Hmm nu har jeg lavet om på den som jeg ville mene den skulle være sammenlignet med den originale.
Men nu viser jeg bare koden her
- Session.php
- <?
- include("database.php");
- include("mailer.php");
- include("form.php");
-
- class Session
- {
- var $username; //Username given on sign-up
- var $fornavn;
- var $efternavn;
- var $email;
- var $userid; //Random value generated on current login
- var $userlevel; //The level to which the user pertains
- var $time; //Time user was last active (page loaded)
- var $logged_in; //True if user is logged in, false otherwise
- var $userinfo = array(); //The array holding all user info
- var $url; //The page url current being viewed
- var $referrer; //Last recorded site page viewed
- /**
- * Note: referrer should really only be considered the actual
- * page referrer in process.php, any other time it may be
- * inaccurate.
- */
-
- /* Class constructor */
- function Session(){
- $this->time = time();
- $this->startSession();
- }
-
- /**
- * startSession - Performs all the actions necessary to
- * initialize this session object. Tries to determine if the
- * the user has logged in already, and sets the variables
- * accordingly. Also takes advantage of this page load to
- * update the active visitors tables.
- */
- function startSession(){
- global $database; //The database connection
- session_start(); //Tell PHP to start the session
-
- /* Determine if user is logged in */
- $this->logged_in = $this->checkLogin();
-
- /**
- * Set guest value to users not logged in, and update
- * active guests table accordingly.
- */
- if(!$this->logged_in){
- $this->email = $_SESSION['email'] = GUEST_NAME;
- $this->userlevel = GUEST_LEVEL;
- $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
- }
- /* Update users last active timestamp */
- else{
- $database->addActiveUser($this->email, $this->time);
- }
-
- /* Remove inactive visitors from database */
- $database->removeInactiveUsers();
- $database->removeInactiveGuests();
-
- /* Set referrer page */
- if(isset($_SESSION['url'])){
- $this->referrer = $_SESSION['url'];
- }else{
- $this->referrer = "/";
- }
-
- /* Set current url */
- $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
- }
-
- /**
- * checkLogin - Checks if the user has already previously
- * logged in, and a session with the user has already been
- * established. Also checks to see if user has been remembered.
- * If so, the database is queried to make sure of the user's
- * authenticity. Returns true if the user has logged in.
- */
- function checkLogin(){
- global $database; //The database connection
- /* Check if user has been remembered */
- if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
- $this->email = $_SESSION['email'] = $_COOKIE['cookname'];
- $this->userid = $_SESSION['userid'] = $_COOKIE['cookid'];
- }
-
- /* Username and userid have been set and not guest */
- if(isset($_SESSION['email']) && isset($_SESSION['userid']) &&
- $_SESSION['email'] != GUEST_NAME){
- /* Confirm that username and userid are valid */
- if($database->confirmUserID($_SESSION['email'], $_SESSION['userid']) != 0){
- /* Variables are incorrect, user not logged in */
- unset($_SESSION['email']);
- unset($_SESSION['userid']);
- return false;
- }
-
- /* User is logged in, set class variables */
- $this->userinfo = $database->getUserInfo($_SESSION['email']);
- $this->fornavn = $this->userinfo['fornavn'];
- $this->efternavn = $this->userinfo['efternavn'];
- $this->userid = $this->userinfo['userid'];
- $this->userlevel = $this->userinfo['userlevel'];
- return true;
- }
- /* User not logged in */
- else{
- return false;
- }
- }
-
- /**
- * login - The user has submitted his username and password
- * through the login form, this function checks the authenticity
- * of that information in the database and creates the session.
- * Effectively logging in the user if all goes well.
- */
- function login($subemail, $subpass, $subremember){
- global $database, $form; //The database and form object
-
- /* Username error checking */
- $field = "email"; //Use field name for username
- if(!$subemail || strlen($subemail = trim($subemail)) == 0){
- $form->setError($field, "* Username not entered");
- }
- else{
- /* Check if username is not alphanumeric */
- $regexx = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
- ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
- ."\.([a-z]{2,}){1}$";
- if(!eregi($regexx,$subemail)){
- $form->setError($field, "* Username not alphanumeric");
- }
- }
-
-
- /* Password error checking */
- $field = "pass"; //Use field name for password
- if(!$subpass){
- $form->setError($field, "* Password not entered");
- }
-
- /* Return if form errors exist */
- if($form->num_errors > 0){
- return false;
- }
-
- /* Checks that username is in database and password is correct */
- $subemail = stripslashes($subemail);
- $result = $database->confirmUserPass($subemail, md5($subpass));
-
- /* Check error codes */
- if($result == 1){
- $field = "email";
- $form->setError($field, "* Username not found");
- }
- else if($result == 2){
- $field = "pass";
- $form->setError($field, "* Invalid password");
- }
-
- /* Return if form errors exist */
- if($form->num_errors > 0){
- return false;
- }
-
- /* Username and password correct, register session variables */
- $this->userinfo = $database->getUserInfo($subemail);
- $this->email = $_SESSION['email'] = $this->userinfo['email'];
- $this->userid = $_SESSION['userid'] = $this->generateRandID();
- $this->userlevel = $this->userinfo['userlevel'];
-
- /* Insert userid into database and update active users table */
- $database->updateUserField($this->email, "userid", $this->userid);
- $database->addActiveUser($this->email, $this->time);
- $database->removeActiveGuest($_SERVER['REMOTE_ADDR']);
-
- /**
- * This is the cool part: the user has requested that we remember that
- * he's logged in, so we set two cookies. One to hold his username,
- * and one to hold his random value userid. It expires by the time
- * specified in constants.php. Now, next time he comes to our site, we will
- * log him in automatically, but only if he didn't log out before he left.
- */
- if($subremember){
- setcookie("cookname", $this->email, time()+COOKIE_EXPIRE, COOKIE_PATH);
- setcookie("cookid", $this->userid, time()+COOKIE_EXPIRE, COOKIE_PATH);
- }
-
- /* Login completed successfully */
- return true;
- }
-
- /**
- * logout - Gets called when the user wants to be logged out of the
- * website. It deletes any cookies that were stored on the users
- * computer as a result of him wanting to be remembered, and also
- * unsets session variables and demotes his user level to guest.
- */
- function logout(){
- global $database; //The database connection
- /**
- * Delete cookies - the time must be in the past,
- * so just negate what you added when creating the
- * cookie.
- */
- if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
- setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
- setcookie("cookid", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
- }
-
- /* Unset PHP session variables */
- unset($_SESSION['email']);
- unset($_SESSION['userid']);
-
- /* Reflect fact that user has logged out */
- $this->logged_in = false;
-
- /**
- * Remove from active users table and add to
- * active guests tables.
- */
- $database->removeActiveUser($this->email);
- $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
-
- /* Set user level to guest */
- $this->email = GUEST_NAME;
- $this->userlevel = GUEST_LEVEL;
- }
-
- /**
- * register - Gets called when the user has just submitted the
- * registration form. Determines if there were any errors with
- * the entry fields, if so, it records the errors and returns
- * 1. If no errors were found, it registers the new user and
- * returns 0. Returns 2 if registration failed.
- */
- function register($subuser, $subpass, $subemail){
- global $database, $form, $mailer; //The database, form and mailer object
-
- /* Username error checking */
- $field = "user"; //Use field name for username
- if(!$subuser || strlen($subuser = trim($subuser)) == 0){
- $form->setError($field, "* Username not entered");
- }
- else{
- /* Spruce up username, check length */
- $subuser = stripslashes($subuser);
- if(strlen($subuser) < 5){
- $form->setError($field, "* Username below 5 characters");
- }
- else if(strlen($subuser) > 30){
- $form->setError($field, "* Username above 30 characters");
- }
- /* Check if username is not alphanumeric */
- else if(!eregi("^([0-9a-z])+$", $subuser)){
- $form->setError($field, "* Username not alphanumeric");
- }
- /* Check if username is reserved */
- else if(strcasecmp($subuser, GUEST_NAME) == 0){
- $form->setError($field, "* Username reserved word");
- }
- /* Check if username is already in use */
- else if($database->usernameTaken($subuser)){
- $form->setError($field, "* Username already in use");
- }
- /* Check if username is banned */
- else if($database->usernameBanned($subuser)){
- $form->setError($field, "* Username banned");
- }
- }
-
- /* Password error checking */
- $field = "pass"; //Use field name for password
- if(!$subpass){
- $form->setError($field, "* Password not entered");
- }
- else{
- /* Spruce up password and check length*/
- $subpass = stripslashes($subpass);
- if(strlen($subpass) < 4){
- $form->setError($field, "* Password too short");
- }
- /* Check if password is not alphanumeric */
- else if(!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))){
- $form->setError($field, "* Password not alphanumeric");
- }
- /**
- * Note: I trimmed the password only after I checked the length
- * because if you fill the password field up with spaces
- * it looks like a lot more characters than 4, so it looks
- * kind of stupid to report "password too short".
- */
- }
-
- /* Email error checking */
- $field = "email"; //Use field name for email
- if(!$subemail || strlen($subemail = trim($subemail)) == 0){
- $form->setError($field, "* Email not entered");
- }
- else{
- /* Check if valid email address */
- $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
- ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
- ."\.([a-z]{2,}){1}$";
- if(!eregi($regex,$subemail)){
- $form->setError($field, "* Email invalid");
- }
- $subemail = stripslashes($subemail);
- }
-
- /* Errors exist, have user correct them */
- if($form->num_errors > 0){
- return 1; //Errors with form
- }
- /* No errors, add the new account to the */
- else{
- if($database->addNewUser($subuser, md5($subpass), $subemail)){
- if(EMAIL_WELCOME){
- $mailer->sendWelcome($subuser,$subemail,$subpass);
- }
- return 0; //New user added succesfully
- }else{
- return 2; //Registration attempt failed
- }
- }
- }
-
- /**
- * editAccount - Attempts to edit the user's account information
- * including the password, which it first makes sure is correct
- * if entered, if so and the new password is in the right
- * format, the change is made. All other fields are changed
- * automatically.
- */
- function editAccount($subcurpass, $subnewpass, $subemail){
- global $database, $form; //The database and form object
- /* New password entered */
- if($subnewpass){
- /* Current Password error checking */
- $field = "curpass"; //Use field name for current password
- if(!$subcurpass){
- $form->setError($field, "* Current Password not entered");
- }
- else{
- /* Check if password too short or is not alphanumeric */
- $subcurpass = stripslashes($subcurpass);
- if(strlen($subcurpass) < 4 ||
- !eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))){
- $form->setError($field, "* Current Password incorrect");
- }
- /* Password entered is incorrect */
- if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){
- $form->setError($field, "* Current Password incorrect");
- }
- }
-
- /* New Password error checking */
- $field = "newpass"; //Use field name for new password
- /* Spruce up password and check length*/
- $subpass = stripslashes($subnewpass);
- if(strlen($subnewpass) < 4){
- $form->setError($field, "* New Password too short");
- }
- /* Check if password is not alphanumeric */
- else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))){
- $form->setError($field, "* New Password not alphanumeric");
- }
- }
- /* Change password attempted */
- else if($subcurpass){
- /* New Password error reporting */
- $field = "newpass"; //Use field name for new password
- $form->setError($field, "* New Password not entered");
- }
-
- /* Email error checking */
- $field = "email"; //Use field name for email
- if($subemail && strlen($subemail = trim($subemail)) > 0){
- /* Check if valid email address */
- $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
- ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
- ."\.([a-z]{2,}){1}$";
- if(!eregi($regex,$subemail)){
- $form->setError($field, "* Email invalid");
- }
- $subemail = stripslashes($subemail);
- }
-
- /* Errors exist, have user correct them */
- if($form->num_errors > 0){
- return false; //Errors with form
- }
-
- /* Update password since there were no errors */
- if($subcurpass && $subnewpass){
- $database->updateUserField($this->username,"password",md5($subnewpass));
- }
-
- /* Change Email */
- if($subemail){
- $database->updateUserField($this->username,"email",$subemail);
- }
-
- /* Success! */
- return true;
- }
-
- /**
- * isAdmin - Returns true if currently logged in user is
- * an administrator, false otherwise.
- */
- function isAdmin(){
- return ($this->userlevel == ADMIN_LEVEL ||
- $this->email == ADMIN_NAME);
- }
-
- /**
- * generateRandID - Generates a string made up of randomized
- * letters (lower and upper case) and digits and returns
- * the md5 hash of it to be used as a userid.
- */
- function generateRandID(){
- return md5($this->generateRandStr(16));
- }
-
- /**
- * generateRandStr - Generates a string made up of randomized
- * letters (lower and upper case) and digits, the length
- * is a specified parameter.
- */
- function generateRandStr($length){
- $randstr = "";
- for($i=0; $i<$length; $i++){
- $randnum = mt_rand(0,61);
- if($randnum < 10){
- $randstr .= chr($randnum+48);
- }else if($randnum < 36){
- $randstr .= chr($randnum+55);
- }else{
- $randstr .= chr($randnum+61);
- }
- }
- return $randstr;
- }
- };
-
-
- /**
- * Initialize session object - This must be initialized before
- * the form object because the form uses session variables,
- * which cannot be accessed unless the session has started.
- */
- $session = new Session;
-
- /* Initialize form object */
- $form = new Form;
-
- ?>
- Database.php
- <?
- include("constants.php");
-
- class MySQLDB
- {
- var $connection; //The MySQL database connection
- var $num_active_users; //Number of active users viewing site
- var $num_active_guests; //Number of active guests viewing site
- var $num_members; //Number of signed-up users
- /* Note: call getNumMembers() to access $num_members! */
-
- /* Class constructor */
- function MySQLDB(){
- /* Make connection to database */
- $this->connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
- mysql_select_db(DB_NAME, $this->connection) or die(mysql_error());
-
- /**
- * Only query database to find out number of members
- * when getNumMembers() is called for the first time,
- * until then, default value set.
- */
- $this->num_members = -1;
-
- if(TRACK_VISITORS){
- /* Calculate number of users at site */
- $this->calcNumActiveUsers();
-
- /* Calculate number of guests at site */
- $this->calcNumActiveGuests();
- }
- }
-
- /**
- * confirmUserPass - Checks whether or not the given
- * username is in the database, if so it checks if the
- * given password is the same password in the database
- * for that user. If the user doesn't exist or if the
- * passwords don't match up, it returns an error code
- * (1 or 2). On success it returns 0.
- */
- function confirmUserPass($email, $password){
- /* Add slashes if necessary (for query) */
- if(!get_magic_quotes_gpc()) {
- $email = addslashes($email);
- }
-
- /* Verify that user is in database */
- $q = "SELECT password FROM ".TBL_USERS." WHERE email = '$email'";
- $result = mysql_query($q, $this->connection);
- if(!$result || (mysql_numrows($result) < 1)){
- return 1; //Indicates username failure
- }
-
- /* Retrieve password from result, strip slashes */
- $dbarray = mysql_fetch_array($result);
- $dbarray['password'] = stripslashes($dbarray['password']);
- $password = stripslashes($password);
-
- /* Validate that password is correct */
- if($password == $dbarray['password']){
- return 0; //Success! Username and password confirmed
- }
- else{
- return 2; //Indicates password failure
- }
- }
-
- /**
- * confirmUserID - Checks whether or not the given
- * username is in the database, if so it checks if the
- * given userid is the same userid in the database
- * for that user. If the user doesn't exist or if the
- * userids don't match up, it returns an error code
- * (1 or 2). On success it returns 0.
- */
- function confirmUserID($email, $userid){
- /* Add slashes if necessary (for query) */
- if(!get_magic_quotes_gpc()) {
- $email = addslashes($email);
- }
-
- /* Verify that user is in database */
- $q = "SELECT userid FROM ".TBL_USERS." WHERE email = '$email'";
- $result = mysql_query($q, $this->connection);
- if(!$result || (mysql_numrows($result) < 1)){
- return 1; //Indicates username failure
- }
-
- /* Retrieve userid from result, strip slashes */
- $dbarray = mysql_fetch_array($result);
- $dbarray['userid'] = stripslashes($dbarray['userid']);
- $userid = stripslashes($userid);
-
- /* Validate that userid is correct */
- if($userid == $dbarray['userid']){
- return 0; //Success! Username and userid confirmed
- }
- else{
- return 2; //Indicates userid invalid
- }
- }
-
- /**
- * usernameTaken - Returns true if the username has
- * been taken by another user, false otherwise.
- */
- function usernameTaken($email){
- if(!get_magic_quotes_gpc()){
- $email = addslashes($email);
- }
- $q = "SELECT email FROM ".TBL_USERS." WHERE email = '$email'";
- $result = mysql_query($q, $this->connection);
- return (mysql_numrows($result) > 0);
- }
-
- /**
- * usernameBanned - Returns true if the username has
- * been banned by the administrator.
- */
- function usernameBanned($email){
- if(!get_magic_quotes_gpc()){
- $email = addslashes($email);
- }
- $q = "SELECT email FROM ".TBL_BANNED_USERS." WHERE email = '$email'";
- $result = mysql_query($q, $this->connection);
- return (mysql_numrows($result) > 0);
- }
-
- /**
- * addNewUser - Inserts the given (username, password, email)
- * info into the database. Appropriate user level is set.
- * Returns true on success, false otherwise.
- */
- function addNewUser($username, $password, $email){
- $time = time();
- /* If admin sign up, give admin user level */
- if(strcasecmp($email, ADMIN_NAME) == 0){
- $ulevel = ADMIN_LEVEL;
- }else{
- $ulevel = USER_LEVEL;
- }
- $q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time)";
- return mysql_query($q, $this->connection);
- }
-
- /**
- * updateUserField - Updates a field, specified by the field
- * parameter, in the user's row of the database.
- */
- function updateUserField($username, $field, $value){
- $q = "UPDATE ".TBL_USERS." SET ".$field." = '$value' WHERE email = '$email'";
- return mysql_query($q, $this->connection);
- }
-
- /**
- * getUserInfo - Returns the result array from a mysql
- * query asking for all information stored regarding
- * the given username. If query fails, NULL is returned.
- */
- function getUserInfo($username){
- $q = "SELECT * FROM ".TBL_USERS." WHERE email = '$email'";
- $result = mysql_query($q, $this->connection);
- /* Error occurred, return given name by default */
- if(!$result || (mysql_numrows($result) < 1)){
- return NULL;
- }
- /* Return result array */
- $dbarray = mysql_fetch_array($result);
- return $dbarray;
- }
-
- /**
- * getNumMembers - Returns the number of signed-up users
- * of the website, banned members not included. The first
- * time the function is called on page load, the database
- * is queried, on subsequent calls, the stored result
- * is returned. This is to improve efficiency, effectively
- * not querying the database when no call is made.
- */
- function getNumMembers(){
- if($this->num_members < 0){
- $q = "SELECT * FROM ".TBL_USERS;
- $result = mysql_query($q, $this->connection);
- $this->num_members = mysql_numrows($result);
- }
- return $this->num_members;
- }
-
- /**
- * calcNumActiveUsers - Finds out how many active users
- * are viewing site and sets class variable accordingly.
- */
- function calcNumActiveUsers(){
- /* Calculate number of users at site */
- $q = "SELECT * FROM ".TBL_ACTIVE_USERS;
- $result = mysql_query($q, $this->connection);
- $this->num_active_users = mysql_numrows($result);
- }
-
- /**
- * calcNumActiveGuests - Finds out how many active guests
- * are viewing site and sets class variable accordingly.
- */
- function calcNumActiveGuests(){
- /* Calculate number of guests at site */
- $q = "SELECT * FROM ".TBL_ACTIVE_GUESTS;
- $result = mysql_query($q, $this->connection);
- $this->num_active_guests = mysql_numrows($result);
- }
-
- /**
- * addActiveUser - Updates username's last active timestamp
- * in the database, and also adds him to the table of
- * active users, or updates timestamp if already there.
- */
- function addActiveUser($username, $time){
- $q = "UPDATE ".TBL_USERS." SET timestamp = '$time' WHERE email = '$email'";
- mysql_query($q, $this->connection);
-
- if(!TRACK_VISITORS) return;
- $q = "REPLACE INTO ".TBL_ACTIVE_USERS." VALUES ('$email', '$time')";
- mysql_query($q, $this->connection);
- $this->calcNumActiveUsers();
- }
-
- /* addActiveGuest - Adds guest to active guests table */
- function addActiveGuest($ip, $time){
- if(!TRACK_VISITORS) return;
- $q = "REPLACE INTO ".TBL_ACTIVE_GUESTS." VALUES ('$ip', '$time')";
- mysql_query($q, $this->connection);
- $this->calcNumActiveGuests();
- }
-
- /* These functions are self explanatory, no need for comments */
-
- /* removeActiveUser */
- function removeActiveUser($username){
- if(!TRACK_VISITORS) return;
- $q = "DELETE FROM ".TBL_ACTIVE_USERS." WHERE email = '$email'";
- mysql_query($q, $this->connection);
- $this->calcNumActiveUsers();
- }
-
- /* removeActiveGuest */
- function removeActiveGuest($ip){
- if(!TRACK_VISITORS) return;
- $q = "DELETE FROM ".TBL_ACTIVE_GUESTS." WHERE ip = '$ip'";
- mysql_query($q, $this->connection);
- $this->calcNumActiveGuests();
- }
-
- /* removeInactiveUsers */
- function removeInactiveUsers(){
- if(!TRACK_VISITORS) return;
- $timeout = time()-USER_TIMEOUT*60;
- $q = "DELETE FROM ".TBL_ACTIVE_USERS." WHERE timestamp < $timeout";
- mysql_query($q, $this->connection);
- $this->calcNumActiveUsers();
- }
-
- /* removeInactiveGuests */
- function removeInactiveGuests(){
- if(!TRACK_VISITORS) return;
- $timeout = time()-GUEST_TIMEOUT*60;
- $q = "DELETE FROM ".TBL_ACTIVE_GUESTS." WHERE timestamp < $timeout";
- mysql_query($q, $this->connection);
- $this->calcNumActiveGuests();
- }
-
- /**
- * query - Performs the given query on the database and
- * returns the result, which may be false, true or a
- * resource identifier.
- */
- function query($query){
- return mysql_query($query, $this->connection);
- }
- };
-
- /* Create database connection */
- $database = new MySQLDB;
-
- ?>
- Register.php
- <?
- include("include/session.php");
- ?>
-
- <html>
- <body>
-
- <?
- /**
- * The user is already logged in, not allowed to register.
- */
- if($session->logged_in){
- echo "<h1>Registered</h1>";
- echo "<p>We're sorry <b>$session->fornavn</b>, but you've already registered. "
- ."<a href=\"main.php\">Main</a>.</p>";
- }
- /**
- * The user has submitted the registration form and the
- * results have been processed.
- */
- else if(isset($_SESSION['regsuccess'])){
- /* Registration was successful */
- if($_SESSION['regsuccess']){
- echo "<h1>Registered!</h1>";
- echo "<p>Thank you <b>".$_SESSION['reguname']."</b>, your information has been added to the database, "
- ."you may now <a href=\"main.php\">log in</a>.</p>";
- }
- /* Registration failed */
- else{
- echo "<h1>Registration Failed</h1>";
- echo "<p>We're sorry, but an error has occurred and your registration for the username <b>".$_SESSION['reguname']."</b>, "
- ."could not be completed.<br>Please try again at a later time.</p>";
- }
- unset($_SESSION['regsuccess']);
- unset($_SESSION['reguname']);
- }
- /**
- * The user has not filled out the registration form yet.
- * Below is the page with the sign-up form, the names
- * of the input fields are important and should not
- * be changed.
- */
- else{
- ?>
-
- <h1>Register</h1>
- <?
- if($form->num_errors > 0){
- echo "<td><font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font></td>";
- }
- ?>
- <form action="process.php" method="POST">
- <table align="left" border="0" cellspacing="0" cellpadding="3">
- <tr>
- <td width="63">Fornavn:</td><td width="144"><input type="text" name="fornavn" maxlength="30" value="<? echo $form->value("fornavn"); ?>"></td><td width="61"><? echo $form->error("fornavn"); ?></td></tr>
- <tr>
- <td>Efternavn:</td>
- <td><input type="text" name="efternavn" maxlength="30" value="<? echo $form->value("efternavn"); ?>"></td>
- <td><? echo $form->error("efternavn"); ?></td>
- </tr>
- <tr>
- <td>Kode:</td><td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td><td><? echo $form->error("pass"); ?></td></tr>
- <tr><td>Email:</td><td><input type="text" name="email" maxlength="50" value="<? echo $form->value("email"); ?>"></td><td><? echo $form->error("email"); ?></td></tr>
- <tr><td colspan="2" align="right">
- <input type="hidden" name="subjoin" value="1">
- <input type="submit" value="Join!"></td></tr>
- <tr><td colspan="2" align="left"></td></tr>
- </table>
- </form>
-
- <?
- }
- ?>
-
- </body>
- </html>
- Process.php
- <?
- include("include/session.php");
-
- class Process
- {
- /* Class constructor */
- function Process(){
- global $session;
- /* User submitted login form */
- if(isset($_POST['sublogin'])){
- $this->procLogin();
- }
- /* User submitted registration form */
- else if(isset($_POST['subjoin'])){
- $this->procRegister();
- }
- /* User submitted forgot password form */
- else if(isset($_POST['subforgot'])){
- $this->procForgotPass();
- }
- /* User submitted edit account form */
- else if(isset($_POST['subedit'])){
- $this->procEditAccount();
- }
- /**
- * The only other reason user should be directed here
- * is if he wants to logout, which means user is
- * logged in currently.
- */
- else if($session->logged_in){
- $this->procLogout();
- }
- /**
- * Should not get here, which means user is viewing this page
- * by mistake and therefore is redirected.
- */
- else{
- header("Location: main.php");
- }
- }
-
- /**
- * procLogin - Processes the user submitted login form, if errors
- * are found, the user is redirected to correct the information,
- * if not, the user is effectively logged in to the system.
- */
- function procLogin(){
- global $session, $form;
- /* Login attempt */
- $retval = $session->login($_POST['email'], $_POST['pass'], isset($_POST['remember']));
-
- /* Login successful */
- if($retval){
- header("Location: ".$session->referrer);
- }
- /* Login failed */
- else{
- $_SESSION['value_array'] = $_POST;
- $_SESSION['error_array'] = $form->getErrorArray();
- header("Location: ".$session->referrer);
- }
- }
-
- /**
- * procLogout - Simply attempts to log the user out of the system
- * given that there is no logout form to process.
- */
- function procLogout(){
- global $session;
- $retval = $session->logout();
- header("Location: main.php");
- }
-
- /**
- * procRegister - Processes the user submitted registration form,
- * if errors are found, the user is redirected to correct the
- * information, if not, the user is effectively registered with
- * the system and an email is (optionally) sent to the newly
- * created user.
- */
- function procRegister(){
- global $session, $form;
- /* Convert username to all lowercase (by option) */
- if(ALL_LOWERCASE){
- $_POST['email'] = strtolower($_POST['email']);
- }
- /* Registration attempt */
- $retval = $session->register($_POST['user'], $_POST['pass'], $_POST['email']);
-
- /* Registration Successful */
- if($retval == 0){
- $_SESSION['reguname'] = $_POST['email'];
- $_SESSION['regsuccess'] = true;
- header("Location: ".$session->referrer);
- }
- /* Error found with form */
- else if($retval == 1){
- $_SESSION['value_array'] = $_POST;
- $_SESSION['error_array'] = $form->getErrorArray();
- header("Location: ".$session->referrer);
- }
- /* Registration attempt failed */
- else if($retval == 2){
- $_SESSION['reguname'] = $_POST['email'];
- $_SESSION['regsuccess'] = false;
- header("Location: ".$session->referrer);
- }
- }
-
- /**
- * procForgotPass - Validates the given username then if
- * everything is fine, a new password is generated and
- * emailed to the address the user gave on sign up.
- */
- function procForgotPass(){
- global $database, $session, $mailer, $form;
- /* Username error checking */
- $subuser = $_POST['user'];
- $field = "user"; //Use field name for username
- if(!$subuser || strlen($subuser = trim($subuser)) == 0){
- $form->setError($field, "* Username not entered<br>");
- }
- else{
- /* Make sure username is in database */
- $subuser = stripslashes($subuser);
-
- if(strlen($subuser) < 5 || strlen($subuser) > 30 ||
- !eregi("^([0-9a-z])+$", $subuser) ||
- (!$database->usernameTaken($subuser))){
- $form->setError($field, "* Username does not exist<br>");
- }
- }
-
- /* Errors exist, have user correct them */
- if($form->num_errors > 0){
- $_SESSION['value_array'] = $_POST;
- $_SESSION['error_array'] = $form->getErrorArray();
- }
- /* Generate new password and email it to user */
- else{
- /* Generate new password */
- $newpass = $session->generateRandStr(8);
-
- /* Get email of user */
- $usrinf = $database->getUserInfo($subuser);
- $email = $usrinf['email'];
-
- /* Attempt to send the email with new password */
- if($mailer->sendNewPass($subuser,$email,$newpass)){
- /* Email sent, update database */
- $database->updateUserField($subuser, "password", md5($newpass));
- $_SESSION['forgotpass'] = true;
- }
- /* Email failure, do not change password */
- else{
- $_SESSION['forgotpass'] = false;
- }
- }
-
- header("Location: ".$session->referrer);
- }
-
- /**
- * procEditAccount - Attempts to edit the user's account
- * information, including the password, which must be verified
- * before a change is made.
- */
- function procEditAccount(){
- global $session, $form;
- /* Account edit attempt */
- $retval = $session->editAccount($_POST['fornavn'],$_POST['efternavn'],$_POST['curpass'], $_POST['newpass'], $_POST['email']);
-
- /* Account edit successful */
- if($retval){
- $_SESSION['useredit'] = true;
- header("Location: ".$session->referrer);
- }
- /* Error found with form */
- else{
- $_SESSION['value_array'] = $_POST;
- $_SESSION['error_array'] = $form->getErrorArray();
- header("Location: ".$session->referrer);
- }
- }
- };
-
- /* Initialize process */
- $process = new Process;
-
- ?>
Det er nok de mest vitale for at se de originale kan i se dem Her:
http://evolt.org/PHP-Login-System-with-Admin-Featureseller
Download dem:
http://evolt.org/system/files?file=Login_System_v.2.0.zipMvh Buch
Indlæg senest redigeret d. 09.06.2008 11:37 af Bruger #13723