Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once('config.php');
- require_once('define.php');
- class Session
- {
- function isOnline()
- {
- if(isset($_SESSION['username']))
- {
- if(isset($_SESSION['token']))
- {
- $username = $this->SafeText($_SESSION['username']);
- $get_user = mysql_query("SELECT * FROM users WHERE name = '$_SESSION[username]'");
- $r = mysql_fetch_array($get_user);
- if($_SESSION['username'] == $r['name'] && $_SESSION['token'] == $r['session_token'])
- {
- return true;
- }
- }
- else
- {
- return false;
- }
- }
- else
- {
- return false;
- }
- }
- function Logout()
- {
- unset($_SESSION['username']);
- unset($_SESSION['token']);
- unset($_SESSION['id']);
- header("Location: index.php");
- }
- function SafeText($str) { //Used to protect queries
- if(get_magic_quotes_gpc()){ $str = stripslashes($str); }
- $str = strip_tags($str);
- $str = mysql_real_escape_string($str);
- $str = htmlspecialchars($str,ENT_COMPAT,"UTF-8");
- return $str;
- }
- function Login($name, $pass){
- $_SESSION['error'] = "1";
- $search = mysql_query("SELECT * FROM users WHERE name = '".$name."'");
- if(mysql_num_rows($search) == 1)
- {
- $_SESSION['error'] = "2";
- $info = mysql_fetch_array($search);
- if(md5($pass) == $info['password'])
- {
- $_SESSION['error'] = "3";
- $_SESSION['username'] = $name;
- $_SESSION['id'] = $info['id'];
- $_SESSION['token'] = $this->GenerateCode(32);
- mysql_query("UPDATE users SET session_token = '".$_SESSION['token']."' WHERE name = '".$name."'");
- header("Location: forum.php");
- }
- else
- {
- $_SESSION['error'] = "The password you typed is incorrect.";
- }
- }
- else
- {
- $_SESSION['error'] = "The username does not exist.";
- }
- }
- function bbcode($str){
- $str = htmlentities($str);
- $format_search = array(
- '#\[b\](.*?)\[/b\]#is',
- '#\[i\](.*?)\[/i\]#is',
- '#\[u\](.*?)\[/u\]#is',
- '#\[s\](.*?)\[/s\]#is',
- '#\[notice\](.*?)\[/notice\]#is',
- '#\[img\](https?://.*?\.(?:jpg|jpeg|gif|png|bmp))\[/img\]#i',
- '#\[left](.*?)\[/left\]#is',
- '#\[right](.*?)\[/right\]#is',
- '#\[center](.*?)\[/center\]#is',
- '#\[url=((?:ftp|https?)://.*?)\](.*?)\[/url\]#i',
- '#\[url\]((?:ftp|https?)://.*?)\[/url\]#i'
- );
- $format_replace = array(
- '<strong>$1</strong>',
- '<em>$1</em>',
- '<span style="text-decoration: underline;">$1</span>',
- '<span style="text-decoration: line-through;">$1</span>',
- '<table width="90%" cellspacing="1" cellpadding="20" border="0" align="center"><tr><td class="code"><b>Moderator Notice:</b><br>$1</td></tr></table>',
- '<img src="$1" />',
- '<div align="left">$1</div>',
- '<div align="right">$1</div>',
- '<div align="center">$1</div>',
- '<a href="$1">$2</a>',
- '<a href="$1">$1</a>'
- );
- $str = preg_replace($format_search, $format_replace, $str);
- $str = nl2br($str);
- $str = htmlspecialchars_decode($str);
- return $str;
- }
- function GetID($name){
- $search = mysql_query("SELECT * FROM users WHERE name = '".$name."'");
- if(mysql_num_rows($search) == 1)
- {
- $r = mysql_fetch_array($search);
- return $r['id'];
- }
- else
- {
- return false;
- }
- }
- function check_email_address($email) {
- // First, we check that there's one @ symbol,
- // and that the lengths are right.
- if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
- // Email invalid because wrong number of characters
- // in one section or wrong number of @ symbols.
- return false;
- }
- // Split it into sections to make life easier
- $email_array = explode("@", $email);
- $local_array = explode(".", $email_array[0]);
- for ($i = 0; $i < sizeof($local_array); $i++) {
- if
- (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&
- ↪'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$",
- $local_array[$i])) {
- return false;
- }
- }
- // Check if domain is IP. If not,
- // it should be valid domain name
- if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) {
- $domain_array = explode(".", $email_array[1]);
- if (sizeof($domain_array) < 2) {
- return false; // Not enough parts to domain
- }
- for ($i = 0; $i < sizeof($domain_array); $i++) {
- if
- (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|
- ↪([A-Za-z0-9]+))$",
- $domain_array[$i])) {
- return false;
- }
- }
- }
- return true;
- }
- function PostNews($title, $shortstory, $content, $author) {
- if($title != NULL || $shortstory != NULL || $content != NULL)
- {
- mysql_query("INSERT INTO articles (`title`, `shortstory`, `content`, `author`) VALUES ('".$title."', '".$shortstory."', '".$content."', '".$author."')");
- }
- else
- {
- $_SESSION['error'] = "Looks like you left something blank!";
- }
- }
- function Register($name, $pass, $pas2){
- $name = $this->SafeText($name);
- $raw = $pass;
- $pass = md5($pass);
- $pas2 = md5($pas2);
- $search = mysql_query("SELECT * FROM users WHERE name = '".$name."'");
- if(mysql_num_rows($search) >= 1)
- {
- $_SESSION['error'] = "A user with this name has already registered!";
- }
- else
- {
- if($pass != $pas2)
- {
- $_SESSION['error'] = "The two passwords do not match!";
- }
- else
- {
- if((strlen($name) > 30) || (strlen($name) < 3))
- {
- $_SESSION['error'] = "Your username must be larger than 3 characters or less than 30.";
- }
- else
- {
- mysql_query("INSERT INTO users (`name`, `rank`, `password`) VALUES ('".$name."', '1', '".$pass."')");
- $this->Login($name, $raw);
- }
- }
- }
- }
- function GenerateCode($num) {
- // reset code
- $sCode = '';
- $aCharSet = array(1,2,3,4,5,6,7,8,9,'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z');
- // loop through and generate the code letter by letter
- for ($i = 0; $i < $num; $i++) {
- if (count($aCharSet) > 0) {
- // select random character and add to code string
- $sCode .= $aCharSet[array_rand($aCharSet)];
- } else {
- // select random character and add to code string
- $sCode .= chr(rand(65, 90));
- }
- }
- return $sCode;
- }
- }
- ?>
Add Comment
Please, Sign In to add comment