Home > Others

A function library for site user management (original author: Tim

Source: Internet
Author: User
Tags hash mail md5 reserved reset strlen valid vars
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
function | User Management <?php

$hidden _hash_var= ' Your_password_here ';

$LOGGED _in=false;
Clear it out in case someone sets it in the URL or something
unset ($LOGGED _in);

/*

CREATE TABLE User (
user_id int NOT NULL Auto_increment primary key,
User_name text,
Real_name text,
Email text,
Password text,
REMOTE_ADDR text,
Confirm_hash text,
is_confirmed int NOT NULL default 0
);

*/

function User_isloggedin () {
Global $user _name, $id _hash, $hidden _hash_var, $LOGGED _in;
Have we already run the hash checks?
If So, return the pre-set Var
if (Isset ($LOGGED _in)) {
return $LOGGED _in;
}
if ($user _name && $id _hash) {
$hash =md5 ($user _name. $hidden _hash_var);
if ($hash = = $id _hash) {
$LOGGED _in=true;
return true;
} else {
$LOGGED _in=false;
return false;
}
} else {
$LOGGED _in=false;
return false;
}
}

function User_login ($user _name, $password) {
Global $feedback;
if (! $user _name | |! $password) {
$feedback. = ' error-missing user name or password ';
return false;
} else {
$user _name=strtolower ($user _name);
$password =strtolower ($password);
$sql = "SELECT * from user WHERE user_name= ' $user _name ' and password= '". MD5 ($password). "'";
$result =db_query ($sql);
if (! $result | | db_numrows ($RESULT) < 1) {
$feedback. = ' error-user not found or password incorrect ';
return false;
} else {
if (Db_result ($result, 0, ' is_confirmed ') = = ' 1 ') {
User_set_tokens ($user _name);
$feedback. = ' success-you Are now logged in ';
return true;
} else {
$feedback. = ' error-you haven\ ' t confirmed Your account yet ';
return false;
}
}
}
}

function User_logout () {
Setcookie (' user_name ', ', ', (Time () +2592000), '/', ', 0 ';
Setcookie (' Id_hash ', ', ', (Time () +2592000), '/', ', 0 ';
}

function User_set_tokens ($user _name_in) {
Global $hidden _hash_var, $user _name, $id _hash;
if (! $user _name_in) {
$feedback. = ' Error-user Name Missing when Setting tokens ';
return false;
}
$user _name=strtolower ($user _name_in);
$id _hash= MD5 ($user _name. $hidden _hash_var);

Setcookie (' user_name ', $user _name, (Time () +2592000), '/', ', 0 ';
Setcookie (' Id_hash ', $id _hash, (Time () +2592000), '/', ', 0 ';
}

function User_confirm ($hash, $email) {
/*
The call this function on the user confirmation page,
Which they arrive at the click of the link in the
Account Confirmation Email
*/

Global $feedback, $hidden _hash_var;

Verify that they didn "t tamper with the" email address
$new _hash=md5 ($email. $hidden _hash_var);
if ($new _hash && ($new _hash== $hash)) {
Find this record in the DB
$sql = "SELECT * from user WHERE confirm_hash= ' $hash '";
$result =db_query ($sql);
if (! $result | | db_numrows ($RESULT) < 1) {
$feedback. = ' Error-hash not Found ';
return false;
} else {
Confirm the email and set account to active
$feedback. = ' User account updated-you Are now logged in ';
User_set_tokens (Db_result ($result, 0, ' user_name '));
$sql = "UPDATE user SET email= ' $email ', is_confirmed= ' 1 ' WHERE confirm_hash= ' $hash '";
$result =db_query ($sql);
return true;
}
} else {
$feedback. = ' HASH invalid-update FAILED ';
return false;
}
}

function User_change_password ($new _password1, $new _password2, $change _user_name, $old _password) {
Global $feedback;
New passwords present and match?
if ($new _password1 && ($new _password1== $new _password2)) {
Is this password long enough?
if (Account_pwvalid ($new _password1)) {
All VARs are present?
if ($change _user_name && $old _password) {
Lower case Everything
$change _user_name=strtolower ($change _user_name);
$old _password=strtolower ($old _password);
$new _password1=strtolower ($new _password1);
$sql = "SELECT * from user WHERE user_name= ' $change _user_name ' and password= '". MD5 ($old _password). "'";
$result =db_query ($sql);
if (! $result | | db_numrows ($RESULT) < 1) {
$feedback. = ' User not found or bad password '. Db_error ();
return false;
} else {
$sql = "UPDATE user SET password= '". MD5 ($new _password1). "' ".
"WHERE user_name= ' $change _user_name ' and password= '". MD5 ($old _password). "'";
$result =db_query ($sql);
if (! $result | | db_affected_rows ($RESULT) < 1) {
$feedback. = ' Nothing Changed '. Db_error ();
return false;
} else {
$feedback. = ' Password Changed ';
return true;
}
}
} else {
$feedback. = ' must provide User Name and old Password ';
return false;
}
} else {
$feedback. = ' New passwords doesn\ ' t Meet Criteria ';
return false;
}
} else {
return false;
$feedback. = ' New passwords must Match ';
}
}

function User_lost_password ($email, $user _name) {
Global $feedback, $hidden _hash_var;
if ($email && $user _name) {
$user _name=strtolower ($user _name);
$sql = "SELECT * from user WHERE user_name= ' $user _name ' and email= ' $email '";
$result =db_query ($sql);
if (! $result | | db_numrows ($RESULT) < 1) {
No matching user found
$feedback. = ' Error-incorrect User Name or Email address ';
return false;
} else {
Create a secure, new password
$new _pass=strtolower (SUBSTR (MD5) (Time (). $user _name. $hidden _hash_var), 1,14));

Update the database to include the new password
$sql = "UPDATE user SET password= '". MD5 ($new _pass). "' WHERE user_name= ' $user _name ';
$result =db_query ($sql);

Send a simple email with the new password
Mail ($email, ' Password Reset ', ' Your Password '.
' has been reset to: '. $new _pass, ' from:noreply@company.com ');
$feedback. = ' Your new password has been emailed to you. ';
return true;
}
} else {
$feedback. = ' Error-user Name and Email address Are Required ';
return false;
}
}

function User_change_email ($password 1, $new _email, $user _name) {
Global $feedback, $hidden _hash_var;
if (Validate_email ($new _email)) {
$hash =md5 ($new _email. $hidden _hash_var);
Change the confirm hash of the DB but not the email-
Send out a new confirm email with a new hash
$user _name=strtolower ($user _name);
$password 1=strtolower ($password 1);
$sql = "UPDATE user SET confirm_hash= ' $hash ' WHERE user_name= ' $user _name ' and password= '". MD5 ($password 1). "'";
$result =db_query ($sql);
if (! $result | | db_affected_rows ($RESULT) < 1) {
$feedback. = ' Error-incorrect User Name or Password ';
return false;
} else {
$feedback. = ' confirmation Sent ';
User_send_confirm_email ($new _email, $hash);
return true;
}
} else {
$feedback. = ' New Email address appears Invalid ';
return false;
}
}

function User_send_confirm_email ($email, $hash) {
/*
Used in the initial registration function
As as the "change" email address function
*/

$message = "Thank for registering at phpbuilder.com".
"\nsimply follow this link to confirm your registration:".
"\n\nhttp://www.phpbuilder.com/account/confirm.php?hash= $hash &email=". UrlEncode ($email).
"\n\nonce you confirm, you can use the services on Phpbuilder."
Mail ($email, ' phpbuilder registration confirmation ', $message, ' from:noreply@phpbuilder.com ');
}

function User_register ($user _name, $password 1, $password 2, $email, $real _name) {
Global $feedback, $hidden _hash_var;
All VARs present and passwords match?
if ($user _name && $password 1 && $password 1== $password 2 && $email && validate_email ($ email)) {
Password and name are valid?
if (Account_namevalid ($user _name) && account_pwvalid ($password 1)) {
$user _name=strtolower ($user _name);
$password 1=strtolower ($password 1);

Does the name exist in the database?
$sql = "SELECT * from user WHERE user_name= ' $user _name '";
$result =db_query ($sql);
if ($result && db_numrows ($result) > 0) {
$feedback. = ' Error-user NAME EXISTS ';
return false;
} else {
Create a new hash to insert into the DB and the confirmation email
$hash =md5 ($email. $hidden _hash_var);
$sql = INSERT into User (user_name,real_name,password,email,remote_addr,confirm_hash,is_confirmed).
"VALUES (' $user _name ', ' $real _name ', '". MD5 ($password 1). "', ' $email ', ' $GLOBALS [remote_addr] ', ' $hash ', ' 0 ') ';
$result =db_query ($sql);
if (! $result) {
$feedback. = ' ERROR-'. Db_error ();
return false;
} else {
Send the Confirm email
User_send_confirm_email ($email, $hash);
$feedback. = ' successfully registered. You Should Have a confirmation Email waiting ';
return true;
}
}
} else {
$feedback. = ' account Name or Password Invalid ';
return false;
}
} else {
$feedback. = ' Error-must Fill in User Name, Matching passwords, and provide Valid e-mail address ';
return false;
}
}

function User_getid () {
Global $G _user_result;
If we have already fetched this user to the DB, if not, fetch it
if (! $G _user_result) {
$G _user_result=db_query ("select * from USER WHERE user_name= '". User_getname (). "'");
}
if ($G _user_result && db_numrows ($G _user_result) > 0) {
Return Db_result ($G _user_result,0, ' user_id ');
} else {
return false;
}
}

function User_getrealname () {
Global $G _user_result;
If we have already fetched this user to the DB, if not, fetch it
if (! $G _user_result) {
$G _user_result=db_query ("select * from USER WHERE user_name= '". User_getname (). "'");
}
if ($G _user_result && db_numrows ($G _user_result) > 0) {
Return Db_result ($G _user_result,0, ' real_name ');
} else {
return false;
}
}

function User_getemail () {
Global $G _user_result;
If we have already fetched this user to the DB, if not, fetch it
if (! $G _user_result) {
$G _user_result=db_query ("select * from USER WHERE user_name= '". User_getname (). "'");
}
if ($G _user_result && db_numrows ($G _user_result) > 0) {
Return Db_result ($G _user_result,0, ' email ');
} else {
return false;
}
}

function User_getname () {
if (User_isloggedin ()) {
return $GLOBALS [' user_name '];
} else {
Look up the "user some day" when we need it
Return to ' error-not logged in ';
}
}

function Account_pwvalid ($PW) {
Global $feedback;
if (strlen ($PW) < 6) {
$feedback. = "Password must is at least 6 characters.";
return false;
}
return true;
}

function Account_namevalid ($name) {
Global $feedback;
No spaces
if (Strrpos ($name, ') > 0) {
$feedback. = "There cannot is any spaces in the login name.";
return false;
}

Must have at least one character
if (STRSPN ($name, "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz") = = 0) {
$feedback. = "There must is at least one character.";
return false;
}

Must contain all legal characters
if (STRSPN ($name, "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789-_")
!= strlen ($name)) {
$feedback. = "illegal character in name.";
return false;
}

Min and max length
if (strlen ($name) < 5) {
$feedback. = "Name is too short. It must is at least 5 characters. ";
return false;
}
if (strlen ($name) > 15) {
$feedback. = "Name is too long. It must be less than characters. ";
return false;
}

Illegal names
if (eregi ("^" (root) | ( BIN) | (daemon) | (ADM) | (LP) | (sync) | (Shutdown) | (Halt) | (mail) | (News) "
. "| (UUCP) | (operator) | (Games) | (MySQL) | (httpd) | (Nobody) | (dummy) "
. "| (WWW) | (CVS) | (Shell) | (FTP) | (IRC) | (Debian) | (NS) | (download)) $ ", $name)) {
$feedback. = "Name is reserved.";
return 0;
}
if (eregi ("^ (Anoncvs_)", $name)) {
$feedback. = "Name is reserved for CVS.";
return false;
}

return true;
}

function Validate_email ($address) {
Return (Ereg (' ^-!}

?>


This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
ask jeeves original site use case diagram for library management system site function library management software php session management library library management system documentation digital library management software

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More