Login Form using OOP in PHP
Most of the web applications involves users, and by that, a login form is usually needed. Login forms receive username and password inputs, verifies access, and in most cases determines the privileges of the user, commonly called as user level.
This is a sample login web application I made using OOP in PHP. This has the basic functions of logging in, logging out, remember me and change password.
Since I'm using OOP, I used PDO to access my database. PDO returns results as an object and it is much easier to use when you are using OOP.
Notes:
- When a user successfully logs in with the Remember Me checked, the system generates a unique cookie that will expire in a certain amount of time (see config.php and cookie.php) and the value will be saved to user_session. When the user logs out, the user_session is unset.
- In hashing, the system generates a 12-bit random character and appends it to the password the user inputted, then the system will apply SHA-256 one-way hash. The system will now save 2 values in the database: the user_password and user_salt. When the user logs in, the system will simply attach the saved user_salt then append it to the user input, apply the hash and check if the user_password matches with it.
Package for login form in PHP contains:
classes:
- Config.php - contains the abstraction of the configurations set in core/init.php.
- abstraction is where you make a command more readable and easy to execute and use. Doing this involves parameters and return values.
- Cookie.php - contains the creation and deletion of cookie that is to be set when user opts to remember login session.
- setcookie is used to create a cookie, with a set name and expiry, on the local machine.
- DB.php - contains all the abstracted database query functions (in PDO).
- this is where I abstracted all my database queries so that it can be easily implemented and this also prevents connecting to the database multiple times.
- Hash.php - contains the function that generates the hash and salt for password.
- hashing is making a text unreadable. There are many hash encryption available now. One of which is the SHA-256 bit hash.
- Input.php - the abstracted $_POST and $_GET function.
- Redirect.php - function for redirection to certain pages
- Session.php - the abstracted $_SESSION functions, and the flash messages.
- Token.php - generates unique token for every form, avoiding cross-site request forgery(CSRF)
- User.php - class used if a object user needs to be created.
- Validate.php - function used to validate a certain field.
core:
- init.php - contains all the initializations, configurations need to be loaded in the system
functions:
- sanitize.php - function used to further validate input fields.
pages:
- AddUser.php - page containing the form for adding a user
- ChangeName.php - page containing the form for changing user's name.
- index.php - home page
- login.php - page containing the form for logging in.
- logout.php - page for logout.
The advantage of using OOP in a web application is it can be easily expanded to whatever functions you want to add parameters, return values and properties without editing most of the codes. Also, OOP is easy trace and troubleshoot for bugs - functions and properties are grouped by objects so, bugs are easy to locate and fix.
Download here.