Login   Register  
PHP Classes
elePHPant
Icontem

File: usermanager.php

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Classes of Giulio Bai  >  User Manager  >  usermanager.php  >  Download  
File: usermanager.php
Role: Class source
Content type: text/plain
Description: Main class file
Class: User Manager
Manage and authenticate registered users
Author: By
Last change: fixed
Date: 4 years ago
Size: 14,135 bytes
 

Contents

Class file image Download
<?php

class UserManager
{

    var $connect = '';
    
    var $logged_in = '';

    var $HOMEPAGE = "/index.php";
    
    var $LOGIN = "?action=LOGIN";
    
    var $REGISTER = "?action=REGISTER";
    
    var $FORGOTPW = "?action=FORGOT";
    
    var $REDIR_PAGE = "/index.php";
    
    var $USR_MAXCHARS = 30;

    
    public function __construct()
    {
        $dbhost	= 'localhost'; // Your host name
	$dbusername	= 'username'; // Your username
	$dbpassword	= ''; // Your password
	$dbname	= ''; // Your database name
	
	$this->logged_in = $this->check_login();
	
	$this->connect = mysql_connect($dbhost, $dbusername, $dbpassword);
	mysql_select_db($dbname, $this->connect) or die ("Could not select database");
    }


    function check_email($address)
    {
    	$chars = "/^([a-z0-9+_]|\\-|\\.)+@(([a-z0-9_]|\\-)+\\.)+[a-z]{2,6}\$/i";

    	if (strstr($address, '@') && strstr($address, '.')) {
    		if (preg_match($chars, $address))
                return true;
    		else
                return false;
    	} else
            return false;

    }
    
    
    
    function create_password($lenght = 7)
    {
    	$chars = "abcdefghijkmnopqrstuvwxyz023456789";

    	srand((double)microtime() * 1000000);
        
    	$pass = '';

    	for($i=0; $i<$lenght; $i++) {
    		$num = rand() % 33;
            
    		$tmp = substr($chars, $num, 1);
            
    		$pass = $pass . $tmp;
    	}

    	return $pass;
    }
    
    
    
    function username_taken($username)
    {
    	if (!get_magic_quotes_gpc())
            $username = addslashes($username);

    	$q = "SELECT username FROM users WHERE username = '$username'";

    	$result = mysql_query($q, $this->connect);

    	return (mysql_numrows($result) > 0);
    }
    
    
    
    function add_user($username, $password, $email)
    {
    	$q = "INSERT INTO users (username, password, email)
                            VALUES ('$username', '$password', '$email')";

    	return mysql_query($q, $this->connect);
    }
    
    
    
    function display_status()
    {
        $uname = $_SESSION['reguname'];

    	if ($_SESSION['regresult']) {
    		?>

    		<div>
    		<h1>Registered!</h1>
    		<p>Thank you <b><?php echo $uname;?>
    		</b> you have just became a registered member! You can now <a href="$this->LOGIN">log in</a>.</p>
    		</div>

    		<?php

    	} else {

    		?>

    		<div>
    		<h1>Registration Failed!</h1>
    		<p>Sorry, but an error has occurred while tring to register you... Your request for registering <b>"<?php echo $uname; ?>"</b>, could not be completed.<br />
    		Please try again at a later time.</p>
    		</div>
            
    		<?php
    	}

    	unset($_SESSION['reguname']);
    	unset($_SESSION['registered']);
    	unset($_SESSION['regresult']);
    }
    
    
    
    function display_register()
    {
        if (isset($_SESSION['registered'])) {
            $this->display_status();
            return;
        }

    	if (isset($_POST['subjoin'])) {
    		if (!$_POST['user'] || !$_POST['pass'] || !$_POST['email'])
                die( "<div><h1>Error:</h1><b>You didn't fill in a required field</b><br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</div>" );

    		if ($_POST['pass'] != $_POST['pass2'])
                die( "<div><h1>Error:</h1><b>Passwords don't match</b><br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</div>" );

                
    		$_POST['user'] = trim($_POST['user']);

    		if (strlen($_POST['user']) > $this->USR_MAXCHARS)
                die( "<div><h1>Error:</h1><b>Username is longer than " . $this->USR_MAXCHARS . " characters</b><br />Please shorten it<br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</DIV>" );

    		if ($this->username_taken($_POST['user'])) {
    			$use = $_POST['user'];
    			die( "<div><h1>Error:</h1>Username <strong>$use</strong> already exists<br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</div>" );
    		}

    		if (!$this->check_email($_POST['email']))
                die( "<div><h1>Error:</h1><b>Invalid Email address!</b><br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</div>" );

                
    		$md5pass = md5($_POST['pass']);

    		$_SESSION['reguname'] = $_POST['user'];

    		$_SESSION['regresult'] = $this->add_user($_POST['user'], $md5pass, $_POST['email']);

    		$_SESSION['registered'] = true;

    		header( "Location: " . $this->HOMEPAGE);

    	} else { // Register form
        
    		require("forms/register_form.php");
    	
        }
    }
    
    
    function confirm_user($username, $password)
    {
    	if (!get_magic_quotes_gpc())
            $username = addslashes($username);

    	$q = "SELECT password FROM users WHERE username = '$username'";

    	$result = mysql_query($q, $this->connect);

    	if (!$result || (mysql_numrows($result) < 1 ))
            return 1; // Username failure

    	$dbarray = mysql_fetch_array($result);

    	$dbarray['password'] = stripslashes($dbarray['password']);

    	$password = stripslashes($password);

    	if ($password == $dbarray['password'])
            return 0; // Username and password are OK
    	else
            return 2; // Password failure
    }
    
    
    
    function check_login()
    {
    	if (isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])) {
    		$_SESSION['username'] = $_COOKIE['cookname'];
    		$_SESSION['password'] = $_COOKIE['cookpass'];
    	}

    	// User authentication
    	if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
    		if (confirm_user($_SESSION['username'], $_SESSION['password']) != 0) {
    			unset($_SESSION['username']);
    			unset($_SESSION['password']);

    			return false;
    		}

    		return true;
    	}

    	return false;
    }
    
    
    
    function display_forgot()
    {
    	if (isset($_POST['subpass'])) {
    		if (!$_POST['user'] || !$_POST['email'])
    			die( "<div><h1>Error:</h1><strong>You didn't fill in a required field</strong><br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</div>" );

    		if (!$this->check_email($_POST['email']))
    			die( "<div><h1>Error:</h1><strong>Invalid Email address!</strong><br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</DIV>" );

    		$usr = mysql_real_escape_string(trim($_POST['user']));
    		$email = mysql_real_escape_string(trim($_POST['email']));

    		if (!$this->confirm_user($usr, $email))
    			die("Error! Something didn't work... try at a later time or contact the system administrator" );

    		$pwd = $this->create_password();

    		$md5pwd = md5($pwd);

    		$settings = mysql_query( "SELECT * FROM settings", $this->connect);

    		$mysettings = mysql_fetch_assoc( $settings );

    		$sitename = $mysettings['sitename'];



    		$upload = mysql_query("UPDATE users SET password='$md5pwd' WHERE username='$usr' ", $this->connect);

    		$message = "Dear " . $usr . " , this email has been sent in answer to your request
            to get back your password to enter the " . $this->SITENAME . " website.<br />
            If you haven't asked for your password, make sure you are the <strong>ONLY ONE<strong>
            who knows your email address and username you use to access the site. Anyway,
            don't worry about that: log into your account and change the email (if you have another),
            then confirm the changes.<br /><br />
            #################################################<br /><br />
            Your NEW Password is <strong> " . $pwd . "<br />
            Keep it safe!<br /><br />
            Best regards,  the" . $this->SITENAME . " administration team";

    		mail($email, $this->SITENAME . "Password Recovery", $message);

    		echo "<a href=" . $this->HOMEPAGE . ">Go to the Home Page</a>";

    	} else
            require( "forms/password_recovery_form.php" );
    }
    
    
    
    function display_login()
    {
    	if ($this->logged_in) {
    		?>
    	    <div>
    		<h1>Logging in...</h1>
    		You are logging in as <em><?= $_SESSION['username'] ?></em><br>
            Click <a href="<?= $this->REDIR_PAGE ?>">here to continue</a>.<br>
            You can also <a href="<?= $this->LOGOUT ?>">cancel the operation</a>.
            <br /><br />
            (Auto-redirect in 5 seconds...)
            
    		<meta http-equiv="refresh" content="5; url=<?= $this->REDIR_PAGE ?>">
    		</div>
            
    	<?php

    	} else {
    		if (isset($_POST['sublogin'])) {
    			if (!$_POST['user'] || !$_POST['pass'])
    				die( "<div><h1>Error:</h1><b>You didn't fill in a required field</b><br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</div>" );

    			$_POST['user'] = trim($_POST['user']);

    			$md5pass = md5($_POST['pass']);

    			$result = $this->confirm_user($_POST['user'], $md5pass);
                
    			if ($result == 1)
    				die( "<div><h1>Error:</h1><strong>Unexisting Username!</strong><br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</DIV>" );
    			elseif ( $result == 2 )
    				die( "<div><h1>Error:</h1><strong>Incorrect Password!</strong><br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</div>" );

    			$_POST['user'] = stripslashes($_POST['user']);

    			$_SESSION['username'] = $_POST['user'];
    			$_SESSION['password'] = $md5pass;

    			if (isset($_POST['remember'])) { // Remember me!
    				setcookie("cookname", $_SESSION['username'], time() + 60 * 60 * 24 * 100, "/");
    				setcookie("cookpass", $_SESSION['password'], time() + 60 * 60 * 24 * 100, "/");
    			}

    			echo "<meta http-equiv=\"Refresh\" content=\"0;url=$this->LOGIN\">";
    			return;
    		} else {

                require( "forms/login_form.php" );

    		}
    	}
    }
    
    
    function log_out()
    {
    	if (isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])) {
    		setcookie("cookname", "", time() - 60 * 60 * 24 * 100, "/");
    		setcookie("cookpass", "", time() - 60 * 60 * 24 * 100, "/");
    	}

    	if (!$this->logged_in) {
    		echo "<div>";
    		echo "<h1>Error!</h1>\n";
    		echo "<strong>You are not currently logged in</strong>, logout failed. Go to <a href=\"$this->HOMEPAGE\">Home Page</a> or <a href=\"$this->LOGIN\">Login</a>";
    		echo "</div>";
    	} else {
    		unset($_SESSION['username']);
    		unset($_SESSION['password']);

    		$_SESSION = array();

    		session_destroy();

    		echo "<div>";
    		echo "<h1>Logged Out</h1>\n";
    		echo "You have successfully <strong>logged out</strong>. Click <a href=\"$this->REDIR_PAGE\">here to proceed</a>.";
    		echo "</div>";
    	}
    }
    
    
    function display_user()
    {  
        $usern = $_SESSION['username'];
        
    	if (isset($_POST['subinfo'])) {

    		$username = mysql_real_escape_string($_POST['username']);
    		$email = mysql_real_escape_string($_POST['email']);
    		$realname = mysql_real_escape_string($_POST['realname']);
    		$website = mysql_real_escape_string($_POST['website']);
    		$country = mysql_real_escape_string($_POST['country']);

    		$city = mysql_real_escape_string($_POST['city']);
    		$cap = mysql_real_escape_string($_POST['cap']);
    		$phone = mysql_real_escape_string($_POST['phone']);
    		$profile = mysql_real_escape_string($_POST['profile']);

    		$icq = trim($_POST['icq']);
    		$msn = trim($_POST['msn']);
    		$yahoo = trim($_POST['yahoo']);
    		$skype = trim($_POST['skype']);

    		$im = $icq . ";" . $msn . ";" . $yahoo . ";" . $skype;

    		$result = mysql_query("UPDATE users SET email='$email', realname='$realname', website='$website', country='$country', city='$city', cap='$cap', phone='$phone', im='$im', profile='$profile' WHERE username='$usern'", $this->connect);

    		echo "<center><strong>Profile UPDATED</strong> successfully!";
    		echo "<meta http-equiv=Refresh content=1;url=javascript:self.history.back();>";
            
    	} else {

    		$result = mysql_query("SELECT * FROM users WHERE username='$usern' ");

    		while ($myrow = mysql_fetch_assoc($result)) {
    			$username = $myrow["username"];
    			$email = $myrow["email"];
    			$realname = $myrow["realname"];
    			$website = $myrow["website"];
    			$country = $myrow["country"];
    			$profile = $myrow["profile"];

    			require_once( "forms/info_form.php" );
    		}
    	}

        
    	if (isset($_POST['subpass'])) {
    		$oldpassword = mysql_real_escape_string($_POST['oldpassword']);
    		$newpassword = mysql_real_escape_string($_POST['newpassword']);
    		$newpassword2 = mysql_real_escape_string($_POST['newpassword2']);

    		$oldmd5 = md5($oldpassword);

    		if ($oldmd5 != $_SESSION['password'])
                die("<center>Wrong password! Please try again.</center>");

    		if ($newpassword != $newpassword2)
                die( "<center>Passwords must match! Please try again.</center>" );

    		$newmd5 = md5($newpassword);

    		$result = mysql_query("UPDATE users SET password='$newmd5' WHERE username='$usern' ", $this->connect);

    		$_SESSION['password'] = $newmd5;

    		echo "<center><strong>Password CHANGED</strong> successfully!</center>";
    		echo "<meta http-equiv=Refresh content=1;url=javascript:self.history.back();>";

    	} else {
    		$result = mysql_query("SELECT * FROM users WHERE username='$usern'", $this->connect);

    		while ($myrow = mysql_fetch_assoc($result))
                require_once("forms/password_form.php");
    	}
    }
    
    
}

?>