API tools faq
paste
Guest User

Untitled

a guest
Aug 25th, 2018
200
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.48 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. class database {
  3. public function connectToDatabase() {
  4. $this->hostname = "localhost";
  5. $this->username = "root";
  6. $this->password = "";
  7. $this->database = "twaddlr";
  8.  
  9. mysql_connect($this->hostname, $this->username, $this->password);
  10. mysql_select_db($this->database);
  11.  
  12. $this->connected = true;
  13. }
  14. }
  15.  
  16. class system {
  17. public function __construct() {
  18. # Allows access to the database
  19. global $database;
  20.  
  21. # Make sure we are connected to the database
  22. $database->connectToDatabase();
  23. }
  24.  
  25. # Checks if the user is logged in, if they are it returns true, else false
  26. public function loggedin() {
  27. # Allows access to the database
  28. global $database;
  29.  
  30. # If the session hasn't already been started, start one
  31. if (!isset($_SESSION)) {
  32. session_start();
  33. }
  34.  
  35. # Check if the username and password sessions are set, if they are then the user is logged in
  36. if (isset($_SESSION['sys_username']) AND isset($_SESSION['sys_password'])) {
  37. return true;
  38. }
  39. else {
  40. # Not logged in, return false
  41. return false;
  42. }
  43. }
  44.  
  45. # Returns the current user's username
  46. public function username() {
  47. # Allows access to the database
  48. global $database;
  49.  
  50. # Returns the value of the 'sys_username' session
  51. return $_SESSION['sys_username'];
  52. }
  53.  
  54. # Returns the current user's email
  55. public function email() {
  56. # Allows access to the database
  57. global $database;
  58.  
  59. # Returns the value of the 'sys_email' session
  60. return $_SESSION['sys_email'];
  61. }
  62.  
  63. # Function to prevent MySQL injection
  64. public function clean($string) {
  65. # Allows access to the database
  66. global $database;
  67.  
  68. # Clean $string
  69. $string = stripslashes($string);
  70. $string = mysql_real_escape_string($string);
  71.  
  72. # Send back the cleaned string
  73. return $string;
  74. }
  75.  
  76. # Check if a username and password combination is valid, returns true if valid, else false
  77. public function validate($username, $password) {
  78. # Allows access to the database
  79. global $database;
  80.  
  81. # MD5 the password
  82. $password = md5($password);
  83.  
  84. # Clean the username and password to prevent injection
  85. $username = $this->clean($username);
  86. $password = $this->clean($password);
  87.  
  88. # Search for records where username and password match
  89. $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
  90. $result = mysql_query($sql);
  91.  
  92. # Count the number of returned rows
  93. $count = mysql_num_rows($result);
  94.  
  95. # If the rows returned are equal to or greater than 1, the username and password are valid
  96. if ($count >= 1) {
  97. # If session hasnt been started, start one
  98. if (!isset($_SESSION)) {
  99. session_start();
  100. }
  101.  
  102. # Get the returned results
  103. $res = mysql_fetch_array($result);
  104.  
  105. # Set the results from the query as sessions
  106. $_SESSION['sys_username'] = $res['username'];
  107. $_SESSION['sys_password'] = $res['password'];
  108. $_SESSION['sys_email'] = $res['email'];
  109.  
  110. # Return true as login was successful
  111. return true;
  112. }
  113. else {
  114. return false;
  115. }
  116. }
  117.  
  118. public function recover($username) {
  119. # Allows access to the database
  120. global $database;
  121.  
  122. # Clean the userame
  123. $username = $this->clean($username);
  124.  
  125. # Search if there are any users with the entered username
  126. $sql = "SELECT * FROM users WHERE username='$username'";
  127. $result = mysql_query($sql);
  128.  
  129. # Count the number of rows
  130. $count = mysql_num_rows($result);
  131.  
  132. # If the number or results is equal to or greater than 1, it is a valid username
  133. if ($count <= 1) {
  134. # Fetch the results of the query so that we can get the user's email address
  135. $res = mysql_fetch_array($result);
  136.  
  137. # Get the user's email address from the results array
  138. $to = $res['email'];
  139.  
  140. # The subject for the email
  141. $subject = "Password Recovery";
  142.  
  143. # The length of the randomly generated password
  144. $length = 6;
  145.  
  146. # Characters that can be used in the password
  147. $characters = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
  148.  
  149. # Just set the variable so that we dont get errors appending it
  150. $random_password = "";
  151.  
  152. # Create the random password
  153. for ($p = 0; $p < $length; $p++) {
  154. $random_password .= $characters[mt_rand(0, strlen($characters))];
  155. }
  156.  
  157. # Get the MD5 version of the password which is what we put in the database
  158. $random_password_md5 = md5($random_password);
  159.  
  160. # Update the user's password in the database
  161. $sql1 = "UPDATE users SET password='$random_password_md5' WHERE username='$username'";
  162. $result1 = mysql_query($sql1);
  163.  
  164. # Check if the update was successful
  165. if (!$result1) {
  166. # Didn't change, exit
  167. return false;
  168. }
  169. else {
  170. # The body of the email
  171. $body = "We recieved a request to reset the password for your account at Twaddlr from " . $_SERVER['REMOTE_ADDR'] . "\n\nUsername: " . $username . "\nPassword: " . $random_password;
  172.  
  173. # Check if the email was sent successfully
  174. if (mail($to, $subject, $body)) {
  175. # Sent successfully, the function has succeeded
  176. return true;
  177. }
  178. else {
  179. # Send failed, the subject has not succeeded
  180. return false;
  181. }
  182. }
  183. }
  184. }
  185.  
  186. public function changePassword($username, $oldPassword, $newPassword) {
  187. # Allows access to the database
  188. global $database;
  189.  
  190. # Clean the strings
  191. $username = $this->clean($username);
  192. $oldPassword = $this->clean($oldPassword);
  193. $newPassword = $this->clean($newPassword);
  194.  
  195. # Check if the username and password match
  196. if ($this->validate($username, $oldPassword)) {
  197. # Encrypt the new password
  198. $newPassword = md5($newPassword);
  199.  
  200. # Update the user's password
  201. $sql = "UPDATE users SET password='$newPassword' WHERE username='$username'";
  202. $result = mysql_query($sql);
  203.  
  204. # Check if it was successful or not
  205. if ($result) {
  206. # Changed successfully, return true
  207. return true;
  208. }
  209. else {
  210. # Change failed, return false
  211. return false;
  212. }
  213. }
  214. else {
  215. # Username and password were not correct, function failed
  216. return false;
  217. }
  218. }
  219.  
  220. public function changeEmail($username, $password, $newEmail) {
  221. # Allows access to the database
  222. global $database;
  223.  
  224. # Clean the submitted data
  225. $username = $this->clean($username);
  226. $password = $this->clean($password);
  227. $newEmail = $this->clean($newEmail);
  228.  
  229. # Check if the username and password are valid
  230. if ($this->validate($username, $password)) {
  231. # Username and password are valid
  232. $sql = "UPDATE users SET email='$newEmail' WHERE username='$username'";
  233. $result = mysql_query($sql);
  234.  
  235. # Check if the field was updated successfuly
  236. if ($result) {
  237. # It was updated, return true (success)
  238. return true;
  239. }
  240. else {
  241. # Could not update the field, return false (fail)
  242. return false;
  243. }
  244. }
  245. else {
  246. # Username and password were wrong, return false (fail)
  247. return false;
  248. }
  249. }
  250.  
  251. # Check if a username is already in use
  252. public function usernameAvalible($username) {
  253. $username = $this->clean($username);
  254.  
  255. $sql = "SELECT * FROM users WHERE username='$username'";
  256. $result = mysql_query($sql);
  257.  
  258. /////////////////////////////////////////////////////////////
  259.  
  260. }
  261.  
  262. # Register a user
  263. public function register($username, $password, $email) {
  264. # Get the user's IP address
  265. $ip = $_SERVER['REMOTE_ADDR'];
  266.  
  267. # Clean the inputs
  268. $username = $this->clean($username);
  269. $password = $this->clean($password);
  270. $email = $this->clean($email);
  271. $ip = $this->clean($ip);
  272.  
  273. # Encrypt the password
  274. $password = md5($password);
  275.  
  276. # Insert them into the database
  277. $sql = "INSERT INTO users (username, password, email, signup_ip) VALUES ('$username', '$password', '$email', '$ip')";
  278. $result = mysql_query($sql);
  279.  
  280. # Check if the query was successful
  281. if ($result) {
  282. # Query was successful, return true (success)
  283. return true;
  284. }
  285. else {
  286. # Query was not successful, return false (fail)
  287. return false;
  288. }
  289. }
  290. }
  291.  
  292. if (!isset($_GET['act'])) {
  293. die();
  294. }
  295.  
  296. $database = new database;
  297. $system = new system;
  298.  
  299. if ($_GET['act'] == "register") {
  300. if (isset($_GET['username']) AND isset($_GET['password']) AND isset($_GET['email'])) {
  301. if ($system->register($_GET['username'], $_GET['password'], $_GET['email'])) {
  302. echo "created new user";
  303. }
  304. else {
  305. echo "failed to create new user";
  306. }
  307. }
  308. }
  309.  
  310. if ($_GET['act'] == "login") {
  311. if (isset($_GET['username']) AND isset($_GET['password'])) {
  312. if ($system->validate($_GET['username'], $_GET['password'])) {
  313. echo "success";
  314. }
  315. else {
  316. echo "failed";
  317. }
  318. }
  319. }
  320.  
  321. if ($_GET['act'] == "recover") {
  322. if (isset($_GET['username'])) {
  323. if ($system->recover($_GET['username'])) {
  324. echo "sent";
  325. }
  326. else {
  327. echo "send failed";
  328. }
  329. }
  330. }
  331.  
  332. if ($_GET['act'] == "changepassword") {
  333. if (isset($_GET['username']) AND isset($_GET['oldpassword']) AND isset($_GET['newpassword'])) {
  334. if ($system->changePassword($_GET['username'], $_GET['oldpassword'], $_GET['newpassword'])) {
  335. echo "changed password";
  336. }
  337. else {
  338. echo "couldnt change password - maybe the old password was wrong";
  339. }
  340. }
  341. }
  342.  
  343. if ($_GET['act'] == "changeemail") {
  344. if (isset($_GET['username']) AND isset($_GET['password']) AND isset($_GET['newemail'])) {
  345. if ($system->changeEmail($_GET['username'], $_GET['password'], $_GET['newemail'])) {
  346. echo "changed email address";
  347. }
  348. else {
  349. echo "couldnt change email address - maybe the username doesnt exist";
  350. }
  351. }
  352. }
  353. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!