SHARE
TWEET

Untitled

a guest Jun 15th, 2017 72 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?
  2.  
  3. include("database.php");
  4. include("mailer.php");
  5. include("form.php");
  6.  
  7. class Session
  8. {
  9.    var $username;     //Username given on sign-up
  10.    var $userid;       //Random value generated on current login
  11.    var $userlevel;    //The level to which the user pertains
  12.    var $time;         //Time user was last active (page loaded)
  13.    var $logged_in;    //True if user is logged in, false otherwise
  14.    var $userinfo = array();  //The array holding all user info
  15.    var $url;          //The page url current being viewed
  16.    var $referrer;     //Last recorded site page viewed
  17.    /**
  18.     * Note: referrer should really only be considered the actual
  19.     * page referrer in process.php, any other time it may be
  20.     * inaccurate.
  21.     */
  22.  
  23.    /* Class constructor */
  24.    function Session(){
  25.       $this->time = time();
  26.       $this->startSession();
  27.    }
  28.  
  29.    /**
  30.     * startSession - Performs all the actions necessary to
  31.     * initialize this session object. Tries to determine if the
  32.     * the user has logged in already, and sets the variables
  33.     * accordingly. Also takes advantage of this page load to
  34.     * update the active visitors tables.
  35.     */
  36.    function startSession(){
  37.       global $database;  //The database connection
  38.       session_start();   //Tell PHP to start the session
  39.  
  40.       /* Determine if user is logged in */
  41.       $this->logged_in = $this->checkLogin();
  42.  
  43.       /**
  44.        * Set guest value to users not logged in, and update
  45.        * active guests table accordingly.
  46.        */
  47.       if(!$this->logged_in){
  48.          header("Location: ../../index.php");
  49.       }
  50.       /* Update users last active timestamp */
  51.       else{
  52.          $database->addActiveUser($this->username, $this->time);
  53.       }
  54.      
  55.       /* Remove inactive visitors from database */
  56.       $database->removeInactiveUsers();
  57.       $database->removeInactiveGuests();
  58.      
  59.       /* Set referrer page */
  60.       if(isset($_SESSION['url'])){
  61.          $this->referrer = $_SESSION['url'];
  62.       }else{
  63.          $this->referrer = "/";
  64.       }
  65.  
  66.       /* Set current url */
  67.       $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
  68.    }
  69.  
  70.    /**
  71.     * checkLogin - Checks if the user has already previously
  72.     * logged in, and a session with the user has already been
  73.     * established. Also checks to see if user has been remembered.
  74.     * If so, the database is queried to make sure of the user's
  75.     * authenticity. Returns true if the user has logged in.
  76.     */
  77.    function checkLogin(){
  78.       global $database;  //The database connection
  79.       /* Check if user has been remembered */
  80.       if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
  81.          $this->username = $_SESSION['username'] = $_COOKIE['cookname'];
  82.          $this->userid   = $_SESSION['userid']   = $_COOKIE['cookid'];
  83.       }
  84.  
  85.       /* Username and userid have been set and not guest */
  86.       if(isset($_SESSION['username']) && isset($_SESSION['userid']) &&
  87.          $_SESSION['username'] != GUEST_NAME){
  88.          /* Confirm that username and userid are valid */
  89.          if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){
  90.             /* Variables are incorrect, user not logged in */
  91.             unset($_SESSION['username']);
  92.             unset($_SESSION['userid']);
  93.             return false;
  94.          }
  95.  
  96.          /* User is logged in, set class variables */
  97.          $this->userinfo  = $database->getUserInfo($_SESSION['username']);
  98.          $this->username  = $this->userinfo['username'];
  99.          $this->userid    = $this->userinfo['userid'];
  100.          $this->userlevel = $this->userinfo['userlevel'];
  101.          return true;
  102.       }
  103.       /* User not logged in */
  104.       else{
  105.          return false;
  106.       }
  107.    }
  108.  
  109.    /**
  110.     * login - The user has submitted his username and password
  111.     * through the login form, this function checks the authenticity
  112.     * of that information in the database and creates the session.
  113.     * Effectively logging in the user if all goes well.
  114.     */
  115.    function login($subuser, $subpass, $subremember){
  116.       global $database, $form;  //The database and form object
  117.  
  118.       /* Username error checking */
  119.       $field = "user";  //Use field name for username
  120.       if(!$subuser || strlen($subuser = trim($subuser)) == 0){
  121.          $form->setError($field, "* Username not entered");
  122.       }
  123.       else{
  124.          /* Check if username is not alphanumeric */
  125.          if(!eregi("^([0-9a-z])*$", $subuser)){
  126.             $form->setError($field, "* Username not alphanumeric");
  127.          }
  128.       }
  129.  
  130.       /* Password error checking */
  131.       $field = "pass";  //Use field name for password
  132.       if(!$subpass){
  133.          $form->setError($field, "* Password not entered");
  134.       }
  135.      
  136.       /* Return if form errors exist */
  137.       if($form->num_errors > 0){
  138.          return false;
  139.       }
  140.  
  141.       /* Checks that username is in database and password is correct */
  142.       $subuser = stripslashes($subuser);
  143.       $result = $database->confirmUserPass($subuser, md5($subpass));
  144.  
  145.       /* Check error codes */
  146.       if($result == 1){
  147.          $field = "user";
  148.          $form->setError($field, "* Username not found");
  149.       }
  150.       else if($result == 2){
  151.          $field = "pass";
  152.          $form->setError($field, "* Invalid password");
  153.       }
  154.      
  155.       /* Return if form errors exist */
  156.       if($form->num_errors > 0){
  157.          return false;
  158.       }
  159.  
  160.       /* Username and password correct, register session variables */
  161.       $this->userinfo  = $database->getUserInfo($subuser);
  162.       $this->username  = $_SESSION['username'] = $this->userinfo['username'];
  163.       $this->userid    = $_SESSION['userid']   = $this->generateRandID();
  164.       $this->userlevel = $this->userinfo['userlevel'];
  165.      
  166.       /* Insert userid into database and update active users table */
  167.       $database->updateUserField($this->username, "userid", $this->userid);
  168.       $database->addActiveUser($this->username, $this->time);
  169.       $database->removeActiveGuest($_SERVER['REMOTE_ADDR']);
  170.  
  171.       /**
  172.        * This is the cool part: the user has requested that we remember that
  173.        * he's logged in, so we set two cookies. One to hold his username,
  174.        * and one to hold his random value userid. It expires by the time
  175.        * specified in constants.php. Now, next time he comes to our site, we will
  176.        * log him in automatically, but only if he didn't log out before he left.
  177.        */
  178.       if($subremember){
  179.          setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);
  180.          setcookie("cookid",   $this->userid,   time()+COOKIE_EXPIRE, COOKIE_PATH);
  181.       }
  182.  
  183.       /* Login completed successfully */
  184.       return true;
  185.    }
  186.  
  187.    /**
  188.     * logout - Gets called when the user wants to be logged out of the
  189.     * website. It deletes any cookies that were stored on the users
  190.     * computer as a result of him wanting to be remembered, and also
  191.     * unsets session variables and demotes his user level to guest.
  192.     */
  193.    function logout(){
  194.       global $database;  //The database connection
  195.       /**
  196.        * Delete cookies - the time must be in the past,
  197.        * so just negate what you added when creating the
  198.        * cookie.
  199.        */
  200.       if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
  201.          setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
  202.          setcookie("cookid",   "", time()-COOKIE_EXPIRE, COOKIE_PATH);
  203.       }
  204.  
  205.       /* Unset PHP session variables */
  206.       unset($_SESSION['username']);
  207.       unset($_SESSION['userid']);
  208.  
  209.       /* Reflect fact that user has logged out */
  210.       $this->logged_in = false;
  211.      
  212.       /**
  213.        * Remove from active users table and add to
  214.        * active guests tables.
  215.        */
  216.       $database->removeActiveUser($this->username);
  217.       $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
  218.      
  219.       /* Set user level to guest */
  220.       $this->username  = GUEST_NAME;
  221.       $this->userlevel = GUEST_LEVEL;
  222.    }
  223.  
  224.    /**
  225.     * register - Gets called when the user has just submitted the
  226.     * registration form. Determines if there were any errors with
  227.     * the entry fields, if so, it records the errors and returns
  228.     * 1. If no errors were found, it registers the new user and
  229.     * returns 0. Returns 2 if registration failed.
  230.     */
  231.    function register($subuser, $subpass, $subemail){
  232.       global $database, $form, $mailer;  //The database, form and mailer object
  233.      
  234.       /* Username error checking */
  235.       $field = "user";  //Use field name for username
  236.       if(!$subuser || strlen($subuser = trim($subuser)) == 0){
  237.          $form->setError($field, "* Username not entered");
  238.       }
  239.       else{
  240.          /* Spruce up username, check length */
  241.          $subuser = stripslashes($subuser);
  242.          if(strlen($subuser) < 5){
  243.             $form->setError($field, "* Username below 5 characters");
  244.          }
  245.          else if(strlen($subuser) > 30){
  246.             $form->setError($field, "* Username above 30 characters");
  247.          }
  248.          /* Check if username is not alphanumeric */
  249.          else if(!eregi("^([0-9a-z])+$", $subuser)){
  250.             $form->setError($field, "* Username not alphanumeric");
  251.          }
  252.          /* Check if username is reserved */
  253.          else if(strcasecmp($subuser, GUEST_NAME) == 0){
  254.             $form->setError($field, "* Username reserved word");
  255.          }
  256.          /* Check if username is already in use */
  257.          else if($database->usernameTaken($subuser)){
  258.             $form->setError($field, "* Username already in use");
  259.          }
  260.          /* Check if username is banned */
  261.          else if($database->usernameBanned($subuser)){
  262.             $form->setError($field, "* Username banned");
  263.          }
  264.       }
  265.  
  266.       /* Password error checking */
  267.       $field = "pass";  //Use field name for password
  268.       if(!$subpass){
  269.          $form->setError($field, "* Password not entered");
  270.       }
  271.       else{
  272.          /* Spruce up password and check length*/
  273.          $subpass = stripslashes($subpass);
  274.          if(strlen($subpass) < 4){
  275.             $form->setError($field, "* Password too short");
  276.          }
  277.          /* Check if password is not alphanumeric */
  278.          else if(!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))){
  279.             $form->setError($field, "* Password not alphanumeric");
  280.          }
  281.          /**
  282.           * Note: I trimmed the password only after I checked the length
  283.           * because if you fill the password field up with spaces
  284.           * it looks like a lot more characters than 4, so it looks
  285.           * kind of stupid to report "password too short".
  286.           */
  287.       }
  288.      
  289.       /* Email error checking */
  290.       $field = "email";  //Use field name for email
  291.       if(!$subemail || strlen($subemail = trim($subemail)) == 0){
  292.          $form->setError($field, "* Email not entered");
  293.       }
  294.       else{
  295.          /* Check if valid email address */
  296.          $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
  297.                  ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
  298.                  ."\.([a-z]{2,}){1}$";
  299.          if(!eregi($regex,$subemail)){
  300.             $form->setError($field, "* Email invalid");
  301.          }
  302.          $subemail = stripslashes($subemail);
  303.       }
  304.  
  305.       /* Errors exist, have user correct them */
  306.       if($form->num_errors > 0){
  307.          return 1;  //Errors with form
  308.       }
  309.       /* No errors, add the new account to the */
  310.       else{
  311.          if($database->addNewUser($subuser, md5($subpass), $subemail)){
  312.             if(EMAIL_WELCOME){
  313.                $mailer->sendWelcome($subuser,$subemail,$subpass);
  314.             }
  315.             return 0;  //New user added succesfully
  316.          }else{
  317.             return 2;  //Registration attempt failed
  318.          }
  319.       }
  320.    }
  321.    
  322.    /**
  323.     * editAccount - Attempts to edit the user's account information
  324.     * including the password, which it first makes sure is correct
  325.     * if entered, if so and the new password is in the right
  326.     * format, the change is made. All other fields are changed
  327.     * automatically.
  328.     */
  329.    function editAccount($subcurpass, $subnewpass, $subemail){
  330.       global $database, $form;  //The database and form object
  331.       /* New password entered */
  332.       if($subnewpass){
  333.          /* Current Password error checking */
  334.          $field = "curpass";  //Use field name for current password
  335.          if(!$subcurpass){
  336.             $form->setError($field, "* Current Password not entered");
  337.          }
  338.          else{
  339.             /* Check if password too short or is not alphanumeric */
  340.             $subcurpass = stripslashes($subcurpass);
  341.             if(strlen($subcurpass) < 4 ||
  342.                !eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))){
  343.                $form->setError($field, "* Current Password incorrect");
  344.             }
  345.             /* Password entered is incorrect */
  346.             if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){
  347.                $form->setError($field, "* Current Password incorrect");
  348.             }
  349.          }
  350.          
  351.          /* New Password error checking */
  352.          $field = "newpass";  //Use field name for new password
  353.          /* Spruce up password and check length*/
  354.          $subpass = stripslashes($subnewpass);
  355.          if(strlen($subnewpass) < 4){
  356.             $form->setError($field, "* New Password too short");
  357.          }
  358.          /* Check if password is not alphanumeric */
  359.          else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))){
  360.             $form->setError($field, "* New Password not alphanumeric");
  361.          }
  362.       }
  363.       /* Change password attempted */
  364.       else if($subcurpass){
  365.          /* New Password error reporting */
  366.          $field = "newpass";  //Use field name for new password
  367.          $form->setError($field, "* New Password not entered");
  368.       }
  369.      
  370.       /* Email error checking */
  371.       $field = "email";  //Use field name for email
  372.       if($subemail && strlen($subemail = trim($subemail)) > 0){
  373.          /* Check if valid email address */
  374.          $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
  375.                  ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
  376.                  ."\.([a-z]{2,}){1}$";
  377.          if(!eregi($regex,$subemail)){
  378.             $form->setError($field, "* Email invalid");
  379.          }
  380.          $subemail = stripslashes($subemail);
  381.       }
  382.      
  383.       /* Errors exist, have user correct them */
  384.       if($form->num_errors > 0){
  385.          return false;  //Errors with form
  386.       }
  387.      
  388.       /* Update password since there were no errors */
  389.       if($subcurpass && $subnewpass){
  390.          $database->updateUserField($this->username,"password",md5($subnewpass));
  391.       }
  392.      
  393.       /* Change Email */
  394.       if($subemail){
  395.          $database->updateUserField($this->username,"email",$subemail);
  396.       }
  397.      
  398.       /* Success! */
  399.       return true;
  400.    }
  401.    
  402.    /**
  403.     * isAdmin - Returns true if currently logged in user is
  404.     * an administrator, false otherwise.
  405.     */
  406.    function isAdmin(){
  407.       return ($this->userlevel == ADMIN_LEVEL ||
  408.               $this->username  == ADMIN_NAME);
  409.    }
  410.    
  411.    /**
  412.     * generateRandID - Generates a string made up of randomized
  413.     * letters (lower and upper case) and digits and returns
  414.     * the md5 hash of it to be used as a userid.
  415.     */
  416.    function generateRandID(){
  417.       return md5($this->generateRandStr(16));
  418.    }
  419.    
  420.    /**
  421.     * generateRandStr - Generates a string made up of randomized
  422.     * letters (lower and upper case) and digits, the length
  423.     * is a specified parameter.
  424.     */
  425.    function generateRandStr($length){
  426.       $randstr = "";
  427.       for($i=0; $i<$length; $i++){
  428.          $randnum = mt_rand(0,61);
  429.          if($randnum < 10){
  430.             $randstr .= chr($randnum+48);
  431.          }else if($randnum < 36){
  432.             $randstr .= chr($randnum+55);
  433.          }else{
  434.             $randstr .= chr($randnum+61);
  435.          }
  436.       }
  437.       return $randstr;
  438.    }
  439. };
  440.  
  441.  
  442. /**
  443.  * Initialize session object - This must be initialized before
  444.  * the form object because the form uses session variables,
  445.  * which cannot be accessed unless the session has started.
  446.  */
  447. $session = new Session;
  448.  
  449. /* Initialize form object */
  450. $form = new Form;
  451.  
  452. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top