Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- /*
- PHP/Mysql Account System
- Written by Benjamin Knox
- Email: knoxius@knoxius.com
- ©Knoxius.com 2010
- */
- //Connect to MySql - Select database to use
- require($_SERVER['DOCUMENT_ROOT'].'/assets/class/connect.php');
- mysql_select_db('knoxius8_account');
- //Account Class
- class account {
- //Random character string generator
- //Credit to Mich (michhimself.com) and james@coretelecom.co.uk
- public function str_rand($length) {
- $chars = array_merge(range('A', 'Z'), range('a', 'z'),range(0, 9));
- $out = "";
- for($i=0; $i < $length; $i++) {
- $string .= $chars[mt_rand(0,count($chars)-1)];
- }
- return $string;
- }
- //Clear the string of exploitive characters
- public function clear_string($string) {
- $string = mysql_real_escape_string($string);
- $string = strip_tags($string);
- $string = trim($string);
- $string = addslashes($string);
- return $string;
- }
- //Locate the user in the database
- public function find_user($username) {
- $query = 'SELECT * FROM users WHERE username=\''.$username.'\'';
- $check = mysql_query($query);
- $returned = mysql_num_rows($check);
- if($returned == 0) {
- return false;
- } else {
- return true;
- }
- }
- //Retrieve specified item from user's information
- //Current columns within the table include:
- /* 'id', 'username', 'password', 'email', 'usergroup' */
- public function get_info($username,$col) {
- $query = 'SELECT * FROM users WHERE username=\''.$username.'\'';
- $check = mysql_query($query);
- $info = mysql_fetch_array($check);
- $selected = $info[$col];
- return $selected;
- }
- //Check if the user has validated their account
- //The user is invalid if their usergroup is 0
- public function check_validity($username) {
- $usergroup = $this->get_info($username,'usergroup');
- if($usergroup == 0) {
- return false;
- } else {
- return true;
- }
- }
- //Check if a user is already logged in
- public function check_status() {
- $sess_id = $_SESSION['knoxius_account'];
- if(!isset($sess_id)) { return false; }
- $query = 'SELECT * FROM session WHERE sess_id=\''.$sess_id.'\'';
- $check = mysql_query($query);
- $rows = mysql_num_rows($check);
- if($rows == 0) {
- return false;
- } else {
- return true;
- }
- }
- }
- //Login Class
- class login extends account {
- private $username;
- private $password;
- private $remember;
- private $sess_id;
- //Account Construction Function
- public function __construct($username,$password,$remember) {
- $this->username = parent::clear_string($username);
- $this->password = parent::clear_string($password);
- $this->remember = $remember;
- $error_check = $this->error_check();
- if(!$error_check) {
- $this->sess_id = $this->set_sessID();
- $session = $this->create_session();
- if(!$session) {
- return false;
- } else {
- return true;
- }
- }
- }
- //Login form error check
- private function error_check() {
- //Status checker (of whether a user is logged in) will be elaborated on
- //This is a temporary spot - it will be changed in the future
- if(parent::check_status()) {
- throw new Exception('You are already logged in.');
- return true;
- }
- if(empty($this->username) || empty($this->password)) {
- throw new Exception('One or more fields were left blank.');
- return true;
- }
- if(!ctype_alnum($this->username) || !ctype_alnum($this->password)) {
- throw new Exception('Only alphanumeric characters may be used.');
- return true;
- }
- if(!parent::find_user($this->username)) {
- throw new Exception('User \''.$this->username.'\' does not exist in the database.');
- return true;
- }
- if(!$this->check_pswd()) {
- throw new Exception('Password entered for user \''.$this->username.'\' was incorrect.');
- return true;
- }
- if(!parent::check_validity($this->username)) {
- throw new Exception('User \''.$this->username.'\' has not been validated. Please check your email for a validation link, or contact an administrator if you did not recieve an email.');
- return true;
- }
- return false;
- }
- //Check if the password matches the stored password
- private function check_pswd() {
- $sql_pswd = parent::get_info($this->username,'password');
- if(md5($this->password) != $sql_pswd) {
- return false;
- } else {
- return true;
- }
- }
- //Create the session ID
- private function set_sessID() {
- $session = parent::str_rand(20);
- $sess_id = md5($this->username.$this->password.$session);
- return $sess_id;
- }
- //Set the login cookie
- private function set_cookie() {
- switch ($this->remember) {
- case true:
- $cookie_expire = time()+60+60+24+30;
- break;
- case false:
- $cookie_expire = 0;
- break;
- }
- setcookie('knoxius_account',$this->sess_id,$cookie_expire,'/');
- }
- //Set the login session
- private function create_session() {
- $this->set_cookie();
- session_start();
- $_SESSION['knoxius_account'] = $this->sess_id;
- $query = 'INSERT INTO sessions VALUES(NULL,\''.$this->username.'\',\''.$this->sess_id.'\')';
- $create_sess = mysql_query($query);
- if(!$create_sess) {
- throw new Exception('An unknown error occurred and you were not logged in.');
- return false;
- } else {
- return true;
- }
- }
- }
- //Registration Class
- //I'll finish this later
- /*class register extends account {
- private $username;
- private $password;
- private $email;
- private $timestamp
- private $ip;
- //Class Construct
- public function __construct($username,$password,$email) {
- $this->username = parent::clear_string($username);
- $this->password = parent::clear_string($password);
- $this->email = parent::clear_string($email);
- $this->timestamp = time();
- $this->ip = $_SERVER['REMOTE_ADDR'];
- if(!isset($this->username) || !isset($this->password) || !isset($this->email)) {
- throw new Exception('One or more fields were left blank.');
- }
- if(!ctype_alnum($this->username) || !ctype_alnum($this->password)) {
- throw new Exception('Username and password may only be alphanumeric characters.');
- }
- if(strlen($this->username) > 30 || strlen($this->password) > 30)) {
- throw new Exception('Username and password can not exceed 30 characters.');
- }
- if(parent::find_user($this->username)) {
- throw new Exception('Username is already in use.');
- }
- if($this->search_email()) {
- throw new Exception('Email is already in use.');
- }
- }
- //Locate a field based on email
- //Used to make sure there are no double emails
- private function search_email() {
- $query = 'SELECT * FROM users WHERE email=\''.$this->email.'\'';
- $check = mysql_query($query);
- $rows = mysql_num_rows($check);
- if($rows == 0) {
- return false;
- } else {
- return true;
- }
- }
- }*/
- //Validation Class
- class validate extends account {
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement