Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- cladfasdfasdf
- public $ip;
- /**
- * Sets basic user variables on page load
- * reason for this is easier access to vars, and less
- * server stress because we aren't querying the server multiple times for these values
- **/
- function user()
- {
- if(array_key_exists('username', $_SESSION))
- {
- $this->username = $_SESSION['username'];
- $this->loggedIn = true;
- $query = "SELECT * FROM `userInfo` WHERE username = '{$this->username}'";
- $result = mysql_query($query) or die(mysql_error());
- $userObj = mysql_fetch_object($result);
- $this->id = $userObj->id;
- $this->firstName = $userObj->firstName;
- $this->lastName = $userObj->lastName;
- $this->ip = $userObj->ip;
- $this->updateLastActive();
- }
- }
- /**
- * Accepts 8 strings, aptly named plus a reference to an error string
- * returns true if the registering process was successful, else false
- */
- function register($username, $password, $verifyPassword, $ip,
- $email = '', $firstName = '', $lastName = '', $age = '', &$error)
- {
- // clean the variables so they are safe to enter in the database
- $this->cleanVar($username);
- // don't encrypt the passwords yet because we still need to check if they are empty
- $this->cleanVar($password);
- $this->cleanVar($verifyPassword);
- $this->cleanVar($ip);
- $this->cleanVar($email);
- $this->cleanVar($firstName);
- $this->cleanVar($lastName);
- $this->cleanVar($age);
- if(empty($username))
- {
- $error .= "Please fill out a username.\n";
- return false;
- }
- if(empty($password) || empty($verifyPassword))
- {
- $error .= "Please fill out both passwords.\n";
- return false;
- }
- if($password != $verifyPassword)
- {
- $error .= "Please make sure both passwords you filled out are the same.\n";
- return false;
- }
- if(eregi("^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,6}$", $email))
- {
- $error .= "Please fill out a valid email address.\n";
- }
- // encrypt the password before we go any further
- // do this because plaintext is after this point
- $encryptedPass = $this->encryption($password);
- // check if the username is taken
- $query = "SELECT * FROM `userInfo` WHERE username='{$username}'";
- $result = mysql_query($query) or die(mysql_error());
- if(mysql_num_rows($result) > 1)
- {
- $error .= "Sorry, the username you filled out is already taken";
- return false;
- }
- // well, we've gotten this far, why not put the info in the database!
- mysql_query("INSERT INTO `userInfo`
- (firstName, lastName, username, password, age, email, ip, dateRegistered) VALUES
- ('$firstName', '$lastName', '$username',
- '$encryptedPass', '$age', '$email', '$ip', '".time()."')")
- or die(mysql_error());
- return true;
- }
- /**
- * Accepts three strings, username, password, and a reference to an error string
- * returns true if login successful and the page needs to be
- * redirected, false if the login failed
- **/
- function login($username, $password, &$error)
- {
- // clean up the username and password
- $this->cleanVar($username);
- $this->cleanVar($password);
- if(empty($username))
- {
- $error .= "Please fill out a username.\n";
- return false;
- }
- if(empty($password))
- {
- $error .= "Please fill out a password.\n";
- return false;
- }
- $encrpytedPass = $this->encryption($password);
- // query if the user is in the database, and check if the row count is 1
- $query = "SELECT * FROM `userInfo`
- WHERE username='{$username}' and password='{$encrpytedPass}'";
- $result = mysql_query($query) or die(mysql_error());
- $count = mysql_num_rows($result);
- if($count == 1)
- {
- // set the time as last active for the users profile
- $this->updateLastActive();
- $_SESSION['username'] = $username;
- return true;
- }
- // function fell through, login failed
- return false;
- }
- /**
- * accepts a reference string and "cleans" it for the database
- * returns nothing
- */
- function cleanVar(&$var)
- {
- $var = trim($var);
- $var = mysql_real_escape_string($var);
- }
- /**
- * function for encrypting so encryption is extra secure!
- * accepts two strings, the string to be encrypted and the salt
- * returns the encrypted string
- **/
- function encryption($var,$salt = "i0cd83nd3js4n54j")
- {
- $super_salt = strrev(sha1($salt).md5($salt)).md5($salt);
- $salted = strrev($var.$super_salt.$super_salt.$var.$super_salt);
- $salted .= $salted.$super_salt;
- $salted = md5($salted);
- $salted = sha1($salted);
- return $salted;
- }
- /**
- * this function automatically updates the lastActive column for the user, when called.
- **/
- function updateLastActive()
- {
- // check if they are logged in, don't want to be sending malformed queries in1
- if($this->loggedIn)
- {
- $query = "UPDATE `userInfo` SET lastActive = '".time()."'
- WHERE username='{$this->username}'";
- mysql_query($query) or die(mysql_error());
- }
- }
- }
- session_start();
- $user = new user();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement