Location: PHPKode > projects > Ramui forum script > forum-script/gb/user/include/clslogin.php
<?php
/*
Copyright (c) 2012 http://ramui.com. All right reserved.
This product is by copyright and distributed under licenses restricting copying, distribution. Permission is granted to the public to download and use this script provided that this Notice and any statement of authorship are reproduced in every page on all copies of the script.
*/
class clslogin
{
protected $uid;
protected $site;
protected $admin;
function __construct()
{
        $db=new connection('../');
        $this->site=$db->siteinf();
		$this->admin=$db->get_admin();
		if((($this->site['blocksite'])&&(empty($this->admin)))||($db->error)){header("Location: ../../index.php");exit;}
}
private function mail_forget_password($email,$name,$uid)
{
		$verify=substr(fw_random(),0,12);
		$dt=time();
		$query=sprintf("INSERT INTO ".PREFIX."tmpuser(uid, email, verify, date) VALUES ($uid, '%s', '%s', $dt)",mysql_real_escape_string($email),mysql_real_escape_string($verify));
        if(!@mysql_query($query)){return false;}
		$id=mysql_insert_id();
		$link=DIRECTORY_URL."gb/user/index.php?id=$id&verify=".md5($verify);
		$from="From: ".$this->default_from()."\r\n";
        $text="Hello ".$name.",\r\nYou or someone else request password reset of your account at: http://".getenv('HTTP_HOST')."\r\nIf you really want to reset your password then please click the following link.\r\n\r\n$link";
		$text.="\r\n\r\nThis link can be used once only and remain active for 48 hours.\r\nIf you are unable to click the above link please copy and paste the personalized link in your browser.\r\n";
        $text.="\r\nThank you.\r\nSite administrator.\r\nhttp://".getenv('HTTP_HOST')."/";
        $text.="\r\n------------------------------------------\r\nThis is an autogenerated email. Please do not reply.";
        return (@mail($email,'Your requested password',$text,$from));
}
private function mail_register_email($email,$name,$uid)
{
        $dt=time();
        $verify=substr(fw_random(),0,12);
		@mysql_query($query);
		$query=sprintf("INSERT INTO ".PREFIX."tmpuser(uid, email, verify, date) VALUES ($uid, '%s', '%s', $dt)",mysql_real_escape_string($email),mysql_real_escape_string($verify));
		if(!(@mysql_query($query))){return false;}
		$id=mysql_insert_id();
        $from=$this->default_from();
        $selfurl = str_replace("www.","", strtolower(getenv("HTTP_HOST")));
        $link='http://'.strtolower(getenv("HTTP_HOST")).DOCROOT.'gb/user/index.php?id='.$id.'&verify='.md5($verify);
		$text.="Hello $name,\r\nWelcome to ".$this->site['name']."\r\nYou are just one step behind to complete the registration process.\r\nPlease click the following link to confirm your registration.\r\n\r\n$link\r\n\r\n";
        $text.="*This link will remain active for 48 hours.\r\nIf you are unable to click the above link please copy and paste the personalized link in your browser.\r\n\r\n";
        $text.="-----------------------------------\r\nYou receive this email because you (or someone else) has added this email address to $selfurl.\r\n";
        $text.="This is an auto generated email. Please do not reply.";
        return(@mail($email,'Verification required',$text,'From: '.$from));
}
protected function mail_email_change($email,$name,$uid)
{
		$verify=substr(fw_random(),0,12);
		$dt=time();
		$query=sprintf("INSERT INTO ".PREFIX."tmpuser(uid, email, verify, date) VALUES ($uid, '%s', '%s', $dt)",mysql_real_escape_string($email),mysql_real_escape_string($verify));
        if(!@mysql_query($query)){return false;}
		$id=mysql_insert_id();
		$link=DIRECTORY_URL."gb/user/index.php?id=$id&verify=".md5($verify);
		$from="From: ".$this->default_from()."\r\n";
        $text="Hello ".$name.",\r\nPlease click the following link to confirm this email address.\r\n\r\n$link";
		$text.="\r\n\r\n*This link can be used once only and remain active for 48 hours.\r\nIf you are unable to click the above link please copy and paste the personalized link in your browser.\r\n";
        $text.="\r\nThank you.\r\nSite administrator.\r\nhttp://".getenv('HTTP_HOST')."/";
        $text.="\r\n------------------------------------------\r\nThis is an autogenerated email. Please do not reply.";
        return (@mail($email,'Your requested password',$text,$from));
}
protected function verify_user(&$message)
{
		if(($this->site['blocksite']=='Y')&&(empty($this->admin))){include "../gb/include/blocksite.php";exit;}
		if(isset($_COOKIE['fw_login'])){
            $login=explode('-',$_COOKIE['fw_login']);
			$id=(int)$login[0];
			$session=$login[1];
            $query=sprintf("SELECT session FROM ".PREFIX."user WHERE id = %u",$id);
            $result=@mysql_query($query);
			$row =@mysql_fetch_array($result, MYSQL_ASSOC);
            if((!empty($row['session']))&&(md5($row['session'])===$session)){$this->uid=$id;return true;}
		}
        else{
            if(!empty($_POST['login'])){return($this->login($message));}
            if(!empty($_POST['forget'])){$this->forget($message);}
            $this->register($message);
            return false;}
}
private function exceed_login()
{
        $_SESSION['fw_try']=((isset($_SESSION['fw_try']))? 1+$_SESSION['fw_try'] : 1);
        return($_SESSION['fw_try']>16);
}
private function login(&$message)
{
        if($this->exceed_login()){$message='<span style="color:red;">Maximum number of login attempt failed! Please restart browser.</span>';return false;}
		$email=fw_strip_slashes(trim($_POST['email']));
        $password=fw_strip_slashes(trim($_POST['password']));
		$staylogin=htmlentities(fw_strip_slashes(trim($_POST['staylogin'])));
        if((!fw_validate_email($email))||(!fw_validate_password($password))){$message='<span style="color:red;">Incorrect email and/or password!</span>';return false;}
        $password=md5($password);
		$query=sprintf("SELECT id FROM ".PREFIX."user WHERE email = '%s' AND password = '%s' AND (level=6 OR level=8)",mysql_real_escape_string($email),mysql_real_escape_string($password));
        $result=@mysql_query($query);
		$num=@mysql_num_rows($result);
        if($num<1){$message='<span style="color:red;">Incorrect email and/or password!</span>';return false;}
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
		$_SESSION['fw_try']=0;
        $random=substr(fw_random(),0,12);
		$dt=(($staylogin==='Y')? (time()+3600*24*365) : 0);
		$domain=getenv('HTTP_HOST');
		if(stripos($domain,'www.')===0){$domain=substr($domain,4);}
		$domain='.'.$domain;
        $query=sprintf("UPDATE ".PREFIX."user SET session = '%s' WHERE id = %u",mysql_real_escape_string($random),$row['id']);
        if(@mysql_query($query)==false){$message='<span style="color:red;">System error! Please try again later.</span>';return false;}
		if(!@setcookie('fw_login',$row['id'].'-'.md5($random),$dt,'/',$domain,false,true)){$message='<span style="color:red;">Sorry! Your browser must be cookie enabled.</span>';return false;}
		$this->uid=(int)$row['id'];
        return true;
}
private function forget(&$message)
{
        $email=fw_strip_slashes(trim($_POST['forgetemail']));
        if(!fw_validate_email($email)){$message='<span style="color:red;">No such email in our database!</span>';return false;}
        $query=sprintf("SELECT id, name, level FROM ".PREFIX."user WHERE email = '%s' AND level > 5",mysql_real_escape_string($email));
        $result=@mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
        if(empty($row['id'])){$message='<span style="color:red;">No such email in our database!</span>';return false;}
        if($row['level']==7){
            $message=($this->mail_register_email($email,$row['name'],$row['id'])? '<span style="color:green;">Resend verification email. Please confirm your account.</span>' : '<span style="color:red;">System error! Please  contact site administrator.</span>');
            return false;}
		$message=($this->mail_forget_password($email,$row['name'],$row['id']))? '<span style="color:green;">Password reset link has been send. Please check your email address.</span>':'<span style="color:red;">System error! Please contact site administrator.</span>';
}

private function default_from(){
		$result=@mysql_query("SELECT defaultfrom FROM ".PREFIX."mailsettings LIMIT 0,1");
		$row = @mysql_fetch_array($result, MYSQL_ASSOC);
		return $row['defaultfrom'];
}
private function register(&$message)
{
        $name=fw_strip_slashes(trim($_POST['name']));
        $user=fw_strip_slashes(trim($_POST['user']));
        $password=fw_strip_slashes(trim($_POST['pw']));
        $email=fw_strip_slashes(trim($_POST['registeremail']));
        if(!fw_validate_user($user,$email)){return false;}
        if(!fw_validate_password($password)){return false;}
		$password=md5($password);
		$length=strlen($name);
		if(($length>50)||($length<5)){return false;}
        $dt=time();
        $query=sprintf("SELECT id, user, password, level FROM ".PREFIX."user WHERE email = '%s'",mysql_real_escape_string($email));
        $result=@mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
        if(empty($row['id'])){
            $query=sprintf("SELECT id FROM ".PREFIX."user WHERE user = '%s'",mysql_real_escape_string($user));
            $result=@mysql_query($query);
			$num=@mysql_num_rows($result);
            if(empty($num)){
                if($this->site['verifyuser']){
					$query=sprintf("INSERT INTO ".PREFIX."user(name, user, email, password, level, date) VALUES ('%s', '%s', '%s', '%s', 7, $dt)",mysql_real_escape_string($name),mysql_real_escape_string($user),mysql_real_escape_string($email),mysql_real_escape_string($password));
					if(@mysql_query($query)){
						$id=mysql_insert_id();
						$message=($this->mail_register_email($email,$name,$id)? '<span style="color:green;">A verification email has been send. Please confirm your account.</span>' : '<span style="color:red;">System error! Please  contact site administrator.</span>');}
					else{$message='<span style="color:red;">System error! Please  contact site administrator.</span>';}}
				else{
					$query=sprintf("INSERT INTO ".PREFIX."user(name, user, email, password, level, date) VALUES ('%s', '%s', '%s', '%s', 6, $dt)",mysql_real_escape_string($name),mysql_real_escape_string($user),mysql_real_escape_string($email),mysql_real_escape_string($password));
					$message=(@mysql_query($query))? '<span style="color:green;">Thank you for registering with us, your account has been created. You may now login with your email and password.</span>' : '<span style="color:red;">System error! Please  contact site administrator.</span>';}
            }
            else{$message='<span style="color:red;">User <b>'.$user.'</b> already exist! Please select different user name.</span>';}return false;
        }
		if($row['user']!==$user){$message='<span style="color:red;">Another user is using this email ID! Please select different one.</span>';return false;}
		if($row['level']===0){$message='<span style="color:red;">Sorry! you have been banned from this site.</span>';return false;}
		if($row['level']===6){$message='<span style="color:red;">You are already registered! Please use <b>Forget password</b> form to recover password.</span>';return false;}
		if($row['level']===7){$message='<span style="color:red;">You are already registered. Please use <b>Forget password</b> form to resend verification email.</span>';}
}
protected function log_out()
{
		@setcookie('fw_login','',(time()-100),'/');
		$query = sprintf("UPDATE ".PREFIX."user session = '' WHERE id = %u",$this->uid);
		@mysql_query($query);
		$this->uid='';
		@header("Location: index.php");
		exit;
}
protected function log_in($message='')
{
		$title='Login';
		$menu=$this->get_menu();
		$scriptfile='<script type="text/javascript" src="../script/login.js"></script>';
		include "include/head.php";
		include "include/login.php";
		include "include/footer.html";
}
protected function get_menu()
{
		if(DOCROOT!=='/'){$menu='<a href="http://'.$_SERVER['HTTP_HOST'].'/">Home</a>';}
		$menu.='<a href="../../index.php">Forum</a>';
		if(!empty($this->uid)){$menu.='<a href="index.php">UserCP</a><a href="index.php?query=1M5">Logout</a>';}
		return $menu;
}
}
?>
Return current item: Ramui forum script