API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 14th, 2017
587
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 6.97 KB | None | 0 0
raw download clone embed print report
  1. <?
  2.     /*
  3.         PHP/Mysql Account System
  4.         Written by Benjamin Knox
  5.         Email: knoxius@knoxius.com
  6.         ©Knoxius.com 2010
  7.     */
  8.    
  9.     //Connect to MySql - Select database to use
  10.     require($_SERVER['DOCUMENT_ROOT'].'/assets/class/connect.php');
  11.     mysql_select_db('knoxius8_account');
  12.    
  13.     //Account Class
  14.     class account {
  15.         //Random character string generator
  16.         //Credit to Mich (michhimself.com) and james@coretelecom.co.uk
  17.         public function str_rand($length) {    
  18.             $chars = array_merge(range('A', 'Z'), range('a', 'z'),range(0, 9));
  19.             $out = "";
  20.                 for($i=0; $i < $length; $i++) {
  21.                     $string .= $chars[mt_rand(0,count($chars)-1)];
  22.                 }
  23.             return $string;
  24.         }
  25.        
  26.         //Clear the string of exploitive characters
  27.         public function clear_string($string) {
  28.             $string = mysql_real_escape_string($string);
  29.             $string = strip_tags($string);
  30.             $string = trim($string);
  31.             $string = addslashes($string);
  32.             return $string;
  33.         }
  34.        
  35.         //Locate the user in the database
  36.         public function find_user($username) {
  37.             $query = 'SELECT * FROM users WHERE username=\''.$username.'\'';
  38.             $check = mysql_query($query);
  39.            
  40.             $returned = mysql_num_rows($check);
  41.             if($returned == 0) {
  42.                 return false;
  43.             } else {
  44.                 return true;
  45.             }
  46.         }
  47.        
  48.         //Retrieve specified item from user's information
  49.             //Current columns within the table include:
  50.             /* 'id', 'username', 'password', 'email', 'usergroup' */
  51.         public function get_info($username,$col) {
  52.             $query = 'SELECT * FROM users WHERE username=\''.$username.'\'';
  53.             $check = mysql_query($query);
  54.            
  55.             $info = mysql_fetch_array($check);
  56.             $selected = $info[$col];
  57.             return $selected;
  58.         }
  59.        
  60.         //Check if the user has validated their account
  61.         //The user is invalid if their usergroup is 0
  62.         public function check_validity($username) {
  63.             $usergroup = $this->get_info($username,'usergroup');
  64.            
  65.             if($usergroup == 0) {
  66.                 return false;
  67.             } else {
  68.                 return true;
  69.             }
  70.         }
  71.        
  72.         //Check if a user is already logged in
  73.         public function check_status() {
  74.             $sess_id = $_SESSION['knoxius_account'];
  75.             if(!isset($sess_id)) { return false; }
  76.            
  77.             $query = 'SELECT * FROM session WHERE sess_id=\''.$sess_id.'\'';
  78.             $check = mysql_query($query);
  79.             $rows = mysql_num_rows($check);
  80.            
  81.             if($rows == 0) {
  82.                 return false;
  83.             } else {
  84.                 return true;
  85.             }
  86.         }
  87.     }
  88.    
  89.     //Login Class
  90.     class login extends account {
  91.         private $username;
  92.         private $password;
  93.         private $remember;
  94.         private $sess_id;
  95.        
  96.         //Account Construction Function
  97.         public function __construct($username,$password,$remember) {
  98.             $this->username = parent::clear_string($username);
  99.             $this->password = parent::clear_string($password);
  100.             $this->remember = $remember;
  101.            
  102.             $error_check = $this->error_check();
  103.            
  104.             if(!$error_check) {
  105.                 $this->sess_id = $this->set_sessID();
  106.                 $session = $this->create_session();
  107.                
  108.                 if(!$session) {
  109.                     return false;
  110.                 } else {
  111.                     return true;
  112.                 }
  113.             }
  114.         }
  115.        
  116.         //Login form error check
  117.         private function error_check() {
  118.             //Status checker (of whether a user is logged in) will be elaborated on
  119.             //This is a temporary spot - it will be changed in the future
  120.             if(parent::check_status()) {
  121.                 throw new Exception('You are already logged in.');
  122.                 return true;
  123.             }
  124.            
  125.            
  126.             if(empty($this->username) || empty($this->password)) {
  127.                 throw new Exception('One or more fields were left blank.');
  128.                 return true;
  129.             }
  130.             if(!ctype_alnum($this->username) || !ctype_alnum($this->password)) {
  131.                 throw new Exception('Only alphanumeric characters may be used.');
  132.                 return true;
  133.             }
  134.             if(!parent::find_user($this->username)) {
  135.                 throw new Exception('User \''.$this->username.'\' does not exist in the database.');
  136.                 return true;
  137.             }
  138.             if(!$this->check_pswd()) {
  139.                 throw new Exception('Password entered for user \''.$this->username.'\' was incorrect.');
  140.                 return true;
  141.             }
  142.             if(!parent::check_validity($this->username)) {
  143.                 throw new Exception('User \''.$this->username.'\' has not been validated. Please check your email for a validation link, or contact an administrator if you did not recieve an email.');
  144.                 return true;
  145.             }
  146.             return false;
  147.         }
  148.        
  149.         //Check if the password matches the stored password
  150.         private function check_pswd() {
  151.             $sql_pswd = parent::get_info($this->username,'password');
  152.            
  153.             if(md5($this->password) != $sql_pswd) {
  154.                 return false;
  155.             } else {
  156.                 return true;
  157.             }
  158.         }
  159.        
  160.         //Create the session ID
  161.         private function set_sessID() {
  162.             $session = parent::str_rand(20);
  163.             $sess_id = md5($this->username.$this->password.$session);
  164.             return $sess_id;
  165.         }
  166.        
  167.         //Set the login cookie
  168.         private function set_cookie() {
  169.             switch ($this->remember) {
  170.                 case true:
  171.                     $cookie_expire = time()+60+60+24+30;
  172.                 break;
  173.                 case false:
  174.                     $cookie_expire = 0;
  175.                 break;
  176.             }
  177.             setcookie('knoxius_account',$this->sess_id,$cookie_expire,'/');
  178.         }
  179.        
  180.         //Set the login session
  181.         private function create_session() {
  182.             $this->set_cookie();
  183.            
  184.             session_start();
  185.             $_SESSION['knoxius_account'] = $this->sess_id;
  186.            
  187.             $query = 'INSERT INTO sessions VALUES(NULL,\''.$this->username.'\',\''.$this->sess_id.'\')';
  188.             $create_sess = mysql_query($query);
  189.            
  190.             if(!$create_sess) {
  191.                 throw new Exception('An unknown error occurred and you were not logged in.');
  192.                 return false;
  193.             } else {
  194.                 return true;
  195.             }
  196.         }
  197.     }
  198.    
  199.     //Registration Class
  200.         //I'll finish this later
  201.     /*class register extends account {
  202.         private $username;
  203.         private $password;
  204.         private $email;
  205.         private $timestamp
  206.         private $ip;
  207.        
  208.         //Class Construct
  209.         public function __construct($username,$password,$email) {
  210.             $this->username = parent::clear_string($username);
  211.             $this->password = parent::clear_string($password);
  212.             $this->email = parent::clear_string($email);
  213.             $this->timestamp = time();
  214.             $this->ip = $_SERVER['REMOTE_ADDR'];
  215.  
  216.             if(!isset($this->username) || !isset($this->password) || !isset($this->email)) {
  217.                 throw new Exception('One or more fields were left blank.');
  218.             }
  219.             if(!ctype_alnum($this->username) || !ctype_alnum($this->password)) {
  220.                 throw new Exception('Username and password may only be alphanumeric characters.');
  221.             }
  222.             if(strlen($this->username) > 30 || strlen($this->password) > 30)) {
  223.                 throw new Exception('Username and password can not exceed 30 characters.');
  224.             }
  225.             if(parent::find_user($this->username)) {
  226.                 throw new Exception('Username is already in use.');
  227.             }
  228.             if($this->search_email()) {
  229.                 throw new Exception('Email is already in use.');
  230.             }
  231.         }
  232.        
  233.         //Locate a field based on email
  234.         //Used to make sure there are no double emails
  235.         private function search_email() {
  236.             $query = 'SELECT * FROM users WHERE email=\''.$this->email.'\'';
  237.             $check = mysql_query($query);
  238.             $rows = mysql_num_rows($check);
  239.            
  240.             if($rows == 0) {
  241.                 return false;
  242.             } else {
  243.                 return true;
  244.             }
  245.         }
  246.     }*/
  247.    
  248.     //Validation Class
  249.     class validate extends account {
  250.    
  251.     }
  252. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!