API tools faq
paste
Guest User

Untitled

a guest
Jul 18th, 2018
211
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.26 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. class DB extends PDO {
  4. private static $_self;
  5.  
  6. public function __construct() {
  7. self::$_self = $this;
  8. parent::__construct(DSN_, DB_USER_, DB_PASSWD_);
  9. }
  10.  
  11. public static function getInstance() {
  12. if(is_null(self::$_self))
  13. new DB;
  14. return self::$_self;
  15. }
  16.  
  17. function getRowCount($sql) {
  18. $sql = trim($sql);
  19. $sql = preg_replace('~^SELECT\s.*\sFROM~s', 'SELECT COUNT(*) FROM', $sql);
  20. $sql = preg_replace('~ORDER\s+BY.*?$~sD', '', $sql);
  21. $stmt = $this->query($sql);
  22. $r = $stmt->fetchColumn(0);
  23. $stmt->closeCursor();
  24. return $r;
  25. }
  26.  
  27. }
  28.  
  29. class Login {
  30.  
  31. /* Custom Error Message for a field left blank */
  32. const ERROR_EMPTY_LOGIN = "Please fill in all fields!";
  33.  
  34. /* Custom Error Message for an invalid login */
  35. const ERROR_VALIDATE_LOGIN = "Username or password doesn't match!";
  36.  
  37. /* Custom Error Message when a user has 5 or more invalid logins */
  38. const ERROR_BANNED_LOGIN = "Sorry, you have been banned from viewing this page!";
  39.  
  40. /* The username of a member */
  41. private $username;
  42.  
  43. /* The password of a member */
  44. private $password;
  45.  
  46. /* Runs when an instance of the class is created. It automatically connects to the MySQL server
  47. and checks if the IP is not banned before contining
  48. */
  49. public function __construct() {
  50. session_start();
  51. $this->checkUserIP();
  52. if(!isset($_SESSION['auth'])){
  53. $_SESSION['auth'] = 0;
  54. }
  55. }
  56.  
  57. /* Return the username of a member*/
  58. public function getUsername() {
  59. return $this->username;
  60. }
  61.  
  62. /* Return the plain text password of a member */
  63. public function getPassword() {
  64. return $this->password;
  65. }
  66.  
  67. /* Return the encrypted password of a member */
  68. public function getEncryptedPassword() {
  69. return sha1($this->password);
  70. }
  71.  
  72. /* Get a member's IP Address */
  73. public function getUserIP() {
  74. return getenv("REMOTE_ADDR");
  75. }
  76.  
  77. /* Validate an email is in the correct format e.g. someone@somewhere.com */
  78. public function validateEmail($email) {
  79. if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
  80. return false;
  81. }
  82. return true;
  83. }
  84.  
  85. /* Validate a member login from data in a MySQL Database. */
  86. public function verifyLogin($username, $password) {
  87. global $db;
  88. $this->username = $username;
  89. if(empty($username) || empty($password)) {
  90. throw new Exception(Login::ERROR_EMPTY_LOGIN);
  91. }
  92. $query = "SELECT COUNT(*) FROM sl_user WHERE user_username = '$username' AND user_password = sha1('$password') LIMIT 0,1";
  93. $stmt = $db->prepare('SELECT * FROM sl_user WHERE user_username = ? AND user_password = sha1(?) LIMIT 0,1');
  94. $stmt->execute(array($username, $password));
  95. // $row = $stmt->fetch();
  96. // foreach($stmt->fetch() as $row) {
  97. // var_dump($row);
  98. // }
  99. // $query = "SELECT * FROM sl_user WHERE user_username = '%s'";
  100. $totalBooks = $db->getRowCount($query);
  101. echo "query: $query<br>Num rows: $totalBooks"; exit;
  102. $result = $db->query($query);
  103. $db->closeCursor();
  104. if ($result->fetchColumn() == 1) {
  105. $this->sessionVerify();
  106. header("Location: secure.php");
  107. } else {
  108. $ip = $this->getUserIP();
  109. $sql = "UPDATE sl_user SET user_ip='$ip' WHERE user_username='$username'";
  110. echo $sql;
  111. $count = $db->exec($sql);
  112. echo "<br><br>";
  113. var_dump($db);
  114. echo "<br><br>";
  115. var_dump($db->errorInfo());
  116. echo "<br><br>$count<br><br>";
  117. $_SESSION['auth'] = 0;
  118. throw new Exception(Login::ERROR_VALIDATE_LOGIN);
  119. }
  120. }
  121.  
  122. /* Compare the member's IP with the IPs recorded in the database.
  123. If the IP appears more than 5 times, display the ban message
  124. */
  125. public function checkUserIP() {
  126. global $db;
  127. $ip = $this->getUserIP();
  128. $query = "SELECT * FROM sl_user WHERE user_ip= '$ip' LIMIT 0,5";
  129. if ($result = $db->query($query)) {
  130. if ($result->fetchColumn() >= 5) {
  131. throw new Exception(Login::ERROR_BANNED_LOGIN);
  132. }
  133. }
  134. }
  135.  
  136. /* Verify the session login.
  137. Used for protected pages on your website
  138. */
  139. public function sessionVerify() {
  140. session_regenerate_id();
  141. $_SESSION['auth'] = 1;
  142. $_SESSION['name'] = $this->username;
  143. }
  144. /* Checks if the Session data is correct before continuing
  145. the script */
  146. public function verifyAccess() {
  147. if(isset($_SESSION['name']) && $_SESSION['auth'] == 1) {
  148. return true;
  149. }
  150. header("Location: index.php");
  151. exit;
  152. }
  153.  
  154. }
  155.  
  156. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!