Untitled

<?php
$config = array(
    // Database
    'db_host' => 'localhost',
    'db_user' => 'root',
    'db_pass' => '',
    'db_name' => '',

    // Cookies
    'salt' => '', // make something random up
    'expire' => 1209600, // 14 days
);

// Do not touch!
class User
{
    /* Users
     * --------------------------------------
     CREATE TABLE IF NOT EXISTS `users` (
        `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
        `username` varchar(32) NOT NULL,
        `email` varchar(32) NOT NULL,
        `password` varchar(64) NOT NULL,
        `logins` int(10) unsigned NOT NULL,
        `last_login` int(10) unsigned NOT NULL,
        PRIMARY KEY (`id`),
        UNIQUE KEY `username` (`username`)
     ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 ;
    */
    public function __construct($id)
    {
        global $dbh;

        $sth = $dbh->prepare("SELECT * FROM users WHERE id = :id");
        $sth->execute(array(':id' => $id));
        $row = $sth->fetch(PDO::FETCH_ASSOC);
        foreach ($row as $key => $value)
        {
            $this->{$key} = $value;
        }
    }

    // Static members
    public static function getUser($id)
    {
        global $dbh;

        if (is_string($id))
        { // $id is the username or email
            $row = $dbh->prepare("SELECT id FROM users WHERE username = :id OR email = :id")->execute(array(':id' => $id))->fetchColumn();
            return new User($row);
        }
        else { return FALSE; }
    }

    public static function registerUser($values)
    {
        global $dbh;

        $success = true;
        $errors = array();

        // Username
        if (empty($values['username']) || !$this->valid_username($values['username']))
        {
            $success = FALSE;
            $errors[] = "Username already taken";
        }

        // E-Mail
        if (empty($values['email']) || !$this->valid_email($values['email']))
        {
            $success = FALSE;
            $errors[] = "E-Mail already taken";
        }

        if ((empty($values['password']) || empty($values['confirm_password']))
            || ($values['password'] != $values['confirm_passord'])
            || !$this->valid_password($values['password']))
        {
            $success = FALSE;
            $errors[] = "Passwords don't match";
        }

        if ($success)
        {
            $sth = $dbh->prepare("INSERT INTO users (username, email, password) VALUES (:username, :email, :password)");
            $in = array(
                ':username' => $config['username'],
                ':email' => $config['email'],
                ':password' => sha1($config['password'])
            );
            if ($sth->execute($in))
            {
                return new User($dbh->lastInsertId());
            }
            else
            {
                $errors[] = "There was an error inserting your account to the databse";
            }
        }
        return FALSE;
    }

    public static function login($username, $password, $remember = true)
    {
        global $dbh;

        $sth = $dbh->prepare("SELECT id FROM users WHERE username = :username AND password = :password")
                ->execute(array(':username' => $username, ':password' => sha1($password)));
        if ($sth->rowCount() > 0)
        {
            $id = $sth->fetchColumn();
            cookie_set('user', $id);
            cookie_set('remember', $remember);
            $dbh->prepare("UPDATE users SET logins = logins + 1, last_login = :time WHERE id = :id")
                ->execute(array(':time' => time(), ':id' => $id));
            return new User($id);
        }
        return FALSE;
    }

    public static function auto_login()
    {
        if (isset($_COOKIE['user'], $_COOKIE['remember']) && cookie_get('remember') == true)
        {
            return new User(cookie_get('user'));
        }
        return FALSE;
    }

    // Helpers
    private static function valid_username($username)
    {
        global $dbh;

        $num = $dbh->prepare("SELECT COUNT(*) FROM users WHERE username = :username")
            ->execute(array(':username' => $username))
            ->rowCount();
        return $num == 0 && preg_match("/^[a-z\d_]{5,20}$/i", $username);
    }

    private static function valid_email($email)
    {
        global $dbh;

        $num = $dbh->prepare("SELECT COUNT(*) FROM users WHERE email = :email")
            ->execute(array(':email' => $email))
            ->rowCount();
        return $num == 0 && preg_match("/^[^@]*@[^@]*\.[^@]*$/", $email);
    }
}

function cookie_set($key, $value)
{
    global $config;
    setcookie(
        $key,
        base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($config['salt']), $value, MCRYPT_MODE_CBC, md5(md5($config['salt'])))),
        time()+$config['expire']
    );
}

function cookie_get($key)
{
    global $config;
    return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($config['salt']), base64_decode($_COOKIE[$key]), MCRYPT_MODE_CBC, md5(md5($config['salt']))), "\0");
}

try {
    $dbh = new PDO("mysql:host={$config['db_host']};dbname={$config['db_name']};charset=UTF-8;", $config['db_user'], $config['db_pass']);
}
catch (Exception $e) {
    die("Unable to connect to database");
}

$user = User::auto_login();

// use if (is_object($user)) to check whether user is logged in or not!