Untitled

<?php // begin execution

class auth { // class auth
    public function login($username,$password) { // function login, username and password paramaters
        $username = trim($username); // username (trim for linebreaks)
        $password = trim($passowrd); // password (trim for linebreaks)

        if (empty($username) || empty($password)) { // empty user,pass
            echo "ERROR: Login Failed. Empty USERNAME or PASSWORD. Try Again!"; // failed login empty user/pass
            return false; // return false to execute a redirect or whatever you want
        }

        $username = preg_replace("/[^0-9a-zA-z]/", "", $username); // username can only contain 0-9 a-z and A-Z
        $password = md5($password); // password (md5 hash)

        mySQLConnect::open(); // open connection

        $check_login = mysql_query("SELECT * FROM users WHERE username='$username' and password='$password'"); // query select user.pass
        $check_login = mysql_num_rows($check_login); // count rows

        if ($check_login == 1) { // if one row exists
            // create a session or cookie
            // session_register();
            // $_SESSION['username'] = $username;
            // $_SESSION['password'] = $password;
            // setcookie('username', $_SESSION['username'], time()+60*60*24*100);
            // setcookie('password', $_SESSION['password'], time()+60*60*24*100);
            // return
            return true;
        } else {
            // destroy any sessions / cookies
            return false;
        }

        mySQLConnect::close(); // close connection
    }
    public function logout($username,$password) { // function logout
        unset($_SESSION['username']); // remove / purge sessions
        unset($_SESSION['password']); // ^
        session_unset(); // ^
        session_destroy(); // ^
        return; // common sense ?
    }
    public function change_pw($username,$password) { // change password
        $username = trim($username); // username remove line breaks
        $password = trim($password); // password remove linebreaks

        if (empty($username) || empty($password)) {
            echo "ERROR: Change Password Failed. Username / Password Required. Try Again!";
            return false;
        }

        $username = preg_replace("/[^0-9a-zA-z]/", "", $username);
        $password = md5($password);

        $session_username = $_SESSION['username'];
        $session_password = $_SESSION['password'];

        mySQLConnect::open();

        $session_check = mysql_query("SELECT * FROM users WHERE username='$session_username' and password='$session_password'");
        $session_check = mysql_num_rows($session_check);

        if ($session_check = 1) {
            $change_password = mysql_query("UPDATE users SET username='$username' and password='$password' WHERE username='$session_username'");
            return true;
        } else {
            echo "ERROR: Invalid Session (Login). Please Login Again.";
            return false;
        }

        mySQLConnect::close();
    }
}

class mySQLConnect {
    public function open() {
        $mySQL = mysql_connect(DB_HOST, DB_USER, DB_PASS)or die("COULD NOT CONNECT");
        mysql_select_db(DB_NAME, $mySQL);
        return $mySQL;
    }
    public function close() {
        mysql_close($mySQL);
        return $mySQL;
    }
}

?>