Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once($_SERVER['DOCUMENT_ROOT'].'/static/config.php');
- class database {
- function __construct() {
- mysql_connect(DB_HOST, DB_USER, DB_PASS);
- mysql_select_db(DB) or die("Could not connect to database.");
- }
- function query($query) { //just in case we want to do anything to the queries before we pass them off
- $data = mysql_query($query);
- return $data;
- }
- function check_username($username) { //add regex for valid username
- $username = $this->sanitize($username);
- $query = $this->query("SELECT * FROM users WHERE username='$username'");
- if(mysql_num_rows($query) == 0) {
- return true;
- }
- else {
- return false;
- }
- }
- function sanitize($data) { //additional sanitizations?
- $data = mysql_real_escape_string($data);
- return $data;
- }
- }
- $database = new database;
- class user {
- function register($username, $email, $re_email, $password, $re_password, $agree) { //add error checking
- global $database;
- if($agree) {
- if($email == $re_email && $this->check_email($email)) {
- if($password == $re_password && $this->check_password($password)) {
- if($database->check_username($username)) {
- $username = $database->sanitize($username);
- $email = $database->sanitize($email);
- $salt = dechex(rand(0,1000000));
- $password = $database->sanitize($password);
- $password = md5($salt.$password);
- $query = $database->query("INSERT INTO users (username, email, salt, password, level) VALUES ('$username','$email','$salt','$password', '1')");
- }
- }
- }
- }
- }
- function check_email($email) {
- if(preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {
- return true;
- }
- else {
- return false;
- }
- }
- function check_password($password) { //check password complexity
- }
- }
- $user = new user;
- class session {
- function __construct() { //have to check if this is the right location for session_start()
- session_start();
- }
- function login($username, $password) {
- global $database;
- $username = $database->sanitize($username);
- $password = $database->sanitize($password);
- $query = $database->query("SELECT salt FROM users WHERE username='$username'");
- $salt = mysql_fetch_array($query);
- $password = md5($salt["salt"].$password);
- $query = $database->query("SELECT * FROM users WHERE username='$username' AND password='$password'");
- if(mysql_num_rows($query) > 0) {
- $userid = rand();
- $_SESSION["username"] = $username;
- $_SESSION["userid"] = $userid;
- $database->query("UPDATE users SET userid='$userid' WHERE username='$username'");
- setcookie("username", $username, time()+86400, "/");
- setcookie("userid", $userid, time()+86400, "/");
- }
- }
- function logout() {
- setcookie("username", "", time()-86400, "/");
- setcookie("userid", "", time()-86400, "/");
- unset($_SESSION["username"]);
- unset($_SESSION["userid"]);
- }
- function is_loggedin() {
- global $database;
- if(isset($_COOKIE["username"]) && isset($_COOKIE["userid"])) {
- $username = $_COOKIE["username"];
- $userid = $_COOKIE["userid"];
- $query = $database->query("SELECT * FROM users WHERE username='$username' AND userid='$userid'");
- if(mysql_num_rows($query) > 0) {
- $_SESSION["username"] = $_COOKIE["username"];
- $_SESSION["userid"] = $_COOKIE["userid"];
- }
- else {
- setcookie("username", "", time()-86400, "/");
- setcookie("userid", "", time()-86400, "/");
- }
- }
- if(isset($_SESSION["username"]) && isset($_SESSION["userid"]) && isset($_COOKIE["username"]) && isset($_COOKIE["userid"])) {
- return true;
- }
- }
- }
- $session = new session;
- ?>
Add Comment
Please, Sign In to add comment
