hostname, $config->username, $config->password) or die('Unabale to connect to the database'); mysql_select_db($config->db_name) or die('Unable to select database!'); return; } //login function function login($table, $username, $password) { //conect to DB $this->dbconnect(); //make sure table name is set if ($this->user_table == "") { $this->user_table = $table; } //check if encryption is used if ($this->encrypt == true) { $password = md5($password); } //execute login via qry function that prevents MySQL injections $result = $this->qry("SELECT * FROM " . $this->user_table . " WHERE " . $this->user_column . "='?' AND " . $this->pass_column . " = '?';", $username, $password); $row = mysql_fetch_assoc($result); if ($row != "Error") { if ($row[$this->user_column] != "" && $row[$this->pass_column] != "") { //register sessions //you can add additional sessions here if needed //$_SESSION['loggedin'] = $row[$this->pass_column]; //userlevel session is optional. Use it if you have different user levels //$_SESSION['user_email'] = $row[$this->user_email]; //setcookie("admin_access", "granted", time()+3600); $_SESSION['valid_user'] = true; $_SESSION['start'] = time(); return true; } else { session_destroy(); return false; } } else { return false; } } //prevent injection function qry($query) { $this->dbconnect(); $args = func_get_args(); $query = array_shift($args); $query = str_replace("?", "%s", $query); $args = array_map('mysql_real_escape_string', $args); array_unshift($args, $query); $query = call_user_func_array('sprintf', $args); $result = mysql_query($query) or die(mysql_error()); if ($result) { return $result; } else { $error = "Error"; return $result; } } //logout function function logout() { session_destroy(); return; } //check if loggedin function logincheck($user_table, $username, $password) { //conect to DB $this->dbconnect(); //make sure password column and table are set if ($this->user_table == "") { $this->user_table = $user_table; } if ($this->encrypt == true) { $password = md5($password); } //exectue query $result = $this->qry("SELECT * FROM " . $this->user_table . " WHERE " . $this->user_column . "='?' AND " . $this->pass_column . " = '?'", $username, $password); $rownum = mysql_num_rows($result); //return true if logged in and false if not $row = mysql_fetch_array($result); if ($row != "Error") { if ($rownum > 0) { return true; } else { return false; } } } function changePass($user_table, $username, $newpassword) { //conect to DB $this->dbconnect(); //make sure password column and table are set if ($this->user_table == "") { $this->user_table = $user_table; } if ($this->encrypt == true) { $newpassword = md5($newpassword); } $qry = "UPDATE " . $this->user_table . " SET " . $this->pass_column . "='" . $newpassword . "' WHERE " . $this->user_column . "='" . stripslashes($username) . "'"; $result = mysql_query($qry) or die(mysql_error()); } //reset password function passwordreset($userEmail, $user_table, $pass_column, $user_column) { //conect to DB $this->dbconnect(); //generate new password $newpassword = $this->createPassword(); //make sure password column and table are set if ($this->pass_column == "") { $this->pass_column = $pass_column; } if ($this->user_column == "") { $this->user_column = $user_column; } if ($this->user_table == "") { $this->user_table = $user_table; } //check if encryption is used if ($this->encrypt == true) { $newpassword = md5($newpassword); } $result = $this->qry("SELECT * FROM " . $this->user_table . " WHERE " . $this->user_email . "='" . stripslashes($userEmail) . "'"); $row = mysql_fetch_assoc($result); $rownum = mysql_num_rows($result); if ($row != "Error") { if ($rownum == 1) { $_SESSION['email'] = stripslashes($userEmail); //update database with new password $qry = "UPDATE " . $this->user_table . " SET " . $this->pass_column . "='" . $newpassword . "' WHERE " . $this->user_email . "='" . stripslashes($userEmail) . "'"; $result = mysql_query($qry) or die(mysql_error()); return true; } else { return false; } } $to = stripslashes($userEmail); //some injection protection $illigals = array("n", "r", "%0A", "%0D", "%0a", "%0d", "bcc:", "Content-Type", "BCC:", "Bcc:", "Cc:", "CC:", "TO:", "To:", "cc:", "to:"); $to = str_replace($illigals, "", $to); $getemail = explode("@", $to); //send only if there is one email if (sizeof($getemail) > 2) { return false; } else { //send email $from = $_SERVER['SERVER_NAME']; $subject = "Password Reset: " . $_SERVER['SERVER_NAME']; $msg = "

Your new password is: " . $newpassword . "

"; //now we need to set mail headers $headers = "MIME-Version: 1.0 rn"; $headers .= "Content-Type: text/html; rn"; $headers .= "From: $from rn"; //now we are ready to send mail $sent = mail($to, $subject, $msg, $headers); if ($sent) { return true; } else { return false; } } } //create random password with 8 alphanumerical characters function createPassword() { $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz0123456789"; srand((double) microtime() * 1000000); $i = 0; $pass = ''; while ($i <= 9) { $num = rand() % 70; $tmp = substr($chars, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } //login form function loginform($formname, $formid, $formaction, $err_message) { //conect to DB $this->dbconnect(); echo'
 


' . $err_message . '
Ati uitat parola?
'; } //reset password form function resetform($formname, $formid, $formaction, $err_message) { //conect to DB $this->dbconnect(); echo'
 


' . $err_message . '
'; } function resetsuccess($message, $link_value, $link_address) { $this->dbconnect(); $email_address = $_SESSION['email']; echo'
' . $message . ' ' . $email_address . '.
' . $link_value . '
'; } //function to install logon table function cratetable($tablename) { //conect to DB $this->dbconnect(); $qry = "CREATE TABLE IF NOT EXISTS " . $tablename . " ( userid int(11) NOT NULL auto_increment, useremail varchar(50) NOT NULL default '', password varchar(50) NOT NULL default '', userlevel int(11) NOT NULL default '0', PRIMARY KEY (userid) )"; $result = mysql_query($qry) or die(mysql_error()); return; } } ?>