Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // opens the connection to the database. Returns a valid link if the connection was
- // established, otherwise return error die.
- function OpenConnection()
- {
- //$server = "6053-p204csm001";
- $server = "localhost";
- $user = "root";
- $pass = "";
- $port = 3306;
- // connect to the server
- $mysqli = mysqli_connect($server, $user, $pass, $db, $port);
- // test we connected
- if(mysqli_connect_errno())
- {
- print("connect failed: " + mysqli_connect_errno());
- exit();
- }
- // return connection
- return $mysqli;
- }
- // Adds a new user to the system return "Success"
- // If the username exists in the system, return message "Username not unique"
- // If the password does not match the criteria, return message "Password does not match criteria"
- // If Access level is not 1, 2 or 3, return message "Incorrect access level"
- // If no email address supplied, return message "No email supplied"
- function AddUser($username, $password, $email, $access_level)
- {
- // initialise $added to false
- $added = false;
- // check we have valid access level between 1 and 3, an email and the user does not exist
- if(!UserExists($username) && $access_level > 0 && $access_level < 4 && $email != "")
- {
- // validate the password
- if(ValidPassword($password))
- {
- // open the connection
- $link = OpenConnection();
- // construct the query string to insert a new user
- $ePassword = md5($password);
- $query = "INSERT INTO users (user, pass, level, email)
- values('$username', '$ePassword', '$access_level', '$email')";
- print($query."<br>")
- or die ("Couldn't add row to table in \"user\" database: ".mysqli_error());
- // close the connection
- mysqli_close($link);
- // modify $added to true
- $added = true;
- }
- }
- // return $added
- return $added;
- }
- // deletes an existing user from the system returns "Success"
- // if username does not exist, return message "Username not found"
- // if no users in the system, return message "No users in the system"
- function DeleteUser($username)
- {
- // initialise $deleted to false
- $deleted = false;
- // check if we have a valid user
- if(UserExists($username))
- {
- // open the connection
- $link = OpenConnection();
- // construct the query string to delete the user
- $query = "DELETE FROM users WHERE (users.user = \"$username\")";
- // execute the query
- $result = mysqli_query($link, $query)
- or die ("Couldn't add row to table in \"sample\" database: ".mysqli_error());
- // set the result
- if($result)
- {
- $deleted = true;
- }
- // close the connection
- mysqli_close($link);
- }
- // return result
- return $deleted;
- }
- // finds the user in the systems and checks the password matches for the user
- // returns user details.
- // if the user not found in the system, return message "Username not found"
- // if no users in the system, return message "No users in the system"
- // if the password does not match, return message "Invalid password"
- function ValidateUser($username, $password)
- // Algorithm
- //
- {
- // if(user with username exists)
- // if(password matches user password)
- // return the user details
- // else
- // return "Invalid Password"
- // else
- // return "no user in system"
- if($user = UserExists($username))
- {
- $ePassword = md5($password);
- if($ePassword == $user['pass'])
- {
- return $user;
- }
- else
- {
- return "Invalid Password";
- }
- }
- else
- {
- return "No user in system";
- }
- }
- // find the user in the system, modify supplied user details except username
- // return "Success"
- // if username does not exist, return message "Username not found"
- // if no users in the system return message "No users in system"
- // If the password does not match the criteria, return message "Password does not match criteria"
- // If Access level is not 1, 2 or 3, return message "Incorrect access level"
- // If no email address supplied, return message "No email supplied"
- function ModifyUser($username, $password, $email, $access_level)
- {
- $modified = false;
- if(UserExists($username))
- {
- if(ValidPassword($password))
- {
- if($access_level > 0 && $access_level < 4)
- {
- if(email != "")
- {
- $ePassword = md5($password);
- $link = OpenConnection();
- $query = "UPDATE users SET
- pass = '$ePassword'
- level = '$access_level'
- email = '$email'
- WHERE (users.user = '$username')";
- $result = mysqli_query($link, $query)
- or die ("Couldn't add row to table in \"sample\" database: ".mysqli_error());
- if($result)
- {
- $modified = true;
- }
- mysqli_close($link);
- }
- else
- {
- $modified = "No email supplied";
- }
- }
- else
- {
- $modified = "Incorrect access level";
- }
- }
- else
- {
- $modified = "Password does not match criteria";
- }
- }
- else
- {
- $modified = "Username not found";
- }
- return $modified;
- }
- // returns a list of all users in the system
- // if no users in the system, return message "No users in system"
- function AllUsers()
- {
- $link = OpenConnection();
- $query = "SELECT * FROM users ORDER BY 'users.user'";
- $result = mysqli_query($link, $query)
- or die ("Couldn't add row to table in \"sample\" database: ".mysqli_error());
- $list = array();
- while($my_row = mysqli_fetch_assoc($result))
- {
- array_push($list, $my_row);
- }
- mysqli_close($link);
- return $list;
- }
- // check the password contains 8 characters, at least one uppercase letter,
- // and contains at least one numeric, returns true
- // if criteria not met, return false
- function ValidPassword($password)
- {
- $valid = true;
- $len = strlen($password);
- if($len < 8)
- $valid = false;
- $validUpper = false;
- $validDigit = false;
- for($i = 0; $i < $len; $i++)
- {
- if(ctype_upper($password[$i]))
- {
- $validUpper = true;
- }
- if(ctype_digit($password[$i]))
- {
- $validDigit =true;
- }
- }
- if($validUpper == false || $validDigit == false)
- $valid = false;
- return $valid;
- }
- // Finds the user in the system, returns true
- // if the user does not exist in the system, return false
- function UserExists($username)
- {
- $exists = false;
- $link = OpenConnection();
- if($link)
- {
- $query = "SELECT * FROM users WHERE (users.user = \"$username\")";
- $result = mysqli_query($link, $query)
- or die ("Couldn't add row to table in \"sample\" database: ".mysqli_error());
- if(mysqli_num_rows ($result) > 0)
- {
- $exists = mysqli_fetch_assoc($result);
- }
- mysqli_close($link);
- }
- return $exists;
- }
- ?>
Add Comment
Please, Sign In to add comment