<?PHPrequire_once("class.phpmailer.php");require_once("formvalidator.php");

1. <?PHP
2. require_once("class.phpmailer.php");
3. require_once("formvalidator.php");
4.  
5. class FGMembersite
6. {
7. var $admin_email;
8. var $from_address;
9.  
10. var $domain;
11. var $username;
12. var $pwd;
13. var $database;
14. var $tablename;
15. var $connection;
16. var $rand_key;
17.  
18. var $error_message;
19.  
20. //-----Initialization -------
21. function FGMembersite()
22. {
23. $this->sitename = 'my.advenacm.com';
24. $this->rand_key = '0iQx5oBk66oVZep';
25. }
26.  
27. function InitDB($host,$uname,$pwd,$database,$tablename)
28. {
29. $this->db_host = $host;
30. $this->username = $uname;
31. $this->pwd = $pwd;
32. $this->database = $database;
33. $this->tablename = $tablename;
34.  
35. }
36. function SetAdminEmail($email)
37. {
38. $this->admin_email = $email;
39. }
40.  
41. function SetWebsiteName($sitename)
42. {
43. $this->sitename = $sitename;
44. }
45.  
46. function SetRandomKey($key)
47. {
48. $this->rand_key = $key;
49. }
50.  
51. //-------Main Operations ----------------------
52. function RegisterUser()
53. {
54. if(!isset($_POST['submitted']))
55. {
56. return false;
57. }
58.  
59. $formvars = array();
60.  
61. if(!$this->ValidateRegistrationSubmission())
62. {
63. return false;
64. }
65.  
66. $this->CollectRegistrationSubmission($formvars);
67.  
68. if(!$this->SaveToDatabase($formvars))
69. {
70. return false;
71. }
72.  
73. if(!$this->SendUserConfirmationEmail($formvars))
74. {
75. return false;
76. }
77.  
78. $this->SendAdminIntimationEmail($formvars);
79.  
80. return true;
81. }
82.  
83. function ConfirmUser()
84. {
85. if(empty($_GET['code'])||strlen($_GET['code'])<=10)
86. {
87. $this->HandleError("Please provide the confirm code");
88. return false;
89. }
90. $user_rec = array();
91. if(!$this->UpdateDBRecForConfirmation($user_rec))
92. {
93. return false;
94. }
95.  
96. $this->SendUserWelcomeEmail($user_rec);
97.  
98. $this->SendAdminIntimationOnRegComplete($user_rec);
99.  
100. return true;
101. }
102.  
103. function Login()
104. {
105. if(empty($_POST['username']))
106. {
107. $this->HandleError("UserName is empty!");
108. return false;
109. }
110.  
111. if(empty($_POST['password']))
112. {
113. $this->HandleError("Password is empty!");
114. return false;
115. }
116.  
117. $username = trim($_POST['username']);
118. $password = trim($_POST['password']);
119.  
120. if(!isset($_SESSION)){ session_start(); }
121. if(!$this->CheckLoginInDB($username,$password))
122. {
123. return false;
124. }
125.  
126. $_SESSION[$this->GetLoginSessionVar()] = $username;
127.  
128. return true;
129. }
130.  
131. function CheckLogin()
132. {
133. if(!isset($_SESSION)){ session_start(); }
134.  
135. $sessionvar = $this->GetLoginSessionVar();
136.  
137. if(empty($_SESSION[$sessionvar]))
138. {
139. return false;
140. }
141. return true;
142. }
143.  
144. function UserName()
145. {
146. return isset($_SESSION['username_of_user'])?$_SESSION['username_of_user']:'';
147. }
148.  
149. function UserFullName()
150. {
151. return isset($_SESSION['name_of_user'])?$_SESSION['name_of_user']:'';
152. }
153.  
154. function UserEmail()
155. {
156. return isset($_SESSION['email_of_user'])?$_SESSION['email_of_user']:'';
157. }
158.  
159. function UserDomain()
160. {
161. return isset($_SESSION['domain_of_user'])?$_SESSION['domain_of_user']:'';
162. }
163.  
164. function LogOut()
165. {
166. session_start();
167.  
168. $sessionvar = $this->GetLoginSessionVar();
169.  
170. $_SESSION[$sessionvar]=NULL;
171.  
172. unset($_SESSION[$sessionvar]);
173. }
174.  
175. function EmailResetPasswordLink()
176. {
177. if(empty($_POST['email']))
178. {
179. $this->HandleError("Email is empty!");
180. return false;
181. }
182. $user_rec = array();
183. if(false === $this->GetUserFromEmail($_POST['email'], $user_rec))
184. {
185. return false;
186. }
187. if(false === $this->SendResetPasswordLink($user_rec))
188. {
189. return false;
190. }
191. return true;
192. }
193.  
194. function ResetPassword()
195. {
196. if(empty($_GET['email']))
197. {
198. $this->HandleError("Email is empty!");
199. return false;
200. }
201. if(empty($_GET['code']))
202. {
203. $this->HandleError("reset code is empty!");
204. return false;
205. }
206. $email = trim($_GET['email']);
207. $code = trim($_GET['code']);
208.  
209. if($this->GetResetPasswordCode($email) != $code)
210. {
211. $this->HandleError("Bad reset code!");
212. return false;
213. }
214.  
215. $user_rec = array();
216. if(!$this->GetUserFromEmail($email,$user_rec))
217. {
218. return false;
219. }
220.  
221. $new_password = $this->ResetUserPasswordInDB($user_rec);
222. if(false === $new_password || empty($new_password))
223. {
224. $this->HandleError("Error updating new password");
225. return false;
226. }
227.  
228. if(false == $this->SendNewPassword($user_rec,$new_password))
229. {
230. $this->HandleError("Error sending new password");
231. return false;
232. }
233. return true;
234. }
235.  
236. function ChangePassword()
237. {
238. if(!$this->CheckLogin())
239. {
240. $this->HandleError("Not logged in!");
241. return false;
242. }
243.  
244. if(empty($_POST['oldpwd']))
245. {
246. $this->HandleError("Old password is empty!");
247. return false;
248. }
249. if(empty($_POST['newpwd']))
250. {
251. $this->HandleError("New password is empty!");
252. return false;
253. }
254.  
255. $user_rec = array();
256. if(!$this->GetUserFromEmail($this->UserEmail(),$user_rec))
257. {
258. return false;
259. }
260.  
261. $pwd = trim($_POST['oldpwd']);
262.  
263. if($user_rec['password'] != md5($pwd))
264. {
265. $this->HandleError("The old password does not match!");
266. return false;
267. }
268. $newpwd = trim($_POST['newpwd']);
269.  
270. if(!$this->ChangePasswordInDB($user_rec, $newpwd))
271. {
272. return false;
273. }
274. return true;
275. }
276.  
277. //-------Public Helper functions -------------
278. function GetSelfScript()
279. {
280. return htmlentities($_SERVER['PHP_SELF']);
281. }
282.  
283. function SafeDisplay($value_name)
284. {
285. if(empty($_POST[$value_name]))
286. {
287. return'';
288. }
289. return htmlentities($_POST[$value_name]);
290. }
291.  
292. function RedirectToURL($url)
293. {
294. header("Location: $url");
295. exit;
296. }
297.  
298. function GetSpamTrapInputName()
299. {
300. return 'sp'.md5('KHGdnbvsgst'.$this->rand_key);
301. }
302.  
303. function GetErrorMessage()
304. {
305. if(empty($this->error_message))
306. {
307. return '';
308. }
309. $errormsg = nl2br(htmlentities($this->error_message));
310. return $errormsg;
311. }
312. //-------Private Helper functions-----------
313.  
314. function HandleError($err)
315. {
316. $this->error_message .= $err."\r\n";
317. }
318.  
319. function HandleDBError($err)
320. {
321. $this->HandleError($err."\r\n mysqlerror:".mysql_error());
322. }
323.  
324. function GetFromAddress()
325. {
326. if(!empty($this->from_address))
327. {
328. return $this->from_address;
329. }
330.  
331. $host = $_SERVER['SERVER_NAME'];
332.  
333. $from ="nobody@$host";
334. return $from;
335. }
336.  
337. function GetLoginSessionVar()
338. {
339. $retvar = md5($this->rand_key);
340. $retvar = 'usr_'.substr($retvar,0,10);
341. return $retvar;
342. }
343.  
344. function CheckLoginInDB($username,$password)
345. {
346. if(!$this->DBLogin())
347. {
348. $this->HandleError("Database login failed!");
349. return false;
350. }
351. $username = $this->SanitizeForSQL($username);
352. $pwdmd5 = md5($password);
353. $qry = "Select name, email from $this->tablename where username='$username' and password='$pwdmd5' and confirmcode='y'";
354.  
355. $result = mysql_query($qry,$this->connection);
356.  
357. if(!$result || mysql_num_rows($result) <= 0)
358. {
359. $this->HandleError("Error logging in. The username or password does not match");
360. return false;
361. }
362.  
363. $row = mysql_fetch_assoc($result);
364.  
365.  
366. $_SESSION['name_of_user'] = $row['name'];
367. $_SESSION['domain_of_user'] = $row['domain'];
368. $_SESSION['email_of_user'] = $row['email'];
369.  
370.  
371. return true;
372. }
373.  
374. function UpdateDBRecForConfirmation(&$user_rec)
375. {
376. if(!$this->DBLogin())
377. {
378. $this->HandleError("Database login failed!");
379. return false;
380. }
381. $confirmcode = $this->SanitizeForSQL($_GET['code']);
382.  
383. $result = mysql_query("Select name, email from $this->tablename where confirmcode='$confirmcode'",$this->connection);
384. if(!$result || mysql_num_rows($result) <= 0)
385. {
386. $this->HandleError("Wrong confirm code.");
387. return false;
388. }
389. $row = mysql_fetch_assoc($result);
390. $user_rec['name'] = $row['name'];
391. $user_rec['email']= $row['email'];
392.  
393. $qry = "Update $this->tablename Set confirmcode='y' Where confirmcode='$confirmcode'";
394.  
395. if(!mysql_query( $qry ,$this->connection))
396. {
397. $this->HandleDBError("Error inserting data to the table\nquery:$qry");
398. return false;
399. }
400. return true;
401. }
402.  
403. function ResetUserPasswordInDB($user_rec)
404. {
405. $new_password = substr(md5(uniqid()),0,10);
406.  
407. if(false == $this->ChangePasswordInDB($user_rec,$new_password))
408. {
409. return false;
410. }
411. return $new_password;
412. }
413.  
414. function ChangePasswordInDB($user_rec, $newpwd)
415. {
416. $newpwd = $this->SanitizeForSQL($newpwd);
417.  
418. $qry = "Update $this->tablename Set password='".md5($newpwd)."' Where id_user=".$user_rec['id_user']."";
419.  
420. if(!mysql_query( $qry ,$this->connection))
421. {
422. $this->HandleDBError("Error updating the password \nquery:$qry");
423. return false;
424. }
425. return true;
426. }
427.  
428. function GetUserFromEmail($email,&$user_rec)
429. {
430. if(!$this->DBLogin())
431. {
432. $this->HandleError("Database login failed!");
433. return false;
434. }
435. $email = $this->SanitizeForSQL($email);
436.  
437. $result = mysql_query("Select * from $this->tablename where email='$email'",$this->connection);
438.  
439. if(!$result || mysql_num_rows($result) <= 0)
440. {
441. $this->HandleError("There is no user with email: $email");
442. return false;
443. }
444. $user_rec = mysql_fetch_assoc($result);
445.  
446.  
447. return true;
448. }
449.  
450. function SendUserWelcomeEmail(&$user_rec)
451. {
452. $mailer = new PHPMailer();
453.  
454. $mailer->CharSet = 'utf-8';
455.  
456. $mailer->AddAddress($user_rec['email'],$user_rec['name']);
457.  
458. $mailer->Subject = "Welcome to ".$this->sitename;
459.  
460. $mailer->From = $this->GetFromAddress();
461.  
462. $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n".
463. "Welcome! Your registration with ".$this->sitename." is completed.\r\n".
464. "\r\n".
465. "Regards,\r\n".
466. "Webmaster\r\n".
467. $this->sitename;
468.  
469. if(!$mailer->Send())
470. {
471. $this->HandleError("Failed sending user welcome email.");
472. return false;
473. }
474. return true;
475. }
476.  
477. function SendAdminIntimationOnRegComplete(&$user_rec)
478. {
479. if(empty($this->admin_email))
480. {
481. return false;
482. }
483. $mailer = new PHPMailer();
484.  
485. $mailer->CharSet = 'utf-8';
486.  
487. $mailer->AddAddress($this->admin_email);
488.  
489. $mailer->Subject = "Registration Completed: ".$user_rec['name'];
490.  
491. $mailer->From = $this->GetFromAddress();
492.  
493. $mailer->Body ="A new user registered at ".$this->sitename."\r\n".
494. "Name: ".$user_rec['name']."\r\n".
495. "Email address: ".$user_rec['email']."\r\n";
496.  
497. if(!$mailer->Send())
498. {
499. return false;
500. }
501. return true;
502. }
503.  
504. function GetResetPasswordCode($email)
505. {
506. return substr(md5($email.$this->sitename.$this->rand_key),0,10);
507. }
508.  
509. function SendResetPasswordLink($user_rec)
510. {
511. $email = $user_rec['email'];
512.  
513. $mailer = new PHPMailer();
514.  
515. $mailer->CharSet = 'utf-8';
516.  
517. $mailer->AddAddress($email,$user_rec['name']);
518.  
519. $mailer->Subject = "Your reset password request at ".$this->sitename;
520.  
521. $mailer->From = $this->GetFromAddress();
522.  
523. $link = $this->GetAbsoluteURLFolder().
524. '/resetpwd.php?email='.
525. urlencode($email).'&code='.
526. urlencode($this->GetResetPasswordCode($email));
527.  
528. $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n".
529. "There was a request to reset your password at ".$this->sitename."\r\n".
530. "Please click the link below to complete the request: \r\n".$link."\r\n".
531. "Regards,\r\n".
532. "Webmaster\r\n".
533. $this->sitename;
534.  
535. if(!$mailer->Send())
536. {
537. return false;
538. }
539. return true;
540. }
541.  
542. function SendNewPassword($user_rec, $new_password)
543. {
544. $email = $user_rec['email'];
545.  
546. $mailer = new PHPMailer();
547.  
548. $mailer->CharSet = 'utf-8';
549.  
550. $mailer->AddAddress($email,$user_rec['name']);
551.  
552. $mailer->Subject = "Your new password for ".$this->sitename;
553.  
554. $mailer->From = $this->GetFromAddress();
555.  
556. $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n".
557. "Your password is reset successfully. ".
558. "Here is your updated login:\r\n".
559. "username:".$user_rec['username']."\r\n".
560. "password:$new_password\r\n".
561. "\r\n".
562. "Login here: ".$this->GetAbsoluteURLFolder()."/login.php\r\n".
563. "\r\n".
564. "Regards,\r\n".
565. "Webmaster\r\n".
566. $this->sitename;
567.  
568. if(!$mailer->Send())
569. {
570. return false;
571. }
572. return true;
573. }
574.  
575. function ValidateRegistrationSubmission()
576. {
577. //This is a hidden input field. Humans won't fill this field.
578. if(!empty($_POST[$this->GetSpamTrapInputName()]) )
579. {
580. //The proper error is not given intentionally
581. $this->HandleError("Automated submission prevention: case 2 failed");
582. return false;
583. }
584.  
585. $validator = new FormValidator();
586. $validator->addValidation("name","req","Please fill in Name");
587. $validator->addValidation("email","email","The input for Email should be a valid email value");
588. $validator->addValidation("email","req","Please fill in Email");
589. $validator->addValidation("domain","req","Please fill in UserName");
590. $validator->addValidation("username","req","Please fill in UserName");
591. $validator->addValidation("password","req","Please fill in Password");
592.  
593.  
594. if(!$validator->ValidateForm())
595. {
596. $error='';
597. $error_hash = $validator->GetErrors();
598. foreach($error_hash as $inpname => $inp_err)
599. {
600. $error .= $inpname.':'.$inp_err."\n";
601. }
602. $this->HandleError($error);
603. return false;
604. }
605. return true;
606. }
607.  
608. function CollectRegistrationSubmission(&$formvars)
609. {
610. $formvars['name'] = $this->Sanitize($_POST['name']);
611. $formvars['email'] = $this->Sanitize($_POST['email']);
612. $formvars['domain'] = $this->Sanitize($_POST['domain']);
613. $formvars['username'] = $this->Sanitize($_POST['username']);
614. $formvars['password'] = $this->Sanitize($_POST['password']);
615. }
616.  
617. function SendUserConfirmationEmail(&$formvars)
618. {
619. $mailer = new PHPMailer();
620.  
621. $mailer->CharSet = 'utf-8';
622.  
623. $mailer->AddAddress($formvars['email'],$formvars['name']);
624.  
625. $mailer->Subject = "Your registration with ".$this->sitename;
626.  
627. $mailer->From = $this->GetFromAddress();
628.  
629. $confirmcode = $formvars['confirmcode'];
630.  
631. $confirm_url = $this->GetAbsoluteURLFolder().'/confirmreg.php?code='.$confirmcode;
632.  
633. $mailer->Body ="Hello ".$formvars['name']."\r\n\r\n".
634. "Thanks for your registration with ".$this->sitename."\r\n".
635. "Please click the link below to confirm your registration.\r\n".
636. "$confirm_url\r\n".
637. "\r\n".
638. "Regards,\r\n".
639. "Webmaster\r\n".
640. $this->sitename;
641.  
642. if(!$mailer->Send())
643. {
644. $this->HandleError("Failed sending registration confirmation email.");
645. return false;
646. }
647. return true;
648. }
649. function GetAbsoluteURLFolder()
650. {
651. $scriptFolder = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) ? 'https://' : 'http://';
652. $scriptFolder .= $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']);
653. return $scriptFolder;
654. }
655.  
656. function SendAdminIntimationEmail(&$formvars)
657. {
658. if(empty($this->admin_email))
659. {
660. return false;
661. }
662. $mailer = new PHPMailer();
663.  
664. $mailer->CharSet = 'utf-8';
665.  
666. $mailer->AddAddress($this->admin_email);
667.  
668. $mailer->Subject = "New registration: ".$formvars['name'];
669.  
670. $mailer->From = $this->GetFromAddress();
671.  
672. $mailer->Body ="A new user registered at ".$this->sitename."\r\n".
673. "Name: ".$formvars['name']."\r\n".
674. "Email address: ".$formvars['email']."\r\n".
675. "UserName: ".$formvars['username'];
676.  
677. if(!$mailer->Send())
678. {
679. return false;
680. }
681. return true;
682. }
683.  
684. function SaveToDatabase(&$formvars)
685. {
686. if(!$this->DBLogin())
687. {
688. $this->HandleError("Database login failed!");
689. return false;
690. }
691. if(!$this->Ensuretable())
692. {
693. return false;
694. }
695. if(!$this->IsFieldUnique($formvars,'email'))
696. {
697. $this->HandleError("This email is already registered");
698. return false;
699. }
700.  
701. if(!$this->IsFieldUnique($formvars,'username'))
702. {
703. $this->HandleError("This UserName is already used. Please try another username");
704. return false;
705. }
706.  
707. if(!$this->IsFieldUnique($formvars,'domain'))
708. {
709. $this->HandleError("An account has already been registered with the specified domain. Please use another.");
710. return false;
711. }
712. if(!$this->InsertIntoDB($formvars))
713. {
714. $this->HandleError("Inserting to Database failed!");
715. return false;
716. }
717. return true;
718.  
719. $row = mysql_fetch_assoc($result);
720. $_SESSION['domain_of_user'] = $row['domain'];
721. }
722.  
723. function IsFieldUnique($formvars,$fieldname)
724. {
725. $field_val = $this->SanitizeForSQL($formvars[$fieldname]);
726. $qry = "select username from $this->tablename where $fieldname='".$field_val."'";
727. $result = mysql_query($qry,$this->connection);
728. if($result && mysql_num_rows($result) > 0)
729. {
730. return false;
731. }
732. return true;
733. }
734.  
735. function DBLogin()
736. {
737.  
738. $this->connection = mysql_connect($this->db_host,$this->username,$this->pwd);
739.  
740. if(!$this->connection)
741. {
742. $this->HandleDBError("Database Login failed! Please make sure that the DB login credentials provided are correct");
743. return false;
744. }
745. if(!mysql_select_db($this->database, $this->connection))
746. {
747. $this->HandleDBError('Failed to select database: '.$this->database.' Please make sure that the database name provided is correct');
748. return false;
749. }
750. if(!mysql_query("SET NAMES 'UTF8'",$this->connection))
751. {
752. $this->HandleDBError('Error setting utf8 encoding');
753. return false;
754. }
755. return true;
756. }
757.  
758. function Ensuretable()
759. {
760. $result = mysql_query("SHOW COLUMNS FROM $this->tablename");
761. if(!$result || mysql_num_rows($result) <= 0)
762. {
763. return $this->CreateTable();
764. }
765. return true;
766. }
767.  
768. function CreateTable()
769. {
770. $qry = "Create Table $this->tablename (".
771. "id_user INT NOT NULL AUTO_INCREMENT ,".
772. "name VARCHAR( 128 ) NOT NULL ,".
773. "email VARCHAR( 64 ) NOT NULL ,".
774. "phone_number VARCHAR( 16 ) NOT NULL ,".
775. "domain VARCHAR( 255 ) NOT NULL ,".
776. "username VARCHAR( 16 ) NOT NULL ,".
777. "password VARCHAR( 32 ) NOT NULL ,".
778. "confirmcode VARCHAR(32) ,".
779. "PRIMARY KEY ( id_user )".
780. ")";
781.  
782. if(!mysql_query($qry,$this->connection))
783. {
784. $this->HandleDBError("Error creating the table \nquery was\n $qry");
785. return false;
786. }
787. return true;
788. }
789.  
790. function InsertIntoDB(&$formvars)
791. {
792.  
793. $confirmcode = $this->MakeConfirmationMd5($formvars['email']);
794.  
795. $formvars['confirmcode'] = $confirmcode;
796.  
797. $insert_query = 'insert into '.$this->tablename.'(
798. name,
799. email,
800. domain,
801. username,
802. password,
803. confirmcode
804. )
805. values
806. (
807. "' . $this->SanitizeForSQL($formvars['name']) . '",
808. "' . $this->SanitizeForSQL($formvars['email']) . '",
809. "' . $this->SanitizeForSQL($formvars['domain']) . '",
810. "' . $this->SanitizeForSQL($formvars['username']) . '",
811. "' . md5($formvars['password']) . '",
812. "' . $confirmcode . '"
813. )';
814. if(!mysql_query( $insert_query ,$this->connection))
815. {
816. $this->HandleDBError("Error inserting data to the table\nquery:$insert_query");
817. return false;
818. }
819. return true;
820. }
821. function MakeConfirmationMd5($email)
822. {
823. $randno1 = rand();
824. $randno2 = rand();
825. return md5($email.$this->rand_key.$randno1.''.$randno2);
826. }
827. function SanitizeForSQL($str)
828. {
829. if( function_exists( "mysql_real_escape_string" ) )
830. {
831. $ret_str = mysql_real_escape_string( $str );
832. }
833. else
834. {
835. $ret_str = addslashes( $str );
836. }
837. return $ret_str;
838. }
839.  
840. /*
841. Sanitize() function removes any potential threat from the
842. data submitted. Prevents email injections or any other hacker attempts.
843. if $remove_nl is true, newline chracters are removed from the input.
844. */
845. function Sanitize($str,$remove_nl=true)
846. {
847. $str = $this->StripSlashes($str);
848.  
849. if($remove_nl)
850. {
851. $injections = array('/(\n+)/i',
852. '/(\r+)/i',
853. '/(\t+)/i',
854. '/(%0A+)/i',
855. '/(%0D+)/i',
856. '/(%08+)/i',
857. '/(%09+)/i'
858. );
859. $str = preg_replace($injections,'',$str);
860. }
861.  
862. return $str;
863. }
864. function StripSlashes($str)
865. {
866. if(get_magic_quotes_gpc())
867. {
868. $str = stripslashes($str);
869. }
870. return $str;
871. }
872. }
873. ?>