Access_user class: Updates & changes Last updated: 2005-11-18 version 1.86 - There was a small bug inside the method update_user_by_admin() (file: admin_user.php), I fixed this. Please check the extra information about the database table name convention (inside the documentation file). I added and example how to show the real name in place of the login name inside the file example.php. version 1.85 - There was a small bug if you want to use the class with "auto_activation = false" the method send_mail() is fixed now. Check the new notes inside the help file. version 1.84 - I noticed some conflicts if you use this class together with tables from a different database. I remove the mysql_select_db command and modified the table names (added the database constant). There is a new method (check_new_password()) to check new passwords against a second conformation password. A new message (38) is used if this check result is false. The modified methods register_user() and update_user. The german and french messages are available now in the Users_profile extension. Thank you Francis for the translation job! version 1.83 - There was small bug during the update of a new password via the admin page. It's a BSD style lincense now! version 1.82 - In this version the activation and notivication functions are more optimized. The sendmail() method can handle more different mail jobs and the activate_account() method will use the new method send_confirmation() to inform the user by mail. There are also some inprovements for the user admin function. The class will not send anymore a mail copy to the admin, from now a new mail is send while using the account_activation() method. Notice the new vars inside the db_config file and the modified admin_user.php file. version 1.81 - Find in this version a function to use this class with manual account validation. To handle these requests, a copy of the activation mail mail is to the site admin (new var, check the db_config.php file. The admin_user.php is more extended to handle an activation status update. From the main class the following methodes are changed: send_mail(), activate_account(), messages() and check_email() (optimized regex pattern). Notice the new var inside the login example. version 1.80 - With this version is it finally possible to work with access levels. Find in this distribution all important examples and also a new application file to change the user data (email, password and access level (admin only)). The methods access_page() and register_user()of the main class are modified. Notice the new method get_access_level() and check the db_config.php file for modifications. Thanks, Alex Hayes for helping with the access levels. version 1.78 - There was a small bug inside the get_profile_data() method (profile extension), the phone number was totally ingnored. version 1.77 - I removed the method login_reader() from the constructor because this can create problems if the user have more then one account inside the same application. You have to use this method for now inside the login scripts (they are modified too). I also added booleans to the activate_new_password() method to handle wrong (password) entries. I modified the file "activate_password.php" (new hidden field) to hold the login name after submission of the new password and its possible to check that password is not inserted twice. version 1.76 - some (not so important) bug fixing in the methods: send_mail() and reg_visit(), check_activation_password() (thanks Tomas, for the reports) and forgot_password() (wrong message). In all url's, used by the the method messages() for sending e-mails, is the language available since this version (...&language=$this->language). This will help to indentify the right lang on multilanguage sites. version 1.75 - In older version there is a security problem if someone know the login name from a other user. While using the word "new" as password it was possible to login. This is fixed, I changed the folowing methods: check_user(), login_user() and access_page(). Thanks Mike, for reporting this problem. version 1.74 - If the user change his password and the login data is saved in a cookie before the new password is not updated. I changed this that the cookie is updated too. The update_user() method is changed to handle this. version 1.73 - After reading some stories about SQL injections I checked this class and updated some queries to make more safe: I changed the "type specifier" inside the following methods: check_user(), update_user(), validate_email(), activate_new_password() and inside the profile extension: save_profile_date() and get_profile_data(). version 1.72 - I moved the definition of important application files into the config file (see constructor). It's possible to use standard pathes for different uses controlled inside the config file. (modigied methods are Access_user() and messages()). I hope this will make it much easier... At least messages are translated into french, thanks Yoan! version 1.71 - there with a small problem after changing the password in the update_user() method. I moved the md5 encoding a little bit to fix this. version 1.70 - check for all new features the manual for the "Users_profile" extension. version 1.65 - Set the value for this varibales inside the the db_config file: $table_name, $webmaster_mail, $webmaster_name, $cookie_name, $cookie_path. I also removed some (db related) vars from class because there not really needed. The constants are used directly. I remove the post var for the login because there is no need of this (it's a session). I modified the method ins_string() to be more flexible for other types of values (integers). version 1.64 - There was a bug, if one or more users uses the same password. If one of these have forgot the password and uses the forgot password method, than it was possible that the wrong password was updated. The method activate_new_password() is modified to check also the id while updating the password. Inside the check_user() method the "new_pass" case will check the id, the check for active is gone. The method check_activation_password() is changed, too. The activate_password.php file is modified and can handle this new variable. In this version the method for an (updated) e-mail address validation is placed inside the login.php script. This script is used for validation by the e-mail confirmation message. version 1.63 - In older versions the entered login name could be case insensitive, I changed the check_user() method that the entered login name must be case sensitive. I removed the md5 encrypyion for the password in the login_user() method and added the encryption to get_user_info() and update_user() method because there was a problem if you save the login data in a cookie. I added the new is_cookie boolean to the example scripts to switch the login_saver to on/off. If the user saved his data in a cookie before and he unchecked the remember option the cookie will be destroyed. I modified for this functionality the methods login_user(), login_saver() and login_reader(). version 1.62 - If a user places the class in the root a bad link was produced while sending a mail (forgot password, register user). After the approvements in In version 1.61 I didn't removed the md5 encoding for the current password. After an update the password was encoded the second time. Both bugs are corrected now. version 1.61 - Changed the md5 encoding to the password in the methods login_user() and get_user_info(), because there was an error reported after updating the account with a new password (the second time). The same time I changed all server variables to fit the configuration with register_globals = off. version 1.60 - The file manual.txt is replaced with a new better manual, access_user_doc.htm. In this file all important functions are described with examples and explanations about how to use the class. Some of the example pages are little bit changed to fit the manual exactly. version 1.51 - I modified the update_user() method to take care of an empty password. If the user doesn't filled the form with a new password the old one will be used during the record update. version 1.50 - The forgot_password() method is complete replaced with some new functions to use a safer way to handle a forgotten password. Check the new / changed methods: check_user(), forgot_password(), check_activation_password(), activate_new_password(), messages(). Find on the example page (forgot_password.php) only the email field. After submitting the form you get an activation link. After clicking this link you can insert a new password. I placed the connect_db() method inside the constructor, too. There is a new appliciation file: activate_password.php, other file(s) are changed (forgot_password.php) version 1.40 - Sinds this release on you have to check for a unique user name too. The following methodes are modified: check_user(), messages(), register_user(). I noticed that after updating an account a double e-mail was not checked in the database. Updates methodes: update_user(), messages(). The login name can't be changed anymore. version 1.31 - I added a function to save the last date of a visit into the extra_info field from the users table. To aktivate this feature you have set the var $count_visit to true. version 1.30 - I modified the "access_page" and "set_user" methods to take care of the "referer" information. With this functions is it possible to remember the address of a page which is requested without login. (see the new example: testpage.php). Notice the new methods "login_saver" and "login_reader". With this functions is it possible to remember the login information on the client side. version 1.20 - Now it is possible to update an account, use the new example page (update_user.php). While updating the class I changed the structure of method's which are called from outside the class. In this version the vars are given to the method and not more predefined. If some one want to update this class for PHP 5 than its possible to separate private vars. Several methods are more flexible than before and I removed some small bugs. version 1.10 - added new property: language, together with the new error reporting method is it possible to translate the messages. Im removed the properties $ok_msg and $error_msg, use for now only (the new one) $the_msg. version 1.02 - new method: get_user_info(), use this to retrieve all user date from the database (to show the visitor his information). version 1.01 - Added the db_config.php file with some constants for the database connection, this makes the whole more flexible.