<?phpcladfasdfasdf public $ip; /** * Sets basic user variables on

1. <?php
2. cladfasdfasdf
3.   public $ip;
4.  
5.   /**
6.   * Sets basic user variables on page load
7.   * reason for this is easier access to vars, and less
8.   * server stress because we aren't querying the server multiple times for these values
9.   **/
10.   function user()
11.   {
12.     if(array_key_exists('username', $_SESSION))
13.     {
14.       $this->username = $_SESSION['username'];
15.       $this->loggedIn = true;
16.      
17.       $query = "SELECT * FROM `userInfo` WHERE username = '{$this->username}'";
18.       $result = mysql_query($query) or die(mysql_error());
19.       $userObj = mysql_fetch_object($result);
20.      
21.       $this->id = $userObj->id;
22.       $this->firstName = $userObj->firstName;
23.       $this->lastName = $userObj->lastName;
24.       $this->ip = $userObj->ip;
25.      
26.       $this->updateLastActive();
27.     }
28.   }
29.  
30.   /**
31.   * Accepts 8 strings, aptly named plus a reference to an error string
32.   * returns true if the registering process was successful, else false
33.   */
34.   function register($username, $password, $verifyPassword, $ip,
35.                     $email = '', $firstName = '', $lastName = '', $age = '', &$error)
36.   {
37.     // clean the variables so they are safe to enter in the database
38.     $this->cleanVar($username);
39.     // don't encrypt the passwords yet because we still need to check if they are empty
40.     $this->cleanVar($password);
41.     $this->cleanVar($verifyPassword);
42.     $this->cleanVar($ip);
43.     $this->cleanVar($email);
44.     $this->cleanVar($firstName);
45.     $this->cleanVar($lastName);
46.     $this->cleanVar($age);
47.    
48.     if(empty($username))
49.     {
50.       $error .= "Please fill out a username.\n";
51.       return false;
52.     }
53.    
54.     if(empty($password) || empty($verifyPassword))
55.     {
56.       $error .= "Please fill out both passwords.\n";
57.       return false;
58.     }
59.    
60.     if($password != $verifyPassword)
61.     {
62.       $error .= "Please make sure both passwords you filled out are the same.\n";
63.       return false;
64.     }
65.    
66.     if(eregi("^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,6}$", $email))
67.     {
68.       $error .= "Please fill out a valid email address.\n";
69.     }
70.    
71.     // encrypt the password before we go any further
72.     // do this because plaintext is after this point
73.     $encryptedPass = $this->encryption($password);
74.    
75.     // check if the username is taken
76.     $query  = "SELECT * FROM `userInfo` WHERE username='{$username}'";
77.     $result = mysql_query($query) or die(mysql_error());
78.     if(mysql_num_rows($result) > 1)
79.     {
80.       $error .= "Sorry, the username you filled out is already taken";
81.       return false;
82.     }
83.    
84.     // well, we've gotten this far, why not put the info in the database!
85.     mysql_query("INSERT INTO `userInfo`
86.                 (firstName, lastName, username, password, age, email, ip, dateRegistered) VALUES
87.                 ('$firstName', '$lastName', '$username',
88.                  '$encryptedPass', '$age', '$email', '$ip', '".time()."')")
89.                 or die(mysql_error());
90.     return true;
91.   }
92.  
93.   /**
94.   * Accepts three strings, username, password, and a reference to an error string
95.   * returns true if login successful and the page needs to be
96.   *  redirected, false if the login failed
97.   **/
98.   function login($username, $password, &$error)
99.   {
100.     // clean up the username and password
101.     $this->cleanVar($username);
102.     $this->cleanVar($password);
103.    
104.     if(empty($username))
105.     {
106.       $error .= "Please fill out a username.\n";
107.       return false;
108.     }
109.    
110.     if(empty($password))
111.     {
112.       $error .= "Please fill out a password.\n";
113.       return false;
114.     }
115.     $encrpytedPass = $this->encryption($password);
116.    
117.     // query if the user is in the database, and check if the row count is 1
118.     $query  = "SELECT * FROM `userInfo`
119.               WHERE username='{$username}' and password='{$encrpytedPass}'";
120.     $result = mysql_query($query) or die(mysql_error());
121.     $count  = mysql_num_rows($result);
122.    
123.     if($count == 1)
124.     {
125.       // set the time as last active for the users profile
126.       $this->updateLastActive();
127.       $_SESSION['username'] = $username;
128.       return true;
129.     }
130.    
131.     // function fell through, login failed
132.     return false;
133.   }
134.  
135.   /**
136.   * accepts a reference string and "cleans" it for the database
137.   * returns nothing
138.   */
139.   function cleanVar(&$var)
140.   {
141.     $var = trim($var);
142.     $var = mysql_real_escape_string($var);
143.   }
144.  
145.   /**
146.   * function for encrypting so encryption is extra secure!
147.   * accepts two strings, the string to be encrypted and the salt
148.   * returns the encrypted string
149.   **/
150.   function encryption($var,$salt = "i0cd83nd3js4n54j")
151.   {
152.     $super_salt = strrev(sha1($salt).md5($salt)).md5($salt);
153.     $salted  = strrev($var.$super_salt.$super_salt.$var.$super_salt);
154.     $salted .= $salted.$super_salt;
155.     $salted  = md5($salted);
156.     $salted  = sha1($salted);
157.     return $salted;
158.   }
159.  
160.   /**
161.   * this function automatically updates the lastActive column for the user, when called.
162.   **/
163.   function updateLastActive()
164.   {
165.     // check if they are logged in, don't want to be sending malformed queries in1
166.     if($this->loggedIn)
167.     {
168.       $query = "UPDATE `userInfo` SET lastActive = '".time()."'
169.                WHERE username='{$this->username}'";
170.       mysql_query($query) or die(mysql_error());
171.     }
172.   }
173. }
174. session_start();
175. $user = new user();
176. ?>