-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathmodule.php
More file actions
executable file
·316 lines (297 loc) · 9.94 KB
/
module.php
File metadata and controls
executable file
·316 lines (297 loc) · 9.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
<?php
class mysql {
/**
* Function connection to MySQL
* @param $db_host domain or ip mysql server (localhost - default)
* @param $db_login user name for connect to mysql server
* @param $db_password password for conntect to mysql server
* @param $db_name mysql database
*/
static function connect($db_host, $db_login, $db_passwd, $db_name) {
mysql_connect($db_host, $db_login, $db_passwd) or die ("MySQL Error: " . mysql_error());
mysql_query("set names utf8") or die ("<br>Invalid query: " . mysql_error());
mysql_select_db($db_name) or die ("<br>Invalid query: " . mysql_error());
}
/**
* MySQL query
*
* @param $query Mysql query
* @param $type Type: num_row, result, assoc or none
* @param $num Param in mysql_result
* @return boolean True or False
*/
static function query($query, $type=null, $num=null) {
if ($q=mysql_query($query)) {
switch ($type) {
case 'num_row' : return mysql_num_rows($q); break;
case 'result' : return mysql_result($q, $num); break;
case 'assoc' : return mysql_fetch_assoc($q); break;
case 'none' : return $q;
default: return $q;
}
} else {
return false;
}
}
/**
* MySQL data screening
*
* @param $data Screening string
* @return string Result string
*/
static function screening($data) {
$data = trim($data);
return mysql_real_escape_string($data);
}
/**
* MySQL data screening array
* @papam $data screening array
* @return array result array
*/
static function screening_array($data) {
foreach ($data as $key=>$value) {
$tmp[$key]=mysql::screening($value);
}
return $tmp;
}
}
class auth {
static $error_arr=array();
static $error='';
/**
* This method validate user data
* @param $login user login
* @param $passwd user password one
* @param $passwd2 user password two
* @param $mail user email
* @return bollean return true or false
*/
function check_new_user($login, $passwd, $passwd2, $mail) {
//~ validate user data
if (empty($login) or empty($passwd) or empty($passwd2)) $error[]='All fields are required';
if ($passwd != $passwd2) $error[]='The passwords do not match';
if (strlen($login)<3 or strlen($login)>30) $error[]='The login must be between 3 and 30 characters';
if (strlen($passwd)<3 or strlen($passwd)>30) $error[]='The password must be between 3 and 30 characters';
//~ validate email
if (!filter_var($mail, FILTER_VALIDATE_EMAIL)) $error[]='Not correct email';
//~ Checks the user with the same name in the database
if (mysql::query("SELECT * FROM users WHERE login_user='".$login."';", 'num_row')!=0) $error[]='A user with this name already exists';
if (mysql::query("SELECT * FROM users WHERE mail_user='".$mail."';", 'num_row')!=0) $error[]='User with this email already exists';
//~ return error array or TRUE
if (isset($error)) {
self::$error_arr=$error;
return false;
} else {
return true;
}
}
/**
* This method is used to register a new user
* @return boolean or string return true or html code error
*/
function reg() {
//~ screening input data
$tmp_arr=mysql::screening_array($_POST);
$login=$tmp_arr['login'];
$passwd=$tmp_arr['passwd'];
$passwd2=$tmp_arr['passwd2'];
$mail=$tmp_arr['mail'];
//~ User floor translate to a numeric value
if ($tmp_arr['sex']=='male') {
$sex='1';
} else {
$sex='2';
}
//~ Check valid user data
if ($this->check_new_user($login, $passwd, $passwd2, $mail)) {
//~ User data is correct. Register.
$user_key = $this->generateCode(10);
$passwd = md5($user_key.$passwd.SECRET_KEY); //~ password hash with the private key and user key
$query=mysql::query("INSERT INTO `users` (`id_user`, `login_user`, `passwd_user`, `mail_user`, `sex_user`, `key_user`) VALUES (NULL, '".$login."', '".$passwd."', '".$mail."', '".$sex."','".$user_key."');");
if ($query) {
return true;
} else {
self::$error='An error occurred while registering a new user. Contact the Administration.';
return false;
}
} else {
return false;
}
}
/**
* This method checks whether the user is authorized
* @return boolean true or false
*/
function check() {
if (isset($_SESSION['id_user']) and isset($_SESSION['login_user'])) {
return true;
} else {
//~ Verify the existence of cookies
if (isset($_COOKIE['id_user']) and isset($_COOKIE['code_user'])) {
//~ cookies exist. Verified with a table sessions.
$id_user=mysql::screening($_COOKIE['id_user']);
$code_user=mysql::screening($_COOKIE['code_user']);
$query=mysql::query("SELECT `session`.*, `users`.`login_user` FROM `session` INNER JOIN `users` ON `users`.`id_user`=`session`.`id_user` WHERE `session`.`id_user`=".$id_user.";");
if ($query and mysql_num_rows($query)!=0) {
//~ Cookies are found in the database
$user_agent=mysql::screening($_SERVER['HTTP_USER_AGENT']);
while ($row=mysql_fetch_assoc($query)) {
if ($row['code_sess']==$code_user and $row['user_agent_sess']==$user_agent) {
//~ found record
mysql::query("UPDATE `session` SET `used_sess` = `used_sess`+1 WHERE `id_sess` = ".$row['id_sess'].";");
//~ start session and update cookie
$_SESSION['id_user']=$row['id_user'];
$_SESSION['login_user']=$row['login_user'];
setcookie("id_user", $row['id_user'], time()+3600*24*30);
setcookie("code_user", $row['code_sess'], time()+3600*24*30);
return true;
}
}
//~ No records with this pair of matching cookies/user agent
$this->destroy_cookie();
return false;
} else {
//~ No records for this user
$this->destroy_cookie();
return false;
}
} else {
//~ cookies nit exist
$this->destroy_cookie();
return false;
}
}
}
/**
* This method performs user authorization
* @return boolen true or false
*/
function authorization() {
//~ screening user data
$user_data=mysql::screening_array($_POST);
//~ Find a user with the same name and taking his key
$find_user=mysql::query("SELECT * FROM `users` WHERE `login_user`='".$user_data['login']."';", 'assoc');
if (!$find_user) {
//~ user not found
self::$error='User not found';
return false;
} else {
//~ user found
$passwd=md5($find_user['key_user'].$user_data['passwd'].SECRET_KEY); //~ password hash with the private key and user key
if ($passwd==$find_user['passwd_user']) {
//~ passwords match
$_SESSION['id_user']=$find_user['id_user'];
$_SESSION['login_user']=$find_user['login_user'];
//~ if user select "remember me"
if (isset($user_data['remember']) and $user_data['remember']=='on') {
$cook_code=$this->generateCode(15);
$user_agent=mysql::screening($_SERVER['HTTP_USER_AGENT']);
mysql::query("INSERT INTO `session` (`id_sess`, `id_user`, `code_sess`, `user_agent_sess`) VALUES (NULL, '".$find_user['id_user']."', '".$cook_code."', '".$user_agent."');");
setcookie("id_user", $_SESSION['id_user'], time()+3600*24*30);
setcookie("code_user", $cook_code, time()+3600*24*30);
}
return true;
} else {
//~ passwords not match
self::$error='User not found or password not match';
return false;
}
}
}
/**
* This method is used for the user exit
*/
function exit_user() {
//~ Destroy session, delete cookie and redirect to main page
session_destroy();
setcookie("id_user", '', time()-3600);
setcookie("code_user", '', time()-3600);
header("Location: index.php");
}
/**
* This method destroy cookie
*/
function destroy_cookie() {
setcookie("id_user", '', time()-3600);
setcookie("code_user", '', time()-3600);
}
/**
* This method is used for password recovery.
*/
function recovery_pass($login, $mail) {
$login=mysql::screening($login);
$mail=mysql::screening($mail);
if (!filter_var($mail, FILTER_VALIDATE_EMAIL)){
self::$error='Not correct email';
return false;
}
//~ select data from this login
$find_user = mysql::query("SELECT * FROM `users` WHERE `login_user`='".$login."';", 'assoc');
if ($find_user) {
if ($find_user['mail_user']!=$mail) {
//~ Email does not meet this login.
self::$error='Email does not conform to this login';
return false;
} else {
//~ email and login is correct
$new_passwd = $this->generateCode(8);
$new_passwd_sql = md5($find_user['key_user'].$new_passwd.SECRET_KEY); //~ password hash with the private key and user key
$message="You have requested a password recovery site sitename.\nYour new password: ".$new_passwd;
if ($this->send_recovery_mail($find_user['mail_user'], $message)) {
mysql::query("UPDATE `users` SET `passwd_user`='".$new_passwd_sql."' WHERE `id_user` = ".$find_user['id_user'].";");
return true;
} else {
self::$error='A new password has been sent. Contact with the administration.';
return false;
}
}
} else {
//~ this login - not found
self::$error='User not found';
return false;
}
}
/**
* This method sends an email with a new password for that user.
* @return boolean true or false
*/
function send_recovery_mail($mail,$message) {
if (mail($mail, "Recovery password from site sitename", $message, "From: webmaster@sitename.ru\r\n"."Reply-To: webmaster@sitename.ru\r\n"."X-Mailer: PHP/" . phpversion())) {
return true;
} else {
return false;
}
}
/**
* This method generate random string
* @param $length int - length string
* @return string result random string
*/
function generateCode($length) {
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPRQSTUVWXYZ0123456789";
$code = "";
$clen = strlen($chars) - 1;
while (strlen($code) < $length) {
$code .= $chars[mt_rand(0,$clen)];
}
return $code;
}
/**
* This method returns the current error
*/
function error_reporting() {
$r='';
if (mb_strlen(self::$error)>0) {
$r.=self::$error;
}
if (count(self::$error_arr)>0) {
$r.='<h2>The following errors occurred:</h2>'."\n".'<ul>';
foreach(self::$error_arr as $key=>$value) {
$r.='<li>'.$value.'</li>';
}
$r.='</ul>';
}
return $r;
}
}
?>