Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class system {
- public function __construct() {
- # Allows access to the database
- global $database;
- # Make sure we are connected to the database
- $database->connectToDatabase();
- }
- # Checks if the user is logged in, if they are it returns true, else false
- public function loggedin() {
- # Allows access to the database
- global $database;
- # If the session hasn't already been started, start one
- if (!isset($_SESSION)) {
- session_start();
- }
- # Check if the username and password sessions are set, if they are then the user is logged in
- if (isset($_SESSION['sys_username']) AND isset($_SESSION['sys_password'])) {
- return true;
- }
- else {
- # Not logged in, return false
- return false;
- }
- }
- # Returns the current user's username
- public function username() {
- # Allows access to the database
- global $database;
- # If the session hasn't already been started, start one
- if (!isset($_SESSION)) {
- session_start();
- }
- # Returns the value of the 'sys_username' session
- return $_SESSION['sys_username'];
- }
- # Returns the current user's email
- public function email() {
- # Allows access to the database
- global $database;
- # If the session hasn't already been started, start one
- if (!isset($_SESSION)) {
- session_start();
- }
- # Returns the value of the 'sys_email' session
- return $_SESSION['sys_email'];
- }
- # Function to prevent MySQL injection
- public function clean($string) {
- # Allows access to the database
- global $database;
- # Clean $string
- $string = stripslashes($string);
- $string = mysql_real_escape_string($string);
- # Send back the cleaned string
- return $string;
- }
- # Retrieve the salt for a user from the database
- public function retrieveSalt($username) {
- # Clean the username
- $username = $this->clean($username);
- # Query database to retrieve salt
- $sql = "SELECT salt FROM users WHERE username='$username'";
- $result = mysql_query($sql);
- # Get the results from the database
- $res = mysql_fetch_array($result);
- # Retrieve the result from the array
- $salt = $res['salt'];
- # Returns the salt
- return $salt;
- }
- # Check if a username and password combination is valid, returns true if valid, else false
- public function validate($username, $password) {
- # Allows access to the database
- global $database;
- # Check if the IP address is banned
- if (!$this->checkIPBanned($_SERVER['REMOTE_ADDR'])) {
- # The IP address is not banned, continue as normal
- # Clean the username and password to prevent injection
- $username = $this->clean($username);
- $password = $this->clean($password);
- # Get the user's salt
- $salt = $this->retrieveSalt($username);
- # MD5 the password
- $password = md5($salt . $password);
- # Search for records where username and password match
- $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
- $result = mysql_query($sql);
- # Count the number of returned rows
- $count = mysql_num_rows($result);
- # If the rows returned are equal to or greater than 1, the username and password are valid
- if ($count >= 1) {
- # If session hasnt been started, start one
- if (!isset($_SESSION)) {
- session_start();
- }
- # Get the returned results
- $result = mysql_fetch_array($result);
- # Check if the user is banned
- if ($result['usergroup'] == "banned") {
- # User is banned, return false (fail)
- return false;
- }
- else {
- # Set the results from the query as sessions
- $_SESSION['sys_username'] = $result['username'];
- $_SESSION['sys_password'] = $result['password'];
- $_SESSION['sys_email'] = $result['email'];
- # Get the user's IP address and clean it
- $ip = $this->clean($_SERVER['REMOTE_ADDR']);
- # The user has logged in successfully, delete all entries from the authentication logs
- $sql = "DELETE FROM authentication_fails_log WHERE ip='$ip'";
- mysql_query($sql);
- # Return true as login was successful
- return true;
- }
- }
- else {
- # Return false (failed)
- return false;
- }
- }
- else {
- # The IP address is banned, return false (fail)
- return false;
- }
- }
- # Logs the user out
- public function logout() {
- # Unset the session variables
- unset($_SESSION['sys_username']);
- unset($_SESSION['sys_password']);
- unset($_SESSION['sys_email']);
- }
- # Generates a random string
- public function generateRandom($length) {
- # Characters that can be used in the string
- $characters = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
- # Just set the variable so that we dont get errors appending it
- $string = "";
- # Create the random string
- for ($p = 0; $p < $length; $p++) {
- $string .= $characters[mt_rand(0, strlen($characters) - 1)];
- }
- return $string;
- }
- public function recover($username) {
- # Allows access to the database
- global $database;
- # Clean the userame
- $username = $this->clean($username);
- # Search if there are any users with the entered username
- $sql = "SELECT * FROM users WHERE username='$username'";
- $result = mysql_query($sql);
- # Count the number of rows
- $count = mysql_num_rows($result);
- # If the number or results is equal to or greater than 1, it is a valid username
- if ($count <= 1) {
- # Fetch the results of the query so that we can get the user's email address
- $res = mysql_fetch_array($result);
- # Get the user's email address from the results array
- $to = $res['email'];
- # The subject for the email
- $subject = "Password Recovery";
- $random_password = $this->generateRandom(6);
- # Get the MD5 version of the password which is what we put in the database
- $random_password_md5 = md5($random_password);
- # Update the user's password in the database
- $sql1 = "UPDATE users SET password='$random_password_md5' WHERE username='$username'";
- $result1 = mysql_query($sql1);
- # Check if the update was successful
- if (!$result1) {
- # Didn't change, exit
- return false;
- }
- else {
- # The body of the email
- $body = "We recieved a request to reset the password for your account at Twaddlr from " . $_SERVER['REMOTE_ADDR'] . "\n\nUsername: " . $username . "\nPassword: " . $random_password;
- # Check if the email was sent successfully
- if (mail($to, $subject, $body)) {
- # Sent successfully, the function has succeeded
- return true;
- }
- else {
- # Send failed, the subject has not succeeded
- return false;
- }
- }
- }
- }
- public function changePassword($username, $oldPassword, $newPassword) {
- # Allows access to the database
- global $database;
- # Clean the strings
- $username = $this->clean($username);
- $oldPassword = $this->clean($oldPassword);
- $newPassword = $this->clean($newPassword);
- # Check if the username and password match
- if ($this->validate($username, $oldPassword)) {
- # Retrieve the user's salt
- $salt = $this->retrieveSalt($username);
- # Encrypt the new password
- $newPassword = md5($salt . $newPassword);
- # Update the user's password
- $sql = "UPDATE users SET password='$newPassword' WHERE username='$username'";
- $result = mysql_query($sql);
- # Check if it was successful or not
- if ($result) {
- # Changed successfully, return true
- return true;
- }
- else {
- # Change failed, return false
- return false;
- }
- }
- else {
- # Username and password were not correct, function failed
- return false;
- }
- }
- public function changeEmail($username, $password, $newEmail) {
- # Allows access to the database
- global $database;
- # Clean the submitted data
- $username = $this->clean($username);
- $password = $this->clean($password);
- $newEmail = $this->clean($newEmail);
- # Check if the username and password are valid
- if ($this->validate($username, $password)) {
- # Username and password are valid
- $sql = "UPDATE users SET email='$newEmail' WHERE username='$username'";
- $result = mysql_query($sql);
- # Check if the field was updated successfuly
- if ($result) {
- # It was updated, return true (success)
- return true;
- }
- else {
- # Could not update the field, return false (fail)
- return false;
- }
- }
- else {
- # Username and password were wrong, return false (fail)
- return false;
- }
- }
- # Check if a username is already in use
- public function usernameAvalible($username) {
- # Clean the input
- $username = $this->clean($username);
- # Select all rows from the database where username matches
- $sql = "SELECT * FROM users WHERE username='$username'";
- $result = mysql_query($sql);
- # Count the number of rows returned
- $count = mysql_num_rows($result);
- # Check if $count is equal to or greater than 1
- if ($count == 0) {
- # No rows returned. The username is avalible. Return true (success)
- return true;
- }
- else {
- # Rows returned. The username is in use. Return false (failed)
- return false;
- }
- }
- # Register a user
- public function register($username, $password, $email) {
- # Check if the username is avalible
- if (!$this->usernameAvalible($username)) {
- # The username is taken, return false (failed)
- return false;
- }
- else {
- # Get the user's IP address
- $ip = $_SERVER['REMOTE_ADDR'];
- # Clean the inputs
- $username = $this->clean($username);
- $password = $this->clean($password);
- $email = $this->clean($email);
- $ip = $this->clean($ip);
- # Generates a salt
- $salt = $this->generateRandom(10);
- # Encrypt the password
- $password = md5($salt . $password);
- # Insert them into the database
- $sql = "INSERT INTO users (username, password, salt, email, signup_ip) VALUES ('$username', '$password', '$salt', '$email', '$ip')";
- $result = mysql_query($sql);
- # Check if the query was successful
- if ($result) {
- # Query was successful, return true (success)
- return true;
- }
- else {
- # Query was not successful, return false (fail)
- return false;
- }
- }
- }
- # Check if a user is banned
- public function checkBanned($username) {
- # Clean the username
- $username = $this->clean($username);
- # Get the rows in bannedips relevant to the username
- $sql = "SELECT * FROM users WHERE username='$username' AND group='banned'";
- $result = mysql_query($sql);
- # Get the number of rows returned
- $count = mysql_num_rows($result);
- # If the count is equal to 0, they are not banned
- if ($count == 0) {
- # The user is not banned, return false;
- return false;
- }
- else {
- # The user is banned, return true
- return true;
- }
- }
- # Check if an IP address is banned from logging in
- public function checkIPBanned($ip) {
- # Clean the IP address of the user
- $ip = $this->clean($ip);
- # Get the rows in bannedips relevant to the IP address
- $sql = "SELECT * FROM bannedips WHERE ip='$ip'";
- $result = mysql_query($sql);
- # Get the number of rows returned
- $count = mysql_num_rows($result);
- # If the count is equal to 0, they are not banned
- if ($count == 0) {
- # The IP address is not banned, return false
- return false;
- }
- else {
- # The IP address is banned, return true
- return true;
- }
- }
- # Verifies if an email is valid
- public function verifyEmail($email) {
- if (!preg_match( "/^([a-zA-Z0-9])+([a-zA-Z0-9\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\._-]+)+$/", $email)) {
- return false;
- }
- else {
- return true;
- }
- }
- ####################################################################################################
- ## ADMIN FUNCTIONS #################################################################################
- ####################################################################################################
- # Function to ban users
- public function banUser($username) {
- # Clean the username
- $username = $this->clean($username);
- # Update the user's group as banned
- $sql = "UPDATE users SET usergroup='banned' WHERE username='$username'";
- $result = mysql_query($sql);
- # Check if the query was successful
- if ($result) {
- # Query successful, user is banned, return true
- return true;
- }
- else {
- # Query was not successful, could not ban user, return false
- return false;
- }
- }
- # Function to unban users
- public function unbanUser($username) {
- # Clean the username
- $username = $this->clean($username);
- # Update the user's group as banned
- $sql = "UPDATE users SET usergroup='user' WHERE username='$username'";
- $result = mysql_query($sql) or die(mysql_error());
- # Check if the query was successful
- if ($result) {
- # Query successful, user has been unbanned, return true
- return true;
- }
- else {
- # Query was not successful, could not unban user, return false
- return false;
- }
- }
- # Function to ban IP addresses
- public function banIP($ip, $reason = NULL) {
- # Clean the IP address and $reason
- $ip = $this->clean($ip);
- $reason = $this->clean($reason);
- # Insert the IP address and reason into the database
- $sql = "INSERT INTO bannedips (ip, reason) VALUES ('$ip', '$reason')";
- $result = mysql_query($sql);
- # Check if the query was successful
- if ($result) {
- # Query successful, return true
- return true;
- }
- else {
- # Query was not successful, return false
- return false;
- }
- }
- # Function to un-ban IP addresses
- public function unbanIP($ip) {
- # Clean the IP address
- $ip = $this->clean($ip);
- # Delete the rows where the IP address is mentioned
- $sql = "DELETE FROM bannedips WHERE ip='$ip'";
- $result = mysql_query($sql);
- # Check if the query was successful
- if ($result) {
- # Query successful, return true
- return true;
- }
- else {
- # Query was not successful, return false
- return false;
- }
- }
- # Function to retrieve the reason for an IP address being banned
- public function reasonForIPBan($ip) {
- # Clean the IP address
- $ip = $this->clean($ip);
- # Get the row where it is banned
- $sql = "SELECT * FROM bannedips WHERE ip='$ip'";
- $result = mysql_query($sql);
- # Count the number of rows returned
- $count = mysql_num_rows($result);
- # If $count is equal to or greater than 1, then the IP is banned
- if ($count == 0) {
- # IP address is not banned, message to be returned
- $reason = "This IP address does not appear to be banned";
- # Return reason
- return $reason;
- }
- else {
- # IP address is banned, get the row's contents
- $result = mysql_fetch_array($result);
- # Get the reason
- $reason = $result['reason'];
- if ($reason == "") {
- $reason = "No reason specified";
- }
- # Return the reason
- return $reason;
- }
- }
- }
- $system = new system;
- ?>
Add Comment
Please, Sign In to add comment