Access_user Class version 1.86

Description

Use this class to protect your pages with PHP-Sessions and register users while using a MySQL database

Current functions

Update user information
Register new users
Forgotten password recovery
Protect (single or multiple) pages
E-mail activation messages
Access level (new in version 1.80)
Admin function (for important user data)

Requirements

This class requires a PHP enabled Apache (virtual) host. I tested this class with PHP 4.3 and MySQL 3.23 on Windows and Linux.
I never tested this class with IIS. If you want to use this class on Windows / IIS than you have to be sure that the server variable DOCUMENT_ROOT is available. You can test this while using this code on your PHP host:

echo getenv("DOCUMENT_ROOT");

If you can't see the document path then this class will not work for you. I'm sure it is possible to change all paths but there is no description about in this manual.

For windows user using this class on a localhost:
You need a mail server program to run some of the scripts (register.php, forgot_password.php and update_user.php)

Database selection
By default the database is not selected with the PHP function mysql_select_db() and the database name is in front of the table name. It's possible that your server doesn't allow the database name inside a query, if this forms a problem then don't use them there and unescape the mysql_select_db() function inside the connect_db() method.

Installation

Use the "users_table.sql" file to create your MySQL table.
Now change the config-file "db_config.php" to fit your environment.
Most important, change all important pathes...
- APPLICATION_PATH: the directory where your scripts are placed
- CLASS_PATH: this path is dynamic, use it if all files are inside the same directory
- ... or use your own ones (only needed for LOGIN_PAGE, START_PAGE and ACTIVE_PASS_PAGE)
To fit the exsiting path structure in all example files you have to create two folders:
- the first "classes" is above your document root...
- ...the second "access_user" is inside the classes folder.
Place the class- and config file inside "access_user" folder.
After this you can use all example files (except the three one defined inside the config file) on different locations from the virtual host.

How does it work?

Run the register.php in your browser to enter the first user into your database.
After succesfull registration you get an confirmation mail,
- activate and confirm your acoount and you can enter the protected pages
- use the manual activation status and the site admin have to activate each single account.
Login and you have assess to the update page where it's possible to modify the user information.
If you change the e-mail address you get a new confirmation e-mail, activate the new address with the given link.
Click on log out or exit you browser to end the session.
If you have forgotten the password and or login, you can use the e-mail address to get a reminder message.

How to use?

Remember, all example files are full working. The next documentation is only to explain what the methods / variables exactly do.

login.php
Find in this file a form with to text fields one for the login and one for the password. These entries will be validated before you can enter the protected area.
I use this page as the target for the account activation process, too. Important methods and variables on this page:

$my_access->save_login // use a cookie to remember the client login, possible values are "yes" or "no"
$my_access->count_visit = true // if this is true then the last visit date is saved in the database
$my_access->login_user($user, $password) // call the login method
$my_access->activate_account($activate_key, $key_id) // the account activation method
$my_access->validate_email($validation_key, $key_id) // (updated) e-mail address validation
$my_access->is_cookie // use this boolean for the remember login option (new in 1.63)

This class can be used in two modes:

automatic account activation
account activation by admin (check the default account details beneath)

If you want to use disable the automatic feature use this variable inside the login script: $my_access->auto_activation = false; // (true/false) or set this boolean inside the class file.

register.php
The register.php file is a regular form with fields for login, password, e-mail, real name and for extra information. My suggestion is, removing the last field and using instead the extra info field for information like: language, register date, customer number etc. To register a new user only one method required:

$new_member->register_user($first_login, $first_password, $confirm_password, $first_name, $first_info, $first_email)

Of course there are also standard variables for error messages and to switch messages in different languages (like in the other examples).

update_user.php
Use this example where the user can update his information like: e-mail, password, extra info and his real name. The login name is unique and can't be changed. If the user changed his e-mail address a confirmation mail is send to his new address and the old one is active until he confirmed the new one. The user can change his password if he let the password field empty, the password will not be changed. Methods for this example are:

$update_member->access_page() // protect this page too.
$update_member->get_user_info() // call this method to get all the user information
$update_member->update_user($new_password, $new_confirm, $new_name, $new_info, $new_mail) // the update method

forgot_password.php
If a user forgot his password and/or login he can request a reminder mail. Using this file the user fills the form field with the e-mail address which is used during registration. After submitting the user get a mail with a link to the (next) file where you can (re)enter a new password. Only one method is required (the error message functions as a important option):

$renew_password->forgot_password($forgot_email) // call the method with the entered mail address as property

activate_password.php
If the user use the link inside the mail he got, he will reach this page. On this page the user have the option to enter a new password for his account. After submitting this new password the user can use it in the login form.

$act_password->check_activation_password($controle_str, $id) // this will check the query string for valid data
$act_password->activate_new_password($new_pass, $new_confirm, $old_pass) // this update the record with the new password

I put the activation string into a session in place of a hidden field.

example.php
Use the code from this file in all pages you want to protect. I use this file to link to protected pages like "update_user.php". Notice these methods and variables:

$page_protect->access_page() // only set this this method to protect your page!
$page_protect->log_out() // the method to log off (optional)

testpage.php
I created this optional page to show how this class take care of previous pages if the user have to login first.

$test_page_protect->access_page($_SERVER['PHP_SELF'], $_SERVER['QUERY_STRING']) // set this method, including the server vars to protect your page and get redirected to here after login

Use this method the same like before, except that you enter these two server variables.

test_access_level.php
This file is an example to test the access level from a user. Find the link on the example.php page.

$test_access_level->access_page($_SERVER['PHP_SELF'], "", 5) // the last parameter is the value of the access level. Configure the levels inside the db_config.php file.

admin_user.php
This file is also an extenstion, with this file it's possible to change user data like the password (reset), email address, activation status and access level.

Use the example record to admin users (after installation): user: administrator / password: welcome

$admin_update->get_userdata($for_user, $type = "login"); // obtain the user data to show in the admin form ($type is used to select dat by "id" or "login"
$admin_update->update_user_by_admin($new_level, $user_id, $def_pass, $new_email, $active, $confirmation = "no"); // with this method only a few data can be updated by the administrator. The last parameter is used to send a conformation mail
$admin_update->access_level_menu($curr_level, $element_name = "level") // a simple select menu will show the min - max value of the access levels