API tools faq
paste
Guest User

Untitled

a guest
Oct 31st, 2017
145
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.64 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. // opens the connection to the database. Returns a valid link if the connection was
  4. // established, otherwise return error die.
  5. function OpenConnection()
  6. {
  7. //$server = "6053-p204csm001";
  8. $server = "localhost";
  9. $user = "root";
  10. $pass = "";
  11. $port = 3306;
  12. // connect to the server
  13. $mysqli = mysqli_connect($server, $user, $pass, $db, $port);
  14. // test we connected
  15. if(mysqli_connect_errno())
  16. {
  17. print("connect failed: " + mysqli_connect_errno());
  18. exit();
  19. }
  20. // return connection
  21. return $mysqli;
  22. }
  23.  
  24. // Adds a new user to the system return "Success"
  25. // If the username exists in the system, return message "Username not unique"
  26. // If the password does not match the criteria, return message "Password does not match criteria"
  27. // If Access level is not 1, 2 or 3, return message "Incorrect access level"
  28. // If no email address supplied, return message "No email supplied"
  29. function AddUser($username, $password, $email, $access_level)
  30. {
  31. // initialise $added to false
  32. $added = false;
  33. // check we have valid access level between 1 and 3, an email and the user does not exist
  34. if(!UserExists($username) && $access_level > 0 && $access_level < 4 && $email != "")
  35. {
  36. // validate the password
  37. if(ValidPassword($password))
  38. {
  39. // open the connection
  40. $link = OpenConnection();
  41. // construct the query string to insert a new user
  42. $ePassword = md5($password);
  43. $query = "INSERT INTO users (user, pass, level, email)
  44. values('$username', '$ePassword', '$access_level', '$email')";
  45. print($query."<br>")
  46. or die ("Couldn't add row to table in \"user\" database: ".mysqli_error());
  47. // close the connection
  48. mysqli_close($link);
  49. // modify $added to true
  50. $added = true;
  51. }
  52. }
  53. // return $added
  54. return $added;
  55. }
  56.  
  57. // deletes an existing user from the system returns "Success"
  58. // if username does not exist, return message "Username not found"
  59. // if no users in the system, return message "No users in the system"
  60. function DeleteUser($username)
  61. {
  62. // initialise $deleted to false
  63. $deleted = false;
  64. // check if we have a valid user
  65. if(UserExists($username))
  66. {
  67. // open the connection
  68. $link = OpenConnection();
  69. // construct the query string to delete the user
  70. $query = "DELETE FROM users WHERE (users.user = \"$username\")";
  71. // execute the query
  72. $result = mysqli_query($link, $query)
  73. or die ("Couldn't add row to table in \"sample\" database: ".mysqli_error());
  74. // set the result
  75. if($result)
  76. {
  77. $deleted = true;
  78. }
  79. // close the connection
  80. mysqli_close($link);
  81. }
  82. // return result
  83. return $deleted;
  84. }
  85.  
  86. // finds the user in the systems and checks the password matches for the user
  87. // returns user details.
  88. // if the user not found in the system, return message "Username not found"
  89. // if no users in the system, return message "No users in the system"
  90. // if the password does not match, return message "Invalid password"
  91. function ValidateUser($username, $password)
  92. // Algorithm
  93. //
  94. {
  95. // if(user with username exists)
  96. // if(password matches user password)
  97. // return the user details
  98. // else
  99. // return "Invalid Password"
  100. // else
  101. // return "no user in system"
  102. if($user = UserExists($username))
  103. {
  104. $ePassword = md5($password);
  105. if($ePassword == $user['pass'])
  106. {
  107. return $user;
  108. }
  109. else
  110. {
  111. return "Invalid Password";
  112. }
  113. }
  114. else
  115. {
  116. return "No user in system";
  117. }
  118. }
  119.  
  120. // find the user in the system, modify supplied user details except username
  121. // return "Success"
  122. // if username does not exist, return message "Username not found"
  123. // if no users in the system return message "No users in system"
  124. // If the password does not match the criteria, return message "Password does not match criteria"
  125. // If Access level is not 1, 2 or 3, return message "Incorrect access level"
  126. // If no email address supplied, return message "No email supplied"
  127. function ModifyUser($username, $password, $email, $access_level)
  128. {
  129. $modified = false;
  130. if(UserExists($username))
  131. {
  132. if(ValidPassword($password))
  133. {
  134. if($access_level > 0 && $access_level < 4)
  135. {
  136. if(email != "")
  137. {
  138. $ePassword = md5($password);
  139. $link = OpenConnection();
  140. $query = "UPDATE users SET
  141. pass = '$ePassword'
  142. level = '$access_level'
  143. email = '$email'
  144. WHERE (users.user = '$username')";
  145. $result = mysqli_query($link, $query)
  146. or die ("Couldn't add row to table in \"sample\" database: ".mysqli_error());
  147. if($result)
  148. {
  149. $modified = true;
  150. }
  151. mysqli_close($link);
  152. }
  153. else
  154. {
  155. $modified = "No email supplied";
  156. }
  157. }
  158. else
  159. {
  160. $modified = "Incorrect access level";
  161. }
  162. }
  163. else
  164. {
  165. $modified = "Password does not match criteria";
  166. }
  167. }
  168. else
  169. {
  170. $modified = "Username not found";
  171. }
  172. return $modified;
  173. }
  174.  
  175. // returns a list of all users in the system
  176. // if no users in the system, return message "No users in system"
  177. function AllUsers()
  178. {
  179. $link = OpenConnection();
  180. $query = "SELECT * FROM users ORDER BY 'users.user'";
  181. $result = mysqli_query($link, $query)
  182. or die ("Couldn't add row to table in \"sample\" database: ".mysqli_error());
  183. $list = array();
  184. while($my_row = mysqli_fetch_assoc($result))
  185. {
  186. array_push($list, $my_row);
  187. }
  188. mysqli_close($link);
  189. return $list;
  190. }
  191.  
  192. // check the password contains 8 characters, at least one uppercase letter,
  193. // and contains at least one numeric, returns true
  194. // if criteria not met, return false
  195. function ValidPassword($password)
  196. {
  197. $valid = true;
  198. $len = strlen($password);
  199. if($len < 8)
  200. $valid = false;
  201.  
  202. $validUpper = false;
  203. $validDigit = false;
  204. for($i = 0; $i < $len; $i++)
  205. {
  206. if(ctype_upper($password[$i]))
  207. {
  208. $validUpper = true;
  209. }
  210. if(ctype_digit($password[$i]))
  211. {
  212. $validDigit =true;
  213. }
  214. }
  215. if($validUpper == false || $validDigit == false)
  216. $valid = false;
  217.  
  218. return $valid;
  219. }
  220.  
  221. // Finds the user in the system, returns true
  222. // if the user does not exist in the system, return false
  223. function UserExists($username)
  224. {
  225. $exists = false;
  226. $link = OpenConnection();
  227. if($link)
  228. {
  229. $query = "SELECT * FROM users WHERE (users.user = \"$username\")";
  230. $result = mysqli_query($link, $query)
  231. or die ("Couldn't add row to table in \"sample\" database: ".mysqli_error());
  232. if(mysqli_num_rows ($result) > 0)
  233. {
  234. $exists = mysqli_fetch_assoc($result);
  235. }
  236. mysqli_close($link);
  237. }
  238. return $exists;
  239. }
  240.  
  241. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!