Location: PHPKode > projects > InvisiblePortal > trunk/includes/class-user.php
<?
class User extends Security
{ 
	function display_agreement()
	{
	$form = &New MainConf;

	echo '<form action="'.$_SERVER['PHP_SELF'].'?sect=reg&la=yes" method="post" enctype="multipart/form-data">';
	echo 'Usage Agreement/COPPA goes here<br /><br />';
	$form->main_intext('label','I agree  to the Terms of Use Agreement','check',NULL).$form->main_intext('radio','yes','check',NULL);
	$form->main_intext('label','No to the Terms of Use Agreement','check',NULL).$form->main_intext('radio','no','check',NULL);
	echo $form->main_intext('submit','Submit',NULL,NULL);
	echo '</form>';
	}

	function display_reg()
	{
		//display registration form

		$form = &New MainConf;
		echo '<form action="'.$_SERVER['PHP_SELF'].'?sect=reg&la=yes&check=1" method="post" enctype="application/x-www-form-urlencoded">';
		$form->main_intext('label','Username:  ','username',NULL).$form->main_intext('textbox',NULL,'username','Desired Username.');
		$form->main_intext('label','Email:  ','email1',NULL).$form->main_intext('textbox',NULL,'email1','Email Address');
		$form->main_intext('label','Email:  ','email2',NULL).$form->main_intext('textbox',NULL,'email2','Confim Email Address');
		$form->main_intext('label','Password:  ','pass1',NULL).$form->main_intext('password',NULL,'pass1','Desired Password (min of 6 chars)');
		$form->main_intext('label','Password:  ','pass2',NULL).$form->main_intext('password',NULL,'pass2','Confirm Password (min of 6 chars)');
		$form->main_intext('submit','Submit',NULL,NULL);
		echo '</form>';
	}
	
	function login_display()
	{
		$form = &New MainConf;
		echo 'Please Log-In:  ';
		echo '<form action="'.$_SERVER['PHP_SELF'].'?sect=login&login=1" method="post" enctype="application/x-www-form-urlencoded">';
		$form->main_intext('label','Username:  ','username',NULL).$form->main_intext('textbox',NULL,'username',NULL);
		$form->main_intext('label','Password:  ','pass',NULL).$form->main_intext('password',NULL,'pass',NULL);
		$form->main_intext('submit','Login',NULL,NULL);
	 	echo '</form>';
		echo 'If you don\'t have an account please register <a href="'.$_SERVER['PHP_SELF'].'?sect=reg"=->here</a>';
	}

	function proc_reg()
	{
		// Check input 
		$user = $this->clean_name($_POST['username']);
		$pass1 = $this->clean_text($_POST['pass1']);
		$pass2 = $this->clean_text($_POST['pass2']);
		$email1 = $this->clean_email($_POST['email1']);
		$email2 = $this->clean_email($_POST['email2']);
		if(($user == FALSE) || ($pass1 == FALSE) || ($pass2 == FALSE) || ($email1 == FALSE) || ($email2 == FALSE))
		{
			die('None of the registration fields can be empty');
		}
		// Will add ajax functions for this.
		if($pass1 != $pass2)
		{
			die('Passwords do not Match');
		}
		if (strlen($pass1) <= 5)
		{
			die('Password length to small, please 6 or more chars');
		}
		if($email1 != $email2)
		{
			die ('Emails do not match');
		}
		$password = $this->gen_hash($pass1, NULL);
		$group = 'users';
		// Change this to 0 after creating confirm function and check confirm.
		$confirm = '1';
		$query = 'INSERT INTO `user` (id, username, password, usergroup, postdate, confirm, confirmnum, email) VALUES(\' \',\''.$user.'\', \''.$password.'\', '.$group.', NOW(), '.$confirm.', \'12345\', \''.$email1.'\');';
		$result = mysql_query($query);
		if(!$result)
		{
			die('MySQL error: '.mysql_error());
		}
		// Return True so the calling function can handle the redirection or immediate log on.
		return TRUE;
	}
	
	function proc_login($username,$password)
	{
		$session = &New SessionHandler;
		//  Pass the post field to isset before calling this function
		$cusername = $this->clean_name($username);
		$cpassword = $this->clean_text($password);
		If(($cpassword ==  FALSE) || ($cusername == FALSE))
		{
			die('Password or Username is empty, please retry thank you.');
			// We shouldn't get here,
		}		
		$query = 'SELECT * FROM user WHERE username = \''.$cusername.'\';';
		$result = mysql_query($query);
		if(!$result)
		{
			die('error in the database '.mysql_error());
		}
		$row =mysql_fetch_array($result);
		$passdb = $row['password'];
		$hashpass = $this->gen_hash($password,$passdb);
		if ($hashpass === $passdb)
		{
			$session->set_cookies_login($row);
			return TRUE;
		}
		// Return False to lett the calling function handle the errors.
		return FALSE;
	}
	
	function logout($site_url)
	{
		$session = &New SessionHandler;
		// Destroy Session
		$session->unset_session();
		// Destroy Cookies
		if(isset($_COOKIE['$id']))
		{
			foreach($_COOKIE as $cook )
			{
				setcookie($cook, 0, time() - 3600);
			}
		}
		// Send to the main page
		header('location: '.$site_url);
	}
	
	private function gen_hash($password, $salt)
	{
		
		if ($salt === NULL)
		{
			$salt = substr(md5(uniqid(rand(), true)), 0, 9);
		}
		else{
			$salt = substr($salt, 0, 9);
		}
		
		return $salt . sha1($salt . $password);
	}
}
?>
Return current item: InvisiblePortal