userClass.php:
Code: Select all
<?php
error_reporting("E_ALL");
class UserClass {
private $email;
private $user;
private $password;
function __construct() {
mysql_select_db("boozards_userinfo") or die("db select error");
}
function userLogin($iemail, $ipassword, $iuser) {
self::prepareData($iemail, $ipassword, $iuser) or die("didnt work");
if (get_magic_quotes_gpc()) {
$email = stripslashes($this->email);
$password = stripslashes($this->password);
} else {
$email = $this->email;
$password = $this->password;
}
$hashedpass = md5($password);
$stmt = sprintf("SELECT email,password,user FROM ".TABLE_USERMAIN." WHERE email='%s' AND password='%s'",
mysql_real_escape_string($email),
mysql_real_escape_string($hashedpass));
$pstmt = mysql_query($stmt) or die(mysql_error());
if (mysql_num_rows($pstmt) > 0) {
$get_username = mysql_fetch_row($pstmt) or die("error".mysql_error());
$_SESSION['username'] = $get_username[2];
$_SESSION['email'] = $email;
$_SESSION['hash'] = md5($email);
return true;
} else {
return false;
}
}
function createUser($iemail, $ipassword, $iuser, $displayname, $bday, $name,$city,$state) {
self::prepareData($iemail, $ipassword, $iuser);
if (get_magic_quotes_gpc()) {
$email = stripslashes($this->email);
$password = stripslashes($this->password);
$user = stripslashes($this->user);
} else {
$email = $this->email;
$password = $this->password;
$user = $this->user;
}
$hashedpass = md5($password);
$stmt = sprintf("INSERT INTO ".TABLE_USERMAIN."(email,password,user) VALUES('%s','%s','%s')",
mysql_real_escape_string($email),
mysql_real_escape_string($hashedpass),
mysql_real_escape_string($user),
mysql_real_escape_String($actiationcode));
$pstmt = mysql_query($stmt) or die("error: ".$stmt."<BR>".mysql_error());
$stmt_ui = sprintf("INSERT INTO userInfo(user,displayName,displayPicture,birthday,name,city,state) VALUES('%s','%s','http://www.boozards.com/_images/default.jpg','%s','%s','%s','%s')",
mysql_real_escape_string($user),
mysql_real_escape_string($displayname),
mysql_real_escape_string($bday),
mysql_real_escape_string($name),
mysql_real_escape_string($city),
mysql_real_escape_string($state));
mysql_query($stmt_ui);
$stmt_comment = sprintf("CREATE TABLE %s_comments(
commentId INT(250) AUTO_INCREMENT PRIMARY KEY,
comment VARCHAR(1000) NOT NULL,
friend VARCHAR(250) NOT NULL,
dated VARCHAR(250) NOT NULL,
picture VARCHAR(250),
beenRead BOOL,
board2Board bigint(250) NOT NULL)",
mysql_real_escape_string($user));
$stmt_commentK = sprintf("CREATE INDEX ind_1 ON %s_comments(
picture,
beenRead)",
mysql_real_escape_string($user));
$stmt_pinvites = sprintf("CREATE TABLE %s_invites(
partyId INT(250) NOT NULL PRIMARY KEY,
type VARCHAR(250) NOT NULL,
beenRead BOOL)",
mysql_real_escape_string($user));
$stmt_pinvitesK = sprintf("CREATE INDEX ind_1 ON %s_invites(
partyId,
beenRead)",
mysql_real_escape_string($user));
mysql_query($stmt_comment);
mysql_query($stmt_commentK);
mysql_query($stmt_pinvites);
mysql_query($stmt_pinitesK);
$stmt_friends = sprintf("CREATE TABLE %s_friends(
friend VARCHAR(250)NOT NULL,
position INTEGER,
type INTEGER NOT NULL, beenRead BOOL, dated VARCHAR(250))",
mysql_real_escape_string($user));
$stmt_friendsK = sprintf("CREATE INDEX ind_1 ON %s_friends(
type,
position,beenRead)",
mysql_real_escape_string($user));
mysql_query($stmt_friends);
mysql_query($stmt_friendsK);
$stmt_pictures = sprintf("CREATE TABLE %s_pictures(
picture VARCHAR(250) NOT NULL,
caption VARCHAR(250))",
mysql_real_escape_string($user));
$stmt_picturesK = sprintf("CREATE INDEX ind_1 ON %s_pictures(
picture)",
mysql_real_escape_string($user));
mysql_query($stmt_pictures);
mysql_query($stmt_picturesK);
$picture_dir = $user."/pictures";
$picture_thumb_dir = $picture_dir."/tn";
mkdir($user, 0775);
mkdir($picture_dir, 0775);
mkdir($picture_thumb_dir, 0775);
copy("copyindex.php", $user."/index.php");
return "pass";
}
function prepareData($iemail, $ipassword, $iuser) {
$this->email = trim(strtolower(htmlspecialchars($iemail)));
$this->user = trim(strtolower(htmlspecialchars($iuser)));
$this->password = trim(htmlspecialchars($ipassword));
}
function logoutUser() {
$_SESSION = array();
}
function checkAvailability($var, $type) {
$stmt_chk = sprintf("SELECT ".$type." FROM loginInfo WHERE ".$type."='%s'",
mysql_real_escape_string($var));
if (mysql_num_rows(mysql_query($stmt_chk))>0) {
return true;
} else {
return false;
}
}
}
?>Code: Select all
<?php
error_reporting("E_ALL");
require("_include/classes/UserClass.php");
include 'header.php';
require("_include/english.php");
require_once("_include/classes/TemplateClass.php");
$users = new UserClass();
global $LANG01;
/*
** Creates a user and inserts them into mysql
*/
if (isset($_GET['do']) && (($_GET['do']) == 'create')) {
$regform = new Page("_layout/register.thtml");
$dispname = (isset($_POST['dispname'])) ? $_POST['dispname'] : '';
$password = (isset($_POST['password'])) ? $_POST['password'] : '';
$confpassword = (isset($_POST['confpassword'])) ? $_POST['confpassword'] : '';
$name = (isset($_POST['name'])) ? $_POST['name'] : '';
$city = (isset($_POST['city'])) ? $_POST['city'] : '';
$state = (isset($_POST['state'])) ? $_POST['state'] : '';
$email = (isset($_POST['email'])) ? $_POST['email'] : '';
$user = (isset($_POST['user'])) ? $_POST['user'] : '';
$month = (isset($_POST['month'])) ? $_POST['month'] : '';
$day = (isset($_POST['day'])) ? $_POST['day'] : '';
$year = (isset($_POST['year'])) ? $_POST['year'] : '';
$bday = $month.'-'.$day.'-'.$year;
$msg = '';
if (!empty($dispname)) {
if (strlen($dispname) > 20) {
$msg .= $LANG01[1] . '<br />';
}
} else {
$msg .= $LANG01[2] . '<br />';
}
if (!empty($password)) {
if (strlen($password) < 6) {
$msg .= $LANG01[3] . '<br />';
}
} else {
$msg .= $LANG01[4] . '<br />';
}
if (!empty($confpassword)) {
if (($password) != ($confpassword)) {
$msg .= $LANG01[5] . '<br />';
}
} else {
$msg .= $LANG01[6] . '<br />';
}
if (empty($name)) {
$msg .= $LANG01[8] . '<br />';
}
if (empty($city)) {
$msg .= $LANG01[9] . '<br />';
}
if (empty($state)) {
$msg .= $LANG01[10] . '<br />';
}
if (!empty($email)) {
if (!preg_match('/[a-zA-Z0-9_.]/i', $email)) {
$msg .= $LANG01[19] . '<br />';
}
} else {
$msg .= $LANG01[7] . '<br />';
}
if (!empty($user)) {
if (!preg_match('/[a-zA-Z0-9_]/i', $user)) {
$msg .= $LANG01[13] . '<br />';
}
if (is_numeric($user[0])) {
$msg .= $LANG01[15] . '<br />';
}
} else {
$msg .= $LANG01[14] . '<br />';
}
if ($users->checkAvailability($user, "user")) {
$msg .= $LANG01[17] . '<br />';
}
if ($users->checkAvailability($email, "email")) {
$msg .= $LANG01[18] . '<br />';
}
if (empty($msg)) {
$users->createUser($email,$password,$user,$dispname,$bday,$name,$city,$state);
$msg .= $LANG01[16] . '<br />';
}
$regform->replace_tags(array("errormsg" => "$msg", "profile" => "$dispname", "name" => "$name", "city" => "$city"));
$regform->output();
} if (isset($_REQUEST['mode'])) {
$mode = $_REQUEST['mode'];
} else {
$mode = '';
}
switch ($mode) {
case 'new': $regform = new Page("_layout/register.thtml");
$regform->replace_tags(array("errormsg" => "$msg", "profile" => "", "name" => "", "city" => ""));
$regform->output();
break;
}
/*
** Logs-in a user to their account and creates login session
*/
if (isset($_GET['do']) && (($_GET['do']) == 'login')) {
if ($users->userLogin($email, $password, $user)) {
$forward_address = "network.php";
if (isset($_SESSION['url'])) {
$forward_address = $_SESSION['url'];
unset($_SESSION['url']);
}
echo '<meta http-equiv="refresh" content="0;URL='.$forward_address.'">';
} else {
//echo '<meta http-equiv="refresh" content="0;URL=pleaselogin.php?error=failedlogin&saveusername=".$username">';
}
}
/*
**Logs a user out of their account and clears session
*/
if (isset($_GET['do']) && (($_GET['do']) == 'logout')) {
UserClass::logoutUser();
echo "successfully logged you out. <a href='/'>Home</a>";
}
//same thing as in index.php
//include 'blocks.php';
?>