PHP Classes

File: usermanager.php

Recommend this page to a friend!
  Classes of Giulio Bai   User Manager   usermanager.php   Download  
File: usermanager.php
Role: Class source
Content type: text/plain
Description: Main class file
Class: User Manager
Manage and authenticate registered users
Author: By
Last change: fixed
Date: 15 years ago
Size: 14,135 bytes
 

Contents

Class file image Download
<?php class UserManager { var $connect = ''; var $logged_in = ''; var $HOMEPAGE = "/index.php"; var $LOGIN = "?action=LOGIN"; var $REGISTER = "?action=REGISTER"; var $FORGOTPW = "?action=FORGOT"; var $REDIR_PAGE = "/index.php"; var $USR_MAXCHARS = 30; public function __construct() { $dbhost = 'localhost'; // Your host name $dbusername = 'username'; // Your username $dbpassword = ''; // Your password $dbname = ''; // Your database name $this->logged_in = $this->check_login(); $this->connect = mysql_connect($dbhost, $dbusername, $dbpassword); mysql_select_db($dbname, $this->connect) or die ("Could not select database"); } function check_email($address) { $chars = "/^([a-z0-9+_]|\\-|\\.)+@(([a-z0-9_]|\\-)+\\.)+[a-z]{2,6}\$/i"; if (strstr($address, '@') && strstr($address, '.')) { if (preg_match($chars, $address)) return true; else return false; } else return false; } function create_password($lenght = 7) { $chars = "abcdefghijkmnopqrstuvwxyz023456789"; srand((double)microtime() * 1000000); $pass = ''; for($i=0; $i<$lenght; $i++) { $num = rand() % 33; $tmp = substr($chars, $num, 1); $pass = $pass . $tmp; } return $pass; } function username_taken($username) { if (!get_magic_quotes_gpc()) $username = addslashes($username); $q = "SELECT username FROM users WHERE username = '$username'"; $result = mysql_query($q, $this->connect); return (mysql_numrows($result) > 0); } function add_user($username, $password, $email) { $q = "INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')"; return mysql_query($q, $this->connect); } function display_status() { $uname = $_SESSION['reguname']; if ($_SESSION['regresult']) { ?> <div> <h1>Registered!</h1> <p>Thank you <b><?php echo $uname;?> </b> you have just became a registered member! You can now <a href="$this->LOGIN">log in</a>.</p> </div> <?php } else { ?> <div> <h1>Registration Failed!</h1> <p>Sorry, but an error has occurred while tring to register you... Your request for registering <b>"<?php echo $uname; ?>"</b>, could not be completed.<br /> Please try again at a later time.</p> </div> <?php } unset($_SESSION['reguname']); unset($_SESSION['registered']); unset($_SESSION['regresult']); } function display_register() { if (isset($_SESSION['registered'])) { $this->display_status(); return; } if (isset($_POST['subjoin'])) { if (!$_POST['user'] || !$_POST['pass'] || !$_POST['email']) die( "<div><h1>Error:</h1><b>You didn't fill in a required field</b><br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</div>" ); if ($_POST['pass'] != $_POST['pass2']) die( "<div><h1>Error:</h1><b>Passwords don't match</b><br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</div>" ); $_POST['user'] = trim($_POST['user']); if (strlen($_POST['user']) > $this->USR_MAXCHARS) die( "<div><h1>Error:</h1><b>Username is longer than " . $this->USR_MAXCHARS . " characters</b><br />Please shorten it<br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</DIV>" ); if ($this->username_taken($_POST['user'])) { $use = $_POST['user']; die( "<div><h1>Error:</h1>Username <strong>$use</strong> already exists<br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</div>" ); } if (!$this->check_email($_POST['email'])) die( "<div><h1>Error:</h1><b>Invalid Email address!</b><br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</div>" ); $md5pass = md5($_POST['pass']); $_SESSION['reguname'] = $_POST['user']; $_SESSION['regresult'] = $this->add_user($_POST['user'], $md5pass, $_POST['email']); $_SESSION['registered'] = true; header( "Location: " . $this->HOMEPAGE); } else { // Register form require("forms/register_form.php"); } } function confirm_user($username, $password) { if (!get_magic_quotes_gpc()) $username = addslashes($username); $q = "SELECT password FROM users WHERE username = '$username'"; $result = mysql_query($q, $this->connect); if (!$result || (mysql_numrows($result) < 1 )) return 1; // Username failure $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); if ($password == $dbarray['password']) return 0; // Username and password are OK else return 2; // Password failure } function check_login() { if (isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])) { $_SESSION['username'] = $_COOKIE['cookname']; $_SESSION['password'] = $_COOKIE['cookpass']; } // User authentication if (isset($_SESSION['username']) && isset($_SESSION['password'])) { if (confirm_user($_SESSION['username'], $_SESSION['password']) != 0) { unset($_SESSION['username']); unset($_SESSION['password']); return false; } return true; } return false; } function display_forgot() { if (isset($_POST['subpass'])) { if (!$_POST['user'] || !$_POST['email']) die( "<div><h1>Error:</h1><strong>You didn't fill in a required field</strong><br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</div>" ); if (!$this->check_email($_POST['email'])) die( "<div><h1>Error:</h1><strong>Invalid Email address!</strong><br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</DIV>" ); $usr = mysql_real_escape_string(trim($_POST['user'])); $email = mysql_real_escape_string(trim($_POST['email'])); if (!$this->confirm_user($usr, $email)) die("Error! Something didn't work... try at a later time or contact the system administrator" ); $pwd = $this->create_password(); $md5pwd = md5($pwd); $settings = mysql_query( "SELECT * FROM settings", $this->connect); $mysettings = mysql_fetch_assoc( $settings ); $sitename = $mysettings['sitename']; $upload = mysql_query("UPDATE users SET password='$md5pwd' WHERE username='$usr' ", $this->connect); $message = "Dear " . $usr . " , this email has been sent in answer to your request to get back your password to enter the " . $this->SITENAME . " website.<br /> If you haven't asked for your password, make sure you are the <strong>ONLY ONE<strong> who knows your email address and username you use to access the site. Anyway, don't worry about that: log into your account and change the email (if you have another), then confirm the changes.<br /><br /> #################################################<br /><br /> Your NEW Password is <strong> " . $pwd . "<br /> Keep it safe!<br /><br /> Best regards, the" . $this->SITENAME . " administration team"; mail($email, $this->SITENAME . "Password Recovery", $message); echo "<a href=" . $this->HOMEPAGE . ">Go to the Home Page</a>"; } else require( "forms/password_recovery_form.php" ); } function display_login() { if ($this->logged_in) { ?> <div> <h1>Logging in...</h1> You are logging in as <em><?= $_SESSION['username'] ?></em><br> Click <a href="<?= $this->REDIR_PAGE ?>">here to continue</a>.<br> You can also <a href="<?= $this->LOGOUT ?>">cancel the operation</a>. <br /><br /> (Auto-redirect in 5 seconds...) <meta http-equiv="refresh" content="5; url=<?= $this->REDIR_PAGE ?>"> </div> <?php } else { if (isset($_POST['sublogin'])) { if (!$_POST['user'] || !$_POST['pass']) die( "<div><h1>Error:</h1><b>You didn't fill in a required field</b><br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</div>" ); $_POST['user'] = trim($_POST['user']); $md5pass = md5($_POST['pass']); $result = $this->confirm_user($_POST['user'], $md5pass); if ($result == 1) die( "<div><h1>Error:</h1><strong>Unexisting Username!</strong><br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</DIV>" ); elseif ( $result == 2 ) die( "<div><h1>Error:</h1><strong>Incorrect Password!</strong><br /><br /><a href=\"javascript:self.history.back();\">Go Back</a> and try again</div>" ); $_POST['user'] = stripslashes($_POST['user']); $_SESSION['username'] = $_POST['user']; $_SESSION['password'] = $md5pass; if (isset($_POST['remember'])) { // Remember me! setcookie("cookname", $_SESSION['username'], time() + 60 * 60 * 24 * 100, "/"); setcookie("cookpass", $_SESSION['password'], time() + 60 * 60 * 24 * 100, "/"); } echo "<meta http-equiv=\"Refresh\" content=\"0;url=$this->LOGIN\">"; return; } else { require( "forms/login_form.php" ); } } } function log_out() { if (isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])) { setcookie("cookname", "", time() - 60 * 60 * 24 * 100, "/"); setcookie("cookpass", "", time() - 60 * 60 * 24 * 100, "/"); } if (!$this->logged_in) { echo "<div>"; echo "<h1>Error!</h1>\n"; echo "<strong>You are not currently logged in</strong>, logout failed. Go to <a href=\"$this->HOMEPAGE\">Home Page</a> or <a href=\"$this->LOGIN\">Login</a>"; echo "</div>"; } else { unset($_SESSION['username']); unset($_SESSION['password']); $_SESSION = array(); session_destroy(); echo "<div>"; echo "<h1>Logged Out</h1>\n"; echo "You have successfully <strong>logged out</strong>. Click <a href=\"$this->REDIR_PAGE\">here to proceed</a>."; echo "</div>"; } } function display_user() { $usern = $_SESSION['username']; if (isset($_POST['subinfo'])) { $username = mysql_real_escape_string($_POST['username']); $email = mysql_real_escape_string($_POST['email']); $realname = mysql_real_escape_string($_POST['realname']); $website = mysql_real_escape_string($_POST['website']); $country = mysql_real_escape_string($_POST['country']); $city = mysql_real_escape_string($_POST['city']); $cap = mysql_real_escape_string($_POST['cap']); $phone = mysql_real_escape_string($_POST['phone']); $profile = mysql_real_escape_string($_POST['profile']); $icq = trim($_POST['icq']); $msn = trim($_POST['msn']); $yahoo = trim($_POST['yahoo']); $skype = trim($_POST['skype']); $im = $icq . ";" . $msn . ";" . $yahoo . ";" . $skype; $result = mysql_query("UPDATE users SET email='$email', realname='$realname', website='$website', country='$country', city='$city', cap='$cap', phone='$phone', im='$im', profile='$profile' WHERE username='$usern'", $this->connect); echo "<center><strong>Profile UPDATED</strong> successfully!"; echo "<meta http-equiv=Refresh content=1;url=javascript:self.history.back();>"; } else { $result = mysql_query("SELECT * FROM users WHERE username='$usern' "); while ($myrow = mysql_fetch_assoc($result)) { $username = $myrow["username"]; $email = $myrow["email"]; $realname = $myrow["realname"]; $website = $myrow["website"]; $country = $myrow["country"]; $profile = $myrow["profile"]; require_once( "forms/info_form.php" ); } } if (isset($_POST['subpass'])) { $oldpassword = mysql_real_escape_string($_POST['oldpassword']); $newpassword = mysql_real_escape_string($_POST['newpassword']); $newpassword2 = mysql_real_escape_string($_POST['newpassword2']); $oldmd5 = md5($oldpassword); if ($oldmd5 != $_SESSION['password']) die("<center>Wrong password! Please try again.</center>"); if ($newpassword != $newpassword2) die( "<center>Passwords must match! Please try again.</center>" ); $newmd5 = md5($newpassword); $result = mysql_query("UPDATE users SET password='$newmd5' WHERE username='$usern' ", $this->connect); $_SESSION['password'] = $newmd5; echo "<center><strong>Password CHANGED</strong> successfully!</center>"; echo "<meta http-equiv=Refresh content=1;url=javascript:self.history.back();>"; } else { $result = mysql_query("SELECT * FROM users WHERE username='$usern'", $this->connect); while ($myrow = mysql_fetch_assoc($result)) require_once("forms/password_form.php"); } } } ?>