hostname_logon, $this->username_logon, $this->password_logon) or die ('Unabale to connect to the database'); mysql_select_db($this->database_logon) or die ('Unable to select database!'); return; } //login function function login($table, $username, $password){ //conect to DB $this->dbconnect(); //make sure table name is set if($this->user_table == ""){ $this->user_table = $table; } //check if encryption is used if($this->encrypt == true){ $password = md5($password); } //execute login via qry function that prevents MySQL injections $result = $this->qry("SELECT * FROM ".$this->user_table." WHERE ".$this->user_column."='?' AND ".$this->pass_column." = '?';" , $username, $password); $row=mysql_fetch_assoc($result); if($row != "Error"){ if($row[$this->user_column] !="" && $row[$this->pass_column] !=""){ //register sessions //you can add additional sessions here if needed //$_SESSION['loggedin'] = $row[$this->pass_column]; //userlevel session is optional. Use it if you have different user levels //$_SESSION['user_email'] = $row[$this->user_email]; //setcookie("admin_access", "granted", time()+3600); $_SESSION['valid_user'] = true; $_SESSION['start'] = time(); return true; }else{ session_destroy(); return false; } }else{ return false; } } //prevent injection function qry($query) { $this->dbconnect(); $args = func_get_args(); $query = array_shift($args); $query = str_replace("?", "%s", $query); $args = array_map('mysql_real_escape_string', $args); array_unshift($args,$query); $query = call_user_func_array('sprintf',$args); $result = mysql_query($query) or die(mysql_error()); if($result){ return $result; }else{ $error = "Error"; return $result; } } //logout function function logout(){ session_destroy(); return; } //check if loggedin function logincheck($user_table, $username, $password){ //conect to DB $this->dbconnect(); //make sure password column and table are set if($this->user_table == ""){ $this->user_table = $user_table; } if($this->encrypt == true){ $password = md5($password); } //exectue query $result = $this->qry("SELECT * FROM ".$this->user_table." WHERE ".$this->user_column."='?' AND ".$this->pass_column." = '?'" , $username, $password); $rownum = mysql_num_rows($result); //return true if logged in and false if not $row=mysql_fetch_array($result); if($row != "Error"){ if($rownum > 0){ return true; }else{ return false; } } } function changePass($user_table, $username, $newpassword){ //conect to DB $this->dbconnect(); //make sure password column and table are set if($this->user_table == ""){ $this->user_table = $user_table; } if($this->encrypt == true){ $newpassword = md5($newpassword); } $qry = "UPDATE ".$this->user_table." SET ".$this->pass_column."='".$newpassword."' WHERE ".$this->user_column."='".stripslashes($username)."'"; $result = mysql_query($qry) or die(mysql_error()); } //reset password function passwordreset($userEmail, $user_table, $pass_column, $user_column){ //conect to DB $this->dbconnect(); //generate new password $newpassword = $this->createPassword(); //make sure password column and table are set if($this->pass_column == ""){ $this->pass_column = $pass_column; } if($this->user_column == ""){ $this->user_column = $user_column; } if($this->user_table == ""){ $this->user_table = $user_table; } //check if encryption is used if($this->encrypt == true){ $newpassword = md5($newpassword); } $result = $this->qry("SELECT * FROM ".$this->user_table." WHERE ".$this->user_email."='".stripslashes($userEmail)."'"); $row=mysql_fetch_assoc($result); $rownum = mysql_num_rows($result); if($row != "Error"){ if($rownum == 1){ $_SESSION['email']=stripslashes($userEmail); //update database with new password $qry = "UPDATE ".$this->user_table." SET ".$this->pass_column."='".$newpassword."' WHERE ".$this->user_email."='".stripslashes($userEmail)."'"; $result = mysql_query($qry) or die(mysql_error()); return true; }else{ return false; } } $to = stripslashes($userEmail); //some injection protection $illigals=array("n", "r","%0A","%0D","%0a","%0d","bcc:","Content-Type","BCC:","Bcc:","Cc:","CC:","TO:","To:","cc:","to:"); $to = str_replace($illigals, "", $to); $getemail = explode("@",$to); //send only if there is one email if(sizeof($getemail) > 2){ return false; }else{ //send email $from = $_SERVER['SERVER_NAME']; $subject = "Password Reset: ".$_SERVER['SERVER_NAME']; $msg = "

Your new password is: ".$newpassword."

"; //now we need to set mail headers $headers = "MIME-Version: 1.0 rn" ; $headers .= "Content-Type: text/html; rn" ; $headers .= "From: $from rn" ; //now we are ready to send mail $sent = mail($to, $subject, $msg, $headers); if($sent){ return true; }else{ return false; } } } //create random password with 8 alphanumerical characters function createPassword() { $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz0123456789"; srand((double)microtime()*1000000); $i = 0; $pass = '' ; while ($i <= 9) { $num = rand() % 70; $tmp = substr($chars, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } //login form function loginform($formname, $formid, $formaction, $err_message){ //conect to DB $this->dbconnect(); echo'
 


'.$err_message.'
Ati uitat parola?
'; } //reset password form function resetform($formname, $formid, $formaction, $err_message){ //conect to DB $this->dbconnect(); echo'
 


'.$err_message.'
'; } function resetsuccess($message, $link_value, $link_address){ $this->dbconnect(); $email_address=$_SESSION['email']; echo'
'.$message.' '.$email_address.'.
'.$link_value.'
'; } //function to install logon table function cratetable($tablename){ //conect to DB $this->dbconnect(); $qry = "CREATE TABLE IF NOT EXISTS ".$tablename." ( userid int(11) NOT NULL auto_increment, useremail varchar(50) NOT NULL default '', password varchar(50) NOT NULL default '', userlevel int(11) NOT NULL default '0', PRIMARY KEY (userid) )"; $result = mysql_query($qry) or die(mysql_error()); return; } } ?>