main.php:
<?
/**
* Main.php
*
* This is an example of the main page of a website. Here
* users will be able to login. However, like on most sites
* the login form doesn't just have to be on the main page,
* but re-appear on subsequent pages, depending on whether
* the user has logged in or not.
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 26, 2004
*/
include("include/session.php");
?>
<html>
<title>Jpmaster77's Login Script</title>
<body>
<table>
<tr><td>
<?
/**
* User has already logged in, so display relavent links, including
* a link to the admin center if the user is an administrator.
*/
if($session->logged_in){
echo "<h1>Login activo</h1>";
echo "Bem Vindo <b>$session->username</b>Está logado. <br><br>"
."[<a href=\"userinfo.php?user=$session->username\">A minha conta</a>] "
."[<a href=\"useredit.php\">Editar Conta</a>] ";
if($session->isAdmin()){
echo "[<a href=\"admin/admin.php\">Admin Center</a>] ";
}
echo "[<a href=\"process.php\">Logout</a>]";
}
else{
?>
<h1>Login</h1>
<?
/**
* User not logged in, display the login form.
* If user has already tried to login, but errors were
* found, display the total number of errors.
* If errors occurred, they will be displayed.
*/
if($form->num_errors > 0){
echo "<font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font>";
}
?>
<form action="process.php" method="POST">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td><td><? echo $form->error("user"); ?></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td><td><? echo $form->error("pass"); ?></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="Lembrar" <? if($form->value("remember") != ""){ echo "checked"; } ?>>
<font size="2">Lembrar login
<input type="hidden" name="sublogin" value="1">
<input type="submit" value="Login"></td></tr>
<tr><td colspan="2" align="left"><br><font size="2">[<a href="forgotpass.php">Forgot Password?</a>]</font></td><td align="right"></td></tr>
<tr><td colspan="2" align="left"><br>Não está registado? <a href="register.php">Registe-se!</a></td></tr>
</table>
</form>
<?
}
/**
* Just a little page footer, tells how many registered members
* there are, how many users currently logged in and viewing site,
* and how many guests viewing site. Active users are displayed,
* with link to their user information.
*/
echo "</td></tr><tr><td align=\"center\"><br><br>";
echo "<b>Total de membros:</b> ".$database->getNumMembers()."<br>";
echo "São $database->num_active_users membros registados e ";
echo "$database->num_active_guests visitantes a ver o site.<br><br>";
include("include/view_active.php");
?>
</td></tr>
</table>
</body>
</html>
register.php:
<?
/**
* Register.php
*
* Displays the registration form if the user needs to sign-up,
* or lets the user know, if he's already logged in, that he
* can't register another name.
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 19, 2004
*/
include("include/session.php");
?>
<html>
<title>Registo</title>
<body>
<?
/**
* The user is already logged in, not allowed to register.
*/
if($session->logged_in){
echo "<h1>Registado</h1>";
echo "<p>Pedimos desculpa <b>$session->username</b>, mas já está registado. "
."<a href=\"main.php\">Home</a>.</p>";
}
/**
* The user has submitted the registration form and the
* results have been processed.
*/
else if(isset($_SESSION['regsuccess'])){
/* Registration was successful */
if($_SESSION['regsuccess']){
echo "<h1>Registado!</h1>";
echo "<p>Obrigado <b>".$_SESSION['reguname']."</b>, A sua informação foi registada!, "
."Agora pode <a href=\"main.php\">Efectuar o login</a>.</p>";
}
/* Registration failed */
else{
echo "<h1>Registro falhou!</h1>";
echo "<p>Pedimos desculpa mas errou no Username. <b>".$_SESSION['reguname']."</b>, "
."Não se pode completar.<br>Por favor tente mais tarde.</p>";
}
unset($_SESSION['regsuccess']);
unset($_SESSION['reguname']);
}
/**
* The user has not filled out the registration form yet.
* Below is the page with the sign-up form, the names
* of the input fields are important and should not
* be changed.
*/
else{
?>
<h1>Registar</h1>
<?
if($form->num_errors > 0){
echo "<td><font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font></td>";
}
?>
<form action="process.php" method="POST">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td><td><? echo $form->error("user"); ?></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td><td><? echo $form->error("pass"); ?></td></tr>
<tr><td>Email:</td><td><input type="text" name="email" maxlength="50" value="<? echo $form->value("email"); ?>"></td><td><? echo $form->error("email"); ?></td></tr>
<tr><td colspan="2" align="right">
<input type="hidden" name="subjoin" value="1">
<input type="submit" value="Join!"></td></tr>
<tr><td colspan="2" align="left"><a href="main.php">Back to Main</a></td></tr>
</table>
</form>
<?
}
?>
</body>
</html>
process.php:
<?
/**
* Process.php
*
* The Process class is meant to simplify the task of processing
* user submitted forms, redirecting the user to the correct
* pages if errors are found, or if form is successful, either
* way. Also handles the logout procedure.
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 19, 2004
*/
include("include/session.php");
class Process
{
/* Class constructor */
function Process(){
global $session;
/* User submitted login form */
if(isset($_POST['sublogin'])){
$this->procLogin();
}
/* User submitted registration form */
else if(isset($_POST['subjoin'])){
$this->procRegister();
}
/* User submitted forgot password form */
else if(isset($_POST['subforgot'])){
$this->procForgotPass();
}
/* User submitted edit account form */
else if(isset($_POST['subedit'])){
$this->procEditAccount();
}
/**
* The only other reason user should be directed here
* is if he wants to logout, which means user is
* logged in currently.
*/
else if($session->logged_in){
$this->procLogout();
}
/**
* Should not get here, which means user is viewing this page
* by mistake and therefore is redirected.
*/
else{
header("Location: main.php");
}
}
/**
* procLogin - Processes the user submitted login form, if errors
* are found, the user is redirected to correct the information,
* if not, the user is effectively logged in to the system.
*/
function procLogin(){
global $session, $form;
/* Login attempt */
$retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember']));
/* Login successful */
if($retval){
header("Location: ".$session->referrer);
}
/* Login failed */
else{
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: ".$session->referrer);
}
}
/**
* procLogout - Simply attempts to log the user out of the system
* given that there is no logout form to process.
*/
function procLogout(){
global $session;
$retval = $session->logout();
header("Location: main.php");
}
/**
* procRegister - Processes the user submitted registration form,
* if errors are found, the user is redirected to correct the
* information, if not, the user is effectively registered with
* the system and an email is (optionally) sent to the newly
* created user.
*/
function procRegister(){
global $session, $form;
/* Convert username to all lowercase (by option) */
if(ALL_LOWERCASE){
$_POST['user'] = strtolower($_POST['user']);
}
/* Registration attempt */
$retval = $session->register($_POST['user'], $_POST['pass'], $_POST['email']);
/* Registration Successful */
if($retval == 0){
$_SESSION['reguname'] = $_POST['user'];
$_SESSION['regsuccess'] = true;
header("Location: ".$session->referrer);
}
/* Error found with form */
else if($retval == 1){
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: ".$session->referrer);
}
/* Registration attempt failed */
else if($retval == 2){
$_SESSION['reguname'] = $_POST['user'];
$_SESSION['regsuccess'] = false;
header("Location: ".$session->referrer);
}
}
/**
* procForgotPass - Validates the given username then if
* everything is fine, a new password is generated and
* emailed to the address the user gave on sign up.
*/
function procForgotPass(){
global $database, $session, $mailer, $form;
/* Username error checking */
$subuser = $_POST['user'];
$field = "user"; //Use field name for username
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, "* Username not entered<br>");
}
else{
/* Make sure username is in database */
$subuser = stripslashes($subuser);
if(strlen($subuser) < 5 || strlen($subuser) > 30 ||
!eregi("^([0-9a-z])+$", $subuser) ||
(!$database->usernameTaken($subuser))){
$form->setError($field, "* Username does not exist<br>");
}
}
/* Errors exist, have user correct them */
if($form->num_errors > 0){
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
}
/* Generate new password and email it to user */
else{
/* Generate new password */
$newpass = $session->generateRandStr(8);
/* Get email of user */
$usrinf = $database->getUserInfo($subuser);
$email = $usrinf['email'];
/* Attempt to send the email with new password */
if($mailer->sendNewPass($subuser,$email,$newpass)){
/* Email sent, update database */
$database->updateUserField($subuser, "password", md5($newpass));
$_SESSION['forgotpass'] = true;
}
/* Email failure, do not change password */
else{
$_SESSION['forgotpass'] = false;
}
}
header("Location: ".$session->referrer);
}
/**
* procEditAccount - Attempts to edit the user's account
* information, including the password, which must be verified
* before a change is made.
*/
function procEditAccount(){
global $session, $form;
/* Account edit attempt */
$retval = $session->editAccount($_POST['curpass'], $_POST['newpass'], $_POST['email']);
/* Account edit successful */
if($retval){
$_SESSION['useredit'] = true;
header("Location: ".$session->referrer);
}
/* Error found with form */
else{
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: ".$session->referrer);
}
}
};
/* Initialize process */
$process = new Process;
?>
useredit.php:
<?
/**
* UserEdit.php
*
* This page is for users to edit their account information
* such as their password, email address, etc. Their
* usernames can not be edited. When changing their
* password, they must first confirm their current password.
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 26, 2004
*/
include("include/session.php");
?>
<html>
<title>Jpmaster77's Login Script</title>
<body>
<?
/**
* User has submitted form without errors and user's
* account has been edited successfully.
*/
if(isset($_SESSION['useredit'])){
unset($_SESSION['useredit']);
echo "<h1>Os seus dados foram alterados!!</h1>";
echo "<p><b>$session->username</b>, A sua conta foi actualizada!. "
."<a href=\"main.php\">Home</a>.</p>";
}
else{
?>
<?
/**
* If user is not logged in, then do not display anything.
* If user is logged in, then display the form to edit
* account information, with the current email address
* already in the field.
*/
if($session->logged_in){
?>
<h1>Editar a sua conta: <? echo $session->username; ?></h1>
<?
if($form->num_errors > 0){
echo "<td><font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font></td>";
}
?>
<form action="process.php" method="POST">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr>
<td>A actual Password:</td>
<td><input type="password" name="curpass" maxlength="30" value="
<?echo $form->value("curpass"); ?>"></td>
<td><? echo $form->error("curpass"); ?></td>
</tr>
<tr>
<td>Nova Password:</td>
<td><input type="password" name="newpass" maxlength="30" value="
<? echo $form->value("newpass"); ?>"></td>
<td><? echo $form->error("newpass"); ?></td>
</tr>
<tr>
<td>Email:</td>
<td><input type="text" name="email" maxlength="50" value="
<?
if($form->value("email") == ""){
echo $session->userinfo['email'];
}else{
echo $form->value("email");
}
?>">
</td>
<td><? echo $form->error("email"); ?></td>
</tr>
<tr><td colspan="2" align="right">
<input type="hidden" name="subedit" value="1">
<input type="submit" value="Editar Conta"></td></tr>
<tr><td colspan="2" align="left"></td></tr>
</table>
</form>
<?
}
}
?>
</body>
</html>
userinfo.php:
<?
/**
* UserInfo.php
*
* This page is for users to view their account information
* with a link added for them to edit the information.
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 26, 2004
*/
include("include/session.php");
?>
<html>
<title>Jpmaster77's Login Script</title>
<body>
<?
/* Requested Username error checking */
$req_user = trim($_GET['user']);
if(!$req_user || strlen($req_user) == 0 ||
!eregi("^([0-9a-z])+$", $req_user) ||
!$database->usernameTaken($req_user)){
die("Utilizador não registado");
}
/* Logged in user viewing own account */
if(strcmp($session->username,$req_user) == 0){
echo "<h1>Minha Conta</h1>";
}
/* Visitor not viewing own account */
else{
echo "<h1>Info utilizador</h1>";
}
/* Display requested user information */
$req_user_info = $database->getUserInfo($req_user);
/* Username */
echo "<b>Username: ".$req_user_info['username']."</b><br>";
/* Email */
echo "<b>Email:</b> ".$req_user_info['email']."<br>";
/**
* Note: when you add your own fields to the users table
* to hold more information, like homepage, location, etc.
* they can be easily accessed by the user info array.
*
* $session->user_info['location']; (for logged in users)
*
* ..and for this page,
*
* $req_user_info['location']; (for any user)
*/
/* If logged in user viewing own account, give link to edit */
if(strcmp($session->username,$req_user) == 0){
echo "<br><a href=\"useredit.php\">Editar a sua conta</a><br>";
}
/* Link back to main */
echo "<br>Voltar [<a href=\"main.php\">Home</a>]<br>";
?>
</body>
</html>
ForgotPass.php:
<?
/**
* ForgotPass.php
*
* This page is for those users who have forgotten their
* password and want to have a new password generated for
* them and sent to the email address attached to their
* account in the database. The new password is not
* displayed on the website for security purposes.
*
* Note: If your server is not properly setup to send
* mail, then this page is essentially useless and it
* would be better to not even link to this page from
* your website.
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 26, 2004
*/
include("include/session.php");
?>
<html>
<title>Jpmaster77's Login Script</title>
<body>
<?
/**
* Forgot Password form has been submitted and no errors
* were found with the form (the username is in the database)
*/
if(isset($_SESSION['forgotpass'])){
/**
* New password was generated for user and sent to user's
* email address.
*/
if($_SESSION['forgotpass']){
echo "<h1>Nova password gerada</h1>";
echo "<p>A sua nova password foi efectuada"
."e enviada para o email <br>assoçiado a sua conta. "
."<a href=\"main.php\">Main</a>.</p>";
}
/**
* Email could not be sent, therefore password was not
* edited in the database.
*/
else{
echo "<h1>Nova password com erros!</h1>";
echo "<p>Existe algum erro na sua password "
."email para a nova password,<br> por isso a sua password não será alterada. "
."<a href=\"main.php\">Main</a>.</p>";
}
unset($_SESSION['forgotpass']);
}
else{
/**
* Forgot password form is displayed, if error found
* it is displayed.
*/
?>
<h1>Esqueçeu-se da sua password?</h1>
Uma nova password será gerada e enviada para o seu email<br>
associado a sua conta, só tem que introduzir o seu "USERNAME".<br><br>
<? echo $form->error("user"); ?>
<form action="process.php" method="POST">
<b>Username:</b> <input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>">
<input type="hidden" name="subforgot" value="1">
<input type="submit" value="Nova password">
</form>
<?
}
?>
</body>
</html>
/include/constants.php:
<?
/**
* Constants.php
*
* This file is intended to group all constants to
* make it easier for the site administrator to tweak
* the login script.
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 19, 2004
*/
/**
* Database Constants - these constants are required
* in order for there to be a successful connection
* to the MySQL database. Make sure the information is
* correct.
*/
define("DB_SERVER", "localhost");
define("DB_USER", "root");
define("DB_PASS", "12345678");
define("DB_NAME", "login");
/**
* Database Table Constants - these constants
* hold the names of all the database tables used
* in the script.
*/
define("TBL_USERS", "users");
define("TBL_ACTIVE_USERS", "active_users");
define("TBL_ACTIVE_GUESTS", "active_guests");
define("TBL_BANNED_USERS", "banned_users");
/**
* Special Names and Level Constants - the admin
* page will only be accessible to the user with
* the admin name and also to those users at the
* admin user level. Feel free to change the names
* and level constants as you see fit, you may
* also add additional level specifications.
* Levels must be digits between 0-9.
*/
define("ADMIN_NAME", "admin");
define("GUEST_NAME", "Guest");
define("ADMIN_LEVEL", 9);
define("USER_LEVEL", 1);
define("GUEST_LEVEL", 0);
/**
* This boolean constant controls whether or
* not the script keeps track of active users
* and active guests who are visiting the site.
*/
define("TRACK_VISITORS", true);
/**
* Timeout Constants - these constants refer to
* the maximum amount of time (in minutes) after
* their last page fresh that a user and guest
* are still considered active visitors.
*/
define("USER_TIMEOUT", 10);
define("GUEST_TIMEOUT", 5);
/**
* Cookie Constants - these are the parameters
* to the setcookie function call, change them
* if necessary to fit your website. If you need
* help, visit [url]www.php.net[/url] for more info.
* <http://www.php.net/manual/en/function.setcookie.php>
*/
define("COOKIE_EXPIRE", 60*60*24*100); //100 days by default
define("COOKIE_PATH", "/"); //Avaible in whole domain
/**
* Email Constants - these specify what goes in
* the from field in the emails that the script
* sends to users, and whether to send a
* welcome email to newly registered users.
*/
define("EMAIL_FROM_NAME", "YourName");
define("EMAIL_FROM_ADDR", "[email protected]");
define("EMAIL_WELCOME", false);
/**
* This constant forces all users to have
* lowercase usernames, capital letters are
* converted automatically.
*/
define("ALL_LOWERCASE", false);
?>
/includes/database.php:
<?
/**
* Database.php
*
* The Database class is meant to simplify the task of accessing
* information from the website's database.
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 17, 2004
*/
include("constants.php");
class MySQLDB
{
var $connection; //The MySQL database connection
var $num_active_users; //Number of active users viewing site
var $num_active_guests; //Number of active guests viewing site
var $num_members; //Number of signed-up users
/* Note: call getNumMembers() to access $num_members! */
/* Class constructor */
function MySQLDB(){
/* Make connection to database */
$this->connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME, $this->connection) or die(mysql_error());
/**
* Only query database to find out number of members
* when getNumMembers() is called for the first time,
* until then, default value set.
*/
$this->num_members = -1;
if(TRACK_VISITORS){
/* Calculate number of users at site */
$this->calcNumActiveUsers();
/* Calculate number of guests at site */
$this->calcNumActiveGuests();
}
}
/**
* confirmUserPass - Checks whether or not the given
* username is in the database, if so it checks if the
* given password is the same password in the database
* for that user. If the user doesn't exist or if the
* passwords don't match up, it returns an error code
* (1 or 2). On success it returns 0.
*/
function confirmUserPass($username, $password){
/* Add slashes if necessary (for query) */
if(!get_magic_quotes_gpc()) {
$username = addslashes($username);
}
/* Verify that user is in database */
$q = "SELECT password FROM ".TBL_USERS." WHERE username = '$username'";
$result = mysql_query($q, $this->connection);
if(!$result || (mysql_numrows($result) < 1)){
return 1; //Indicates username failure
}
/* Retrieve password from result, strip slashes */
$dbarray = mysql_fetch_array($result);
$dbarray['password'] = stripslashes($dbarray['password']);
$password = stripslashes($password);
/* Validate that password is correct */
if($password == $dbarray['password']){
return 0; //Success! Username and password confirmed
}
else{
return 2; //Indicates password failure
}
}
/**
* confirmUserID - Checks whether or not the given
* username is in the database, if so it checks if the
* given userid is the same userid in the database
* for that user. If the user doesn't exist or if the
* userids don't match up, it returns an error code
* (1 or 2). On success it returns 0.
*/
function confirmUserID($username, $userid){
/* Add slashes if necessary (for query) */
if(!get_magic_quotes_gpc()) {
$username = addslashes($username);
}
/* Verify that user is in database */
$q = "SELECT userid FROM ".TBL_USERS." WHERE username = '$username'";
$result = mysql_query($q, $this->connection);
if(!$result || (mysql_numrows($result) < 1)){
return 1; //Indicates username failure
}
/* Retrieve userid from result, strip slashes */
$dbarray = mysql_fetch_array($result);
$dbarray['userid'] = stripslashes($dbarray['userid']);
$userid = stripslashes($userid);
/* Validate that userid is correct */
if($userid == $dbarray['userid']){
return 0; //Success! Username and userid confirmed
}
else{
return 2; //Indicates userid invalid
}
}
/**
* usernameTaken - Returns true if the username has
* been taken by another user, false otherwise.
*/
function usernameTaken($username){
if(!get_magic_quotes_gpc()){
$username = addslashes($username);
}
$q = "SELECT username FROM ".TBL_USERS." WHERE username = '$username'";
$result = mysql_query($q, $this->connection);
return (mysql_numrows($result) > 0);
}
/**
* usernameBanned - Returns true if the username has
* been banned by the administrator.
*/
function usernameBanned($username){
if(!get_magic_quotes_gpc()){
$username = addslashes($username);
}
$q = "SELECT username FROM ".TBL_BANNED_USERS." WHERE username = '$username'";
$result = mysql_query($q, $this->connection);
return (mysql_numrows($result) > 0);
}
/**
* addNewUser - Inserts the given (username, password, email)
* info into the database. Appropriate user level is set.
* Returns true on success, false otherwise.
*/
function addNewUser($username, $password, $email){
$time = time();
/* If admin sign up, give admin user level */
if(strcasecmp($username, ADMIN_NAME) == 0){
$ulevel = ADMIN_LEVEL;
}else{
$ulevel = USER_LEVEL;
}
$q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time)";
return mysql_query($q, $this->connection);
}
/**
* updateUserField - Updates a field, specified by the field
* parameter, in the user's row of the database.
*/
function updateUserField($username, $field, $value){
$q = "UPDATE ".TBL_USERS." SET ".$field." = '$value' WHERE username = '$username'";
return mysql_query($q, $this->connection);
}
/**
* getUserInfo - Returns the result array from a mysql
* query asking for all information stored regarding
* the given username. If query fails, NULL is returned.
*/
function getUserInfo($username){
$q = "SELECT * FROM ".TBL_USERS." WHERE username = '$username'";
$result = mysql_query($q, $this->connection);
/* Error occurred, return given name by default */
if(!$result || (mysql_numrows($result) < 1)){
return NULL;
}
/* Return result array */
$dbarray = mysql_fetch_array($result);
return $dbarray;
}
/**
* getNumMembers - Returns the number of signed-up users
* of the website, banned members not included. The first
* time the function is called on page load, the database
* is queried, on subsequent calls, the stored result
* is returned. This is to improve efficiency, effectively
* not querying the database when no call is made.
*/
function getNumMembers(){
if($this->num_members < 0){
$q = "SELECT * FROM ".TBL_USERS;
$result = mysql_query($q, $this->connection);
$this->num_members = mysql_numrows($result);
}
return $this->num_members;
}
/**
* calcNumActiveUsers - Finds out how many active users
* are viewing site and sets class variable accordingly.
*/
function calcNumActiveUsers(){
/* Calculate number of users at site */
$q = "SELECT * FROM ".TBL_ACTIVE_USERS;
$result = mysql_query($q, $this->connection);
$this->num_active_users = mysql_numrows($result);
}
/**
* calcNumActiveGuests - Finds out how many active guests
* are viewing site and sets class variable accordingly.
*/
function calcNumActiveGuests(){
/* Calculate number of guests at site */
$q = "SELECT * FROM ".TBL_ACTIVE_GUESTS;
$result = mysql_query($q, $this->connection);
$this->num_active_guests = mysql_numrows($result);
}
/**
* addActiveUser - Updates username's last active timestamp
* in the database, and also adds him to the table of
* active users, or updates timestamp if already there.
*/
function addActiveUser($username, $time){
$q = "UPDATE ".TBL_USERS." SET timestamp = '$time' WHERE username = '$username'";
mysql_query($q, $this->connection);
if(!TRACK_VISITORS) return;
$q = "REPLACE INTO ".TBL_ACTIVE_USERS." VALUES ('$username', '$time')";
mysql_query($q, $this->connection);
$this->calcNumActiveUsers();
}
/* addActiveGuest - Adds guest to active guests table */
function addActiveGuest($ip, $time){
if(!TRACK_VISITORS) return;
$q = "REPLACE INTO ".TBL_ACTIVE_GUESTS." VALUES ('$ip', '$time')";
mysql_query($q, $this->connection);
$this->calcNumActiveGuests();
}
/* These functions are self explanatory, no need for comments */
/* removeActiveUser */
function removeActiveUser($username){
if(!TRACK_VISITORS) return;
$q = "DELETE FROM ".TBL_ACTIVE_USERS." WHERE username = '$username'";
mysql_query($q, $this->connection);
$this->calcNumActiveUsers();
}
/* removeActiveGuest */
function removeActiveGuest($ip){
if(!TRACK_VISITORS) return;
$q = "DELETE FROM ".TBL_ACTIVE_GUESTS." WHERE ip = '$ip'";
mysql_query($q, $this->connection);
$this->calcNumActiveGuests();
}
/* removeInactiveUsers */
function removeInactiveUsers(){
if(!TRACK_VISITORS) return;
$timeout = time()-USER_TIMEOUT*60;
$q = "DELETE FROM ".TBL_ACTIVE_USERS." WHERE timestamp < $timeout";
mysql_query($q, $this->connection);
$this->calcNumActiveUsers();
}
/* removeInactiveGuests */
function removeInactiveGuests(){
if(!TRACK_VISITORS) return;
$timeout = time()-GUEST_TIMEOUT*60;
$q = "DELETE FROM ".TBL_ACTIVE_GUESTS." WHERE timestamp < $timeout";
mysql_query($q, $this->connection);
$this->calcNumActiveGuests();
}
/**
* query - Performs the given query on the database and
* returns the result, which may be false, true or a
* resource identifier.
*/
function query($query){
return mysql_query($query, $this->connection);
}
};
/* Create database connection */
$database = new MySQLDB;
?>
/includes/form.php:
<?
/**
* Form.php
*
* The Form class is meant to simplify the task of keeping
* track of errors in user submitted forms and the form
* field values that were entered correctly.
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 19, 2004
*/
class Form
{
var $values = array(); //Holds submitted form field values
var $errors = array(); //Holds submitted form error messages
var $num_errors; //The number of errors in submitted form
/* Class constructor */
function Form(){
/**
* Get form value and error arrays, used when there
* is an error with a user-submitted form.
*/
if(isset($_SESSION['value_array']) && isset($_SESSION['error_array'])){
$this->values = $_SESSION['value_array'];
$this->errors = $_SESSION['error_array'];
$this->num_errors = count($this->errors);
unset($_SESSION['value_array']);
unset($_SESSION['error_array']);
}
else{
$this->num_errors = 0;
}
}
/**
* setValue - Records the value typed into the given
* form field by the user.
*/
function setValue($field, $value){
$this->values[$field] = $value;
}
/**
* setError - Records new form error given the form
* field name and the error message attached to it.
*/
function setError($field, $errmsg){
$this->errors[$field] = $errmsg;
$this->num_errors = count($this->errors);
}
/**
* value - Returns the value attached to the given
* field, if none exists, the empty string is returned.
*/
function value($field){
if(array_key_exists($field,$this->values)){
return htmlspecialchars(stripslashes($this->values[$field]));
}else{
return "";
}
}
/**
* error - Returns the error message attached to the
* given field, if none exists, the empty string is returned.
*/
function error($field){
if(array_key_exists($field,$this->errors)){
return "<font size=\"2\" color=\"#ff0000\">".$this->errors[$field]."</font>";
}else{
return "";
}
}
/* getErrorArray - Returns the array of error messages */
function getErrorArray(){
return $this->errors;
}
};
?>
/includes/mailer.php:
<?
/**
* Mailer.php
*
* The Mailer class is meant to simplify the task of sending
* emails to users. Note: this email system will not work
* if your server is not setup to send mail.
*
* If you are running Windows and want a mail server, check
* out this website to see a list of freeware programs:
* <http://www.snapfiles.com/freeware/server/fwmailserver.html>
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 19, 2004
*/
class Mailer
{
/**
* sendWelcome - Sends a welcome message to the newly
* registered user, also supplying the username and
* password.
*/
function sendWelcome($user, $email, $pass){
$from = "From: ".EMAIL_FROM_NAME." <".EMAIL_FROM_ADDR.">";
$subject = "Jpmaster77's Site - Welcome!";
$body = $user.",\n\n"
."Welcome! You've just registered at Jpmaster77's Site "
."with the following information:\n\n"
."Username: ".$user."\n"
."Password: ".$pass."\n\n"
."If you ever lose or forget your password, a new "
."password will be generated for you and sent to this "
."email address, if you would like to change your "
."email address you can do so by going to the "
."My Account page after signing in.\n\n"
."- Jpmaster77's Site";
return mail($email,$subject,$body,$from);
}
/**
* sendNewPass - Sends the newly generated password
* to the user's email address that was specified at
* sign-up.
*/
function sendNewPass($user, $email, $pass){
$from = "From: ".EMAIL_FROM_NAME." <".EMAIL_FROM_ADDR.">";
$subject = "Jpmaster77's Site - Your new password";
$body = $user.",\n\n"
."We've generated a new password for you at your "
."request, you can use this new password with your "
."username to log in to Jpmaster77's Site.\n\n"
."Username: ".$user."\n"
."New Password: ".$pass."\n\n"
."It is recommended that you change your password "
."to something that is easier to remember, which "
."can be done by going to the My Account page "
."after signing in.\n\n"
."- Jpmaster77's Site";
return mail($email,$subject,$body,$from);
}
};
/* Initialize mailer object */
$mailer = new Mailer;
?>
/includes/session.php:
<?
/**
* Session.php
*
* The Session class is meant to simplify the task of keeping
* track of logged in users and also guests.
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 19, 2004
*/
include("database.php");
include("mailer.php");
include("form.php");
class Session
{
var $username; //Username given on sign-up
var $userid; //Random value generated on current login
var $userlevel; //The level to which the user pertains
var $time; //Time user was last active (page loaded)
var $logged_in; //True if user is logged in, false otherwise
var $userinfo = array(); //The array holding all user info
var $url; //The page url current being viewed
var $referrer; //Last recorded site page viewed
/**
* Note: referrer should really only be considered the actual
* page referrer in process.php, any other time it may be
* inaccurate.
*/
/* Class constructor */
function Session(){
$this->time = time();
$this->startSession();
}
/**
* startSession - Performs all the actions necessary to
* initialize this session object. Tries to determine if the
* the user has logged in already, and sets the variables
* accordingly. Also takes advantage of this page load to
* update the active visitors tables.
*/
function startSession(){
global $database; //The database connection
session_start(); //Tell PHP to start the session
/* Determine if user is logged in */
$this->logged_in = $this->checkLogin();
/**
* Set guest value to users not logged in, and update
* active guests table accordingly.
*/
if(!$this->logged_in){
$this->username = $_SESSION['username'] = GUEST_NAME;
$this->userlevel = GUEST_LEVEL;
$database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
}
/* Update users last active timestamp */
else{
$database->addActiveUser($this->username, $this->time);
}
/* Remove inactive visitors from database */
$database->removeInactiveUsers();
$database->removeInactiveGuests();
/* Set referrer page */
if(isset($_SESSION['url'])){
$this->referrer = $_SESSION['url'];
}else{
$this->referrer = "/";
}
/* Set current url */
$this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
}
/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin(){
global $database; //The database connection
/* Check if user has been remembered */
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
$this->username = $_SESSION['username'] = $_COOKIE['cookname'];
$this->userid = $_SESSION['userid'] = $_COOKIE['cookid'];
}
/* Username and userid have been set and not guest */
if(isset($_SESSION['username']) && isset($_SESSION['userid']) &&
$_SESSION['username'] != GUEST_NAME){
/* Confirm that username and userid are valid */
if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['userid']);
return false;
}
/* User is logged in, set class variables */
$this->userinfo = $database->getUserInfo($_SESSION['username']);
$this->username = $this->userinfo['username'];
$this->userid = $this->userinfo['userid'];
$this->userlevel = $this->userinfo['userlevel'];
return true;
}
/* User not logged in */
else{
return false;
}
}
/**
* login - The user has submitted his username and password
* through the login form, this function checks the authenticity
* of that information in the database and creates the session.
* Effectively logging in the user if all goes well.
*/
function login($subuser, $subpass, $subremember){
global $database, $form; //The database and form object
/* Username error checking */
$field = "user"; //Use field name for username
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, "* Username not entered");
}
else{
/* Check if username is not alphanumeric */
if(!eregi("^([0-9a-z])*$", $subuser)){
$form->setError($field, "* Username not alphanumeric");
}
}
/* Password error checking */
$field = "pass"; //Use field name for password
if(!$subpass){
$form->setError($field, "* Password not entered");
}
/* Return if form errors exist */
if($form->num_errors > 0){
return false;
}
/* Checks that username is in database and password is correct */
$subuser = stripslashes($subuser);
$result = $database->confirmUserPass($subuser, md5($subpass));
/* Check error codes */
if($result == 1){
$field = "user";
$form->setError($field, "* Username not found");
}
else if($result == 2){
$field = "pass";
$form->setError($field, "* Invalid password");
}
/* Return if form errors exist */
if($form->num_errors > 0){
return false;
}
/* Username and password correct, register session variables */
$this->userinfo = $database->getUserInfo($subuser);
$this->username = $_SESSION['username'] = $this->userinfo['username'];
$this->userid = $_SESSION['userid'] = $this->generateRandID();
$this->userlevel = $this->userinfo['userlevel'];
/* Insert userid into database and update active users table */
$database->updateUserField($this->username, "userid", $this->userid);
$database->addActiveUser($this->username, $this->time);
$database->removeActiveGuest($_SERVER['REMOTE_ADDR']);
/**
* This is the cool part: the user has requested that we remember that
* he's logged in, so we set two cookies. One to hold his username,
* and one to hold his random value userid. It expires by the time
* specified in constants.php. Now, next time he comes to our site, we will
* log him in automatically, but only if he didn't log out before he left.
*/
if($subremember){
setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);
setcookie("cookid", $this->userid, time()+COOKIE_EXPIRE, COOKIE_PATH);
}
/* Login completed successfully */
return true;
}
/**
* logout - Gets called when the user wants to be logged out of the
* website. It deletes any cookies that were stored on the users
* computer as a result of him wanting to be remembered, and also
* unsets session variables and demotes his user level to guest.
*/
function logout(){
global $database; //The database connection
/**
* Delete cookies - the time must be in the past,
* so just negate what you added when creating the
* cookie.
*/
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
setcookie("cookid", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
}
/* Unset PHP session variables */
unset($_SESSION['username']);
unset($_SESSION['userid']);
/* Reflect fact that user has logged out */
$this->logged_in = false;
/**
* Remove from active users table and add to
* active guests tables.
*/
$database->removeActiveUser($this->username);
$database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
/* Set user level to guest */
$this->username = GUEST_NAME;
$this->userlevel = GUEST_LEVEL;
}
/**
* register - Gets called when the user has just submitted the
* registration form. Determines if there were any errors with
* the entry fields, if so, it records the errors and returns
* 1. If no errors were found, it registers the new user and
* returns 0. Returns 2 if registration failed.
*/
function register($subuser, $subpass, $subemail){
global $database, $form, $mailer; //The database, form and mailer object
/* Username error checking */
$field = "user"; //Use field name for username
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, "* Username not entered");
}
else{
/* Spruce up username, check length */
$subuser = stripslashes($subuser);
if(strlen($subuser) < 5){
$form->setError($field, "* Username below 5 characters");
}
else if(strlen($subuser) > 30){
$form->setError($field, "* Username above 30 characters");
}
/* Check if username is not alphanumeric */
else if(!eregi("^([0-9a-z])+$", $subuser)){
$form->setError($field, "* Username not alphanumeric");
}
/* Check if username is reserved */
else if(strcasecmp($subuser, GUEST_NAME) == 0){
$form->setError($field, "* Username reserved word");
}
/* Check if username is already in use */
else if($database->usernameTaken($subuser)){
$form->setError($field, "* Username already in use");
}
/* Check if username is banned */
else if($database->usernameBanned($subuser)){
$form->setError($field, "* Username banned");
}
}
/* Password error checking */
$field = "pass"; //Use field name for password
if(!$subpass){
$form->setError($field, "* Password not entered");
}
else{
/* Spruce up password and check length*/
$subpass = stripslashes($subpass);
if(strlen($subpass) < 4){
$form->setError($field, "* Password too short");
}
/* Check if password is not alphanumeric */
else if(!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))){
$form->setError($field, "* Password not alphanumeric");
}
/**
* Note: I trimmed the password only after I checked the length
* because if you fill the password field up with spaces
* it looks like a lot more characters than 4, so it looks
* kind of stupid to report "password too short".
*/
}
/* Email error checking */
$field = "email"; //Use field name for email
if(!$subemail || strlen($subemail = trim($subemail)) == 0){
$form->setError($field, "* Email not entered");
}
else{
/* Check if valid email address */
$regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
."\.([a-z]{2,}){1}$";
if(!eregi($regex,$subemail)){
$form->setError($field, "* Email invalid");
}
$subemail = stripslashes($subemail);
}
/* Errors exist, have user correct them */
if($form->num_errors > 0){
return 1; //Errors with form
}
/* No errors, add the new account to the */
else{
if($database->addNewUser($subuser, md5($subpass), $subemail)){
if(EMAIL_WELCOME){
$mailer->sendWelcome($subuser,$subemail,$subpass);
}
return 0; //New user added succesfully
}else{
return 2; //Registration attempt failed
}
}
}
/**
* editAccount - Attempts to edit the user's account information
* including the password, which it first makes sure is correct
* if entered, if so and the new password is in the right
* format, the change is made. All other fields are changed
* automatically.
*/
function editAccount($subcurpass, $subnewpass, $subemail){
global $database, $form; //The database and form object
/* New password entered */
if($subnewpass){
/* Current Password error checking */
$field = "curpass"; //Use field name for current password
if(!$subcurpass){
$form->setError($field, "* Current Password not entered");
}
else{
/* Check if password too short or is not alphanumeric */
$subcurpass = stripslashes($subcurpass);
if(strlen($subcurpass) < 4 ||
!eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))){
$form->setError($field, "* Current Password incorrect");
}
/* Password entered is incorrect */
if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){
$form->setError($field, "* Current Password incorrect");
}
}
/* New Password error checking */
$field = "newpass"; //Use field name for new password
/* Spruce up password and check length*/
$subpass = stripslashes($subnewpass);
if(strlen($subnewpass) < 4){
$form->setError($field, "* New Password too short");
}
/* Check if password is not alphanumeric */
else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))){
$form->setError($field, "* New Password not alphanumeric");
}
}
/* Change password attempted */
else if($subcurpass){
/* New Password error reporting */
$field = "newpass"; //Use field name for new password
$form->setError($field, "* New Password not entered");
}
/* Email error checking */
$field = "email"; //Use field name for email
if($subemail && strlen($subemail = trim($subemail)) > 0){
/* Check if valid email address */
$regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
."\.([a-z]{2,}){1}$";
if(!eregi($regex,$subemail)){
$form->setError($field, "* Email invalid");
}
$subemail = stripslashes($subemail);
}
/* Errors exist, have user correct them */
if($form->num_errors > 0){
return false; //Errors with form
}
/* Update password since there were no errors */
if($subcurpass && $subnewpass){
$database->updateUserField($this->username,"password",md5($subnewpass));
}
/* Change Email */
if($subemail){
$database->updateUserField($this->username,"email",$subemail);
}
/* Success! */
return true;
}
/**
* isAdmin - Returns true if currently logged in user is
* an administrator, false otherwise.
*/
function isAdmin(){
return ($this->userlevel == ADMIN_LEVEL ||
$this->username == ADMIN_NAME);
}
/**
* generateRandID - Generates a string made up of randomized
* letters (lower and upper case) and digits and returns
* the md5 hash of it to be used as a userid.
*/
function generateRandID(){
return md5($this->generateRandStr(16));
}
/**
* generateRandStr - Generates a string made up of randomized
* letters (lower and upper case) and digits, the length
* is a specified parameter.
*/
function generateRandStr($length){
$randstr = "";
for($i=0; $i<$length; $i++){
$randnum = mt_rand(0,61);
if($randnum < 10){
$randstr .= chr($randnum+48);
}else if($randnum < 36){
$randstr .= chr($randnum+55);
}else{
$randstr .= chr($randnum+61);
}
}
return $randstr;
}
};
/**
* Initialize session object - This must be initialized before
* the form object because the form uses session variables,
* which cannot be accessed unless the session has started.
*/
$session = new Session;
/* Initialize form object */
$form = new Form;
?>
/includes/view_active.php:
<?
if(!defined('TBL_ACTIVE_USERS')) {
die("Error processing page");
}
$q = "SELECT username FROM ".TBL_ACTIVE_USERS
." ORDER BY timestamp DESC,username";
$result = $database->query($q);
/* Error occurred, return given name by default */
$num_rows = mysql_numrows($result);
if(!$result || ($num_rows < 0)){
echo "Error displaying info";
}
else if($num_rows > 0){
/* Display active users, with link to their info */
echo "<table align=\"left\" border=\"1\" cellspacing=\"0\" cellpadding=\"3\">\n";
echo "<tr><td><font size=\"2\">\n";
for($i=0; $i<$num_rows; $i++){
$uname = mysql_result($result,$i,"username");
echo "<a href=\"userinfo.php?user=$uname\">$uname</a> / ";
}
echo "</font></td></tr></table><br>\n";
}
?>
/admin/admin.php:
<?
/**
* Admin.php
*
* This is the Admin Center page. Only administrators
* are allowed to view this page. This page displays the
* database table of users and banned users. Admins can
* choose to delete specific users, delete inactive users,
* ban users, update user levels, etc.
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 26, 2004
*/
include("../include/session.php");
/**
* displayUsers - Displays the users database table in
* a nicely formatted html table.
*/
function displayUsers(){
global $database;
$q = "SELECT username,userlevel,email,timestamp "
."FROM ".TBL_USERS." ORDER BY userlevel DESC,username";
$result = $database->query($q);
/* Error occurred, return given name by default */
$num_rows = mysql_numrows($result);
if(!$result || ($num_rows < 0)){
echo "Error displaying info";
return;
}
if($num_rows == 0){
echo "Database table empty";
return;
}
/* Display table contents */
echo "<table align=\"left\" border=\"1\" cellspacing=\"0\" cellpadding=\"3\">\n";
echo "<tr><td><b>Username</b></td><td><b>Level</b></td><td><b>Email</b></td><td><b>Último activo</b></td></tr>\n";
for($i=0; $i<$num_rows; $i++){
$uname = mysql_result($result,$i,"username");
$ulevel = mysql_result($result,$i,"userlevel");
$email = mysql_result($result,$i,"email");
$time = mysql_result($result,$i,"timestamp");
echo "<tr><td>$uname</td><td>$ulevel</td><td>$email</td><td>$time</td></tr>\n";
}
echo "</table><br>\n";
}
/**
* displayBannedUsers - Displays the banned users
* database table in a nicely formatted html table.
*/
function displayBannedUsers(){
global $database;
$q = "SELECT username,timestamp "
."FROM ".TBL_BANNED_USERS." ORDER BY username";
$result = $database->query($q);
/* Error occurred, return given name by default */
$num_rows = mysql_numrows($result);
if(!$result || ($num_rows < 0)){
echo "Error displaying info";
return;
}
if($num_rows == 0){
echo "Database table empty";
return;
}
/* Display table contents */
echo "<table align=\"left\" border=\"1\" cellspacing=\"0\" cellpadding=\"3\">\n";
echo "<tr><td><b>Username</b></td><td><b>Time Banned</b></td></tr>\n";
for($i=0; $i<$num_rows; $i++){
$uname = mysql_result($result,$i,"username");
$time = mysql_result($result,$i,"timestamp");
echo "<tr><td>$uname</td><td>$time</td></tr>\n";
}
echo "</table><br>\n";
}
/**
* User not an administrator, redirect to main page
* automatically.
*/
if(!$session->isAdmin()){
header("Location: ../main.php");
}
else{
/**
* Administrator is viewing page, so display all
* forms.
*/
?>
<html>
<title>Jpmaster77's Login Script</title>
<body>
<h1>Admin Center</h1>
<font size="5" color="#ff0000">
<b>::::::::::::::::::::::::::::::::::::::::::::</b></font>
<font size="4">Logged in as <b><? echo $session->username; ?></b></font><br><br>
Back to [<a href="../main.php">Main Page</a>]<br><br>
<?
if($form->num_errors > 0){
echo "<font size=\"4\" color=\"#ff0000\">"
."!*** Error with request, please fix</font><br><br>";
}
?>
<table align="left" border="0" cellspacing="5" cellpadding="5">
<tr><td>
<?
/**
* Display Users Table
*/
?>
<h3>Users Table Contents:</h3>
<?
displayUsers();
?>
</td></tr>
<tr>
<td>
<br>
<?
/**
* Update User Level
*/
?>
<h3>Update User Level</h3>
<? echo $form->error("upduser"); ?>
<table>
<form action="adminprocess.php" method="POST">
<tr><td>
Username:<br>
<input type="text" name="upduser" maxlength="30" value="<? echo $form->value("upduser"); ?>">
</td>
<td>
Level:<br>
<select name="updlevel">
<option value="1">1
<option value="9">9
</select>
</td>
<td>
<br>
<input type="hidden" name="subupdlevel" value="1">
<input type="submit" value="Update Level">
</td></tr>
</form>
</table>
</td>
</tr>
<tr>
<td><hr></td>
</tr>
<tr>
<td>
<?
/**
* Delete User
*/
?>
<h3>Delete User</h3>
<? echo $form->error("deluser"); ?>
<form action="adminprocess.php" method="POST">
Username:<br>
<input type="text" name="deluser" maxlength="30" value="<? echo $form->value("deluser"); ?>">
<input type="hidden" name="subdeluser" value="1">
<input type="submit" value="Delete User">
</form>
</td>
</tr>
<tr>
<td><hr></td>
</tr>
<tr>
<td>
<?
/**
* Delete Inactive Users
*/
?>
<h3>Delete Inactive Users</h3>
This will delete all users (not administrators), who have not logged in to the site<br>
within a certain time period. You specify the days spent inactive.<br><br>
<table>
<form action="adminprocess.php" method="POST">
<tr><td>
Days:<br>
<select name="inactdays">
<option value="3">3
<option value="7">7
<option value="14">14
<option value="30">30
<option value="100">100
<option value="365">365
</select>
</td>
<td>
<br>
<input type="hidden" name="subdelinact" value="1">
<input type="submit" value="Delete All Inactive">
</td>
</form>
</table>
</td>
</tr>
<tr>
<td><hr></td>
</tr>
<tr>
<td>
<?
/**
* Ban User
*/
?>
<h3>Ban User</h3>
<? echo $form->error("banuser"); ?>
<form action="adminprocess.php" method="POST">
Username:<br>
<input type="text" name="banuser" maxlength="30" value="<? echo $form->value("banuser"); ?>">
<input type="hidden" name="subbanuser" value="1">
<input type="submit" value="Ban User">
</form>
</td>
</tr>
<tr>
<td><hr></td>
</tr>
<tr><td>
<?
/**
* Display Banned Users Table
*/
?>
<h3>Banned Users Table Contents:</h3>
<?
displayBannedUsers();
?>
</td></tr>
<tr>
<td><hr></td>
</tr>
<tr>
<td>
<?
/**
* Delete Banned User
*/
?>
<h3>Delete Banned User</h3>
<? echo $form->error("delbanuser"); ?>
<form action="adminprocess.php" method="POST">
Username:<br>
<input type="text" name="delbanuser" maxlength="30" value="<? echo $form->value("delbanuser"); ?>">
<input type="hidden" name="subdelbanned" value="1">
<input type="submit" value="Delete Banned User">
</form>
</td>
</tr>
</table>
</body>
</html>
<?
}
?>
/admin/adminprocess.php:
<?
/**
* AdminProcess.php
*
* The AdminProcess class is meant to simplify the task of processing
* admin submitted forms from the admin center, these deal with
* member system adjustments.
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 15, 2004
*/
include("../include/session.php");
class AdminProcess
{
/* Class constructor */
function AdminProcess(){
global $session;
/* Make sure administrator is accessing page */
if(!$session->isAdmin()){
header("Location: ../main.php");
return;
}
/* Admin submitted update user level form */
if(isset($_POST['subupdlevel'])){
$this->procUpdateLevel();
}
/* Admin submitted delete user form */
else if(isset($_POST['subdeluser'])){
$this->procDeleteUser();
}
/* Admin submitted delete inactive users form */
else if(isset($_POST['subdelinact'])){
$this->procDeleteInactive();
}
/* Admin submitted ban user form */
else if(isset($_POST['subbanuser'])){
$this->procBanUser();
}
/* Admin submitted delete banned user form */
else if(isset($_POST['subdelbanned'])){
$this->procDeleteBannedUser();
}
/* Should not get here, redirect to home page */
else{
header("Location: ../main.php");
}
}
/**
* procUpdateLevel - If the submitted username is correct,
* their user level is updated according to the admin's
* request.
*/
function procUpdateLevel(){
global $session, $database, $form;
/* Username error checking */
$subuser = $this->checkUsername("upduser");
/* Errors exist, have user correct them */
if($form->num_errors > 0){
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: ".$session->referrer);
}
/* Update user level */
else{
$database->updateUserField($subuser, "userlevel", (int)$_POST['updlevel']);
header("Location: ".$session->referrer);
}
}
/**
* procDeleteUser - If the submitted username is correct,
* the user is deleted from the database.
*/
function procDeleteUser(){
global $session, $database, $form;
/* Username error checking */
$subuser = $this->checkUsername("deluser");
/* Errors exist, have user correct them */
if($form->num_errors > 0){
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: ".$session->referrer);
}
/* Delete user from database */
else{
$q = "DELETE FROM ".TBL_USERS." WHERE username = '$subuser'";
$database->query($q);
header("Location: ".$session->referrer);
}
}
/**
* procDeleteInactive - All inactive users are deleted from
* the database, not including administrators. Inactivity
* is defined by the number of days specified that have
* gone by that the user has not logged in.
*/
function procDeleteInactive(){
global $session, $database;
$inact_time = $session->time - $_POST['inactdays']*24*60*60;
$q = "DELETE FROM ".TBL_USERS." WHERE timestamp < $inact_time "
."AND userlevel != ".ADMIN_LEVEL;
$database->query($q);
header("Location: ".$session->referrer);
}
/**
* procBanUser - If the submitted username is correct,
* the user is banned from the member system, which entails
* removing the username from the users table and adding
* it to the banned users table.
*/
function procBanUser(){
global $session, $database, $form;
/* Username error checking */
$subuser = $this->checkUsername("banuser");
/* Errors exist, have user correct them */
if($form->num_errors > 0){
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: ".$session->referrer);
}
/* Ban user from member system */
else{
$q = "DELETE FROM ".TBL_USERS." WHERE username = '$subuser'";
$database->query($q);
$q = "INSERT INTO ".TBL_BANNED_USERS." VALUES ('$subuser', $session->time)";
$database->query($q);
header("Location: ".$session->referrer);
}
}
/**
* procDeleteBannedUser - If the submitted username is correct,
* the user is deleted from the banned users table, which
* enables someone to register with that username again.
*/
function procDeleteBannedUser(){
global $session, $database, $form;
/* Username error checking */
$subuser = $this->checkUsername("delbanuser", true);
/* Errors exist, have user correct them */
if($form->num_errors > 0){
$_SESSION['value_array'] = $_POST;
$_SESSION['error_array'] = $form->getErrorArray();
header("Location: ".$session->referrer);
}
/* Delete user from database */
else{
$q = "DELETE FROM ".TBL_BANNED_USERS." WHERE username = '$subuser'";
$database->query($q);
header("Location: ".$session->referrer);
}
}
/**
* checkUsername - Helper function for the above processing,
* it makes sure the submitted username is valid, if not,
* it adds the appropritate error to the form.
*/
function checkUsername($uname, $ban=false){
global $database, $form;
/* Username error checking */
$subuser = $_POST[$uname];
$field = $uname; //Use field name for username
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, "* Username not entered<br>");
}
else{
/* Make sure username is in database */
$subuser = stripslashes($subuser);
if(strlen($subuser) < 5 || strlen($subuser) > 30 ||
!eregi("^([0-9a-z])+$", $subuser) ||
(!$ban && !$database->usernameTaken($subuser))){
$form->setError($field, "* Username does not exist<br>");
}
}
return $subuser;
}
};
/* Initialize process */
$adminprocess = new AdminProcess;
?>