Access_user Class is an easy to use system for protecting pages and register users. They main features are: User-login, user registration, user update, remember login information, page protection, forgotten password recovery, mail based account activation and multi language message reporting and since the latest versions: maintain extra user profile information, access levels, a limited (safe) admin panel, manual account activation and an improved password check. The class is powered by MySQL and PHP sessions. Inside the package are examples for all primary methods. Since version 1.92 custom session handler are supported.
This class requires a PHP enabled Apache (virtual) host. I tested this class with PHP 4.3(5.1) and MySQL 3.23(4.1) on Windows and Linux. I never tested this class with IIS. If you want to use this class on Windows / IIS than you have to be sure that the server variable DOCUMENT_ROOT is available. You can test this while using this code on your web host:
If you can't see the document path, then this class will not work out of the box. I'm sure it is possible to change all paths but there is no information about on this page or inside the files.
You need a mail server program to run some of the scripts (register.php, forgot_password.php and update_user.php)
By default the database is not selected with the PHP function mysql_select_db() and the database name is in front of the table name. It's possible that your server doesn't allow the database name inside a query, if this forms a problem then don't use them there and unescape the mysql_select_db() function inside the connect_db() method.
Remember, all example files are full working. The next documentation is only to explain what the methods / variables exactly do.
A note about the usage of the "automatic login" feature: If a cookie is saved on the client side, the user doesn't need to login (new in version 1.94)
Find in this file a form with to text fields one for the login and one for the password. These entries will be validated before you can enter the protected area.
I use this page as the target for the account activation process, too.
Important: If you use the feature "Visitor count", the table field extra_info can't be used for other information!
Note: Since version 1.92 if the login cookie function is used, the recovered (encrypted) password inside the password form field is always 32 chars long. This is not a problem, the script can handle that.
Important methods and variables on this page:
This class can be used in two modes:
If you want to disable the automatic activation feature, use this variable inside the login script: $my_access->auto_activation = false; // (true/false) or set this boolean inside the class file.
If you use the setting USE_MYSQL_SESSIONS inside the config file you need a logout page without class object to clear the old session data from the database.
The register.php file is a regular form with fields for login, password, e-mail, real name and for extra information. My suggestion is, removing the last field and using instead the extra info field for information like: language, register date, customer number etc. To register a new user only one method required:
Of course there are also standard variables for error messages and to switch messages in different languages (like in the other examples).
Use this example where the user can update his information like: e-mail, password, extra info and his real name. The login name is unique and can't be changed. If the user changed his e-mail address a confirmation mail is send to his new address and the old one is active until he confirmed the new one. The user can change his password if he let the password field empty, the password will not be changed. Methods for this example are:
If a user forgot his password and/or login he can request a reminder mail. Using this file the user fills the form field with the e-mail address which is used during registration. After submitting the user get a mail with a link to the (next) file where you can (re)enter a new password. Only one method is required (the error message functions as a important option):
If the user use the link inside the mail he got, he will reach this page. On this page the user have the option to enter a new password for his account. After submitting this new password the user can use it in the login form.
I put the activation string into a session in place of a hidden field.
Use the code from this file in all pages you want to protect. I use this file to link to protected pages like "update_user.php". Notice these methods and variables:
I created this optional page to show how this class take care of previous pages if the user have to login first.
Use this method the same like before, except that you enter these two server variables.
This file is an example to test the access level from a user. Find the link on the example.php page.
This file is also an extenstion, with this file it's possible to change user data like the password (reset), email address, activation status and access level.
Use the example record to admin users (after installation): user: administrator / password: welcome