0, 'end' => 0);
var $_systemVersion = 'C1.4.0'; // Version number.
var $_systemOptions = array(
/*
* Default _systemOptions
*/
'var_name' => 'phpuserlogin', // Is the word used a the name of the var's outside php (forms, urls) that have something to do with phpuserlogin2, must be changed for every new login object
'page' => '', // Is the page where users may login, default is everywhere.
'page_afterlogin' => '', // Is the url for the page the users should be sent to right after login (only after login), default is non = user is not sent to a new page.
'hidden_key' => 0, // This is a hidden key, which is used in the cookies to make them secure, should be change every time you use the script.
'mysql_table' => 'phpuserlogin_user', // Is the name of the table where users are stored.
'mysql_serv' => 'localhost', // Is the address of the mysql server
'mysql_user' => 'root', // Is the username on the mysql server
'mysql_pass' => 'root.mysql.porta3', // Is the password for the mysql server
'mysql_data' => 'phpuserlogin', // Is the name of the database on the mysql server.
'mysql_pcon' => FALSE,
'mysql_fields' => FALSE, // Special option, used to manage extra tables.
'mysql_id' => 'id', // The name of the id field in the user table.
'cookie_life' => '', // How long cookies will live on the client pc, in secs.
'cookie_path' => '/', // The path on the server where the cookie will work, default is whole server.
'cookie_domain' => PHPUSERLOGIN_DOMAIN, // The domain name of the server, default is the server running the script.
'email_reply' => PHPUSERLOGIN_EMAIL, // The reply address used on mails sent by script, default is dontreply@SERVER_DOMAIN_NAME
'admins' => '', // The usernames of the admins, split each name with a ,
'lostpass' => TRUE, // Is the lost password feature on or off
'register' => FALSE, // Is the register function on or off.
'register_page' => '', // This is the page where the reg form is being printed!
'temp_folder' => '', // The direct path to the folder where the templates files are.
'temp_prefix' => 'phpuserlogin', // This is the prefix that is in front of the register templates.
'anti_spam' => 6, // This is the number of times a user may use the forms (must have entered something in all fields), before being slowed down for 5 mins. Enter 0 and this function will be ignored.
'logFile' => '', // This is the direct path (eg /home/path_to/logfile.log) to the file where log entrys will be written to, default is nothing, which means that the scritp will not log anything.
'users_online' => FALSE // Should the script track user active or not.
);
var $_systemText = array(
/*
* Default English
*/
'LOGIN_MISSING_USER' => 'You need to enter a username!',
'LOGIN_MISSING_PASS' => 'You need to enter a password!',
'LOGIN_TO_MANY_USERS' => 'To many users with the same username was found. - Contact the webmaster!',
'LOGIN_WRONG_USER' => 'You have entered a wrong username!',
'LOGIN_WRONG_PASS' => 'You have entered a wrong password!',
'COOKIES_FAKE' => 'The cookies are not valid!',
'COOKIES_NO_USER' => 'The user you have logged in with does not exist anymore!',
'COOKIES_TO_MANY_USERS' => 'There is more then one user with the username you logged in with. - Contact the webmaster!',
'COOKIES_LOGGED_IN' => 'You are logged in!',
'LOST_MISSING_USER' => 'You need to enter a username!',
'LOST_TO_MANY_USERS' => 'To many users with the same username was found. - Contact the webmaster!',
'LOST_WRONG_USER' => 'No user with that username was found!',
'LOST_TO_FAST' => 'This user have already requested a new password within the last day!',
'LOST_NO_REQUEST' => 'This user have not requested a new password!',
'LOST_WRONG_KEY' => 'The two keys did not match - No new password will be made!',
'EMAIL_NONE' => 'No email address was found!',
'EMAIL_NO_GO' => 'Could not send email. - Contact the webmaster!',
'ERROR_MISSING_MSG' => 'Error - No script message found!',
'MYSQL_NO_CON' => 'Could not connect to the MySQL server!',
'MYSQL_NO_CON_P' => 'Could not connect (Persistent) to the MySQL server!',
'MYSQL_NO_DATAB' => 'Could not select the database!',
'MYSQL_QUERY_ERROR' => 'Error while running query on database!',
'REG_MISSING_USER' => 'You need to enter an username! Go back and try again.',
'REG_MISSING_PASS' => 'You need to enter a password! Go back and try again.',
'REG_MISSING_EMAIL' => 'You need to enter an email! Go back and try again.',
'REG_WRONG_PASS' => 'The two passwords where not the same! Go back and try again.',
'REG_USER_E' => 'The username you have used is already in use! Go back and try again with another username.',
'REG_USER_MADE' => 'A user have been made. You can now login!',
'REG_USER_NOT_MADE' => 'Could not make user! Please contact webmaster for help!',
'REG_USER_MADE_ERROR' => 'A user have been made, but some of the info was lost while making the user. Uusename, email and password was added into the database though, more data might also have been added but will not be listed here. You can now login!',
'SPAM' => 'You have used the forms to much within to little time Please wait 5 min.!! Why dont you go and grab yourself a drink while you wait.',
'LOGOUT_FORCE' => 'You have been logged off!',
'LOGOUT_USER' => 'You have logged off!',
'LOGIN_USER' => 'You have logged in!',
'EMAIL_SENT' => 'An email have been sent to you!',
'DEACTIVATED' => 'This user have been deactivated! Please contact webmaster for more info',
'BEEN_DEACTIVATED' => 'This user have been deactivated',
'regForm_1' => 'Enter an username:',
'regForm_2' => 'Enter a password:',
'regForm_3' => 'Retype the password:',
'regForm_4' => 'Enter your e-mail:',
'regForm_5' => 'Confirm',
'regForm_6' => 'Please fill the form and press confirm',
'regForm_7' => 'You may not make a new user while logged in!',
'regForm_9' => 'Sorry, you may not register a new user at the moment Please contact the webmaster for more help!',
'regForm_10' => 'Reset',
'Form_1' => 'Logout',
'Form_2' => 'Your Username:',
'Form_3' => '- Request -',
'Form_4' => 'Back to login',
'Form_5' => 'Username:',
'Form_6' => 'Password:',
'Form_7' => '- Login -',
'Form_8' => 'Lost Password',
'Form_9' => 'Login',
'Form_10' => 'Admin',
'After_login1' => 'If the page does not change, then click',
'After_login2' => 'here!',
'headers_sent' => 'phpUserLogin Headers have already been sent: Stopping script. This script must be run before any output have been sent to the browser.',
'email_footer' => 'This mail was made and sent by phpUserLogin - http://phpuserlogin.oxyscripts.com/',
'aC_1' => 'You may not use this page. If the page does not change within 5 secs then please click',
'aC_2' => 'here',
'oul_1' => 'There have been',
'oul_2' => 'user(s) online in the last 15 mins',
'oul_3' => 'No users have been online the last 15 mins.',
'oul_4' => 'Could not collect data about users from database'
);
var $_systemTemplates = array(
/*
* Default Templates
*/
'reg' => array(
'top' => '
'
)
);
var $_systemPowerBy = ''; // This Text may not be removed or changed.
/* Connect to MySQL database and puts a link in $_systemMySQL_Link */
function connectMySQL() {
if (!$this->_systemMySQL_Link) {
if ($this->_systemOptions['mysql_pcon'] == FALSE) {
if (!$link = @mysql_connect($this->_systemOptions['mysql_serv'], $this->_systemOptions['mysql_user'], $this->_systemOptions['mysql_pass'])) {
$this->_systemRespons[$this->_systemReOwner]['mysql'] = 'phpUserLogin_MySQL_NO_CON';
$this->_systemMySQL_Err[] = array('query'=>'','error'=>mysql_error(),'errno'=>mysql_errno());
return FALSE;
}
} else {
if (!$link = @mysql_pconnect($this->_systemOptions['mysql_serv'], $this->_systemOptions['mysql_user'], $this->_systemOptions['mysql_pass'])) {
$this->_systemRespons[$this->_systemReOwner]['mysql'] = 'phpUserLogin_MySQL_NO_CON_P';
$this->_systemMySQL_Err[] = array('query'=>'','error'=>mysql_error(),'errno'=>mysql_errno());
return FALSE;
}
}
if (!@mysql_select_db($this->_systemOptions['mysql_data'], $link)) {
$this->_systemRespons[$this->_systemReOwner]['mysql'] = 'phpUserLogin_MySQL_NO_DATAB';
$this->_systemMySQL_Err[] = array('query'=>'','error'=>mysql_error(),'errno'=>mysql_errno());
return FALSE;
} else {
$this->_systemMySQL_Link = $link;
return TRUE;
}
} else {
return TRUE;
}
}
function runQuery($query) {
if ($this->connectMySQL()) {
$this->_systemMySQL_QNum++;
if ($result = @mysql_query($query, $this->_systemMySQL_Link)) {
if (ereg("^INSERT", $query)) {
$id = @mysql_insert_id();
} else {
$id = -1;
}
if (ereg("^SELECT", $query)) {
$num = @mysql_num_rows($result);
} elseif (ereg("^(INSERT|UPDATE|DELETE)", $query)) {
$num = @mysql_affected_rows();
} else {
$num = -1;
}
$data = @mysql_fetch_assoc($result);
@mysql_data_seek($result, 0);
return array('num'=>$num,'data'=>$data,'result'=>$result, 'id'=>$id);
} else {
$this->_systemRespons[$this->_systemReOwner]['mysql'] = 'phpUserLogin_MySQL_QUERY_ERROR';
$this->_systemMySQL_Err[] = array('query'=>$query,'error'=>mysql_error(),'errno'=>mysql_errno());
return FALSE;
}
} else {
return FALSE;
}
}
// Loggging function
function runLog($log_entry) {
if (!empty($log_entry) && !empty($this->_systemOptions['logFile'])) {
// Opening Log File
if (@$log_fp = fopen ($this->_systemOptions['logFile'], "a+b")) {
// Writing to log file
@fwrite($log_fp, gmdate("M-d-Y H:i:s").' | '.$_SERVER['REMOTE_ADDR'].' | '.$log_entry.'
');
// Closing Log File
@fclose($log_fp);
}
}
}
function findUser($user) {
return $this->runQuery("SELECT * FROM ".$this->_systemOptions['mysql_table']." WHERE username = '".mysql_escape_string($user)."'");
}
function sendMail($email, $subject, $message) {
if ($email == '' or $email == NULL) {
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_EMAIL_NONE';
return FALSE;
} else {
if (mail($email, $subject, $message."\n\n".$this->_systemText['email_footer'], 'From: '.$this->_systemOptions['email_reply']."\r\n".'Reply-To: '.$this->_systemOptions['email_reply']."\r\n")) {
return TRUE;
} else {
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_EMAIL_NO_GO';
return FALSE;
}
}
}
function stopCaching() {
header("Expires: Sun 25 Jul 1997 05:00:00 GMT"); // Date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Pragma: no-cache"); // HTTP/1.0
}
/* Set cookies and update time and date in table */
function startSession($_username) {
$username = $_username;
$hash = md5($_username.$this->_systemOptions['hidden_key']);
$status = 'ACTIVE';
if ($this->_systemCookiesAdv == TRUE) {
if (!empty($this->_systemOptions['cookie_life'])) {
$lifetime = (time()+$this->_systemOptions['cookie_life']);
} else {
$lifetime = NULL;
}
@setcookie ($this->_systemOptions['var_name'].'[session][user]', $username, $lifetime, $this->_systemOptions['cookie_path'], $this->_systemOptions['cookie_domain']);
@setcookie ($this->_systemOptions['var_name'].'[session][hash]', $hash, $lifetime, $this->_systemOptions['cookie_path'], $this->_systemOptions['cookie_domain']);
@setcookie ($this->_systemOptions['var_name'].'[session][status]', $status, $lifetime, $this->_systemOptions['cookie_path'], $this->_systemOptions['cookie_domain']);
} else {
@setcookie ($this->_systemOptions['var_name'].'[session][user]', $username);
@setcookie ($this->_systemOptions['var_name'].'[session][hash]', $hash);
@setcookie ($this->_systemOptions['var_name'].'[session][status]', $status);
}
if ($this->_systemOptions['users_online'] == TRUE) {
$this->runQuery("UPDATE ".$this->_systemOptions['mysql_table']." SET last_active='".gmdate("YmdHis")."' WHERE username = '".$_username."' LIMIT 1");
}
}
/* Delete cookies */
function endSession() {
if ($this->_systemCookiesAdv == TRUE) {
@setcookie ($this->_systemOptions['var_name'].'[session][user]', '', 0, $this->_systemOptions['cookie_path'], $this->_systemOptions['cookie_domain'] );
@setcookie ($this->_systemOptions['var_name'].'[session][hash]', '', 0, $this->_systemOptions['cookie_path'], $this->_systemOptions['cookie_domain'] );
@setcookie ($this->_systemOptions['var_name'].'[session][status]', '', 0, $this->_systemOptions['cookie_path'], $this->_systemOptions['cookie_domain'] );
} else {
@setcookie ($this->_systemOptions['var_name'].'[session][user]');
@setcookie ($this->_systemOptions['var_name'].'[session][hash]');
@setcookie ($this->_systemOptions['var_name'].'[session][status]');
}
}
/* Spam stopper */
function spamCount($check = FALSE) {
if ($this->_systemCookiesAdv == TRUE AND $this->_systemDebug == FALSE AND $this->_systemOptions['anti_spam'] > 0) {
if (!isset($this->_systemOutVar['spamCounter'])) {
$this->_systemOutVar['spamCounter'] = 0;
}
if ($check == FALSE) {
$lifetime = (mktime()+300);
@setcookie ($this->_systemOptions['var_name'].'[spamCounter]', ($this->_systemOutVar['spamCounter']+1), $lifetime, $this->_systemOptions['cookie_path'], $this->_systemOptions['cookie_domain']);
} else {
if ($this->_systemOutVar['spamCounter'] < $this->_systemOptions['anti_spam']) {
return TRUE;
} else {
$this->_systemRespons['spam'] = TRUE;
return FALSE;
}
}
} else {
return TRUE;
}
}
function phpuserlogin($new_systemOptions = FALSE) {
/* Run time counter - Start */
$this->_systemRunTime['start'] = microtime();
/* If class is called with new options, then override the old ones */
if ($new_systemOptions != FALSE && is_array($new_systemOptions)) {
foreach ($new_systemOptions as $key => $value) {
if (isset($this->_systemOptions[$key])) { // Exclude non excisting Options
$this->_systemOptions[$key] = $value;
}
}
}
if (is_array($this->_systemOptions['mysql_fields'])) {
$extra_tables = $this->_systemOptions['mysql_fields'];
$extra_tables['_main']['table_name'] = $this->_systemOptions['mysql_table'];
$main_table['_main'] = $extra_table['_main'];
unset($extra_table['_main']);
$this->_systemOptions['mysql_fields'] = array_merge($main_table,$extra_tables);
} else {
$this->_systemOptions['mysql_fields']['_main']['table_name'] = $this->_systemOptions['mysql_table'];
}
@$this->_systemOutVar = array_merge ($_COOKIE[$this->_systemOptions['var_name']], $_POST[$this->_systemOptions['var_name']], $_GET[$this->_systemOptions['var_name']]);
/* If a user is already logged in */
if (@$this->_systemOutVar['session']['status'] == 'ACTIVE') {
$this->_systemReOwner = 'login';
if (@md5($this->_systemOutVar['session']['user'].$this->_systemOptions['hidden_key']) == $this->_systemOutVar['session']['hash']) {
if (@$result = $this->findUser($this->_systemOutVar['session']['user'])) {
if ($result['num'] == 1) {
// User did exist.
// Checking user status
if ($result['data']['user_status'] == 1) {
if (isset($this->_systemOutVar['logout'])) {
$this->_systemRespons[$this->_systemReOwner]['action'] = 'phpUserLogin_LOGOUT_USER';
$this->endSession();
$this->runLog('"'.$result['data']['username'].'" logs off.');
} else {
$this->stopCaching();
$this->startSession($result['data']['username']);
$this->userinfo = $result['data'];
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_COOKIES_LOGGED_IN';
$this->loginstatus = TRUE;
$this->runLog('"'.$result['data']['username'].'" passes check and remains logged in.');
}
} else {
// This users have been deactivated.
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_USER_BEEN_DEACTIVATED';
$this->_systemRespons[$this->_systemReOwner]['action'] = 'phpUserLogin_LOGOUT_FORCE';
$this->endSession();
$this->runLog('"'.$this->_systemOutVar['session']['user'].'" is logged off by script. User have been deactivated!');
}
} elseif ($result['num'] > 1) {
// To many users with same username
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_COOKIES_TO_MANY_USERS';
$this->_systemRespons[$this->_systemReOwner]['action'] = 'phpUserLogin_LOGOUT_FORCE';
$this->endSession();
$this->runLog('"'.$this->_systemOutVar['session']['user'].'" is logged off by script. To many users with the same username found!');
} elseif ($result['num'] < 1) {
// No users with that username
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_COOKIES_NO_USER';
$this->_systemRespons[$this->_systemReOwner]['action'] = 'phpUserLogin_LOGOUT_FORCE';
$this->endSession();
$this->runLog('"'.$this->_systemOutVar['session']['user'].'" is logged off by script. No users with that username found!');
}
} else {
$this->_systemRespons[$this->_systemReOwner]['action'] = 'phpUserLogin_LOGOUT_FORCE';
$this->endSession();
$this->runLog('"'.$this->_systemOutVar['session']['user'].'" is logged off by script. MySQL server problems!');
}
} else {
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_COOKIES_FAKE';
$this->_systemRespons[$this->_systemReOwner]['action'] = 'phpUserLogin_LOGOUT_FORCE';
$this->endSession();
$this->runLog('"'.$this->_systemOutVar['session']['user'].'" is logged off by script. Cookies where bad!');
}
/* If a user is not logged in, run all other code */
} else {
/* Check to see how many times the user have used a form, if to many times slow him/her down for 5 mins */
if ($this->spamCount(TRUE)) {
/* User tries to login */
if (isset($this->_systemOutVar['L']['login']) && $this->matchPath('login')) {
$this->_systemReOwner = 'login';
/* Deletes old cookies, if any */
$this->endSession();
if ($this->_systemOutVar['L']['username'] == '') {
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_LOGIN_MISSING_USER';
} elseif ($this->_systemOutVar['L']['password'] == '') {
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_LOGIN_MISSING_PASS';
} else {
// Anti Spam Counter
$this->spamCount();
if ($result = $this->findUser($this->_systemOutVar['L']['username'])) {
if ($result['num'] == 1) {
// User did exist.
if ($result['data']['password'] == md5($this->_systemOutVar['L']['password'])) {
// Checking user status
if ($result['data']['user_status'] == 1) {
$this->stopCaching();
$this->startSession($result['data']['username']);
if (!empty($this->_systemOptions['page_afterlogin'])) {
// If there has been set a page to take the user to after login, then run this.
$this->runLog('"'.$result['data']['username'].'" has logged in and is being sent to another page.');
header('Refresh: 2; url='.$this->_systemOptions['page_afterlogin']);
echo''.$this->_systemText['LOGIN_USER'].'
'.$this->_systemText['After_login1'].' '.$this->_systemText['After_login2'].'';
exit;
} else {
$this->runLog('"'.$result['data']['username'].'" has logged in.');
}
$this->userinfo = $result['data'];
$this->_systemRespons[$this->_systemReOwner]['action'] = 'phpUserLogin_LOGIN_USER';
$this->loginstatus = TRUE;
} else {
// This user have been deactivated.
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_USER_DEACTIVATED';
$this->runLog('"'.$this->_systemOutVar['session']['user'].'" is stopped by script (Logging In). User have been deactivated!');
}
} else {
// Wrong password for this username.
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_LOGIN_WRONG_PASS';
}
} elseif ($result['num'] > 1) {
// To many users with same username
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_LOGIN_TO_MANY_USERS';
} elseif ($result['num'] < 1) {
// No users with that username
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_LOGIN_WRONG_USER';
}
}
}
/* User tries to make a new user, hmm, gah */
} elseif (isset($this->_systemOutVar['REG']['register']) AND $this->_systemOptions['register'] == TRUE && $this->matchPath('reg')) {
$this->_systemReOwner = 'register';
if ($this->_systemOutVar['REG']['username'] == '') {
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_REG_MISSING_USER';
} elseif ($this->_systemOutVar['REG']['password'] == '') {
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_REG_MISSING_PASS';
} elseif ($this->_systemOutVar['REG']['email'] == '') {
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_REG_MISSING_EMAIL';
} else {
if ($this->_systemOutVar['REG']['password'] == $this->_systemOutVar['REG']['password2']) {
// Anti Spam Counter
$this->spamCount();
if ($result = $this->findUser($this->_systemOutVar['REG']['username'])) {
if ($result['num'] < 1) {
$error = 0;
foreach($this->_systemOptions['mysql_fields'] as $table_key => $table_value) {
$query = "INSERT INTO ".$table_value['table_name']." SET";
if (isset($table_value['fields']) AND is_array($table_value['fields'])) {
foreach($table_value['fields'] as $field_key => $field_value) {
list($field_name,,$field_extra) = explode('||', $field_value);
if (ereg('AUTO\[(.*)\]', $field_extra, $extra_data)) {
$query .= " ".$field_name." = '".$extra_data[1]."',";
} elseif (ereg('ON_OFF\[(.*),(.*)\]', $field_extra, $extra_data)) {
if ($this->_systemOutVar['REG']['ADV'][$table_key][$field_name] != $extra_data[1] OR !isset($this->_systemOutVar['REG']['ADV'][$table_key][$field_name])) {
$this->_systemOutVar['REG']['ADV'][$table_key][$field_name] = $extra_data[2];
}
$query .= " ".$field_name." = '".mysql_escape_string($this->_systemOutVar['REG']['ADV'][$table_key][$field_name])."',";
} else {
$query .= " ".$field_name." = '".mysql_escape_string($this->_systemOutVar['REG']['ADV'][$table_key][$field_name])."',";
}
}
}
if ($table_key == '_main') {
$query .= " username = '".mysql_escape_string($this->_systemOutVar['REG']['username'])."', password = '".md5($this->_systemOutVar['REG']['password'])."', email = '".mysql_escape_string($this->_systemOutVar['REG']['email'])."'";
if (!$result = $this->runQuery($query)) {
$error = -1;
break;
}
} else {
$query .= " ".$table_value['id_field']." = '".$result['id']."'";
if (!$this->runQuery($query)) {
$error += 1;
}
}
}
if ($error == -1) {
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_REG_USER_NOT_MADE';
} elseif ($error == 0) {
$this->_systemRespons[$this->_systemReOwner]['action'] = 'phpUserLogin_REG_USER_MADE';
$this->runLog('New user! "'.$this->_systemOutVar['REG']['username'].'" is added to database!');
$this->_systemNewUser = TRUE;
} else {
$this->_systemRespons[$this->_systemReOwner]['action'] = 'phpUserLogin_REG_USER_MADE_ERROR';
$this->runLog('New user! "'.$this->_systemOutVar['REG']['username'].'" is added to database! Some or all "extra table" data was not added to database!');
$this->_systemNewUser = TRUE;
}
} else {
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_REG_USER_E';
}
}
} else {
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_REG_WRONG_PASS';
}
}
/* User wants to request a new password - Part 1 */
} elseif (isset($this->_systemOutVar['LP']['run']) && $this->_systemOptions['lostpass'] == TRUE && $this->matchPath('login')) {
$this->_systemReOwner = 'login';
if ($this->_systemOutVar['LP']['username'] == '') {
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_LOST_MISSING_USER';
} else {
// Anti Spam Counter
$this->spamCount();
if ($result = $this->findUser($this->_systemOutVar['LP']['username'])) {
if ($result['num'] == 1) {
// Checking user status
if ($result['data']['user_status'] == 1) {
// User did exist.
if ($result['data']['lost_date'] < gmdate("YmdHis")) {
srand(microtime()*100000000);
$random_key = md5(rand(1, 999).$this->_systemOptions['var_name'].rand(1, 999));
if ($this->runQuery("UPDATE ".$this->_systemOptions['mysql_table']." SET lost_key='".$random_key."', lost_date='".date("YmdHis", mktime (gmdate("H"),gmdate("i"),gmdate("s"),gmdate("m"),gmdate("d")+1,gmdate("Y")))."' WHERE ".$this->_systemOptions['mysql_id']." = '".$result['data'][$this->_systemOptions['mysql_id']]."' LIMIT 1")) {
// Made a new key and set a new date
if ($this->sendMail($result['data']['email'], 'Request New Password: Step 1', 'A new password have been requested for the user, '.$result['data']['username'].'.
To make a new random password follow this link:
'.$this->pagePath('login',$this->_systemOptions['var_name'].'[LP][user]='.$result['data']['username'].'&'.$this->_systemOptions['var_name'].'[LP][key]='.$random_key).'
If you did not loose or request a new password, then someone else have entered you username, maybe by mistake.
If you keep getting this mail and you did not ask for it, please contact the webmaster of the website.
Thank you for your time!')) {
$this->_systemRespons[$this->_systemReOwner]['action'] = 'phpUserLogin_EMAIL_SENT';
$this->runLog('"'.$result['data']['username'].'" has requested a new password - Part 1: First email.');
}
}
} else {
// This user have already had a request made within the last day
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_LOST_TO_FAST';
}
} else {
// This users have been deactivated.
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_USER_DEACTIVATED';
$this->runLog('"'.$this->_systemOutVar['session']['user'].'" is stopped by script (Lost password: Part 1). User have been deactivated!');
}
} elseif ($result['num'] > 1) {
// To many users with same username
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_LOST_TO_MANY_USERS';
} elseif ($result['num'] < 1) {
// No users with that username
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_LOST_WRONG_USER';
}
}
}
/* User wants to request a new password - Part 2 */
} elseif (isset($this->_systemOutVar['LP']['user']) && isset($this->_systemOutVar['LP']['key']) && $this->_systemOptions['lostpass'] == TRUE && $this->matchPath('login')) {
$this->_systemReOwner = 'login';
if ($result = $this->findUser($this->_systemOutVar['LP']['user'])) {
if ($result['num'] == 1) {
// Checking user status
if ($result['data']['user_status'] == 1) {
// User did exist.
if ($result['data']['lost_key'] != '0') {
if ($result['data']['lost_key'] == $this->_systemOutVar['LP']['key']) {
srand(microtime()*100000000);
$random_pass = rand(1, 9).'a'.rand(1, 9).'b'.rand(1, 9).'c'.rand(1, 9);
if ($this->runQuery("UPDATE ".$this->_systemOptions['mysql_table']." SET lost_key='0', password='".md5($random_pass)."' WHERE ".$this->_systemOptions['mysql_id']." = '".$result['data'][$this->_systemOptions['mysql_id']]."' LIMIT 1")) {
if ($this->sendMail($result['data']['email'], 'Request New Password: Step 2', 'A new password have been made for the user, '.$result['data']['username'].'.
The new password is:
'.$random_pass.'
If you did not request this mail, the login system may have been hacked, contact the webmaster ASAP and tell him what has happend.
Thank you for your time!')) {
$this->_systemRespons[$this->_systemReOwner]['action'] = 'phpUserLogin_EMAIL_SENT';
$this->runLog('"'.$result['data']['username'].'" has requested a new password - Part 2: Secound email with new password.');
} else {
$this->runQuery("UPDATE ".$this->_systemOptions['mysql_table']." SET password='".$result['data']['password']."' WHERE ".$this->_systemOptions['mysql_id']." = '".$result['data'][$this->_systemOptions['mysql_id']]."' LIMIT 1");
}
}
} else {
// The two keys where not the same
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_LOST_WRONG_KEY';
}
} else {
// This user have not requested a new password
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_LOST_NO_REQUEST';
}
} else {
// This users have been deactivated.
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_USER_DEACTIVATED';
$this->runLog('"'.$this->_systemOutVar['session']['user'].'" is stopped by script (Lost password: Part 2). User have been deactivated!');
}
} elseif ($result['num'] > 1) {
// To many users with same username
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_LOST_TO_MANY_USERS';
} elseif ($result['num'] < 1) {
// No users with that username
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_LOST_WRONG_USER';
}
}
}
}
}
/* Checking to see if user is an admin */
if ($this->_systemOptions['admins'] != '' && $this->loginstatus == TRUE) {
$admins = explode(',', $this->_systemOptions['admins']);
if (in_array($this->userinfo['username'], $admins)) {
$this->adminstatus = TRUE;
}
}
/* ADMIN */
if (isset($this->_systemOutVar['ADMIN']['RUN'])) {
$this->_systemReOwner = 'admin';
?>
_systemOutVar['ADMIN']['SHOW'])) { // Show a form or admin function
if ($this->_systemOutVar['ADMIN']['SHOW'] == 'ADD') { // Show Add form
?>
Add New User:.
Remember that you may only use a username ones in the database. So you cant have two users with the username.
_systemOutVar['ADMIN']['SHOW'] == 'USER_LIST') { // Show Edit List form
?>
Edit/Delete - User List:.
runQuery("SELECT ".$this->_systemOptions['mysql_id'].",username,user_status FROM ".$this->_systemOptions['mysql_table']." ORDER BY username ASC")) {
if ($result['num'] > 0) {
?>
To edit a user simply click on that users username.
To delete one or more users check the checkbox next to there name and then click delete user(s).
Deactivated users are shown in red.
_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_ADMIN_NO_USERS_LIST';
}
}
} elseif ($this->_systemOutVar['ADMIN']['SHOW'] == 'EDIT') { // Show Edit User form
?>
Edit User:.
runQuery("SELECT * FROM ".$this->_systemOptions['mysql_table']." WHERE ".$this->_systemOptions['mysql_id']." = '".$this->_systemOutVar['ADMIN']['EDIT_ID']."'")) {
if ($result['num'] == 1) {
?>
If you leave the password fields empty no new password will be made.
1) {
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_ADMIN_TOMANY_USERS_EDIT';
} else {
$this->_systemRespons[$this->_systemReOwner]['info'] = 'phpUserLogin_ADMIN_NO_USERS_EDIT';
}
}
} elseif ($this->_systemOutVar['ADMIN']['SHOW'] == 'DELETE') { // Show Final Delete List form
?>
Delete User(s):.
_systemOutVar['ADMIN']['DELETE_ID']);
$query = "SELECT ".$this->_systemOptions['mysql_id'].",username FROM ".$this->_systemOptions['mysql_table']." WHERE 0";
for ($i = 0; $i < $delete_count; $i++) {
$query .= " OR ".$this->_systemOptions['mysql_id']." = '".$this->_systemOutVar['ADMIN']['DELETE_ID'][$i]."'";
}
$query .= " ORDER BY username ASC";
if ($result = $this->runQuery($query)) {
if ($result['num'] > 0) {
?>
Are you sure you want to delete these users!!
If you dont want to delete one or more of the selected users but still the rest of them, then you can de select them here.
Time used to run code in constructor:
Secounds.
Vars from outside php:
_systemOutVar) ?>
Login status: loginstatus == FALSE) ? 'Not logged in' : 'Logged in Admin status: '.(($this->adminstatus == FALSE) ? 'Not an admin' : 'Is admin'))?>
Data stored in userinfo:
userinfo) ?>
array(
'_main' => array( // This is for extra fields in the main table.
'fields' => array(
1 => 'extra_test||This is a extra field',
2 => 'extra_2||This is another extra fields, very fun, dont you think'
3 => 'extra_3||Make your chose|DROP_DOWN[test1=1,test2=2,test3=3]'
4 => 'extra_4||User level|AUTO[1]'
5 => 'extra_5||Do you want others to see your email|ON_OFF[1,0]'
6 => 'extra_6||What do you like:|RADIO[Men=1,Females=2,Ice=3]'
)
),
2 => array(
'table_name' => 'extra_table',
'id_field' => 'id',
'fields' => array(
1 => 'extra_test||This is a extra field with a limit||MAX[10]',
2 => 'extra_2||This is another extra fields, very fun, dont you think'
3 => 'extra_3||Make your chose||DROP_DOWN[test1=1=s,test2=2,test3=3]'
4 => 'extra_4||User level||AUTO[1]'
5 => 'extra_7||Hidden thing||PASS[100]'
6 => 'extra_5||Do you want others to see your email||ON_OFF[1,0]'
7 => 'extra_6||What do you like:||RADIO[Men=1=s,Females=2,Ice=3]'
),
)
),
*/
?>
