Location: PHPKode > projects > LySite > lysite/login.php
<?php
/*----------------------------------------------------------

       LySite
       Brad Landis (hide@address.com)

   Copyright (C) 2005 Brad Landis

   This program is free software; you can redistribute it
   and/or modify it under the terms of the GNU General
   Public License as published by the Free Software
   Foundation; either version 2 of the License, or (at your
   option) any later version.

   This program is distributed in the hope that it will be
   useful, but WITHOUT ANY WARRANTY; without even the
   implied warranty of MERCHANTABILITY or FITNESS FOR A
   PARTICULAR PURPOSE.  See the GNU General Public License
   for more details.
   
   You should have received a copy of the GNU General Public
   License along with this program; if not, write to the
   Free Software Foundation, Inc., 51 Franklin Street, Fifth
   Floor, Boston, MA  02110-1301, USA.

----------------------------------------------------------*/
require('includes.php');

function js_form_check() {
	echo "<script type='text/javascript'>
	function registerCheck(item_name,check_user) {
		if(check_user == true && item_name.username.value.length < 4) {
			alert('Username must be 4 or more characters');
			return false;
		} else if(item_name.password.value != item_name.password2.value) {
			alert('Password\'s do not match');
			return false;
		} else if(item_name.password.value.length < 4) {
			alert('Password must be 4 or more characters');
			return false;
		}
		return true;
	}
	</script>";
}

if(isset($_POST['change_password'])) {
	$query = "UPDATE users SET password=PASSWORD('$_POST[password]') WHERE user_id='$_POST[user_id]' LIMIT 1";
	if(mysql_query($query)) {
		header("Location: index.php?notice=Success!");
	} else {
		$_GET['notice'] = "There was an error.";
	}
} else if(isset($_POST['forgot_password'])) {
	if($_POST['email'] != '') {
		$query = "SELECT * FROM users WHERE email='$_POST[email]' LIMIT 1";
		if($results = mysql_query($query)) {
			if(mysql_num_rows($results) == 1) {
				$line = mysql_fetch_assoc($results);
				$new_pass = str_rand(8);
				$query = "UPDATE users SET password=PASSWORD('$new_pass') WHERE user_id='$line[user_id]' LIMIT 1";
				if(mysql_query($query)) {
					mail($_POST['email'],SITE_URL.": Forgotten Password","You have requested your username and password. They are as follows:\n\nUsername: $line[username]\nNew Password: $new_pass\n\nThanks,\n".SITE_ADMIN."\n","From: ".SITE_TITLE." - ".SITE_SUBTITLE." <".SITE_EMAIL.">\r\n");
					log_event("Forgotten Password: $line[username]",null,"admin.php?user=$line[uid]");
					header("Location: login.php?notice=Your+username+and+password+have+been+emailed+to+you.+If+you+do+not+see+the+message+soon,+check+your+bulk+mail+folder.");
				} else trigger_error(mysql_error());
			} else $notice = "The email address you requested is not in our database.";
		} else trigger_error(mysql_error());
	} else $notice = "Please verify the email address you typed.";
} else if(isset($_POST['update_info'])) {
	if(!$_POST['email'] || eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,6}\$", $_POST['email'])) {
		if(!$_POST['email'] && $_POST['subscribe'] != 'n') {
			$_POST['subscribe'] = 'n';
			$notice = "You were not subscribed because you must have a valid email to subscribe.";
		}
		$query = "UPDATE users SET name='$_POST[name]',email='$_POST[email]',subscribe='$_POST[subscribe]' WHERE user_id='$_POST[user_id]' LIMIT 1";
		if(mysql_query($query)) {
			header("Location: index.php?notice=Success!".urlencode("\n".$notice));
		} else {
			trigger_error(mysql_error());
		}
	} else {
		$_GET['notice'] = "The email you entered is invalid.";
	}
} if(isset($_POST['register'])) {
	if(!$_POST['email'] || eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,6}\$", $_POST['email'])) {
		if(!$_POST['email'] && $_POST['subscribe'] != 'n') {
			$_POST['subscribe'] = 'n';
			$_POST['email'] = "";
			$notice = "You were not subscribed because you must have a valid email to subscribe.";
		}
		$rand = str_rand();
		$query = "INSERT INTO users SET username='$_POST[username]',password=PASSWORD('$_POST[password]'),name='$_POST[name]',email='$_POST[email]',subscribe='$_POST[subscribe]',rand32='$rand',permissions='".DEFAULT_USER_LEVEL."'";
		if(mysql_query($query)) {
			$id = mysql_insert_id();
			setcookie('user[username]',$_POST['username']);
			setcookie('user[user_id]',$id);
			setcookie('user[rand32]',$rand);
			setcookie('user_verified',true);
			setcookie('permissions',DEFAULT_USER_LEVEL);
			log_event("User Registered: $_POST[username]",NULL,"admin.php?user=$id",0,$id);
			if($_POST['email'])
				email("$_POST[name] <$_POST[email]>", "Registration Information at ".SITE_TITLE.": ".SITE_SUBTITLE,"You have just registered at ".SITE_URL.". Here is your login information:\n\nUsername: $_POST[username]\nPassword: $_POST[password]\n\nIf you did not register, please email the administrator at ".SITE_EMAIL.".\n\nThanks,\n".SITE_ADMIN."\n", "From: ".SITE_TITLE." - ".SITE_SUBTITLE." <".SITE_EMAIL.">\r\n");
			header("Location: index.php?notice=You+are+now+registered.".urlencode("\n".$notice));
		} else {
			if(strpos(mysql_error(),"Duplicate") !== false)
				$_GET['notice'] = "That username has already been taken.";
			else
				trigger_error(mysql_error());
		}
	} else {
		$_GET['notice'] = "The email you entered is invalid.";
	}
} else if(isset($_GET['logout'])) {
	setcookie('user[username]',false,time()-3600);
	setcookie('user[user_id]',false,time()-3600);
	setcookie('user[rand32]',false,time()-3600);
	setcookie('permissions',0);
	header('Location: index.php?notice=Successfully+logged+out.');
} else if(isset($_POST['login'])) {
	$query = "SELECT * FROM users WHERE username='$_POST[username]' AND password=PASSWORD('$_POST[password]') LIMIT 1";
	if($results = mysql_query($query)) {
		if(mysql_num_rows($results) > 0) {
			$line = mysql_fetch_assoc($results);
			if($_POST['remember_me'])
				$login_time = time()+1814400;
			setcookie('user[username]',$line['username'],$login_time);
			setcookie('user[user_id]',$line['user_id'],$login_time);
			setcookie('user[rand32]',$line['rand32'],$login_time);
			setcookie('user_verified',true);
			setcookie('permissions',$line['permissions']);
			log_event("User Logged In: $_POST[username]",NULL,"admin.php?user=$line[user_id]", -1, $line['user_id']);
			header('Location: index.php?notice=You+are+now+logged+in.');
		} else {
			$_GET['notice'] = "Incorrect username or password.";
		}
	} else
		trigger_error(mysql_error());
}

include('header.php');

if($_POST['tries'] > 5) {
	warning("Tried to log in to many times. Please try again later.");
} else if(is_logged_in()) {
	$query = "SELECT * FROM users WHERE username='".get_username()."' LIMIT 1";
	if($results = mysql_query($query)) {
		$ui = mysql_fetch_assoc($results);
	} else {
		trigger_error(mysql_error());
	}
	if(isset($_POST['update_info'])) {
		$ui['name'] = $_POST['name'];
		$ui['email'] = $_POST['email'];
		$ui['subscribe'] = $_POST['subscribe'] ? "y" : "n";
	}
	echo "<form action='login.php' method='post' name='change_info'>\n<fieldset><legend>Change Info</legend>\n";
	echo "<input type='hidden' name='user_id' value='$ui[user_id]'>\n";
	echo "<p><label for='name'>Name (First &amp; Last):</label><br><input type='text' name='name' value='$ui[name]'>\n";
	echo "<p><label for='email'>Email:</label><br><input type='text' name='email' value='$ui[email]'>\n";
	echo "<p><label for='subscribe'>Receive emails:</label><br>\n<input type='radio' name='subscribe' value='y'".($ui['subscribe'] == 'y'?" checked":"").">When a song is added<br><input type='radio' name='subscribe' value='monthly'".($ui['subscribe'] == 'monthly'?" checked":"").">Monthly only<br><input type='radio' name='subscribe' value='n'".($ui['subscribe'] == 'n'?" checked":"").">Never\n";
	echo "<p><button type='submit' name='update_info'>Change Info</button>\n";
	echo "</fieldset></form>\n";
	
	js_form_check();
	
	echo "<form action='login.php' method='post' name='change_pass' onsubmit='return registerCheck(document.change_pass,false);'>\n<fieldset><legend>Change Password</legend>\n";
	echo "<input type='hidden' name='user_id' value='$ui[user_id]'>\n";
	echo "<p><label for='password'>New Password:</label><br><input type='password' name='password'>\n";
	echo "<p><label for='password2'>Verify:</label><br><input type='password' name='password2'>\n";
	echo "<input type='hidden' name='tries' value='$_POST[tries]'>\n";
	echo "<p><button type='submit' name='change_password'>Change Password</button>\n";
	echo "</fieldset></form>\n";
} else {
	if(isset($_POST['user'])) {
		warning("Wrong username or password");
	}
	if(isset($_POST['tries']))
		$_POST['tries']++;
	else
		$_POST['tries'] = 0;
	echo "<form action='login.php' method='post'>\n<fieldset><legend>Login</legend>\n";
	echo "<p><label for='username'>Username:</label><br><input type='text' name='username'>\n";
	echo "<p><label for='password'>Password:</label><br><input type='password' name='password'>\n";
	echo "<p><input type='checkbox' name='remember_me' value='Remember Me'><label for='remember_me'>Remember Me</label>\n";
	echo "<input type='hidden' name='tries' value='$_POST[tries]'>\n";
	echo "<p><button type='submit' name='login'>Log In</button>\n";
	echo "</fieldset></form>\n";
	
	echo "<form action='login.php' method='post'>\n<fieldset><legend>Forgot Your Username or Password?</legend>\n";
	echo "<p><i>Notice: Your password cannot be retrieved as is, but will be changed. You may change it after logging in.</i>\n";
	echo "<p><label for='email'>Email:</label><br><input type='text' name='email'>\n";
	echo "<p><input type='submit' name='forgot_password' value='Email Me My Username and Password'>\n";
	echo "</fieldset></form>\n";
	
	js_form_check();
	
	echo "<form action='login.php' method='post' name='register' onsubmit='return registerCheck(\"document.register\",true);'>\n<fieldset><legend>Register</legend>\n";
	echo "<h2>Why Register?</h2>\n<p>When you register, you can receive email updates when new songs are added, and have a list of your favorite songs. You will not receive spam. Emails are only viewable by me, the administrator, and I don't send spam. More features are being added regularly, so be watching for them.</p>\n";
	echo "<p><label for='username'>Username:</label><br><input type='text' name='username'".($_POST['username']?" value=$_POST[username]":"").">\n";
	echo "<p><label for='password'>Password:</label><br><input type='password' name='password'><br>\n";
	echo "<label for='password2'>Verify Password:</label><br><input type='password' name='password2'>\n";
	echo "<p><label for='name'>Name (First &amp; Last):</label><br><input type='text' name='name'".($_POST['name']?" value=$_POST[name]":"").">\n";
	echo "<p><label for='email'>Email:</label><br><input type='text' name='email'".($_POST['email']?" value=$_POST[email]":"").">\n";
	echo "<p><label for='subscribe'>Receive emails:</label><br>\n<input type='radio' name='subscribe' value='y'".($_POST['subscribe'] == 'y'?" checked":"").">When a song is added<br><input type='radio' name='subscribe' value='monthly'".($_POST['subscribe'] == 'monthly' || !isset($_POST['subscribe'])?" checked":"").">Monthly only<br><input type='radio' name='subscribe' value='n'".($_POST['subscribe'] == 'n'?" checked":"").">Never\n";
	notice("Unless you check 'never', monthly emails will be sent concerning new features and a list of songs added in that month.");
	echo "<p><button type='submit' name='register'>Register</button>\n";
	echo "</fieldset></form>\n";
}
include('footer.php');
?>
Return current item: LySite