<?php class Users { public $username = null; public $password = null

1. <?php
2.  
3.  
4. class Users {
5. public $username = null;
6. public $password = null;
7. public $salt = "secret"; //thats working. i just do not want you to see my salt
8.  
9. public function __construct( $data = array() ) {
10. if( isset( $data['username'] ) ) $this->username = stripslashes( strip_tags( $data['username'] )
11.  
12. );
13. if( isset( $data['password'] ) ) $this->password = stripslashes( strip_tags( $data['password'] )
14.  
15. );
16. }
17.  
18. public function storeFormValues( $params ) {
19. //store the parameters
20. $this->__construct( $params );
21. }
22.  
23. public function userLogin() {
24. $success = false;
25. try{
26. $con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
27. $con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
28. //$sql = "SELECT * FROM users WHERE username = :username AND password = :password LIMIT
29.  
30. 1";
31. //mysql_query("SELECT * FROM users WHERE username={$_SESSION['username']} LIMIT 1");
32. $mysql_link = mysql_connect("localhost","root","password") or die(mysql_error());
33. mysql_select_db("secretdb") or die(mysql_error());
34. echo "t";
35. $check = mysql_query("SELECT * FROM users WHERE Username = '" . mysql_real_escape_string($_SESSION['Password'])
36.  
37. . "' AND Username <> '" . mysql_real_escape_string($_SESSION['Username']) . "'") or die(mysql_error());
38. $stmt = $con->prepare( $check );
39. $stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
40. $stmt->bindValue( "password", hash("sha256", $this->password . $this->salt),
41.  
42. PDO::PARAM_STR );
43. $stmt->execute();
44.  
45. $valid = $stmt->fetchColumn();
46.  
47. if( $valid ) {
48. $success = true;
49. echo "validated";
50. }
51.  
52. $con = null;
53. return $success;
54. }catch (PDOException $e) {
55. echo $e->getMessage();
56. return $success;
57. }
58. }
59.  
60. public function register() {
61. $correct = false;
62. try {
63. $con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
64. $con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
65. $sql = "INSERT INTO users(username, password) VALUES(:username, :password)";
66.  
67. $stmt = $con->prepare( $sql );
68. $stmt->bindValue( "username", $this->username, PDO::PARAM_STR );
69. $stmt->bindValue( "password", hash("sha256", $this->password . $this->salt),
70.  
71. PDO::PARAM_STR );
72. $stmt->execute();
73. return "Registration Successful <br/> <a href='btcplay.me/beta/login'>Login
74.  
75. Now</a>";
76. }catch( PDOException $e ) {
77. return $e->getMessage();
78. }
79. }
80.  
81. }
82.  
83. ?>