This is a login class I made for my personal website.
What I don't care about, is how secure this login class is, because I know it's not. But it keeps out the rare unwanted guests because I do not want to have my information public. I made this mainly for learning purposes. I want to know how "OOP" this is and what I could do differently.
Login Form:
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$user = $_POST['username'];
$pass = $_POST['password'];
if($login->userLogin($user, $pass))
{
echo "Successfully logged in!";
}
else {
echo $login->getError();
}
}
Login Class:
class UserLogin
{
private $id;
private $user;
private $pass;
private $salt;
private $hash;
private $error;
protected $mysqli;
public function __construct()
{
$this->mysqli = mysqliSingleton::init();
}
function setError($val)
{
$this->error = $val;
}
function getError()
{
return $this->error;
}
public function userLogin($user, $pass)
{
if($this->checkUser($user) && $this->checkPass($pass))
{
$_SESSION['memberID'] = $this->id;
$_SESSION['memberName'] = $this->user;
return true;
}
else {
$this->setError("Invalid username or password");
}
}
public function checkUser($user)
{
$stmt = $this->mysqli->prepare("SELECT memberID, userName, salt, hash FROM members WHERE userName = ? LIMIT 1");
$stmt->bind_param("s",$user);
$stmt->execute();
$stmt->bind_result($this->id, $this->user, $this->salt, $this->hash);
if (null === ($stmt->fetch()))
{
return false;
}
return true;
}
public function checkPass($password)
{
return (hash_hmac("sha256", $password, $this->salt) === $this->hash);
}
}