-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathuser_auth_fns.php
192 lines (171 loc) · 5.6 KB
/
user_auth_fns.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
<?php
require_once('db_fns.php');
function register($username, $email, $password)
// register new person with db
// return true or error message
{
// connect to db
$conn = db_connect();
// check if username is unique
$result = $conn->query("select * from user where username='$username'");
if (!$result)
throw new Exception('Could not execute query');
if ($result->num_rows>0)
throw new Exception('That username is taken - go back and choose another one.');
// if ok, put in db
$result = $conn->query("insert into user values
('$username', sha1('$password'), '$email')");
if (!$result)
throw new Exception('Could not register you in database - please try again later.');
return true;
}
function login($username, $password)
// check username and password with db
// if yes, return true
// else throw exception
{
// connect to db
$conn = db_connect();
{
$query = $conn->query("SELECT * FROM user where username = '$_POST[username]' AND passwd = '$_POST[passwd]'") or die("Sorry Unable to Proccess your request");
if($query->num_rows > 0){
$row = $query->fetch_assoc() or die("Sorry Unable to Proccess your request");
if(!empty($row['username']) AND !empty($row['passwd']))
{
$_SESSION['username'] = $row['passwd'];
echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
} else
{
echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY...";
}
}
}
}
if(isset($_SESSION['valid_user']))
{
login($username, $password);
}
// check if username is unique
/* $result = $conn->query("select * from user
where username='$username'
and passwd ='$password'");
if (!$result)
throw new Exception('Could not log you in.');
if ($result->num_rows>0)
return true;
else
throw new Exception('Could not log you in.');
}*/
function check_valid_user()
// see if somebody is logged in and notify them if not
{
if (isset($_SESSION['valid_user']))
{
echo 'Logged in as '.$_SESSION['valid_user'].'.';
echo '<br />';
}
else
{
// they are not logged in
do_html_heading('Problem:');
echo 'You are not logged in.<br />';
do_html_url('login.php', 'Login');
do_html_footer();
exit;
}
}
function change_password($username, $old_password, $new_password)
// change password for username/old_password to new_password
// return true or false
{
// if the old password is right
// change their password to new_password and return true
// else throw an exception
login($username, $old_password);
$conn = db_connect();
$result = $conn->query( "update user
set passwd = '$new_password'
where username = '$username'");
if (!$result)
throw new Exception('Password could not be changed.');
else
return true; // changed successfully
}
function get_random_word($min_length, $max_length)
// grab a random word from dictionary between the two lengths
// and return it
{
// generate a random word
$word = '';
// remember to change this path to suit your system
$dictionary = '/usr/dict/words'; // the ispell dictionary
$fp = @fopen($dictionary, 'r');
if(!$fp)
return false;
$size = filesize($dictionary);
// go to a random location in dictionary
srand ((double) microtime() * 1000000);
$rand_location = rand(0, $size);
fseek($fp, $rand_location);
// get the next whole word of the right length in the file
while (strlen($word)< $min_length || strlen($word)>$max_length || strstr($word, "'"))
{
if (feof($fp))
fseek($fp, 0); // if at end, go to start
$word = fgets($fp, 80); // skip first word as it could be partial
$word = fgets($fp, 80); // the potential password
};
$word=trim($word); // trim the trailing \n from fgets
return $word;
}
function reset_password($username)
// set password for username to a random value
// return the new password or false on failure
{
// get a random dictionary word b/w 6 and 13 chars in length
$new_password = get_random_word(6, 13);
if($new_password==false)
throw new Exception('Could not generate new password.');
// add a number between 0 and 999 to it
// to make it a slightly better password
srand((double) microtime() * 1000000);
$rand_number = rand(0, 999);
$new_password= $rand_number;
// set user's password to this in database or return false
$conn = db_connect();
$result = $conn->query( "update user
set passwd = sha1('$new_password')
where username = '$username'");
if (!$result)
throw new Exception('Could not change password.'); // not changed
else
return $new_password; // changed successfully
}
function notify_password($username, $password)
// notify the user that their password has been changed
{
$conn = db_connect();
$result = $conn->query("select email from user
where username='$username'");
if (!$result)
{
throw new Exception('Could not find email address.');
}
else if ($result->num_rows==0)
{
throw new Exception('Could not find email address.'); // username not in db
}
else
{
$row = $result->fetch_object();
$email = $row->email;
$from = "From: support@phpbookmark \r\n";
$mesg = "Your PHPBookmark password has been changed to $password \r\n"
."Please change it next time you log in. \r\n";
if (mail($email, 'PHPBookmark login information', $mesg, $from))
return true;
else
throw new Exception('Could not send email.');
}
}
?>