Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class database {
- public function connectToDatabase() {
- $this->hostname = "localhost";
- $this->username = "root";
- $this->password = "";
- $this->database = "twaddlr";
- mysql_connect($this->hostname, $this->username, $this->password);
- mysql_select_db($this->database);
- $this->connected = true;
- }
- }
- class system {
- public function __construct() {
- # Allows access to the database
- global $database;
- # Make sure we are connected to the database
- $database->connectToDatabase();
- }
- # Checks if the user is logged in, if they are it returns true, else false
- public function loggedin() {
- # Allows access to the database
- global $database;
- # If the session hasn't already been started, start one
- if (!isset($_SESSION)) {
- session_start();
- }
- # Check if the username and password sessions are set, if they are then the user is logged in
- if (isset($_SESSION['sys_username']) AND isset($_SESSION['sys_password'])) {
- return true;
- }
- else {
- # Not logged in, return false
- return false;
- }
- }
- # Returns the current user's username
- public function username() {
- # Allows access to the database
- global $database;
- # Returns the value of the 'sys_username' session
- return $_SESSION['sys_username'];
- }
- # Returns the current user's email
- public function email() {
- # Allows access to the database
- global $database;
- # Returns the value of the 'sys_email' session
- return $_SESSION['sys_email'];
- }
- # Function to prevent MySQL injection
- public function clean($string) {
- # Allows access to the database
- global $database;
- # Clean $string
- $string = stripslashes($string);
- $string = mysql_real_escape_string($string);
- # Send back the cleaned string
- return $string;
- }
- # Check if a username and password combination is valid, returns true if valid, else false
- public function validate($username, $password) {
- # Allows access to the database
- global $database;
- # MD5 the password
- $password = md5($password);
- # Clean the username and password to prevent injection
- $username = $this->clean($username);
- $password = $this->clean($password);
- # Search for records where username and password match
- $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
- $result = mysql_query($sql);
- # Count the number of returned rows
- $count = mysql_num_rows($result);
- # If the rows returned are equal to or greater than 1, the username and password are valid
- if ($count >= 1) {
- # If session hasnt been started, start one
- if (!isset($_SESSION)) {
- session_start();
- }
- # Get the returned results
- $res = mysql_fetch_array($result);
- # Set the results from the query as sessions
- $_SESSION['sys_username'] = $res['username'];
- $_SESSION['sys_password'] = $res['password'];
- $_SESSION['sys_email'] = $res['email'];
- # Return true as login was successful
- return true;
- }
- else {
- return false;
- }
- }
- public function recover($username) {
- # Allows access to the database
- global $database;
- # Clean the userame
- $username = $this->clean($username);
- # Search if there are any users with the entered username
- $sql = "SELECT * FROM users WHERE username='$username'";
- $result = mysql_query($sql);
- # Count the number of rows
- $count = mysql_num_rows($result);
- # If the number or results is equal to or greater than 1, it is a valid username
- if ($count <= 1) {
- # Fetch the results of the query so that we can get the user's email address
- $res = mysql_fetch_array($result);
- # Get the user's email address from the results array
- $to = $res['email'];
- # The subject for the email
- $subject = "Password Recovery";
- # The length of the randomly generated password
- $length = 6;
- # Characters that can be used in the password
- $characters = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
- # Just set the variable so that we dont get errors appending it
- $random_password = "";
- # Create the random password
- for ($p = 0; $p < $length; $p++) {
- $random_password .= $characters[mt_rand(0, strlen($characters))];
- }
- # Get the MD5 version of the password which is what we put in the database
- $random_password_md5 = md5($random_password);
- # Update the user's password in the database
- $sql1 = "UPDATE users SET password='$random_password_md5' WHERE username='$username'";
- $result1 = mysql_query($sql1);
- # Check if the update was successful
- if (!$result1) {
- # Didn't change, exit
- return false;
- }
- else {
- # The body of the email
- $body = "We recieved a request to reset the password for your account at Twaddlr from " . $_SERVER['REMOTE_ADDR'] . "\n\nUsername: " . $username . "\nPassword: " . $random_password;
- # Check if the email was sent successfully
- if (mail($to, $subject, $body)) {
- # Sent successfully, the function has succeeded
- return true;
- }
- else {
- # Send failed, the subject has not succeeded
- return false;
- }
- }
- }
- }
- public function changePassword($username, $oldPassword, $newPassword) {
- # Allows access to the database
- global $database;
- # Clean the strings
- $username = $this->clean($username);
- $oldPassword = $this->clean($oldPassword);
- $newPassword = $this->clean($newPassword);
- # Check if the username and password match
- if ($this->validate($username, $oldPassword)) {
- # Encrypt the new password
- $newPassword = md5($newPassword);
- # Update the user's password
- $sql = "UPDATE users SET password='$newPassword' WHERE username='$username'";
- $result = mysql_query($sql);
- # Check if it was successful or not
- if ($result) {
- # Changed successfully, return true
- return true;
- }
- else {
- # Change failed, return false
- return false;
- }
- }
- else {
- # Username and password were not correct, function failed
- return false;
- }
- }
- public function changeEmail($username, $password, $newEmail) {
- # Allows access to the database
- global $database;
- # Clean the submitted data
- $username = $this->clean($username);
- $password = $this->clean($password);
- $newEmail = $this->clean($newEmail);
- # Check if the username and password are valid
- if ($this->validate($username, $password)) {
- # Username and password are valid
- $sql = "UPDATE users SET email='$newEmail' WHERE username='$username'";
- $result = mysql_query($sql);
- # Check if the field was updated successfuly
- if ($result) {
- # It was updated, return true (success)
- return true;
- }
- else {
- # Could not update the field, return false (fail)
- return false;
- }
- }
- else {
- # Username and password were wrong, return false (fail)
- return false;
- }
- }
- # Check if a username is already in use
- public function usernameAvalible($username) {
- $username = $this->clean($username);
- $sql = "SELECT * FROM users WHERE username='$username'";
- $result = mysql_query($sql);
- /////////////////////////////////////////////////////////////
- }
- # Register a user
- public function register($username, $password, $email) {
- # Get the user's IP address
- $ip = $_SERVER['REMOTE_ADDR'];
- # Clean the inputs
- $username = $this->clean($username);
- $password = $this->clean($password);
- $email = $this->clean($email);
- $ip = $this->clean($ip);
- # Encrypt the password
- $password = md5($password);
- # Insert them into the database
- $sql = "INSERT INTO users (username, password, email, signup_ip) VALUES ('$username', '$password', '$email', '$ip')";
- $result = mysql_query($sql);
- # Check if the query was successful
- if ($result) {
- # Query was successful, return true (success)
- return true;
- }
- else {
- # Query was not successful, return false (fail)
- return false;
- }
- }
- }
- if (!isset($_GET['act'])) {
- die();
- }
- $database = new database;
- $system = new system;
- if ($_GET['act'] == "register") {
- if (isset($_GET['username']) AND isset($_GET['password']) AND isset($_GET['email'])) {
- if ($system->register($_GET['username'], $_GET['password'], $_GET['email'])) {
- echo "created new user";
- }
- else {
- echo "failed to create new user";
- }
- }
- }
- if ($_GET['act'] == "login") {
- if (isset($_GET['username']) AND isset($_GET['password'])) {
- if ($system->validate($_GET['username'], $_GET['password'])) {
- echo "success";
- }
- else {
- echo "failed";
- }
- }
- }
- if ($_GET['act'] == "recover") {
- if (isset($_GET['username'])) {
- if ($system->recover($_GET['username'])) {
- echo "sent";
- }
- else {
- echo "send failed";
- }
- }
- }
- if ($_GET['act'] == "changepassword") {
- if (isset($_GET['username']) AND isset($_GET['oldpassword']) AND isset($_GET['newpassword'])) {
- if ($system->changePassword($_GET['username'], $_GET['oldpassword'], $_GET['newpassword'])) {
- echo "changed password";
- }
- else {
- echo "couldnt change password - maybe the old password was wrong";
- }
- }
- }
- if ($_GET['act'] == "changeemail") {
- if (isset($_GET['username']) AND isset($_GET['password']) AND isset($_GET['newemail'])) {
- if ($system->changeEmail($_GET['username'], $_GET['password'], $_GET['newemail'])) {
- echo "changed email address";
- }
- else {
- echo "couldnt change email address - maybe the username doesnt exist";
- }
- }
- }
- ?>
Add Comment
Please, Sign In to add comment