user type and user type labels 1 83 09 549669 ch06.qxd 184 4/4/ 03 9:24 AM Page 184 Part II: Developing Intranet Solutions Listing 6 -3 shows the configuration file (user_mngr.conf) Listing 6 -3: user_mngr.conf < ?php // Turn on all error reporting error_reporting(E_ALL); // If you have installed framework directory in // a different... Variable Purpose $PATH Set to the combined directory path consisting of the $PEAR_DIR, the $PHPLIB_DIR, and the $APP_FRAMEWORK_DIR This path is used with the ini_set() method to redefine the php. ini entry for include_path to include $PATH ahead of the default path This allows PHP to find our application framework, PHPLIB, and PEAR-related files $AUTHENTICATION_URL Set to the central login application URL... specifically the DB module needed for class.DBI .php in our application framework $PHPLIB_DIR Set to the PHPLIB directory, which contains the PHPLIB packages; specifically the template inc package needed for template manipulation $APP_FRAMEWORK_DIR Set to our application framework directory Continued 181 09 549669 ch06.qxd 182 4/4/ 03 9:24 AM Page 182 Part II: Developing Intranet Solutions TABLE 6-2 USER MANAGER... framework, all user management applications need to have an external error message file that contains all the internationalized error messages printed from applications Listing 6-5 shows such an error message file, called user_mngr.errors Listing 6-5: user_mngr.errors < ?php // Errors for user manager apps $ERRORS[‘US’][‘APP_FAILURE’] = “Application failure”; 09 549669 ch06.qxd 4/4/ 03 9:24 AM Page 187 Chapter... you’ve created class.User .php, user_mngr .php, user_mngr.conf, user_mngr.messages, and user_mngr.errors files in the appropriate directories as configured in user_mngr.conf, you can test the application In this section, I will assume that the user manager application is installed in the following directory structure and accessible by http:/ /php. evoknow.com/ /user_mngr/apps/ user_mngr .php (%DOCUMENT_ROOT)... information as needed 185 09 549669 ch06.qxd 186 4/4/ 03 9:24 AM Page 186 Part II: Developing Intranet Solutions Configuring user administration application messages Like any other application in our application framework, all user management applications need to have an external message file that contains all the internationalized messages printed from applications Listing 6-4 shows such a message file,... ‘/class’; $REL_TEMPLATE_DIR = $REL_ROOT_PATH ‘/apps’; $REL_APP_PATH ‘/templates/’; 09 549669 ch06.qxd 4/4/ 03 9:24 AM Page 185 Chapter 6: Central User Management System require_once “user_mngr.errors”; require_once “user_mngr.messages”; require_once ‘DB .php ; require_once $APP_FRAMEWORK_DIR ‘/’ ‘constants .php ; require_once $APP_FRAMEWORK_DIR ‘/’ $APPLICATION_CLASS; require_once $APP_FRAMEWORK_DIR ‘/’ . application A CENTRAL USER MANAGEMENT system is a set of applications that enables you to manage users for your PHP applications in a central manner. Using the applications developed in this chapter you will. manager application called user_mngr .php. Listing 6-2: user_mngr .php < ?php require_once “user_mngr.conf”; require_once $USER_CLASS; class userManagerApp extends PHPApplication { function run() { global. $this->USER_ID”; //echo “$stmt <P>”; Continued Chapter 6: Central User Management System 1 63 09 549669 ch06.qxd 4/4/ 03 9:24 AM Page 1 63 Listing 6-1 (Continued) $result = $this->dbi->query($stmt); if ($result->numRows()