LOL that is VERY VERY VERY VERY VERY UNSECURE lol i wish one of u guys did that lol its is so ezy to bypass that if u want a good login system heres i made
here is a login system i made
Here are the two critical functions in this library - the token creation and token verification functions.
To use the system,and place user.php,database.php, and pre.php into a directory called /include/ at the root of your web server. Set .php to be parsed by PHP3. Set your database's username, password and hostname in the database.php file. Create a table called user using the SQL at the top of user.php.
CODE
<?php
$hidden_hash_var='your_secret_password_here';
$LOGGED_IN=false;
unset($LOGGED_IN);
function user_isloggedin() {
global $user_name,$id_hash,$hidden_hash_var,$LOGGED_IN;
//have we already run the hash checks?
//If so, return the pre-set, trusted var
if ( isset($LOGGED_IN) ) {
return $LOGGED_IN;
}
//are both cookies present?
if ($user_name && $id_hash) {
/*
Create a hash of the user name that was
passed in from the cookie as well as the
trusted hidden variable
If this hash matches the cookie hash,
then all cookie vars must be correct and
thus trustable
*/
$hash=md5($user_name.$hidden_hash_var);
if ($hash == $id_hash) {
//hashes match - set a global var so we can
//call this function repeatedly without
//redoing the md5()'s
$LOGGED_IN=true;
return true;
} else {
//hash didn't match - must be a hack attempt?
$LOGGED_IN=false;
return false;
}
} else {
$LOGGED_IN=false;
return false;
}
}
function user_set_tokens($user_name_in) {
/*
call this once you have confirmed user name and password
are correct in the database
*/
global $hidden_hash_var,$user_name,$id_hash;
if (!$user_name_in) {
$feedback .= ' ERROR - User Name Missing When Setting Tokens ';
return false;
}
$user_name=strtolower($user_name_in);
//create a hash of the two variables we know
$id_hash= md5($user_name.$hidden_hash_var);
//set cookies for one month - set to any amount
//or use 0 for a session cookie
setcookie('user_name',$user_name,(time()+2592000),'/','',0);
setcookie('id_hash',$id_hash,(time()+2592000),'/','',0);
}
?>
another importan ilibaray
CODE
<?php
function user_change_email ($password1,$new_email,$user_name) {
global $feedback,$hidden_hash_var;
if (validate_email($new_email)) {
$hash=md5($new_email.$hidden_hash_var);
//change the confirm hash in the db but not the email -
//send out a new confirm email with a new hash
$user_name=strtolower($user_name);
$password1=strtolower($password1);
$sql="UPDATE user SET confirm_hash='$hash' WHERE user_name='$user_name' AND password='". md5($password1) ."'";
$result=db_query($sql);
if (!$result || db_affected_rows($result) < 1) {
$feedback .= ' ERROR - Incorrect User Name Or Password ';
return false;
} else {
$feedback .= ' Confirmation Sent ';
user_send_confirm_email($new_email,$hash);
return true;
}
} else {
$feedback .= ' New Email Address Appears Invalid ';
return false;
}
}
function user_confirm($hash,$email) {
/*
Call this function on the user confirmation page,
which they arrive at when the click the link in the
account confirmation email
*/
global $feedback,$hidden_hash_var;
//verify that they didn't tamper with the email address
$new_hash=md5($email.$hidden_hash_var);
if ($new_hash && ($new_hash==$hash)) {
//find this record in the db
$sql="SELECT * FROM user WHERE confirm_hash='$hash'";
$result=db_query($sql);
if (!$result || db_numrows($result) < 1) {
$feedback .= ' ERROR - Hash Not Found ';
return false;
} else {
//confirm the email and set account to active
$feedback .= ' User Account Updated - You Are Now Logged In ';
user_set_tokens(db_result($result,0,'user_name'));
$sql="UPDATE user SET email='$email',is_confirmed='1' WHERE confirm_hash='$hash'";
$result=db_query($sql);
return true;
}
} else {
$feedback .= ' HASH INVALID - UPDATE FAILED ';
return false;
}
}
function user_send_confirm_email($email,$hash) {
/*
Used in the initial registration function
as well as the change email address function
*/
$message = "Thank You For Registering at Company.com".
"\nSimply follow this link to confirm your registration: ".
"\n\nhttp://www.company.com/account/confirm.php?hash=$hash&email=". urlencode($email).
"\n\nOnce you confirm, you can use the services on your site.";
mail ($email,'Registration Confirmation',$message,'From: noreply@company.com');
}
?>
CHANGE E_MAIL
CODE
<?php
include($DOCUMENT_ROOT.'/include/database.php');
include($DOCUMENT_ROOT.'/include/pre.php');
include($DOCUMENT_ROOT.'/include/user.php');
if ($submit) {
user_change_email ($password1,$new_email,$change_user_name);
}
site_header('Change Your Email Address');
if ($feedback) {
echo '<FONT COLOR="RED"><H2>'.$feedback.'</H2></FONT>';
}
echo '<H3>Change Your Email Address</H3>
<P>
Quickly fill in this info and a confirmation email will be sent to you.
<P>
Your email address and info will never be sold to third parties or Internet.com If this policy
changes in the future, the changes will only apply to future registrations
and it will be so noted at that time.
<P>
<FORM ACTION="'. $PHP_SELF .'" METHOD="POST">
<B>User Name:</B><BR>
<INPUT TYPE="TEXT" NAME="change_user_name" VALUE="'. $change_user_name .'" SIZE="10" MAXLENGTH="15">
<P>
<B>Password:</B><BR>
<INPUT TYPE="password" NAME="password1" VALUE="" SIZE="10" MAXLENGTH="15">
<P>
<B>NEW Email (Required - Must be accurate to confirm):</B><BR>
<INPUT TYPE="TEXT" NAME="new_email" VALUE="" SIZE="20" MAXLENGTH="35">
<P>
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Send My Confirmation">
</FORM>';
echo '<P>
<A HREF="login.php">Login To your site</A>
<P>
<A HREF="logout.php">Logout</A>
<P>
<A HREF="register.php">Register A New Account</A>
<P>
<A HREF="changepass.php">Change Your Password</A>';
site_footer();
?>
CONFIRM
CODE
<?php
include($DOCUMENT_ROOT.'/include/database.php');
include($DOCUMENT_ROOT.'/include/pre.php');
include($DOCUMENT_ROOT.'/include/user.php');
if ($hash && $email) {
$worked=user_confirm($hash,$email);
} else {
$feedback = '<H1>ERROR - Missing Params</H1>';
}
site_header('Account Confirmation');
if ($feedback) {
echo '<FONT COLOR="RED"><H2>'.$feedback.'</H2></FONT>';
}
if (!$worked){
echo '<P><H1>Having Trouble Confirming?</H1>
<P>A change was just made to the system, try the
<A HREF="changeemail.php">Change Your Email Address</A>
page to receive a new confirmation email';
}
echo '<H3>Your Account</H3>
<P>
<A HREF="login.php">Login To your site</A>
<P>
<A HREF="logout.php">Logout</A>
<P>
<A HREF="register.php">Register A New Account</A>
<P>
<A HREF="changepass.php">Change Your Password</A>
<P>
<A HREF="changeemail.php">Change Your Email Address</A>';
site_footer();
?>
Login
CODE
<?php
include($DOCUMENT_ROOT.'/include/database.php');
include($DOCUMENT_ROOT.'/include/pre.php');
include($DOCUMENT_ROOT.'/include/user.php');
if (user_isloggedin()) {
user_logout();
$user_name='';
}
if ($submit) {
user_login($user_name,$password);
}
site_header('Login To your site');
if ($feedback) {
echo '<FONT COLOR="RED"><H2>'.$feedback.'</H2></FONT>';
}
echo '<H3>Login to YOUR SITE</H3>
<P>
Enter your user name and password
<P>
<FORM ACTION="'. $PHP_SELF .'" METHOD="POST">
<B>User Name:</B><BR>
<INPUT TYPE="TEXT" NAME="user_name" VALUE="" SIZE="10" MAXLENGTH="15">
<P>
<B>Password:</B><BR>
<INPUT TYPE="password" NAME="password" VALUE="" SIZE="10" MAXLENGTH="15">
<P>
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Login To your site">
</FORM>
<P>
<A HREF="register.php">[ Register A New Account ]</A>
<P>
<A HREF="changepass.php">[ Change Your Password ]</A>
<P>
<A HREF="changeemail.php">[ Change Your Email Address ]</A>';
site_footer();
?>
LOST PASSWORD
CODE
<?php
include($DOCUMENT_ROOT.'/include/pre.php');
include($DOCUMENT_ROOT.'/include/user.php');
include($DOCUMENT_ROOT.'/include/utils.php');
if (user_isloggedin()) {
user_logout();
$user_name='';
}
if ($submit) {
user_lost_password($email,$user_name);
}
site_header('Change Password');
if ($feedback) {
echo '<FONT COLOR="RED"><H2>'.$feedback.'</H2></FONT>';
}
echo '<H3>Reset Passowrd</H3>
<P>
Quickly fill in this info and a new password will be emailed.
<P>
<FORM ACTION="'. $PHP_SELF .'" METHOD="POST">
<B>User Name:</B><BR>
<INPUT TYPE="TEXT" NAME="user_name" VALUE="'.$user_name.'" SIZE="10" MAXLENGTH="15">
<P>
<B>Email Address:</B><BR>
<INPUT TYPE="TEXT" NAME="email" VALUE="" SIZE="30" MAXLENGTH="45">
<P>
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Reset My Password">
</FORM>';
echo '<P>
<A HREF="login.php">Login To your siter</A>
<P>
<A HREF="logout.php">Logout</A>
<P>
<A HREF="register.php">Register A New Account</A>
<P>
<A HREF="changepass.php">Change Password</A>
<P>
<A HREF="changeemail.php">Change Your Email Address</A>';
site_footer();
?>
REGISTER
CODE
<?php
include($DOCUMENT_ROOT.'/include/database.php');
include($DOCUMENT_ROOT.'/include/pre.php');
include($DOCUMENT_ROOT.'/include/user.php');
if (user_isloggedin()) {
user_logout();
$user_name='';
}
if ($submit) {
user_register($user_name,$password1,$password2,$email,$real_name);
}
site_header('Register With your site');
if ($feedback) {
echo '<FONT COLOR="RED"><H2>'.$feedback.'</H2></FONT>';
}
echo '<H3>Register your site</H3>
<P>
Quickly fill in this info and a confirmation email will be sent to you.
<P>
Your email address and info will never be sold to third parties If this policy
changes in the future, the changes will only apply to future registrations
and it will be so noted at that time.
<P>
<FORM ACTION="'. $PHP_SELF .'" METHOD="POST">
<B>Real Name:</B><BR>
<INPUT TYPE="TEXT" NAME="real_name" VALUE="'. $real_name .'" SIZE="20" MAXLENGTH="35">
<P>
<B>User Name:</B><BR>
<INPUT TYPE="TEXT" NAME="user_name" VALUE="'. $user_name .'" SIZE="10" MAXLENGTH="15">
<P>
<B>Password:</B><BR>
<INPUT TYPE="password" NAME="password1" VALUE="" SIZE="10" MAXLENGTH="15">
<P>
<B>Password (again):</B><BR>
<INPUT TYPE="password" NAME="password2" VALUE="" SIZE="10" MAXLENGTH="15">
<P>
<B>Email (Required - Must be accurate to confirm):</B><BR>
<INPUT TYPE="TEXT" NAME="email" VALUE="'. $email .'" SIZE="20" MAXLENGTH="35">
<P>
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Send My Confirmation">
</FORM>';
echo '<H3>Your your site</H3>
<P>
<A HREF="login.php">Login To your siter</A>
<P>
<A HREF="changepass.php">Change Your Password</A>
<P>
<A HREF="changeemail.php">Change Your Email Address</A>';
site_footer();
?>
CHANGE PASSWORD
CODE
<?php
include($DOCUMENT_ROOT.'/include/database.php');
include($DOCUMENT_ROOT.'/include/pre.php');
include($DOCUMENT_ROOT.'/include/user.php');
if (user_isloggedin()) {
user_logout();
$user_name='';
}
if ($submit) {
user_change_password ($new_password1,$new_password2,$change_user_name,$old_password);
}
site_header('Change Password');
if ($feedback) {
echo '<FONT COLOR="RED"><H2>'.$feedback.'</H2></FONT>';
}
echo '<H3>Change Passowrd</H3>
<P>
Quickly fill in this info and your password will be changed.
<P>
<FORM ACTION="'. $PHP_SELF .'" METHOD="POST">
<B>User Name:</B><BR>
<INPUT TYPE="TEXT" NAME="change_user_name" VALUE="'.$user_name.'" SIZE="10" MAXLENGTH="15">
<P>
<B>OLD Password:</B><BR>
<INPUT TYPE="password" NAME="old_password" VALUE="" SIZE="10" MAXLENGTH="15">
<P>
<B>NEW Password:</B><BR>
<INPUT TYPE="password" NAME="new_password1" VALUE="" SIZE="10" MAXLENGTH="15">
<P>
<B>NEW Password (again):</B><BR>
<INPUT TYPE="password" NAME="new_password2" VALUE="" SIZE="10" MAXLENGTH="15">
<P>
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Change My Password">
</FORM>';
echo '<P>
<A HREF="login.php">Login To ur site</A>
<P>
<A HREF="logout.php">Logout</A>
<P>
<A HREF="register.php">Register A New Account</A>
<P>
<A HREF="changeemail.php">Change Your Email Address</A>';
site_footer();
?>
DATABASE
CODE
<?php
//
// XXxxScytherxxXX is a login system designed by him
// Copyright 2007-2008 (c) The rootshell team
// http://rootshell-team.com
//
// $Id: database.php,v 1.6 2000/04/11 14:17:13 cvs Exp $
//
// /etc/local.inc includes the machine specific database connect info
$sys_dbhost='server';
$sys_dbuser='user';
$sys_dbpasswd='pass';
$sys_dbname='dbname';
function db_connect() {
global $sys_dbhost,$sys_dbuser,$sys_dbpasswd;
$conn = mysql_connect($sys_dbhost,$sys_dbuser,$sys_dbpasswd);
if (!$conn) {
echo mysql_error();
}
return $conn;
}
function db_query($qstring,$print=0) {
global $sys_dbname;
return @mysql($sys_dbname,$qstring);
}
function db_numrows($qhandle) {
// return only if qhandle exists, otherwise 0
if ($qhandle) {
return @mysql_numrows($qhandle);
} else {
return 0;
}
}
function db_result($qhandle,$row,$field) {
return @mysql_result($qhandle,$row,$field);
}
function db_numfields($lhandle) {
return @mysql_numfields($lhandle);
}
function db_fieldname($lhandle,$fnumber) {
return @mysql_fieldname($lhandle,$fnumber);
}
function db_affected_rows($qhandle) {
return @mysql_affected_rows();
}
function db_fetch_array($qhandle) {
return @mysql_fetch_array($qhandle);
}
function db_insertid($qhandle) {
return @mysql_insert_id($qhandle);
}
function db_error() {
return "\n\n<P><B>".@mysql_error()."</B><P>\n\n";
}
//connect to the db
//I usually call from pre.php
db_connect();
?>
LOGOUT
CODE
<?php
include($DOCUMENT_ROOT.'/include/database.php');
include($DOCUMENT_ROOT.'/include/pre.php');
include($DOCUMENT_ROOT.'/include/user.php');
if (user_isloggedin()) {
user_logout();
$user_name='';
}
site_header('Login To Your site');
echo '<H2>You Are Now Logged Out</H2>';
echo '<H3>Your Your Site</H3>
<P>
<A HREF="login.php">Login To Your site</A>
<P>
<A HREF="register.php">Register A New Account</A>
<P>
<A HREF="changepass.php">Change Your Password</A>
<P>
<A HREF="changeemail.php">Change Your Email Address</A>';
site_footer();
?>
PRE
CODE
<?php
function site_header($title) {
echo '<HEAD><TITLE>'.$title.'</TITLE></HEAD><BODY>';
}
function site_footer() {
}
?>
USER
CODE
<?php
$hidden_hash_var='your_password_here';
$LOGGED_IN=false;
//clear it out in case someone sets it in the URL or something
unset($LOGGED_IN);
/*
create table user (
user_id int not null auto_increment primary key,
user_name text,
real_name text,
email text,
password text,
remote_addr text,
confirm_hash text,
is_confirmed int not null default 0
);
*/
function user_isloggedin() {
global $user_name,$id_hash,$hidden_hash_var,$LOGGED_IN;
//have we already run the hash checks?
//If so, return the pre-set var
if (isset($LOGGED_IN)) {
return $LOGGED_IN;
}
if ($user_name && $id_hash) {
$hash=md5($user_name.$hidden_hash_var);
if ($hash == $id_hash) {
$LOGGED_IN=true;
return true;
} else {
$LOGGED_IN=false;
return false;
}
} else {
$LOGGED_IN=false;
return false;
}
}
function user_login($user_name,$password) {
global $feedback;
if (!$user_name || !$password) {
$feedback .= ' ERROR - Missing user name or password ';
return false;
} else {
$user_name=strtolower($user_name);
$password=strtolower($password);
$sql="SELECT * FROM user WHERE user_name='$user_name' AND password='". md5($password) ."'";
$result=db_query($sql);
if (!$result || db_numrows($result) < 1){
$feedback .= ' ERROR - User not found or password incorrect ';
return false;
} else {
if (db_result($result,0,'is_confirmed') == '1') {
user_set_tokens($user_name);
$feedback .= ' SUCCESS - You Are Now Logged In ';
return true;
} else {
$feedback .= ' ERROR - You haven\'t Confirmed Your Account Yet ';
return false;
}
}
}
}
function user_logout() {
setcookie('user_name','',(time()+2592000),'/','',0);
setcookie('id_hash','',(time()+2592000),'/','',0);
}
function user_set_tokens($user_name_in) {
global $hidden_hash_var,$user_name,$id_hash;
if (!$user_name_in) {
$feedback .= ' ERROR - User Name Missing When Setting Tokens ';
return false;
}
$user_name=strtolower($user_name_in);
$id_hash= md5($user_name.$hidden_hash_var);
setcookie('user_name',$user_name,(time()+2592000),'/','',0);
setcookie('id_hash',$id_hash,(time()+2592000),'/','',0);
}
function user_confirm($hash,$email) {
/*
Call this function on the user confirmation page,
which they arrive at when the click the link in the
account confirmation email
*/
global $feedback,$hidden_hash_var;
//verify that they didn't tamper with the email address
$new_hash=md5($email.$hidden_hash_var);
if ($new_hash && ($new_hash==$hash)) {
//find this record in the db
$sql="SELECT * FROM user WHERE confirm_hash='$hash'";
$result=db_query($sql);
if (!$result || db_numrows($result) < 1) {
$feedback .= ' ERROR - Hash Not Found ';
return false;
} else {
//confirm the email and set account to active
$feedback .= ' User Account Updated - You Are Now Logged In ';
user_set_tokens(db_result($result,0,'user_name'));
$sql="UPDATE user SET email='$email',is_confirmed='1' WHERE confirm_hash='$hash'";
$result=db_query($sql);
return true;
}
} else {
$feedback .= ' HASH INVALID - UPDATE FAILED ';
return false;
}
}
function user_change_password ($new_password1,$new_password2,$change_user_name,$old_password) {
global $feedback;
//new passwords present and match?
if ($new_password1 && ($new_password1==$new_password2)) {
//is this password long enough?
if (account_pwvalid($new_password1)) {
//all vars are present?
if ($change_user_name && $old_password) {
//lower case everything
$change_user_name=strtolower($change_user_name);
$old_password=strtolower($old_password);
$new_password1=strtolower($new_password1);
$sql="SELECT * FROM user WHERE user_name='$change_user_name' AND password='". md5($old_password) ."'";
$result=db_query($sql);
if (!$result || db_numrows($result) < 1) {
$feedback .= ' User not found or bad password '.db_error();
return false;
} else {
$sql="UPDATE user SET password='". md5($new_password1). "' ".
"WHERE user_name='$change_user_name' AND password='". md5($old_password). "'";
$result=db_query($sql);
if (!$result || db_affected_rows($result) < 1) {
$feedback .= ' NOTHING Changed '.db_error();
return false;
} else {
$feedback .= ' Password Changed ';
return true;
}
}
} else {
$feedback .= ' Must Provide User Name And Old Password ';
return false;
}
} else {
$feedback .= ' New Passwords Doesn\'t Meet Criteria ';
return false;
}
} else {
return false;
$feedback .= ' New Passwords Must Match ';
}
}
function user_lost_password ($email,$user_name) {
global $feedback,$hidden_hash_var;
if ($email && $user_name) {
$user_name=strtolower($user_name);
$sql="SELECT * FROM user WHERE user_name='$user_name' AND email='$email'";
$result=db_query($sql);
if (!$result || db_numrows($result) < 1) {
//no matching user found
$feedback .= ' ERROR - Incorrect User Name Or Email Address ';
return false;
} else {
//create a secure, new password
$new_pass=strtolower(substr(md5(time().$user_name.$hidden_hash_var),1,14));
//update the database to include the new password
$sql="UPDATE user SET password='". md5($new_pass) ."' WHERE user_name='$user_name'";
$result=db_query($sql);
//send a simple email with the new password
mail ($email,'Password Reset','Your Password '.
'has been reset to: '.$new_pass,'From: noreply@company.com');
$feedback .= ' Your new password has been emailed to you. ';
return true;
}
} else {
$feedback .= ' ERROR - User Name and Email Address Are Required ';
return false;
}
}
function user_change_email ($password1,$new_email,$user_name) {
global $feedback,$hidden_hash_var;
if (validate_email($new_email)) {
$hash=md5($new_email.$hidden_hash_var);
//change the confirm hash in the db but not the email -
//send out a new confirm email with a new hash
$user_name=strtolower($user_name);
$password1=strtolower($password1);
$sql="UPDATE user SET confirm_hash='$hash' WHERE user_name='$user_name' AND password='". md5($password1) ."'";
$result=db_query($sql);
if (!$result || db_affected_rows($result) < 1) {
$feedback .= ' ERROR - Incorrect User Name Or Password ';
return false;
} else {
$feedback .= ' Confirmation Sent ';
user_send_confirm_email($new_email,$hash);
return true;
}
} else {
$feedback .= ' New Email Address Appears Invalid ';
return false;
}
}
function user_send_confirm_email($email,$hash) {
/*
Used in the initial registration function
as well as the change email address function
*/
$message = "Thank You For Registering at your site".
"\nSimply follow this link to confirm your registration: ".
"\n\nhttp://www.yoursite.com/account/confirm.php?hash=$hash&email=". urlencode($email).
"\n\nOnce you confirm, you can use the services on your site.";
mail ($email,'your site confirmination',$message,'From: admin@admin.com');
}
function user_register($user_name,$password1,$password2,$email,$real_name) {
global $feedback,$hidden_hash_var;
//all vars present and passwords match?
if ($user_name && $password1 && $password1==$password2 && $email && validate_email($email)) {
//password and name are valid?
if (account_namevalid($user_name) && account_pwvalid($password1)) {
$user_name=strtolower($user_name);
$password1=strtolower($password1);
//does the name exist in the database?
$sql="SELECT * FROM user WHERE user_name='$user_name'";
$result=db_query($sql);
if ($result && db_numrows($result) > 0) {
$feedback .= ' ERROR - USER NAME EXISTS ';
return false;
} else {
//create a new hash to insert into the db and the confirmation email
$hash=md5($email.$hidden_hash_var);
$sql="INSERT INTO user (user_name,real_name,password,email,remote_addr,confirm_hash,is_confirmed) ".
"VALUES ('$user_name','$real_name','". md5($password1) ."','$email','$GLOBALS[REMOTE_ADDR]','$hash','0')";
$result=db_query($sql);
if (!$result) {
$feedback .= ' ERROR - '.db_error();
return false;
} else {
//send the confirm email
user_send_confirm_email($email,$hash);
$feedback .= ' Successfully Registered. You Should Have a Confirmation Email Waiting ';
return true;
}
}
} else {
$feedback .= ' Account Name or Password Invalid ';
return false;
}
} else {
$feedback .= ' ERROR - Must Fill In User Name, Matching Passwords, And Provide Valid Email Address ';
return false;
}
}
function user_getid() {
global $G_USER_RESULT;
//see if we have already fetched this user from the db, if not, fetch it
if (!$G_USER_RESULT) {
$G_USER_RESULT=db_query("SELECT * FROM user WHERE user_name='" . user_getname() . "'");
}
if ($G_USER_RESULT && db_numrows($G_USER_RESULT) > 0) {
return db_result($G_USER_RESULT,0,'user_id');
} else {
return false;
}
}
function user_getrealname() {
global $G_USER_RESULT;
//see if we have already fetched this user from the db, if not, fetch it
if (!$G_USER_RESULT) {
$G_USER_RESULT=db_query("SELECT * FROM user WHERE user_name='" . user_getname() . "'");
}
if ($G_USER_RESULT && db_numrows($G_USER_RESULT) > 0) {
return db_result($G_USER_RESULT,0,'real_name');
} else {
return false;
}
}
function user_getemail() {
global $G_USER_RESULT;
//see if we have already fetched this user from the db, if not, fetch it
if (!$G_USER_RESULT) {
$G_USER_RESULT=db_query("SELECT * FROM user WHERE user_name='" . user_getname() . "'");
}
if ($G_USER_RESULT && db_numrows($G_USER_RESULT) > 0) {
return db_result($G_USER_RESULT,0,'email');
} else {
return false;
}
}
function user_getname() {
if (user_isloggedin()) {
return $GLOBALS['user_name'];
} else {
//look up the user some day when we need it
return ' ERROR - Not Logged In ';
}
}
function account_pwvalid($pw) {
global $feedback;
if (strlen($pw) < 6) {
$feedback .= " Password must be at least 6 characters. ";
return false;
}
return true;
}
function account_namevalid($name) {
global $feedback;
// no spaces
if (strrpos($name,' ') > 0) {
$feedback .= " There cannot be any spaces in the login name. ";
return false;
}
// must have at least one character
if (strspn($name,"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") == 0) {
$feedback .= "There must be at least one character.";
return false;
}
// must contain all legal characters
if (strspn($name,"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_")
!= strlen($name)) {
$feedback .= " Illegal character in name. ";
return false;
}
// min and max length
if (strlen($name) < 5) {
$feedback .= " Name is too short. It must be at least 5 characters. ";
return false;
}
if (strlen($name) > 15) {
$feedback .= "Name is too long. It must be less than 15 characters.";
return false;
}
// illegal names
if (eregi("^((root)|(bin)|(daemon)|(adm)|(lp)|(sync)|(shutdown)|(halt)|(mail)|(news)"
. "|(uucp)|(operator)|(games)|(mysql)|(httpd)|(nobody)|(dummy)"
. "|(www)|(cvs)|(shell)|(ftp)|(irc)|(debian)|(ns)|(download))$",$name)) {
$feedback .= "Name is reserved.";
return 0;
}
if (eregi("^(anoncvs_)",$name)) {
$feedback .= "Name is reserved for CVS.";
return false;
}
return true;
}
function validate_email ($address) {
return (ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@'. '[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $address));
}
?>
IF you need any help with this scrip dont hesitate to ask me
ohh forgot the ip tracking system
CODE
ile: getIp.php - |
# send e- mail when IP is change.
# Format:
# http://webhost/getIP.php?email=xxx@xxx.xxx
# Putting into practice:
# If u have distance PC wiht dynamic IP, and
# you need connect via SSH or Windows Remote
# connection;
# Addtional:
# Linux: you need to add cron job to repeat
# these every 1 hour. cronttab -e
# 01 * * * * "/path_to_sh_script/getIp.sh"
# getIp.sh
# #!/bin/bash
# lynx --dump http://webhost/getIp.php?email=\
# xxx@xxx.xxx >/dev/null
# Windows: i don`t know.
# Notes:
# class always return blank page, bacause is
# design for background work and is not
# necessary to show some information.
# If u receive e-mail, then is working.
# If the IP is not change, u will receive
# nothing;
# =============================================== #
# //--------MySQL class------------------------\\ |
# =============================================== #
class MySQL {
# =============================================== #
# //--------MySQL configure--------------------\\ |
# =============================================== #
var $host = "";
var $user = "";
var $pass = "";
var $db = "";
# =============================================== #
# //--------MySQL connect to db----------------\\ |
# =============================================== #
function MySQL() {
$this->connect = @mysql_connect($this->host, $this->user, $this->pass)
or die();
$this->MySQL_SELECT($this->db);
}
function MySQL_SELECT($db) {
$this->select = @mysql_select_db($db, $this->connect )
or die();
}
}
# =============================================== #
# //--------eMail class------------------------\\ |
# =============================================== #
class eMail extends MySQL {
function emailCheck($str) {
$regex = '^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]{2,})+$';
if (eregi($regex, $str)) return true;
else return false;
}
function formatDate($format, $time) {
if (strlen($time) < 4) {
return 'N/A';
}
$year=substr($time,0,4);
$month=substr($time,4,2);
$day=substr($time,6,2);
$hour=substr($time,8,2);
$minute=substr($time,10,2);
$seconds=substr($time,12,2);
$month = (strlen($month) > 1) ? $month*1 : $month;
$day = (strlen($day) > 1) ? $day*1 : $day;
return date($format, mktime($hour,$minute,$seconds,$month,$day,$year));
}
function sendMail ($to, $ip) {
$subject = 'IP check- '.$this->formatDate('d.m.Y H:i',date(YmdHi));
$message = "new ip: ";
$message .= $ip."\n\r";
$message .= "hourly update";
$headers = 'From: IP info <gogo_luxecs@yahoo.com>' . "\r\n";
return mail($to, $subject, $message, $headers);
}
}
# =============================================== #
# //--------getIP class------------------------\\ |
# =============================================== #
class getIP extends eMail {
function getIP () {
MySQL::MySQL();
$to = $_GET['email'];
$ip = $_SERVER['REMOTE_ADDR'];
if (empty($to) || $to == !eMail::emailCheck($to)) {
die ();
}
if (mysql_num_rows(mysql_query("SELECT * FROM getip_info "
."WHERE email = '".$to."'")) <= 0){
mysql_query("INSERT INTO getip_info(ip, email ) "
."VALUES ('".$ip."', '".$to."')");
eMail::sendMail($to, $ip);
}else {
$result = mysql_query("SELECT * FROM getip_info "
."WHERE email = '".$to."'");
while($row = mysql_fetch_object($result)) {
if ($row->ip == $ip) {
die();
}else {
mysql_query("UPDATE getip_info SET ip = '".$ip."' "
."WHERE email = '".$to."'");
eMail::sendMail($to, $ip);
}
}
}
}
}
# =============================================== #
# //--------Call all---------------------------\\ |
# =============================================== #
$getIp = new getIP();
?>
IP.SQL
CODE
CREATE TABLE `getip_info` (
`id` int(11) unsigned NOT NULL auto_increment,
`ip` varchar(15) NOT NULL default '',
`email` varchar(255) NOT NULL default '',
PRIMARY KEY (`id`)
) TYPE=MyISAM;