Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class DB extends PDO {
- private static $_self;
- public function __construct() {
- self::$_self = $this;
- parent::__construct(DSN_, DB_USER_, DB_PASSWD_);
- }
- public static function getInstance() {
- if(is_null(self::$_self))
- new DB;
- return self::$_self;
- }
- function getRowCount($sql) {
- $sql = trim($sql);
- $sql = preg_replace('~^SELECT\s.*\sFROM~s', 'SELECT COUNT(*) FROM', $sql);
- $sql = preg_replace('~ORDER\s+BY.*?$~sD', '', $sql);
- $stmt = $this->query($sql);
- $r = $stmt->fetchColumn(0);
- $stmt->closeCursor();
- return $r;
- }
- }
- class Login {
- /* Custom Error Message for a field left blank */
- const ERROR_EMPTY_LOGIN = "Please fill in all fields!";
- /* Custom Error Message for an invalid login */
- const ERROR_VALIDATE_LOGIN = "Username or password doesn't match!";
- /* Custom Error Message when a user has 5 or more invalid logins */
- const ERROR_BANNED_LOGIN = "Sorry, you have been banned from viewing this page!";
- /* The username of a member */
- private $username;
- /* The password of a member */
- private $password;
- /* Runs when an instance of the class is created. It automatically connects to the MySQL server
- and checks if the IP is not banned before contining
- */
- public function __construct() {
- session_start();
- $this->checkUserIP();
- if(!isset($_SESSION['auth'])){
- $_SESSION['auth'] = 0;
- }
- }
- /* Return the username of a member*/
- public function getUsername() {
- return $this->username;
- }
- /* Return the plain text password of a member */
- public function getPassword() {
- return $this->password;
- }
- /* Return the encrypted password of a member */
- public function getEncryptedPassword() {
- return sha1($this->password);
- }
- /* Get a member's IP Address */
- public function getUserIP() {
- return getenv("REMOTE_ADDR");
- }
- /* Validate an email is in the correct format e.g. someone@somewhere.com */
- public function validateEmail($email) {
- if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
- return false;
- }
- return true;
- }
- /* Validate a member login from data in a MySQL Database. */
- public function verifyLogin($username, $password) {
- global $db;
- $this->username = $username;
- if(empty($username) || empty($password)) {
- throw new Exception(Login::ERROR_EMPTY_LOGIN);
- }
- $query = "SELECT COUNT(*) FROM sl_user WHERE user_username = '$username' AND user_password = sha1('$password') LIMIT 0,1";
- $stmt = $db->prepare('SELECT * FROM sl_user WHERE user_username = ? AND user_password = sha1(?) LIMIT 0,1');
- $stmt->execute(array($username, $password));
- // $row = $stmt->fetch();
- // foreach($stmt->fetch() as $row) {
- // var_dump($row);
- // }
- // $query = "SELECT * FROM sl_user WHERE user_username = '%s'";
- $totalBooks = $db->getRowCount($query);
- echo "query: $query<br>Num rows: $totalBooks"; exit;
- $result = $db->query($query);
- $db->closeCursor();
- if ($result->fetchColumn() == 1) {
- $this->sessionVerify();
- header("Location: secure.php");
- } else {
- $ip = $this->getUserIP();
- $sql = "UPDATE sl_user SET user_ip='$ip' WHERE user_username='$username'";
- echo $sql;
- $count = $db->exec($sql);
- echo "<br><br>";
- var_dump($db);
- echo "<br><br>";
- var_dump($db->errorInfo());
- echo "<br><br>$count<br><br>";
- $_SESSION['auth'] = 0;
- throw new Exception(Login::ERROR_VALIDATE_LOGIN);
- }
- }
- /* Compare the member's IP with the IPs recorded in the database.
- If the IP appears more than 5 times, display the ban message
- */
- public function checkUserIP() {
- global $db;
- $ip = $this->getUserIP();
- $query = "SELECT * FROM sl_user WHERE user_ip= '$ip' LIMIT 0,5";
- if ($result = $db->query($query)) {
- if ($result->fetchColumn() >= 5) {
- throw new Exception(Login::ERROR_BANNED_LOGIN);
- }
- }
- }
- /* Verify the session login.
- Used for protected pages on your website
- */
- public function sessionVerify() {
- session_regenerate_id();
- $_SESSION['auth'] = 1;
- $_SESSION['name'] = $this->username;
- }
- /* Checks if the Session data is correct before continuing
- the script */
- public function verifyAccess() {
- if(isset($_SESSION['name']) && $_SESSION['auth'] == 1) {
- return true;
- }
- header("Location: index.php");
- exit;
- }
- }
- ?>
Add Comment
Please, Sign In to add comment