Let's start with defining our class, some variables and the constructor.
[source:php]
class Register {

//@string name of table, where the information will be stored
private $table_name;
//@array holds user input
private $input;
//@string subject of confirmation email
private $mail_subject;
//@string body of confirmation email
private $mail_body;
//@bool html mail true/false
private $mail_html;
//@array displays error messages
public $error;

function __construct() {
$con = mysql_connect('localhost','root','pass') or die(mysql_error());
if($con) {
mysql_select_db('test',$con);
}
$this->table_name = "test_user";
$this->mail_subject = "confirmation mail";
$this->mail_body = "Here comes the text of confirmation e-mail. Click on this link %s to confirm your email.";
$this->mail_html = true;
}
}
[/source]
$this->table_name is a string property, which holds information about MySQL table, in which we will save our new registered user. $this->input is an array, in which we will save the user input. As you will see later, we do that, to make the user input safe for MySQL INSERT function. $this->mail_subject and $this->mail_body are two properties, which will be responsible for holding the information we will later send to our new user after successful registration. $this->mail_html is a boolean property, which tells our script to either send HTML or plain text e-mail after successful registration. $this->error property is an array, which we will use to display all errors to the user, which our script will generate. In our constructor method we initialize data base connection and all the properties we will later use in our class. Let's move farther to our registration method.
[source:php]
public function registerUser() {
foreach($_POST as $k=>$v) {
$this->input[$k] = mysql_real_escape_string($v);
}
//Check users input
if($this->checkInput()) {
//Check, if username exists already
if($this->checkUser('username')) {
//Check if email exists already
if($this->checkUser('email')) {
//save user in database
if($this->insertUser()) {
//send mail with confirmation link
if($this->sendMail()) {
$this->success = "Thanks for registration. Check your e-mail for further details.";
return true;
} else {
//revert changes in database
$this->deleteUser();
$this->error[] = "something went wrong, please try again later send mail";
return false;
}
} else {
$this->error[] = "something went wrong, please try again later insert user";
return false;
}
} else {
$this->error[] = "email exists";
return false;
}
} else {
$this->error[] = "username exists";
return false;
}
} else {
return false;
}
}
[/source]
We define this method as public because we will call it after our user clicks the submit button. We than loop through the $_POST variable and make the input safe against MySQL injection. First we check, if all the input is valid and meets our expectations according to password length, valid email etc. After that we provide a user check against the information saved in our database to determine, if an user with provided username or e-mail exists in our database. If it does we display corresponding error message. If our script passes this check we save new user in our database and send an e-mail with activation link. If our script return true after sending an activation e-mail we display a success message for our user with prompt to check his/hers e-mail and activate account. Simple logic, you can probably find in each user authorization. Let's take a closer look at corresponding methods, which I just mentioned:
[source:php]
private function checkInput() {
if(strlen($this->input['username']) < 5 || $this->input['username'] == '') {
$this->error[] = "username too short";
}
if(strlen($this->input['username']) > 16) {
$this->error[] = "username too long";
}
if($this->input['password'] == '' || $this->input['password1'] == '') {
$this->error[] = "you need to provide a password";
}
if($this->input['password'] != $this->input['password1']) {
$this->error[] = "password mismatch";
} else {
$this->input['password'] = md5($this->input['password']);
}
return (is_array($this->error) && !empty($this->error)) ? false : true;
}
[/source]
This method validates user input. It is just a simple example and it doesn't validate the e-mail address. You should feel free to add any other validations you can imagine to this method. In the last step we check, if provided passwords match and if they do, we encode the password with md5() function. We do that to ensure the user, that his or hers data wont be abused later, when we use it for example to save it in session variables and check against database information to authenticate the user. If $this->error is an array and it's not empty, it means user input is not valid and we return false, otherwise true.
[source:php]
private function checkUser($case='') {
switch($case) {
case 'username':
$sql = mysql_query("SELECT COUNT(*) AS exist FROM ".$this->table_name." WHERE username='".$this->input['username']."';");
break;
case 'email':
$sql = mysql_query("SELECT COUNT(*) AS exist FROM ".$this->table_name." WHERE email='".$this->input['email']."';");
break;
default:
break;
}
return (mysql_result($sql,0,'exist') > 0) ? false : true;
}
[/source]
In this method we check, if username or password exists in database. If it does we return false, otherwise true. At this point I should probably mention that AJAX gives you possibility to perform this validation on client side. Server side validation is just another check to ensure that provided data is really that, what we expect to save in our database. If you want to use this class in your AJAX request to perform checks on user input, you would have to change most of the methods to public and probably write another method which will set user input you will later use to perform those checks.
[source:php]
private function insertUser() {
$sql = mysql_query("INSERT INTO ".$this->table_name." (id, username, password, email, confirmed) VALUES (NULL,'".$this->input['username']."','".$this->input['password']."','".$this->input['email']."','0');") or die(mysql_error());
return ($sql) ? true : false;
}

private function deleteUser() {
$sql = mysql_query("DELETE FROM ".$this->table_name." WHERE username='".$this->input['username']."' AND email='".$this->input['email']."';");
}
[/source]
InsertUser and deleteUser are just simple methods to either save of delete a user from the database.
[source:php]
private function sendMail() {
if($this->email_html) {
$header = 'MIME-Version: 1.0' . "\r\n";
$header.= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$header.= 'From: "yourmail@domain.com"' . "\r\n";
} else {
$header = 'From:yourmail@domain.com';
}

$body = sprintf($this->mail_body,"www.yourdomain.com?activation=youractivationcode");

return (@mail($this->input['email'], $this->mail_subject, $body, $header)) ? true : false;
}
[/source]
The last method replaces %s with the confirmation link, sends a confirmation mail and returns true on success and false in case of any errors. That's all. As I already mentioned this class doesn't provide a ready solution for your internet site and it should be adjusted to your needs. It's just a schema you can always start with, when you writing applications, which provide user registration. At the end lets take a closer look, how you should use this class.
[source:php]
if(isset($_POST['submit']) && $_POST['submit'] == 'register') {
include('register.class.php');
$register = new Register;
if($register->registerUser()) {
echo (isset($register->success)) ? $register->success : '';
} else {
foreach($register->error as $error) {
echo $error."
";
}
include('form.php');
}
} else {
include('form.php');
}
[/source]
We include and instantiate our class only in case, when our clicks a submit button. We then call the registerUser method and display success or error message depending on the case. You might also provide a redirection after successful registration to prevent the users from reloading the page. However our class would retrieve an error message saying that username already exists, it is just a nice way to do the things. And here the code of form.php in case you need it:
[source:html]

[/source]
And the table structure:
[source:sql]
CREATE TABLE IF NOT EXISTS `test_user` (
`id` int(11) NOT NULL auto_increment,
`username` varchar(50) collate latin1_general_ci NOT NULL,
`password` varchar(32) collate latin1_general_ci NOT NULL,
`email` varchar(255) collate latin1_general_ci NOT NULL,
`confirmed` enum('0','1') collate latin1_general_ci NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `username` (`username`)
)
[/source]
I'm waiting for your comments about this one. Cheers.

(You can find a downloadable archive at the end of this example)

Let's start with defining the class and some configuration variables.
[source:php]
class Upload {
private $image = array();
private $image_location;
private $image_type;
private $image_height;
private $image_width;
private $image_maxheight;
private $image_maxwidth;
private $image_box;

public $error;
public $success;
}
[/source]
We set all of important variables as private, because we will use them only in the scope of our class. Two public variables will be responsible for displaying the error and success messages. Let's go to our constructor.
[source:php]
function __construct() {
$this->image_location = 'images/';
$this->image_height = 60;
$this->image_width = 60;
$this->image_maxheight = 1500;
$this->image_maxwidth = 1500;
$this->image_box = 60;
}
[/source]
In our constructor method, which will be executed, after we initialize our class, we will define some basic configuration. $this->image_location property will tell our script, where to save the images. Before you start using this class, don't forget to create this directory and give it necessary rights, because otherwise you will get an error message. $this->image_width and $this->image_height tell our script, to which width or height should the image be resized. Both properties should have the same value, which shouldn't be bigger than the value of $this->image_box. Our script will automatically detect, if the picture is horizontal or vertical and will use the right value according to the case. $this->image_box tells our script, which resolution has the div box displayed on the start page. $this->image_maxheight and $this->image_maxwidth is the maximum resolution of the picture, which cannot be exceeded. Let's move to the picture upload.
[source:php]
public function uploadPicture() {
foreach($_FILES as $file) {
$this->image['tmp_name'] = $file['tmp_name'];
$this->image['name'] = $this->image_location.$file['name'];
$this->image['type'] = $file['type'];
}
return ($this->createPicture()) ? true : false;
}
[/source]
In our first public method, which will be called, after a user clicks an upload button, we set some important properties, which we will use later to handle our image upload. $this->image['tmp_name'] will hold for us the temporary location of the file. $this->image['name'] will hold the location, where the uploaded image should be copied, and $this->image['type'] will hold MIME type of the uploaded picture. After we set those properties, we call createPicture method to actually create the pictures for us. Let's take a closer look at two last methods.
[source:php]
private function createPicture() {
if($this->checkType()) {

move_uploaded_file($this->image['tmp_name'],$this->image['name']);
list($width, $height, $type, $attr) = getimagesize($this->image['name']);

if ($width > $this->image_maxwidth || $height > $this->image_maxheight) {

$this->error = 'Your picture is too big';
unlink($this->image['name']);
return false;

} else {

if($height > $width) {
$this->image_width = round((($this->image_height * $width) / $height));
$x = round(($this->image_height - $this->image_width) / 2);
$y = 0;
} else {
$this->image_height = round((($this->image_width * $height) / $width));
$x = 0;
$y = round(($this->image_width - $this->image_height) / 2);
}

if($this->image_type == 'jpg') {
$galery_image = imagecreatefromjpeg($this->image['name']);
} elseif($this->image_type == 'gif') {
$galery_image = imagecreatefromgif($this->image['name']);
} else {
$galery_image = imagecreatefrompng($this->image['name']);
}

$image = imagecreatetruecolor($this->image_box, $this->image_box);
$background = imagecolorallocate($image, 255, 0, 0);
imagefill($image, 0, 0, $background);

imagecopyresampled($image, $galery_image, $x, $y, 0, 0, $this->image_width, $this->image_height, $width, $height);

if($this->image_type == 'jpg') {
imagejpeg($image, $this->image['name']);
} elseif($this->image_type == 'gif') {
imagegif($image, $this->image['name']);
} else {
imagepng($image, $this->image['name']);
}

chmod($this->image['name'], 0644);
imagedestroy($image);

$this->success = 'Image uploaded successfully';
return true;
}
} else {
return false;
}
}

private function checkType() {
switch ($this->image['type']) {
case 'image/jpeg':
case 'image/jpg':
case 'image/pjpeg':
$this->image_type = "jpg";
return true;
break;
case 'image/gif':
$this->image_type = "gif";
return true;
break;
case 'image/png':
case 'image/x-png':
$this->image_type = "png";
return true;
break;
default:
$this->error = "Wrong file type";
return false;
break;
}
}
[/source]
Because this two method are pretty long I will split them into smaller pieces and explain step by step. We set both of the methods as private, because we will use them only in the scope of our class. It the first method, createPicture, we first check, if the MIME type of the file uploaded by a user is supported by our script. If it is we set $this->image_type and return true, if not we display error message and return false.
[source:php]
move_uploaded_file($this->image['tmp_name'],$this->image['name']);
list($width, $height, $type, $attr) = getimagesize($this->image['name']);

if ($width > $this->image_maxwidth || $height > $this->image_maxheight) {

$this->error = 'Your picture is too big';
unlink($this->image['name']);
return false;

}
[/source]
In this part we actually move the uploaded file from the temporary location to the location we defined earlier in our script. After that we list the width and height from our new uploaded image and check, if they are not bigger, then the values we defined in our constructor. If they are, we display an error message, if not we proceed.
[source:php]
if($height > $width) {
$this->image_width = round((($this->image_height * $width) / $height));
$x = round(($this->image_height - $this->image_width) / 2);
$y = 0;
} else {
$this->image_height = round((($this->image_width * $height) / $width));
$x = 0;
$y = round(($this->image_width - $this->image_height) / 2);
}
[/source]
If the resolution of the image is correct, we check, if the image is vertical or horizontal. According to the case, we calculate new width or new height and the offset, which we will later use to place the image in the middle of our box.
[source:php]
if($this->image_type == 'jpg') {
$galery_image = imagecreatefromjpeg($this->image['name']);
} elseif($this->image_type == 'gif') {
$galery_image = imagecreatefromgif($this->image['name']);
} else {
$galery_image = imagecreatefrompng($this->image['name']);
}

$image = imagecreatetruecolor($this->image_box, $this->image_box);
$background = imagecolorallocate($image, 255, 0, 0);
imagefill($image, 0, 0, $background);

imagecopyresampled($image, $galery_image, $x, $y, 0, 0, $this->image_width, $this->image_height, $width, $height);
[/source]
In this step we return an image identifier according to the MIME type of the picture, which has been uploaded and create an empty image, in which we will place the uploaded picture. You can change the $background and use your own color for the background using the RGB values. Imagecopyresampled uses our identifier and the "picture box" we creted with predefined values and creates a ready image.
[source:php]
if($this->image_type == 'jpg') {
imagejpeg($image, $this->image['name']);
} elseif($this->image_type == 'gif') {
imagegif($image, $this->image['name']);
} else {
imagepng($image, $this->image['name']);
}

chmod($this->image['name'], 0644);
imagedestroy($image);

$this->success = 'Image uploaded successfully';
return true;
[/source]
In the last part, according to MIME type, we output our new created picture to the file, change the permissions and destroy the original image.

Let's take a closer look, how you should use this class.
[source:php]
if(isset($_POST['submit']) && $_POST['submit'] == 'upload') {
include('upload.class.php');
$upload = new Upload;
if($upload->uploadPicture()) {
echo (isset($upload->success)) ? $upload->success : '';
echo '
go back';
} else {
echo (isset($upload->error)) ? $upload->error : '';
echo '
go back';
}
} else {
?>

}
?>
[/source]
I think, this code doesn't need a detailed explanation. One hint only: don't forget to set the enctype of the form to multipart/form-data, because otherwise the $_FILES variable wont be initialized. If user clicks on upload button, we initialize our class and use the uploadPicture method to create our new picture. If this method returns true we display success message, if not the error message.

That's all. I hope it was clear enough for you, what I was trying to accomplish in this example. You can change it in probably hundreds different ways and adjust it to your own needs. Feel free to do that.

You can download all of the files here.

Here you can find a working demo of the class I will introduce in this example

Let's start with defining the class and the variables we will use in the scope of this class. We will give it a Login name because it has to handle a user, who wants to login to view certain content, which is available only for registered users.

class Login {
 
    private $user_name;
    private $user_pass;
    private $user_id;
    private $user_access;
    public $login_error;
 
    function __construct($username,$userpass)  {
        $this->user_name = $username;
        $this->user_pass = (isset($_SESSION['user']])) ? $userpass : md5($userpass);
    }
 
}

We declared the properties of this class as private, because we will use them only in scope of it and we will access them only internally from this class. The only public property will be responsible for error handling. We use __construct function to assign values to the properties we just declared, when the class will be initialized. We assume that password stored in database was encrypted using md5() function. As the first step we will declare a method, which will handle user login.

public function loginUser() {
    if($this->checkUser()) {
        $this->setUser();
        header("Location:index.php?page=overview");
    } else {
        $this->error_login = 'wrong username or password';
    }
}

We set the loginUser function to public so we can access it after we initialize our class. We check, if the user exists in our database. If the information in database matches the user input, we use setUser function to store the information about the user, which we can use later to authenticate or to get user content availably only for that certain user.

As second step we will declare a private method checkUser, which will check, if a the information provided by user exists in database. This will be a simple MySQL query and the method will return true in case user exists and false in case of any mismatch.

(In this place you might comment out MySQL check and just add hard coded check for certain string. I add this part as a commentary.)

private function checkUser() {
    /*
    return ($this->user_name == 'demo' && $this->user_pass == 'demo') ? true : false;
    */
    $sql = sprintf("SELECT COUNT(*) AS exist FROM usertable WHERE username='%s' AND pass='%s' AND confirmed='1';",$this->user_name,$this->user_pass);
    $res = mysql_query($sql) or die(mysql_error());
    return (mysql_result($res,0,'exist') == 1) ? true : false;
}

In the next step we will define a method, which will set our user as a session array, where we will store all the important information about our user.

(Again, if you don't want to use database, you can define default user id.)

private function setUser() {
    /*
    $this->user_ip = 1;
    */
    $sql = sprintf("SELECT id FROM miss_user WHERE username='%s' AND pass='%s';",$this->user_name,$this->user_pass);
    $res = mysql_query($sql) or die(mysql_error());
    $this->user_id = mysql_result($res,0,'id');
    $_SESSION['user'] = array('user_id'=>$this->user_id, 'user_name'=>$this->user_name, 'user_pass'=>$this->user_pass, 'user_ip'=>$_SERVER['REMOTE_ADDR']);
    setcookie('userip',$_SERVER['REMOTE_ADDR'],0);
}

As you can notice we saved user id, user name, user password and user remote address in an array, which we will later use to authenticate user. We declared this method as private again, because we will access it only in the scope of our class. Additionally we save a cookie with the IP address of the user to perform a check against session stealing. Even if someone would try to steal the session by just randomly typing it into the URL address, the authentication will be failed because it wont match the IP in the cookie.

In this step we will actually perform the authentication of a user.

public function authenticateUser($user) {
    if(is_array($user) && !empty($user)) {
        if($this->checkUser()) {
            return ($_COOKIE['userip'] == $_SESSION['user']['user_ip']) ? true : false;
        } else {
            return false;
        }
    } else {
        return false;
    }
}

First we check, if the session array is an array at all and if it's not empty. After that we perform checkUser again to compare the session array with the database information. At the end we do the last check, if the IP address saved in the cookie matches the address saved in session array. In my case the method authenticateUser returns true on success and false in case of failure but you can do whatever you want after a user passes authentication. We save id of a user because it might be useful later in getting the information relevant only for this certain user or from two MySQL tables, which are related to each other by an user ip.

The only thing, which we are missing right now is the log out method.

public function logOut() {
    unset($_SESSION['user']);
    setcookie('userip','',time()-3600);
    header("Location:login.php");
}

I think this is self explanatory. We unset the sessionn, destroy the cookie and redirect the user to the login page. That would be all. Now i will present a simple usage of this class.

session_start();
error_reporting(E_ALL);
include('class.login.php');
if(isset($_POST['submit']) && $_POST['submit'] == 'login') {
    $login = new Login($_POST['username'],$_POST['pass']);
    $login->loginUser();
} elseif(isset($_SESSION['user']) && is_array($_SESSION['user']) && !empty($_SESSION['user'])) {
    $login = new Login($_SESSION['user']['user_name'],$_SESSION['user']['user_pass']);
}
 
if(isset($_GET['page']) && $_GET['page'] == 'logout') {
    $login->logOut();
}

We start a session and include our class before we send any headers. We use error_reporting only for develpment reasons and you can erase this line or decrees the level of error reporting if you want. We perform a check, if user submit the login form. If yes we initialize the Login class with the information provided by user. If the input validates we log in user and redirect him to welcome page (as stated in the class). If the user didn't submit the login information we perform another check, if the session array is set and if it's not empty we initialize our class with the information saved in our session array. If the user clicks on the log out button, we use logOut method to destroy all the information about the user. After that we can send some headers.

<?php
if(isset($_SESSION['user']) && $login->authenticateUser($_SESSION['user'])) {
    if(isset($_GET['page']) && $_GET['page'] == 'logged') {
?>
        <a href="login.php?page=logout">Logout</a>
<?php
    }
} else {
    echo (isset($_POST['submit'])) ? $login->error_login : '';
?>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
username:<input name="username" type="text" />
password:<input name="pass" type="text" /> <input name="submit" type="submit" value="login" />
</form>
<?php
}
?>

In this part we perform actual authentication of the user and display information for authenticated users and if there is any error we display the error message

Wow I did it. It's my first tutorial kind of example thing:) If you want to download the files with source code for this example you can do it here. I'm waiting for your feedback right now. If you went that far you can write at least couple words:) Going back to work now...