Untitled

<?
    /*
        PHP/Mysql Account System
        Written by Benjamin Knox
        Email: knoxius@knoxius.com
        ©Knoxius.com 2010
    */

    //Connect to MySql - Select database to use
    require($_SERVER['DOCUMENT_ROOT'].'/assets/class/connect.php');
    mysql_select_db('knoxius8_account');

    class account {
        //Random character string generator
        //Credit to Mich (michhimself.com) and james@coretelecom.co.uk
        private function str_rand($length) {
            $chars = array_merge(range('A', 'Z'), range('a', 'z'),range(0, 9));
            $out = "";
                for($i=0; $i < $length; $i++) {
                    $string .= $chars[mt_rand(0,count($chars)-1)];
                }
            return $string;
        }

        //Check fields lengths and validity
        public function check_field($string) {
            if(empty($string)) {
                return false;
            } else {
                return true;
            }
        }

        //Clear the string of exploitive characters
        public function clear_string($string) {
            $string = mysql_real_escape_string($string);
            $string = strip_tags($string);
            $string = trim($string);
            $string = addslashes($string);
            return $string;
        }

        //Locate the user in the database
        public function find_user($username) {
            $query = 'SELECT * FROM users WHERE username=\''.$username.'\'';
            $check = mysql_query($query);

            $returned = mysql_num_rows($check);
            if($returned == 0) {
                return false;
            } else {
                return true;
            }
        }

        //Retrieve specified item from user's information
            //Current columns within the table include:
            /* 'id', 'username', 'password', 'email', 'usergroup' */
        public function get_info($username,$col) {
            $query = 'SELECT * FROM users WHERE username=\''.$username.'\'';
            $check = mysql_query($query);

            $info = mysql_fetch_array($check);
            $selected = $info[$col];
            return $selected;
        }
    }

    class login extends account {
        private $username;
        private $password;
        private $remember;

        //Account Construction Function
        public function __construct($username,$password,$remember) {
            $this->username = parent::clear_string($username);
            $this->password = parent::clear_string($password);
            $this->remember = $remember;

            $this->begin_login();
        }

        //Check if the password matches the stored password
        private function check_pswd() {
            $username = $this->username;
            $password = md5($this->password);

            $sql_pswd = parent::get_info($username,'password');

            if($password != $sql_pswd) {
                return false;
            } else {
                return true;
            }
        }

        //Check if the user has validated their account
        //The user is invalid if their usergroup is 0
        private function check_validity() {
            $username = $this->username;

            $usergroup = parent::get_info($username,'usergroup');

            if($usergroup == 0) {
                return false;
            } else {
                return true;
            }
        }

        //Set the login cookie
        private function set_cookie() {
            $username = $this->username;
            $remember = $this->remember;
            $code = parent::str_rand(10);
            $code = md5($username.$code);

            if($remember == true) {
                setcookie('knoxius_account',$code,time()+60+60+24+30,'/','.knoxius.com');
            } else {
                setcookie('knoxius_account',$code,0,'/','.knoxius.com');
            }

            return $code;
        }

        //Set the login session
        private function create_session() {
            session_start();

            $username = $this->username;
            $code = parent::str_rand(10);
            $sess_id = md5($username.$code);

            $_SESSION['knoxius_account'] = $sess_id;

            $cookie = $this->set_cookie();

            $query = 'INSERT INTO session VALUES(NULL,\''.$username.'\',\''.$cookie.'\',\''.$sess_id.'\'';
            $create_sess = mysql_query($query);

            if(!$create_sess) {
                return false;
            } else {
                return true;
            }
        }

        //Log the user in
        private function begin_login() {
            $username = $this->username;
            $password = $this->password;

            if(empty($username) || empty($password)) { return 'Error: One or more fields were left blank.'; exit; }
            if(!$this->check_pswd()) { return 'Error: Password incorrect for user \''.$username.'\'.'; exit; }
            if(!$this->check_validity()) { return 'Error: User \''.$username.'\' has not been validated.'; exit; }
            if(!parent::find_user($username)) { return 'Error: User \''.$username.'\' not found in database.'; exit; }

            $login = $this->create_session();

            if(!$login) {
                return 'An unknown error occurred and you were not logged in.';
            }
        }
    }

    class register extends account {

    }

    class validate extends account {

    }
?>