Object Oriented Programming- The Banking Application - Login

By

In this article, we discuss the login portion of our banking application. The whole point of this application is to try to simulate an actual banking system, and at the same time to use all the knowledge that we've gained about Object Oriented Programming so far. I should also state that this is but one of many ways in which a banking application can be created. We will also be discussing some additional OOP concepts that we have not looked at yet.

The login method

To start off, both classes, the customer class and accounts class connects to the database server (MYSQL database server in our case) when they are instantiated. The constructor functions takes care of this very useful functionality. This is how its done in the customer class:

public function __construct($dbname="bank",$host="localhost") { $this->dbcon = mysql_connect($host); if(! is_resource($this->dbcon)){ throw new Exception("Unable to connect to the database!"); } $connected = mysql_select_db($dbname, $this -> dbcon); if(! $connected) { throw new Exception("Unable to use the database ".$dbname."!"); } }

Basically, the constructor function sets the database connection details, such as the hostname and database name:

 ($dbname="bank",$host="localhost")
 

It would be better to have the database connection information stored somewhere else instead of showing it like this in the heading of the function for security reasons. Then it connects to the database server like so:

$this->dbcon = mysql_connect($host); if(! is_resource($this->dbcon)){ throw new Exception("Unable to connect to the database!"); }

Then it selects the database that is going to be used:

$connected = mysql_select_db($dbname, $this -> dbcon); if(! $connected) { throw new Exception("Unable to use the database ".$dbname."!"); }

If you are going to use a different database each time, please make sure to change where appropriate. What the constructor method does is to create a database connection resource that can be used anywhere in the class definition to run queries. To ensure that you can run queries in any of the other methods, it is important to first check if this resource is indeed set. For instance if you want to run a query in a method that is defined for the customers class you would do something like this:

function is_connected(){ if(isset($this->dbcon)){ return TRUE; }else{ return FALSE; } }

What the method above does is to check if there is a connection established to the database server and then it returns true or false based on the outcome. Throughout our classes, we use this method to check if there is a database connection before attempting to run queries.

Below is a screen of the login form followed by some code that produces the form:

Figure 1

<?php session_start(); include "class.acc.php"; include "class.cust.php"; $obj=new customer; if(isset($_POST['Submit'])){ $err=false; $errmsg=""; //clean vars if(empty($_POST['name'])){ $err=true; $errmsg="Please enter a username"; } if(empty($_POST['pin'])){ $err=true; $errmsg="Please enter a pin"; } if(is_numeric($_POST['name'])){ $err=true; $errmsg="Please enter a valid username"; } if(!is_numeric($_POST['pin'])){ $err=true; $errmsg="Please enter a valid pin"; } /* if(strlen($_POST['pin'] < 4)){ $err=true; $errmsg="Please enter a valid pin"; } */ if(!$err){ //clean for database entry $cleanpin=mysql_real_escape_string($_POST['pin']); $cleanname=mysql_real_escape_string($_POST['name']); $authed = $obj->auth($cleanpin,$cleanname); if($authed){ //trsnsfer vars //grab the users details $id = $obj->getcustID(); $name = $obj->getname(); $_SESSION['custid']=$id; $_SESSION['name']=$name; header("location:home.php"); }else{ $errmsg = "Your details did not match"; } } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="https://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> <link href="Templates/bank.css" rel="stylesheet" type="text/css" /> </head> <body> <?php if(isset($errmsg)){ echo $errmsg; }else{ $obj->login(); } ?> </body> </html>

This is what the code for the login method looks like. In the above code this method is called in the following way:

$obj->login();

function login(){ echo '<form id="form1" name="form1" method="post" action="'.$_SERVER['PHP_SELF'].'"> <table width="100%" border="0" class="brdr"> <tr> <td colspan="3"><p class="hdr">MAMAS //UIS BANK INC</p></td> </tr> <tr> <td colspan="3"> </td> </tr> <tr> <td colspan="3"> </td> </tr> <tr> <td colspan="3"></td> </tr> <tr> <td width="12%"> </td> <td width="12%"><strong>Username:</strong></td> <td width="88%"><label> <input name="name" type="text" id="name" /> </label></td> </tr> <tr> <td> </td> <td><strong>Pin:</strong></td> <td><label> <input name="pin" type="password" id="pin" /> </label></td> </tr> <tr> <td> </td> <td> </td> <td><label> <input type="submit" name="Submit" value="Login" /> </label></td> </tr> </table> </form>'; }

The login method is located in the customer class and is responsible for presenting the login form to the customer. The form has two fields, one to take the customers username and another to take the customers pin number. The pin number is about four digits and the username is actually the name of the customer. The method starts off by defining a form tag like so:

echo '<form id="form1" name="form1" method="post" action="'.$_SERVER['PHP_SELF'].'"><br> <table width="100%" border="0" class="brdr"><br>

Notice that in the action attribute of the tag the PHP_SELF global variable is used. This variable basically tells the form to submit the form data to the page from which it is called. This means that you can use this method in any script, and it will simply submit the form data. The next part of the code sets up the bank name:

<tr> <td colspan="3"><p class="hdr">MAMAS //UIS BANK INC</p></td> </tr> <tr> <td colspan="3"> </td> </tr> <tr> <td colspan="3"> </td> </tr> <tr> <td colspan="3"></td> </tr>

Then we build the form element that actually takes the name of the customer:

<tr> <td width="12%"> </td> <td width="12%"><strong>Username:</strong></td> <td width="88%"><label> <input name="name" type="text" id="name" /> </label></td> </tr>

Next we build the form element that takes the user's pin number:

<tr> <td> </td> <td><strong>Pin:</strong></td> <td><label> <input name="pin" type="password" id="pin" /> </label></td> </tr>

Notice that we have set the type of field to password; this disguises the actual pin number of the customer and only dots appear when the customer enters it. Finally we create the submit button:

<tr> <td> </td> <td> </td> <td><label> <input type="submit" name="Submit" value="Login" /> </label></td> </tr> </textarea>

Note that it is always a good idea to include a hidden form field that you can use to check if the form is submitted or not. This is because sometimes users simply press the return button instead of the submit button on the form. This way, both scenarios are covered.

Now, once the customer submits this form, the following code takes care of the processing of the data:

<?php session_start(); include "class.acc.php"; include "class.cust.php"; $obj=new customer; if(isset($_POST['Submit'])){ $err=false; $errmsg=""; //clean vars if(empty($_POST['name'])){ $err=true; $errmsg="Please enter a username"; } if(empty($_POST['pin'])){ $err=true; $errmsg="Please enter a pin"; } if(is_numeric($_POST['name'])){ $err=true; $errmsg="Please enter a valid username"; } if(!is_numeric($_POST['pin'])){ $err=true; $errmsg="Please enter a valid pin"; } /* if(strlen($_POST['pin']

The first few code lines of the code are very important because it is where all the classes are included and instantiated:

<?php session_start(); include "class.acc.php"; include "class.cust.php"; $obj=new customer;

Instantiating a class, as discussed in the previous articles, transfers all of it methods and attributes to a variable that makes it easy for us to use in the wider application. For example to use any method in the customer class, we will not need to write this:

  Customer->login();
  

The next part of the code checks to see if the form has been submitted:

  if(isset($_POST['Submit'])){
  

Then it validates the submitted form data. I cannot stress enough how important this part of form processing is. It is where most major attacks takes place so it is very important to validate your data. The first part of the validation process checks to see if the data that was submitted is empty and sets the appropriate error messages:

$err=false; $errmsg=""; //clean vars if(empty($_POST['name'])){ $err=true; $errmsg="Please enter a username"; } if(empty($_POST['pin'])){ $err=true; $errmsg="Please enter a pin"; }

Then we check to see if the data is of the correct type. We expect two types here, numeric for the pin number and string for the username. So it is easy to check both with the is_numeric() function or you can also use the is_string() function to check for the name:

if(is_numeric($_POST['name'])){ $err=true; $errmsg="Please enter a valid username"; } if(!is_numeric($_POST['pin'])){ $err=true; $errmsg="Please enter a valid pin"; }

In the next section we will continue to look at the login code and also look at some of the other code that makes up the application.

Find a programming school near you

Zip Code:

Subject: - Select All Subjects - Computer Applications Computer Engineering Computer Science Computer Prog. - Software Dev. Computer Game Programming Web Design Web Development Internet Systems Internet Certification Database Design and Development Information Systems Management Information Technology Project Management Network Design - Development Systems Analyst

Degree: - Select All Degrees - Associate's Bachelor's Master's Doctoral Certificates Diplomas Coursework MBA

Online Campus Both