From auWiki
Jump to: navigation, search

The auUser class is part of the auLib package. It provides common functions for users, and needs to be extended in order to work with a site's specific users table.


auUser implements some functions that are most likely useful to any site's user system. Since different sites will usually have different needs for their user systems, this class does not implement any specifics and should be extended by each site in order to do so.



How long a user can go between page requests before their session times out and they are no longer considered logged in. It's possible that the lifetime of the session cookie sent by PHP will be shorter than this time, depending on settings.


How long the "remember me" cookie should last.


Name the "remember me" cookie should be saved under. The default value is autologin.


If not defined already when auUser is included, this will get set to the host name with www or similar removed. For example, with a hostname of, _HOST will be set to This is used for removing the domain part of links to the same site.

Public Data


True if the object represents a valid user.


Results of trying to log in.


Logged-in user's ID, if the user is valid.


Logged-in user's display name, if user is valid.

Protected Data


Connection to the database (usually an auDB object).


Page to load after login. Change this value in GetUserInfo() to send the user to a specific page.

Public Functions

new auUser

new auUser($db)

Creates a new user object. Normally this function should not need to be overridden by classes that extend auUser.

  • $db = Database connection for looking up user information.



Encrypts a plain-text password for storing in a cookie or the database.

  • $password = Plain-text password to encrypt.
  • @return = Encrypted password.


CheckPassword($password, $hash)

Checks a plain-text password against an encrypted password.

  • $password = Plain-text password.
  • $hash = Encrypted password.
  • @return = True if passwords match.

Protected Functions

Classes that extend auUser might find these functions useful, but they are not generally available.



Attempts to process the user registration form (must be overridden to use site-specific user data).

  • @return = True if user was successfully registered and logged in.


GetUserInfo($id, $login, $password, $hashed)

Gets user information from the database (must be overridden to get site-specific user data).

  • $id = Look up information for user with this ID.
  • $login = True if the user is logging in (i.e. from the login form or from the auto-login cookie). Default is not logging in.
  • $password = If present, this password is checked against the user's password stored in the database. Default is not to check a password.
  • $hashed = Set this to true if $password is set to the hashed version of the user's password. Default is not hashed.
  • @return = True if user information was retrieved.



Gets user information for a guest user (should be overridden to get site-specific user data).



Updates the password for the user to use the latest hash algorithm (should be overridden to update site-specific user data). This function is called automatically when a user whose password is stored using a previous hash algorithm logs in. use EncryptPassword to get the new hash, then store that value in the database. The base function simply gets the new hash. Since it doesn’t store the hash by default, not overriding this function simply won’t update users to the new hash algorithm at login meaning the new algorithm is only used by new users and password changes.

  • $newpass = The password in plain-text.