1. Este site usa cookies. Ao continuar a usar este site está a concordar com o nosso uso de cookies. Saber Mais.

PHP- sistema de login sessions

Discussão em 'Web Development' iniciada por XpLo!T, 19 de Julho de 2007. (Respostas: 10; Visualizações: 5264)

  1. Boas pessoal, é o seguinte tenho em mente montar um site em html/php só que eu de php

    percebo muito pouco já para não dizer nada, já instalei vários sistemas de login em php, mas

    não obtive muito sucesso... A minha ideia era ter um sistema de login que se perceba bem o

    código e que use sessions, eu sei criar as tabelas, fazer as configurações necessárias, mas

    quando chega a parte de proteger uma página com o login não consigo agradeçia que se

    me pudessem indicar um bom sistema simples e eficaz e que me explicassem como faço

    para proteger uma página com o login da mesma. Obrigado Fiquem bem. :joker:
     
  2. msdevweb

    msdevweb Power Member

  3. Aquilo é um sistema de login apenas e para quem percebe já bem php mexer nas variáveis e tal..

    Eu não percebo quase nada de php e secalhar alguém me puderia indicar um sistema SIMPLES, de

    login, registo, e a protecção para as péginas para que so membros registados pudessem usar

    essas mesmas secções do meu futuro site... links, videos, dowload, qualquer coisa que me

    possam arranjar ficaria muito grato .

    Cumprimentos.
     
  4. Actualmente tenho um sistema de login que usa sessions e tive a traduzi-lo para português,

    funciona perfeitamente o único contra, é que eu cria proteger as minhas páginas e que

    fizessem o seguinte um exemplo:

    entro na pagina home.php e se eu estiver logado tudo bem.. caso não esteja vai me pedir o login

    tipo uma verificação da session.. e é isso que não sei fazer. :wow:..

    Aqui vai o sistema que estou a utilizar:


    Código:
    main.php:
    
    <?
    /**
     * Main.php
     *
     * This is an example of the main page of a website. Here
     * users will be able to login. However, like on most sites
     * the login form doesn't just have to be on the main page,
     * but re-appear on subsequent pages, depending on whether
     * the user has logged in or not.
     *
     * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
     * Last Updated: August 26, 2004
     */
    include("include/session.php");
    ?>
    
    <html>
    <title>Jpmaster77's Login Script</title>
    <body>
    
    <table>
    <tr><td>
    
    
    <?
    /**
     * User has already logged in, so display relavent links, including
     * a link to the admin center if the user is an administrator.
     */
    if($session->logged_in){
       echo "<h1>Login activo</h1>";
       echo "Bem Vindo <b>$session->username</b>Está logado. <br><br>"
           ."[<a href=\"userinfo.php?user=$session->username\">A minha conta</a>] &nbsp;&nbsp;"
           ."[<a href=\"useredit.php\">Editar Conta</a>] &nbsp;&nbsp;";
       if($session->isAdmin()){
          echo "[<a href=\"admin/admin.php\">Admin Center</a>] &nbsp;&nbsp;";
       }
       echo "[<a href=\"process.php\">Logout</a>]";
    }
    else{
    ?>
    
    <h1>Login</h1>
    <?
    /**
     * User not logged in, display the login form.
     * If user has already tried to login, but errors were
     * found, display the total number of errors.
     * If errors occurred, they will be displayed.
     */
    if($form->num_errors > 0){
       echo "<font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font>";
    }
    ?>
    <form action="process.php" method="POST">
    <table align="left" border="0" cellspacing="0" cellpadding="3">
    <tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td><td><? echo $form->error("user"); ?></td></tr>
    <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td><td><? echo $form->error("pass"); ?></td></tr>
    <tr><td colspan="2" align="left"><input type="checkbox" name="Lembrar" <? if($form->value("remember") != ""){ echo "checked"; } ?>>
    <font size="2">Lembrar login &nbsp;&nbsp;&nbsp;&nbsp;
    <input type="hidden" name="sublogin" value="1">
    <input type="submit" value="Login"></td></tr>
    <tr><td colspan="2" align="left"><br><font size="2">[<a href="forgotpass.php">Forgot Password?</a>]</font></td><td align="right"></td></tr>
    <tr><td colspan="2" align="left"><br>Não está registado? <a href="register.php">Registe-se!</a></td></tr>
    </table>
    </form>
    
    <?
    }
    
    /**
     * Just a little page footer, tells how many registered members
     * there are, how many users currently logged in and viewing site,
     * and how many guests viewing site. Active users are displayed,
     * with link to their user information.
     */
    echo "</td></tr><tr><td align=\"center\"><br><br>";
    echo "<b>Total de membros:</b> ".$database->getNumMembers()."<br>";
    echo "São $database->num_active_users membros registados e ";
    echo "$database->num_active_guests visitantes a ver o site.<br><br>";
    
    include("include/view_active.php");
    
    ?>
    
    </td></tr>
    </table>
    
    
    </body>
    </html>
    
    
    register.php:
    
    <?
    /**
     * Register.php
     * 
     * Displays the registration form if the user needs to sign-up,
     * or lets the user know, if he's already logged in, that he
     * can't register another name.
     *
     * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
     * Last Updated: August 19, 2004
     */
    include("include/session.php");
    ?>
    
    <html>
    <title>Registo</title>
    <body>
    
    <?
    /**
     * The user is already logged in, not allowed to register.
     */
    if($session->logged_in){
       echo "<h1>Registado</h1>";
       echo "<p>Pedimos desculpa <b>$session->username</b>, mas já está registado. "
           ."<a href=\"main.php\">Home</a>.</p>";
    }
    /**
     * The user has submitted the registration form and the
     * results have been processed.
     */
    else if(isset($_SESSION['regsuccess'])){
       /* Registration was successful */
       if($_SESSION['regsuccess']){
          echo "<h1>Registado!</h1>";
          echo "<p>Obrigado <b>".$_SESSION['reguname']."</b>, A sua informação foi registada!, "
              ."Agora pode <a href=\"main.php\">Efectuar o login</a>.</p>";
       }
       /* Registration failed */
       else{
          echo "<h1>Registro falhou!</h1>";
          echo "<p>Pedimos desculpa mas errou no Username. <b>".$_SESSION['reguname']."</b>, "
              ."Não se pode completar.<br>Por favor tente mais tarde.</p>";
       }
       unset($_SESSION['regsuccess']);
       unset($_SESSION['reguname']);
    }
    /**
     * The user has not filled out the registration form yet.
     * Below is the page with the sign-up form, the names
     * of the input fields are important and should not
     * be changed.
     */
    else{
    ?>
    
    <h1>Registar</h1>
    <?
    if($form->num_errors > 0){
       echo "<td><font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font></td>";
    }
    ?>
    <form action="process.php" method="POST">
    <table align="left" border="0" cellspacing="0" cellpadding="3">
    <tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td><td><? echo $form->error("user"); ?></td></tr>
    <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td><td><? echo $form->error("pass"); ?></td></tr>
    <tr><td>Email:</td><td><input type="text" name="email" maxlength="50" value="<? echo $form->value("email"); ?>"></td><td><? echo $form->error("email"); ?></td></tr>
    <tr><td colspan="2" align="right">
    <input type="hidden" name="subjoin" value="1">
    <input type="submit" value="Join!"></td></tr>
    <tr><td colspan="2" align="left"><a href="main.php">Back to Main</a></td></tr>
    </table>
    </form>
    
    <?
    }
    ?>
    
    </body>
    </html>
    
    
    process.php:
    
    <?
    /**
     * Process.php
     * 
     * The Process class is meant to simplify the task of processing
     * user submitted forms, redirecting the user to the correct
     * pages if errors are found, or if form is successful, either
     * way. Also handles the logout procedure.
     *
     * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
     * Last Updated: August 19, 2004
     */
    include("include/session.php");
    
    class Process
    {
       /* Class constructor */
       function Process(){
          global $session;
          /* User submitted login form */
          if(isset($_POST['sublogin'])){
             $this->procLogin();
          }
          /* User submitted registration form */
          else if(isset($_POST['subjoin'])){
             $this->procRegister();
          }
          /* User submitted forgot password form */
          else if(isset($_POST['subforgot'])){
             $this->procForgotPass();
          }
          /* User submitted edit account form */
          else if(isset($_POST['subedit'])){
             $this->procEditAccount();
          }
          /**
           * The only other reason user should be directed here
           * is if he wants to logout, which means user is
           * logged in currently.
           */
          else if($session->logged_in){
             $this->procLogout();
          }
          /**
           * Should not get here, which means user is viewing this page
           * by mistake and therefore is redirected.
           */
           else{
              header("Location: main.php");
           }
       }
    
       /**
        * procLogin - Processes the user submitted login form, if errors
        * are found, the user is redirected to correct the information,
        * if not, the user is effectively logged in to the system.
        */
       function procLogin(){
          global $session, $form;
          /* Login attempt */
          $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember']));
          
          /* Login successful */
          if($retval){
             header("Location: ".$session->referrer);
          }
          /* Login failed */
          else{
             $_SESSION['value_array'] = $_POST;
             $_SESSION['error_array'] = $form->getErrorArray();
             header("Location: ".$session->referrer);
          }
       }
       
       /**
        * procLogout - Simply attempts to log the user out of the system
        * given that there is no logout form to process.
        */
       function procLogout(){
          global $session;
          $retval = $session->logout();
          header("Location: main.php");
       }
       
       /**
        * procRegister - Processes the user submitted registration form,
        * if errors are found, the user is redirected to correct the
        * information, if not, the user is effectively registered with
        * the system and an email is (optionally) sent to the newly
        * created user.
        */
       function procRegister(){
          global $session, $form;
          /* Convert username to all lowercase (by option) */
          if(ALL_LOWERCASE){
             $_POST['user'] = strtolower($_POST['user']);
          }
          /* Registration attempt */
          $retval = $session->register($_POST['user'], $_POST['pass'], $_POST['email']);
          
          /* Registration Successful */
          if($retval == 0){
             $_SESSION['reguname'] = $_POST['user'];
             $_SESSION['regsuccess'] = true;
             header("Location: ".$session->referrer);
          }
          /* Error found with form */
          else if($retval == 1){
             $_SESSION['value_array'] = $_POST;
             $_SESSION['error_array'] = $form->getErrorArray();
             header("Location: ".$session->referrer);
          }
          /* Registration attempt failed */
          else if($retval == 2){
             $_SESSION['reguname'] = $_POST['user'];
             $_SESSION['regsuccess'] = false;
             header("Location: ".$session->referrer);
          }
       }
       
       /**
        * procForgotPass - Validates the given username then if
        * everything is fine, a new password is generated and
        * emailed to the address the user gave on sign up.
        */
       function procForgotPass(){
          global $database, $session, $mailer, $form;
          /* Username error checking */
          $subuser = $_POST['user'];
          $field = "user";  //Use field name for username
          if(!$subuser || strlen($subuser = trim($subuser)) == 0){
             $form->setError($field, "* Username not entered<br>");
          }
          else{
             /* Make sure username is in database */
             $subuser = stripslashes($subuser);
             if(strlen($subuser) < 5 || strlen($subuser) > 30 ||
                !eregi("^([0-9a-z])+$", $subuser) ||
                (!$database->usernameTaken($subuser))){
                $form->setError($field, "* Username does not exist<br>");
             }
          }
          
          /* Errors exist, have user correct them */
          if($form->num_errors > 0){
             $_SESSION['value_array'] = $_POST;
             $_SESSION['error_array'] = $form->getErrorArray();
          }
          /* Generate new password and email it to user */
          else{
             /* Generate new password */
             $newpass = $session->generateRandStr(8);
             
             /* Get email of user */
             $usrinf = $database->getUserInfo($subuser);
             $email  = $usrinf['email'];
             
             /* Attempt to send the email with new password */
             if($mailer->sendNewPass($subuser,$email,$newpass)){
                /* Email sent, update database */
                $database->updateUserField($subuser, "password", md5($newpass));
                $_SESSION['forgotpass'] = true;
             }
             /* Email failure, do not change password */
             else{
                $_SESSION['forgotpass'] = false;
             }
          }
          
          header("Location: ".$session->referrer);
       }
       
       /**
        * procEditAccount - Attempts to edit the user's account
        * information, including the password, which must be verified
        * before a change is made.
        */
       function procEditAccount(){
          global $session, $form;
          /* Account edit attempt */
          $retval = $session->editAccount($_POST['curpass'], $_POST['newpass'], $_POST['email']);
    
          /* Account edit successful */
          if($retval){
             $_SESSION['useredit'] = true;
             header("Location: ".$session->referrer);
          }
          /* Error found with form */
          else{
             $_SESSION['value_array'] = $_POST;
             $_SESSION['error_array'] = $form->getErrorArray();
             header("Location: ".$session->referrer);
          }
       }
    };
    
    /* Initialize process */
    $process = new Process;
    
    ?>
    
    
    useredit.php:
    
    <?
    /**
     * UserEdit.php
     *
     * This page is for users to edit their account information
     * such as their password, email address, etc. Their
     * usernames can not be edited. When changing their
     * password, they must first confirm their current password.
     *
     * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
     * Last Updated: August 26, 2004
     */
    include("include/session.php");
    ?>
    
    <html>
    <title>Jpmaster77's Login Script</title>
    <body>
    
    <?
    /**
     * User has submitted form without errors and user's
     * account has been edited successfully.
     */
    if(isset($_SESSION['useredit'])){
       unset($_SESSION['useredit']);
       
       echo "<h1>Os seus dados foram alterados!!</h1>";
       echo "<p><b>$session->username</b>, A sua conta foi actualizada!. "
           ."<a href=\"main.php\">Home</a>.</p>";
    }
    else{
    ?>
    
    <?
    /**
     * If user is not logged in, then do not display anything.
     * If user is logged in, then display the form to edit
     * account information, with the current email address
     * already in the field.
     */
    if($session->logged_in){
    ?>
    
    <h1>Editar a sua conta: <? echo $session->username; ?></h1>
    <?
    if($form->num_errors > 0){
       echo "<td><font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font></td>";
    }
    ?>
    <form action="process.php" method="POST">
    <table align="left" border="0" cellspacing="0" cellpadding="3">
    <tr>
    <td>A actual Password:</td>
    <td><input type="password" name="curpass" maxlength="30" value="
    <?echo $form->value("curpass"); ?>"></td>
    <td><? echo $form->error("curpass"); ?></td>
    </tr>
    <tr>
    <td>Nova Password:</td>
    <td><input type="password" name="newpass" maxlength="30" value="
    <? echo $form->value("newpass"); ?>"></td>
    <td><? echo $form->error("newpass"); ?></td>
    </tr>
    <tr>
    <td>Email:</td>
    <td><input type="text" name="email" maxlength="50" value="
    <?
    if($form->value("email") == ""){
       echo $session->userinfo['email'];
    }else{
       echo $form->value("email");
    }
    ?>">
    </td>
    <td><? echo $form->error("email"); ?></td>
    </tr>
    <tr><td colspan="2" align="right">
    <input type="hidden" name="subedit" value="1">
    <input type="submit" value="Editar Conta"></td></tr>
    <tr><td colspan="2" align="left"></td></tr>
    </table>
    </form>
    
    <?
    }
    }
    
    ?>
    
    </body>
    </html>
    
    
    userinfo.php:
    
    <?
    /**
     * UserInfo.php
     *
     * This page is for users to view their account information
     * with a link added for them to edit the information.
     *
     * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
     * Last Updated: August 26, 2004
     */
    include("include/session.php");
    ?>
    
    <html>
    <title>Jpmaster77's Login Script</title>
    <body>
    
    <?
    /* Requested Username error checking */
    $req_user = trim($_GET['user']);
    if(!$req_user || strlen($req_user) == 0 ||
       !eregi("^([0-9a-z])+$", $req_user) ||
       !$database->usernameTaken($req_user)){
       die("Utilizador não registado");
    }
    
    /* Logged in user viewing own account */
    if(strcmp($session->username,$req_user) == 0){
       echo "<h1>Minha Conta</h1>";
    }
    /* Visitor not viewing own account */
    else{
       echo "<h1>Info utilizador</h1>";
    }
    
    /* Display requested user information */
    $req_user_info = $database->getUserInfo($req_user);
    
    /* Username */
    echo "<b>Username: ".$req_user_info['username']."</b><br>";
    
    /* Email */
    echo "<b>Email:</b> ".$req_user_info['email']."<br>";
    
    /**
     * Note: when you add your own fields to the users table
     * to hold more information, like homepage, location, etc.
     * they can be easily accessed by the user info array.
     *
     * $session->user_info['location']; (for logged in users)
     *
     * ..and for this page,
     *
     * $req_user_info['location']; (for any user)
     */
    
    /* If logged in user viewing own account, give link to edit */
    if(strcmp($session->username,$req_user) == 0){
       echo "<br><a href=\"useredit.php\">Editar a sua conta</a><br>";
    }
    
    /* Link back to main */
    echo "<br>Voltar [<a href=\"main.php\">Home</a>]<br>";
    
    ?>
    
    </body>
    </html>
    
    
    ForgotPass.php:
    
    <?
    /**
     * ForgotPass.php
     *
     * This page is for those users who have forgotten their
     * password and want to have a new password generated for
     * them and sent to the email address attached to their
     * account in the database. The new password is not
     * displayed on the website for security purposes.
     *
     * Note: If your server is not properly setup to send
     * mail, then this page is essentially useless and it
     * would be better to not even link to this page from
     * your website.
     *
     * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
     * Last Updated: August 26, 2004
     */
    include("include/session.php");
    ?>
    
    <html>
    <title>Jpmaster77's Login Script</title>
    <body>
    
    <?
    /**
     * Forgot Password form has been submitted and no errors
     * were found with the form (the username is in the database)
     */
    if(isset($_SESSION['forgotpass'])){
       /**
        * New password was generated for user and sent to user's
        * email address.
        */
       if($_SESSION['forgotpass']){
          echo "<h1>Nova password gerada</h1>";
          echo "<p>A sua nova password foi efectuada"
              ."e enviada para o email <br>assoçiado a sua conta. "
              ."<a href=\"main.php\">Main</a>.</p>";
       }
       /**
        * Email could not be sent, therefore password was not
        * edited in the database.
        */
       else{
          echo "<h1>Nova password com erros!</h1>";
          echo "<p>Existe algum erro na sua password "
              ."email para a nova password,<br> por isso a sua password não será alterada. "
              ."<a href=\"main.php\">Main</a>.</p>";
       }
           
       unset($_SESSION['forgotpass']);
    }
    else{
    
    /**
     * Forgot password form is displayed, if error found
     * it is displayed.
     */
    ?>
    
    <h1>Esqueçeu-se da sua password?</h1>
    Uma nova password será gerada e enviada para o seu email<br>
    associado a sua conta, só tem que introduzir o seu "USERNAME".<br><br>
    <? echo $form->error("user"); ?>
    <form action="process.php" method="POST">
    <b>Username:</b> <input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>">
    <input type="hidden" name="subforgot" value="1">
    <input type="submit" value="Nova password">
    </form>
    
    <?
    }
    ?>
    
    </body>
    </html>
    
    
    
    /include/constants.php:
    
    <?
    /**
     * Constants.php
     *
     * This file is intended to group all constants to
     * make it easier for the site administrator to tweak
     * the login script.
     *
     * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
     * Last Updated: August 19, 2004
     */
     
    /**
     * Database Constants - these constants are required
     * in order for there to be a successful connection
     * to the MySQL database. Make sure the information is
     * correct.
     */
    define("DB_SERVER", "localhost");
    define("DB_USER", "root");
    define("DB_PASS", "12345678");
    define("DB_NAME", "login");
    
    /**
     * Database Table Constants - these constants
     * hold the names of all the database tables used
     * in the script.
     */
    define("TBL_USERS", "users");
    define("TBL_ACTIVE_USERS",  "active_users");
    define("TBL_ACTIVE_GUESTS", "active_guests");
    define("TBL_BANNED_USERS",  "banned_users");
    
    /**
     * Special Names and Level Constants - the admin
     * page will only be accessible to the user with
     * the admin name and also to those users at the
     * admin user level. Feel free to change the names
     * and level constants as you see fit, you may
     * also add additional level specifications.
     * Levels must be digits between 0-9.
     */
    define("ADMIN_NAME", "admin");
    define("GUEST_NAME", "Guest");
    define("ADMIN_LEVEL", 9);
    define("USER_LEVEL",  1);
    define("GUEST_LEVEL", 0);
    
    /**
     * This boolean constant controls whether or
     * not the script keeps track of active users
     * and active guests who are visiting the site.
     */
    define("TRACK_VISITORS", true);
    
    /**
     * Timeout Constants - these constants refer to
     * the maximum amount of time (in minutes) after
     * their last page fresh that a user and guest
     * are still considered active visitors.
     */
    define("USER_TIMEOUT", 10);
    define("GUEST_TIMEOUT", 5);
    
    /**
     * Cookie Constants - these are the parameters
     * to the setcookie function call, change them
     * if necessary to fit your website. If you need
     * help, visit [url]www.php.net[/url] for more info.
     * <http://www.php.net/manual/en/function.setcookie.php>
     */
    define("COOKIE_EXPIRE", 60*60*24*100);  //100 days by default
    define("COOKIE_PATH", "/");  //Avaible in whole domain
    
    /**
     * Email Constants - these specify what goes in
     * the from field in the emails that the script
     * sends to users, and whether to send a
     * welcome email to newly registered users.
     */
    define("EMAIL_FROM_NAME", "YourName");
    define("EMAIL_FROM_ADDR", "[email protected]");
    define("EMAIL_WELCOME", false);
    
    /**
     * This constant forces all users to have
     * lowercase usernames, capital letters are
     * converted automatically.
     */
    define("ALL_LOWERCASE", false);
    ?>
    
    
    /includes/database.php:
    
    <?
    /**
     * Database.php
     * 
     * The Database class is meant to simplify the task of accessing
     * information from the website's database.
     *
     * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
     * Last Updated: August 17, 2004
     */
    include("constants.php");
          
    class MySQLDB
    {
       var $connection;         //The MySQL database connection
       var $num_active_users;   //Number of active users viewing site
       var $num_active_guests;  //Number of active guests viewing site
       var $num_members;        //Number of signed-up users
       /* Note: call getNumMembers() to access $num_members! */
    
       /* Class constructor */
       function MySQLDB(){
          /* Make connection to database */
          $this->connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
          mysql_select_db(DB_NAME, $this->connection) or die(mysql_error());
          
          /**
           * Only query database to find out number of members
           * when getNumMembers() is called for the first time,
           * until then, default value set.
           */
          $this->num_members = -1;
          
          if(TRACK_VISITORS){
             /* Calculate number of users at site */
             $this->calcNumActiveUsers();
          
             /* Calculate number of guests at site */
             $this->calcNumActiveGuests();
          }
       }
    
       /**
        * confirmUserPass - Checks whether or not the given
        * username is in the database, if so it checks if the
        * given password is the same password in the database
        * for that user. If the user doesn't exist or if the
        * passwords don't match up, it returns an error code
        * (1 or 2). On success it returns 0.
        */
       function confirmUserPass($username, $password){
          /* Add slashes if necessary (for query) */
          if(!get_magic_quotes_gpc()) {
              $username = addslashes($username);
          }
    
          /* Verify that user is in database */
          $q = "SELECT password FROM ".TBL_USERS." WHERE username = '$username'";
          $result = mysql_query($q, $this->connection);
          if(!$result || (mysql_numrows($result) < 1)){
             return 1; //Indicates username failure
          }
    
          /* Retrieve password from result, strip slashes */
          $dbarray = mysql_fetch_array($result);
          $dbarray['password'] = stripslashes($dbarray['password']);
          $password = stripslashes($password);
    
          /* Validate that password is correct */
          if($password == $dbarray['password']){
             return 0; //Success! Username and password confirmed
          }
          else{
             return 2; //Indicates password failure
          }
       }
       
       /**
        * confirmUserID - Checks whether or not the given
        * username is in the database, if so it checks if the
        * given userid is the same userid in the database
        * for that user. If the user doesn't exist or if the
        * userids don't match up, it returns an error code
        * (1 or 2). On success it returns 0.
        */
       function confirmUserID($username, $userid){
          /* Add slashes if necessary (for query) */
          if(!get_magic_quotes_gpc()) {
              $username = addslashes($username);
          }
    
          /* Verify that user is in database */
          $q = "SELECT userid FROM ".TBL_USERS." WHERE username = '$username'";
          $result = mysql_query($q, $this->connection);
          if(!$result || (mysql_numrows($result) < 1)){
             return 1; //Indicates username failure
          }
    
          /* Retrieve userid from result, strip slashes */
          $dbarray = mysql_fetch_array($result);
          $dbarray['userid'] = stripslashes($dbarray['userid']);
          $userid = stripslashes($userid);
    
          /* Validate that userid is correct */
          if($userid == $dbarray['userid']){
             return 0; //Success! Username and userid confirmed
          }
          else{
             return 2; //Indicates userid invalid
          }
       }
       
       /**
        * usernameTaken - Returns true if the username has
        * been taken by another user, false otherwise.
        */
       function usernameTaken($username){
          if(!get_magic_quotes_gpc()){
             $username = addslashes($username);
          }
          $q = "SELECT username FROM ".TBL_USERS." WHERE username = '$username'";
          $result = mysql_query($q, $this->connection);
          return (mysql_numrows($result) > 0);
       }
       
       /**
        * usernameBanned - Returns true if the username has
        * been banned by the administrator.
        */
       function usernameBanned($username){
          if(!get_magic_quotes_gpc()){
             $username = addslashes($username);
          }
          $q = "SELECT username FROM ".TBL_BANNED_USERS." WHERE username = '$username'";
          $result = mysql_query($q, $this->connection);
          return (mysql_numrows($result) > 0);
       }
       
       /**
        * addNewUser - Inserts the given (username, password, email)
        * info into the database. Appropriate user level is set.
        * Returns true on success, false otherwise.
        */
       function addNewUser($username, $password, $email){
          $time = time();
          /* If admin sign up, give admin user level */
          if(strcasecmp($username, ADMIN_NAME) == 0){
             $ulevel = ADMIN_LEVEL;
          }else{
             $ulevel = USER_LEVEL;
          }
          $q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time)";
          return mysql_query($q, $this->connection);
       }
       
       /**
        * updateUserField - Updates a field, specified by the field
        * parameter, in the user's row of the database.
        */
       function updateUserField($username, $field, $value){
          $q = "UPDATE ".TBL_USERS." SET ".$field." = '$value' WHERE username = '$username'";
          return mysql_query($q, $this->connection);
       }
       
       /**
        * getUserInfo - Returns the result array from a mysql
        * query asking for all information stored regarding
        * the given username. If query fails, NULL is returned.
        */
       function getUserInfo($username){
          $q = "SELECT * FROM ".TBL_USERS." WHERE username = '$username'";
          $result = mysql_query($q, $this->connection);
          /* Error occurred, return given name by default */
          if(!$result || (mysql_numrows($result) < 1)){
             return NULL;
          }
          /* Return result array */
          $dbarray = mysql_fetch_array($result);
          return $dbarray;
       }
       
       /**
        * getNumMembers - Returns the number of signed-up users
        * of the website, banned members not included. The first
        * time the function is called on page load, the database
        * is queried, on subsequent calls, the stored result
        * is returned. This is to improve efficiency, effectively
        * not querying the database when no call is made.
        */
       function getNumMembers(){
          if($this->num_members < 0){
             $q = "SELECT * FROM ".TBL_USERS;
             $result = mysql_query($q, $this->connection);
             $this->num_members = mysql_numrows($result);
          }
          return $this->num_members;
       }
       
       /**
        * calcNumActiveUsers - Finds out how many active users
        * are viewing site and sets class variable accordingly.
        */
       function calcNumActiveUsers(){
          /* Calculate number of users at site */
          $q = "SELECT * FROM ".TBL_ACTIVE_USERS;
          $result = mysql_query($q, $this->connection);
          $this->num_active_users = mysql_numrows($result);
       }
       
       /**
        * calcNumActiveGuests - Finds out how many active guests
        * are viewing site and sets class variable accordingly.
        */
       function calcNumActiveGuests(){
          /* Calculate number of guests at site */
          $q = "SELECT * FROM ".TBL_ACTIVE_GUESTS;
          $result = mysql_query($q, $this->connection);
          $this->num_active_guests = mysql_numrows($result);
       }
       
       /**
        * addActiveUser - Updates username's last active timestamp
        * in the database, and also adds him to the table of
        * active users, or updates timestamp if already there.
        */
       function addActiveUser($username, $time){
          $q = "UPDATE ".TBL_USERS." SET timestamp = '$time' WHERE username = '$username'";
          mysql_query($q, $this->connection);
          
          if(!TRACK_VISITORS) return;
          $q = "REPLACE INTO ".TBL_ACTIVE_USERS." VALUES ('$username', '$time')";
          mysql_query($q, $this->connection);
          $this->calcNumActiveUsers();
       }
       
       /* addActiveGuest - Adds guest to active guests table */
       function addActiveGuest($ip, $time){
          if(!TRACK_VISITORS) return;
          $q = "REPLACE INTO ".TBL_ACTIVE_GUESTS." VALUES ('$ip', '$time')";
          mysql_query($q, $this->connection);
          $this->calcNumActiveGuests();
       }
       
       /* These functions are self explanatory, no need for comments */
       
       /* removeActiveUser */
       function removeActiveUser($username){
          if(!TRACK_VISITORS) return;
          $q = "DELETE FROM ".TBL_ACTIVE_USERS." WHERE username = '$username'";
          mysql_query($q, $this->connection);
          $this->calcNumActiveUsers();
       }
       
       /* removeActiveGuest */
       function removeActiveGuest($ip){
          if(!TRACK_VISITORS) return;
          $q = "DELETE FROM ".TBL_ACTIVE_GUESTS." WHERE ip = '$ip'";
          mysql_query($q, $this->connection);
          $this->calcNumActiveGuests();
       }
       
       /* removeInactiveUsers */
       function removeInactiveUsers(){
          if(!TRACK_VISITORS) return;
          $timeout = time()-USER_TIMEOUT*60;
          $q = "DELETE FROM ".TBL_ACTIVE_USERS." WHERE timestamp < $timeout";
          mysql_query($q, $this->connection);
          $this->calcNumActiveUsers();
       }
    
       /* removeInactiveGuests */
       function removeInactiveGuests(){
          if(!TRACK_VISITORS) return;
          $timeout = time()-GUEST_TIMEOUT*60;
          $q = "DELETE FROM ".TBL_ACTIVE_GUESTS." WHERE timestamp < $timeout";
          mysql_query($q, $this->connection);
          $this->calcNumActiveGuests();
       }
       
       /**
        * query - Performs the given query on the database and
        * returns the result, which may be false, true or a
        * resource identifier.
        */
       function query($query){
          return mysql_query($query, $this->connection);
       }
    };
    
    /* Create database connection */
    $database = new MySQLDB;
    
    ?>
    
    
    /includes/form.php:
    
    <? 
    /**
     * Form.php
     *
     * The Form class is meant to simplify the task of keeping
     * track of errors in user submitted forms and the form
     * field values that were entered correctly.
     *
     * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
     * Last Updated: August 19, 2004
     */
     
    class Form
    {
       var $values = array();  //Holds submitted form field values
       var $errors = array();  //Holds submitted form error messages
       var $num_errors;   //The number of errors in submitted form
    
       /* Class constructor */
       function Form(){
          /**
           * Get form value and error arrays, used when there
           * is an error with a user-submitted form.
           */
          if(isset($_SESSION['value_array']) && isset($_SESSION['error_array'])){
             $this->values = $_SESSION['value_array'];
             $this->errors = $_SESSION['error_array'];
             $this->num_errors = count($this->errors);
    
             unset($_SESSION['value_array']);
             unset($_SESSION['error_array']);
          }
          else{
             $this->num_errors = 0;
          }
       }
    
       /**
        * setValue - Records the value typed into the given
        * form field by the user.
        */
       function setValue($field, $value){
          $this->values[$field] = $value;
       }
    
       /**
        * setError - Records new form error given the form
        * field name and the error message attached to it.
        */
       function setError($field, $errmsg){
          $this->errors[$field] = $errmsg;
          $this->num_errors = count($this->errors);
       }
    
       /**
        * value - Returns the value attached to the given
        * field, if none exists, the empty string is returned.
        */
       function value($field){
          if(array_key_exists($field,$this->values)){
             return htmlspecialchars(stripslashes($this->values[$field]));
          }else{
             return "";
          }
       }
    
       /**
        * error - Returns the error message attached to the
        * given field, if none exists, the empty string is returned.
        */
       function error($field){
          if(array_key_exists($field,$this->errors)){
             return "<font size=\"2\" color=\"#ff0000\">".$this->errors[$field]."</font>";
          }else{
             return "";
          }
       }
    
       /* getErrorArray - Returns the array of error messages */
       function getErrorArray(){
          return $this->errors;
       }
    };
     
    ?>
    
    
    /includes/mailer.php:
    
    <? 
    /**
     * Mailer.php
     *
     * The Mailer class is meant to simplify the task of sending
     * emails to users. Note: this email system will not work
     * if your server is not setup to send mail.
     *
     * If you are running Windows and want a mail server, check
     * out this website to see a list of freeware programs:
     * <http://www.snapfiles.com/freeware/server/fwmailserver.html>
     *
     * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
     * Last Updated: August 19, 2004
     */
     
    class Mailer
    {
       /**
        * sendWelcome - Sends a welcome message to the newly
        * registered user, also supplying the username and
        * password.
        */
       function sendWelcome($user, $email, $pass){
          $from = "From: ".EMAIL_FROM_NAME." <".EMAIL_FROM_ADDR.">";
          $subject = "Jpmaster77's Site - Welcome!";
          $body = $user.",\n\n"
                 ."Welcome! You've just registered at Jpmaster77's Site "
                 ."with the following information:\n\n"
                 ."Username: ".$user."\n"
                 ."Password: ".$pass."\n\n"
                 ."If you ever lose or forget your password, a new "
                 ."password will be generated for you and sent to this "
                 ."email address, if you would like to change your "
                 ."email address you can do so by going to the "
                 ."My Account page after signing in.\n\n"
                 ."- Jpmaster77's Site";
    
          return mail($email,$subject,$body,$from);
       }
       
       /**
        * sendNewPass - Sends the newly generated password
        * to the user's email address that was specified at
        * sign-up.
        */
       function sendNewPass($user, $email, $pass){
          $from = "From: ".EMAIL_FROM_NAME." <".EMAIL_FROM_ADDR.">";
          $subject = "Jpmaster77's Site - Your new password";
          $body = $user.",\n\n"
                 ."We've generated a new password for you at your "
                 ."request, you can use this new password with your "
                 ."username to log in to Jpmaster77's Site.\n\n"
                 ."Username: ".$user."\n"
                 ."New Password: ".$pass."\n\n"
                 ."It is recommended that you change your password "
                 ."to something that is easier to remember, which "
                 ."can be done by going to the My Account page "
                 ."after signing in.\n\n"
                 ."- Jpmaster77's Site";
                 
          return mail($email,$subject,$body,$from);
       }
    };
    
    /* Initialize mailer object */
    $mailer = new Mailer;
     
    ?>
    
    
    /includes/session.php:
    
    <?
    /**
     * Session.php
     * 
     * The Session class is meant to simplify the task of keeping
     * track of logged in users and also guests.
     *
     * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
     * Last Updated: August 19, 2004
     */
    include("database.php");
    include("mailer.php");
    include("form.php");
    
    class Session
    {
       var $username;     //Username given on sign-up
       var $userid;       //Random value generated on current login
       var $userlevel;    //The level to which the user pertains
       var $time;         //Time user was last active (page loaded)
       var $logged_in;    //True if user is logged in, false otherwise
       var $userinfo = array();  //The array holding all user info
       var $url;          //The page url current being viewed
       var $referrer;     //Last recorded site page viewed
       /**
        * Note: referrer should really only be considered the actual
        * page referrer in process.php, any other time it may be
        * inaccurate.
        */
    
       /* Class constructor */
       function Session(){
          $this->time = time();
          $this->startSession();
       }
    
       /**
        * startSession - Performs all the actions necessary to 
        * initialize this session object. Tries to determine if the
        * the user has logged in already, and sets the variables 
        * accordingly. Also takes advantage of this page load to
        * update the active visitors tables.
        */
       function startSession(){
          global $database;  //The database connection
          session_start();   //Tell PHP to start the session
    
          /* Determine if user is logged in */
          $this->logged_in = $this->checkLogin();
    
          /**
           * Set guest value to users not logged in, and update
           * active guests table accordingly.
           */
          if(!$this->logged_in){
             $this->username = $_SESSION['username'] = GUEST_NAME;
             $this->userlevel = GUEST_LEVEL;
             $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
          }
          /* Update users last active timestamp */
          else{
             $database->addActiveUser($this->username, $this->time);
          }
          
          /* Remove inactive visitors from database */
          $database->removeInactiveUsers();
          $database->removeInactiveGuests();
          
          /* Set referrer page */
          if(isset($_SESSION['url'])){
             $this->referrer = $_SESSION['url'];
          }else{
             $this->referrer = "/";
          }
    
          /* Set current url */
          $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
       }
    
       /**
        * checkLogin - Checks if the user has already previously
        * logged in, and a session with the user has already been
        * established. Also checks to see if user has been remembered.
        * If so, the database is queried to make sure of the user's 
        * authenticity. Returns true if the user has logged in.
        */
       function checkLogin(){
          global $database;  //The database connection
          /* Check if user has been remembered */
          if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
             $this->username = $_SESSION['username'] = $_COOKIE['cookname'];
             $this->userid   = $_SESSION['userid']   = $_COOKIE['cookid'];
          }
    
          /* Username and userid have been set and not guest */
          if(isset($_SESSION['username']) && isset($_SESSION['userid']) &&
             $_SESSION['username'] != GUEST_NAME){
             /* Confirm that username and userid are valid */
             if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){
                /* Variables are incorrect, user not logged in */
                unset($_SESSION['username']);
                unset($_SESSION['userid']);
                return false;
             }
    
             /* User is logged in, set class variables */
             $this->userinfo  = $database->getUserInfo($_SESSION['username']);
             $this->username  = $this->userinfo['username'];
             $this->userid    = $this->userinfo['userid'];
             $this->userlevel = $this->userinfo['userlevel'];
             return true;
          }
          /* User not logged in */
          else{
             return false;
          }
       }
    
       /**
        * login - The user has submitted his username and password
        * through the login form, this function checks the authenticity
        * of that information in the database and creates the session.
        * Effectively logging in the user if all goes well.
        */
       function login($subuser, $subpass, $subremember){
          global $database, $form;  //The database and form object
    
          /* Username error checking */
          $field = "user";  //Use field name for username
          if(!$subuser || strlen($subuser = trim($subuser)) == 0){
             $form->setError($field, "* Username not entered");
          }
          else{
             /* Check if username is not alphanumeric */
             if(!eregi("^([0-9a-z])*$", $subuser)){
                $form->setError($field, "* Username not alphanumeric");
             }
          }
    
          /* Password error checking */
          $field = "pass";  //Use field name for password
          if(!$subpass){
             $form->setError($field, "* Password not entered");
          }
          
          /* Return if form errors exist */
          if($form->num_errors > 0){
             return false;
          }
    
          /* Checks that username is in database and password is correct */
          $subuser = stripslashes($subuser);
          $result = $database->confirmUserPass($subuser, md5($subpass));
    
          /* Check error codes */
          if($result == 1){
             $field = "user";
             $form->setError($field, "* Username not found");
          }
          else if($result == 2){
             $field = "pass";
             $form->setError($field, "* Invalid password");
          }
          
          /* Return if form errors exist */
          if($form->num_errors > 0){
             return false;
          }
    
          /* Username and password correct, register session variables */
          $this->userinfo  = $database->getUserInfo($subuser);
          $this->username  = $_SESSION['username'] = $this->userinfo['username'];
          $this->userid    = $_SESSION['userid']   = $this->generateRandID();
          $this->userlevel = $this->userinfo['userlevel'];
          
          /* Insert userid into database and update active users table */
          $database->updateUserField($this->username, "userid", $this->userid);
          $database->addActiveUser($this->username, $this->time);
          $database->removeActiveGuest($_SERVER['REMOTE_ADDR']);
    
          /**
           * This is the cool part: the user has requested that we remember that
           * he's logged in, so we set two cookies. One to hold his username,
           * and one to hold his random value userid. It expires by the time
           * specified in constants.php. Now, next time he comes to our site, we will
           * log him in automatically, but only if he didn't log out before he left.
           */
          if($subremember){
             setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);
             setcookie("cookid",   $this->userid,   time()+COOKIE_EXPIRE, COOKIE_PATH);
          }
    
          /* Login completed successfully */
          return true;
       }
    
       /**
        * logout - Gets called when the user wants to be logged out of the
        * website. It deletes any cookies that were stored on the users
        * computer as a result of him wanting to be remembered, and also
        * unsets session variables and demotes his user level to guest.
        */
       function logout(){
          global $database;  //The database connection
          /**
           * Delete cookies - the time must be in the past,
           * so just negate what you added when creating the
           * cookie.
           */
          if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
             setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
             setcookie("cookid",   "", time()-COOKIE_EXPIRE, COOKIE_PATH);
          }
    
          /* Unset PHP session variables */
          unset($_SESSION['username']);
          unset($_SESSION['userid']);
    
          /* Reflect fact that user has logged out */
          $this->logged_in = false;
          
          /**
           * Remove from active users table and add to
           * active guests tables.
           */
          $database->removeActiveUser($this->username);
          $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
          
          /* Set user level to guest */
          $this->username  = GUEST_NAME;
          $this->userlevel = GUEST_LEVEL;
       }
    
       /**
        * register - Gets called when the user has just submitted the
        * registration form. Determines if there were any errors with
        * the entry fields, if so, it records the errors and returns
        * 1. If no errors were found, it registers the new user and
        * returns 0. Returns 2 if registration failed.
        */
       function register($subuser, $subpass, $subemail){
          global $database, $form, $mailer;  //The database, form and mailer object
          
          /* Username error checking */
          $field = "user";  //Use field name for username
          if(!$subuser || strlen($subuser = trim($subuser)) == 0){
             $form->setError($field, "* Username not entered");
          }
          else{
             /* Spruce up username, check length */
             $subuser = stripslashes($subuser);
             if(strlen($subuser) < 5){
                $form->setError($field, "* Username below 5 characters");
             }
             else if(strlen($subuser) > 30){
                $form->setError($field, "* Username above 30 characters");
             }
             /* Check if username is not alphanumeric */
             else if(!eregi("^([0-9a-z])+$", $subuser)){
                $form->setError($field, "* Username not alphanumeric");
             }
             /* Check if username is reserved */
             else if(strcasecmp($subuser, GUEST_NAME) == 0){
                $form->setError($field, "* Username reserved word");
             }
             /* Check if username is already in use */
             else if($database->usernameTaken($subuser)){
                $form->setError($field, "* Username already in use");
             }
             /* Check if username is banned */
             else if($database->usernameBanned($subuser)){
                $form->setError($field, "* Username banned");
             }
          }
    
          /* Password error checking */
          $field = "pass";  //Use field name for password
          if(!$subpass){
             $form->setError($field, "* Password not entered");
          }
          else{
             /* Spruce up password and check length*/
             $subpass = stripslashes($subpass);
             if(strlen($subpass) < 4){
                $form->setError($field, "* Password too short");
             }
             /* Check if password is not alphanumeric */
             else if(!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))){
                $form->setError($field, "* Password not alphanumeric");
             }
             /**
              * Note: I trimmed the password only after I checked the length
              * because if you fill the password field up with spaces
              * it looks like a lot more characters than 4, so it looks
              * kind of stupid to report "password too short".
              */
          }
          
          /* Email error checking */
          $field = "email";  //Use field name for email
          if(!$subemail || strlen($subemail = trim($subemail)) == 0){
             $form->setError($field, "* Email not entered");
          }
          else{
             /* Check if valid email address */
             $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
                     ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
                     ."\.([a-z]{2,}){1}$";
             if(!eregi($regex,$subemail)){
                $form->setError($field, "* Email invalid");
             }
             $subemail = stripslashes($subemail);
          }
    
          /* Errors exist, have user correct them */
          if($form->num_errors > 0){
             return 1;  //Errors with form
          }
          /* No errors, add the new account to the */
          else{
             if($database->addNewUser($subuser, md5($subpass), $subemail)){
                if(EMAIL_WELCOME){
                   $mailer->sendWelcome($subuser,$subemail,$subpass);
                }
                return 0;  //New user added succesfully
             }else{
                return 2;  //Registration attempt failed
             }
          }
       }
       
       /**
        * editAccount - Attempts to edit the user's account information
        * including the password, which it first makes sure is correct
        * if entered, if so and the new password is in the right
        * format, the change is made. All other fields are changed
        * automatically.
        */
       function editAccount($subcurpass, $subnewpass, $subemail){
          global $database, $form;  //The database and form object
          /* New password entered */
          if($subnewpass){
             /* Current Password error checking */
             $field = "curpass";  //Use field name for current password
             if(!$subcurpass){
                $form->setError($field, "* Current Password not entered");
             }
             else{
                /* Check if password too short or is not alphanumeric */
                $subcurpass = stripslashes($subcurpass);
                if(strlen($subcurpass) < 4 ||
                   !eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))){
                   $form->setError($field, "* Current Password incorrect");
                }
                /* Password entered is incorrect */
                if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){
                   $form->setError($field, "* Current Password incorrect");
                }
             }
             
             /* New Password error checking */
             $field = "newpass";  //Use field name for new password
             /* Spruce up password and check length*/
             $subpass = stripslashes($subnewpass);
             if(strlen($subnewpass) < 4){
                $form->setError($field, "* New Password too short");
             }
             /* Check if password is not alphanumeric */
             else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))){
                $form->setError($field, "* New Password not alphanumeric");
             }
          }
          /* Change password attempted */
          else if($subcurpass){
             /* New Password error reporting */
             $field = "newpass";  //Use field name for new password
             $form->setError($field, "* New Password not entered");
          }
          
          /* Email error checking */
          $field = "email";  //Use field name for email
          if($subemail && strlen($subemail = trim($subemail)) > 0){
             /* Check if valid email address */
             $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
                     ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
                     ."\.([a-z]{2,}){1}$";
             if(!eregi($regex,$subemail)){
                $form->setError($field, "* Email invalid");
             }
             $subemail = stripslashes($subemail);
          }
          
          /* Errors exist, have user correct them */
          if($form->num_errors > 0){
             return false;  //Errors with form
          }
          
          /* Update password since there were no errors */
          if($subcurpass && $subnewpass){
             $database->updateUserField($this->username,"password",md5($subnewpass));
          }
          
          /* Change Email */
          if($subemail){
             $database->updateUserField($this->username,"email",$subemail);
          }
          
          /* Success! */
          return true;
       }
       
       /**
        * isAdmin - Returns true if currently logged in user is
        * an administrator, false otherwise.
        */
       function isAdmin(){
          return ($this->userlevel == ADMIN_LEVEL ||
                  $this->username  == ADMIN_NAME);
       }
       
       /**
        * generateRandID - Generates a string made up of randomized
        * letters (lower and upper case) and digits and returns
        * the md5 hash of it to be used as a userid.
        */
       function generateRandID(){
          return md5($this->generateRandStr(16));
       }
       
       /**
        * generateRandStr - Generates a string made up of randomized
        * letters (lower and upper case) and digits, the length
        * is a specified parameter.
        */
       function generateRandStr($length){
          $randstr = "";
          for($i=0; $i<$length; $i++){
             $randnum = mt_rand(0,61);
             if($randnum < 10){
                $randstr .= chr($randnum+48);
             }else if($randnum < 36){
                $randstr .= chr($randnum+55);
             }else{
                $randstr .= chr($randnum+61);
             }
          }
          return $randstr;
       }
    };
    
    
    /**
     * Initialize session object - This must be initialized before
     * the form object because the form uses session variables,
     * which cannot be accessed unless the session has started.
     */
    $session = new Session;
    
    /* Initialize form object */
    $form = new Form;
    
    ?>
    
    
    
    /includes/view_active.php:
    
    <?
    if(!defined('TBL_ACTIVE_USERS')) {
      die("Error processing page");
    }
    
    $q = "SELECT username FROM ".TBL_ACTIVE_USERS
        ." ORDER BY timestamp DESC,username";
    $result = $database->query($q);
    /* Error occurred, return given name by default */
    $num_rows = mysql_numrows($result);
    if(!$result || ($num_rows < 0)){
       echo "Error displaying info";
    }
    else if($num_rows > 0){
       /* Display active users, with link to their info */
       echo "<table align=\"left\" border=\"1\" cellspacing=\"0\" cellpadding=\"3\">\n";
       echo "<tr><td><font size=\"2\">\n";
       for($i=0; $i<$num_rows; $i++){
          $uname = mysql_result($result,$i,"username");
    
          echo "<a href=\"userinfo.php?user=$uname\">$uname</a> / ";
       }
       echo "</font></td></tr></table><br>\n";
    }
    ?>
    
    
    
    /admin/admin.php:
    
    <?
    /**
     * Admin.php
     *
     * This is the Admin Center page. Only administrators
     * are allowed to view this page. This page displays the
     * database table of users and banned users. Admins can
     * choose to delete specific users, delete inactive users,
     * ban users, update user levels, etc.
     *
     * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
     * Last Updated: August 26, 2004
     */
    include("../include/session.php");
    
    /**
     * displayUsers - Displays the users database table in
     * a nicely formatted html table.
     */
    function displayUsers(){
       global $database;
       $q = "SELECT username,userlevel,email,timestamp "
           ."FROM ".TBL_USERS." ORDER BY userlevel DESC,username";
       $result = $database->query($q);
       /* Error occurred, return given name by default */
       $num_rows = mysql_numrows($result);
       if(!$result || ($num_rows < 0)){
          echo "Error displaying info";
          return;
       }
       if($num_rows == 0){
          echo "Database table empty";
          return;
       }
       /* Display table contents */
       echo "<table align=\"left\" border=\"1\" cellspacing=\"0\" cellpadding=\"3\">\n";
       echo "<tr><td><b>Username</b></td><td><b>Level</b></td><td><b>Email</b></td><td><b>Último activo</b></td></tr>\n";
       for($i=0; $i<$num_rows; $i++){
          $uname  = mysql_result($result,$i,"username");
          $ulevel = mysql_result($result,$i,"userlevel");
          $email  = mysql_result($result,$i,"email");
          $time   = mysql_result($result,$i,"timestamp");
    
          echo "<tr><td>$uname</td><td>$ulevel</td><td>$email</td><td>$time</td></tr>\n";
       }
       echo "</table><br>\n";
    }
    
    /**
     * displayBannedUsers - Displays the banned users
     * database table in a nicely formatted html table.
     */
    function displayBannedUsers(){
       global $database;
       $q = "SELECT username,timestamp "
           ."FROM ".TBL_BANNED_USERS." ORDER BY username";
       $result = $database->query($q);
       /* Error occurred, return given name by default */
       $num_rows = mysql_numrows($result);
       if(!$result || ($num_rows < 0)){
          echo "Error displaying info";
          return;
       }
       if($num_rows == 0){
          echo "Database table empty";
          return;
       }
       /* Display table contents */
       echo "<table align=\"left\" border=\"1\" cellspacing=\"0\" cellpadding=\"3\">\n";
       echo "<tr><td><b>Username</b></td><td><b>Time Banned</b></td></tr>\n";
       for($i=0; $i<$num_rows; $i++){
          $uname = mysql_result($result,$i,"username");
          $time  = mysql_result($result,$i,"timestamp");
    
          echo "<tr><td>$uname</td><td>$time</td></tr>\n";
       }
       echo "</table><br>\n";
    }
       
    /**
     * User not an administrator, redirect to main page
     * automatically.
     */
    if(!$session->isAdmin()){
       header("Location: ../main.php");
    }
    else{
    /**
     * Administrator is viewing page, so display all
     * forms.
     */
    ?>
    <html>
    <title>Jpmaster77's Login Script</title>
    <body>
    <h1>Admin Center</h1>
    <font size="5" color="#ff0000">
    <b>::::::::::::::::::::::::::::::::::::::::::::</b></font>
    <font size="4">Logged in as <b><? echo $session->username; ?></b></font><br><br>
    Back to [<a href="../main.php">Main Page</a>]<br><br>
    <?
    if($form->num_errors > 0){
       echo "<font size=\"4\" color=\"#ff0000\">"
           ."!*** Error with request, please fix</font><br><br>";
    }
    ?>
    <table align="left" border="0" cellspacing="5" cellpadding="5">
    <tr><td>
    <?
    /**
     * Display Users Table
     */
    ?>
    <h3>Users Table Contents:</h3>
    <?
    displayUsers();
    ?>
    </td></tr>
    <tr>
    <td>
    <br>
    <?
    /**
     * Update User Level
     */
    ?>
    <h3>Update User Level</h3>
    <? echo $form->error("upduser"); ?>
    <table>
    <form action="adminprocess.php" method="POST">
    <tr><td>
    Username:<br>
    <input type="text" name="upduser" maxlength="30" value="<? echo $form->value("upduser"); ?>">
    </td>
    <td>
    Level:<br>
    <select name="updlevel">
    <option value="1">1
    <option value="9">9
    </select>
    </td>
    <td>
    <br>
    <input type="hidden" name="subupdlevel" value="1">
    <input type="submit" value="Update Level">
    </td></tr>
    </form>
    </table>
    </td>
    </tr>
    <tr>
    <td><hr></td>
    </tr>
    <tr>
    <td>
    <?
    /**
     * Delete User
     */
    ?>
    <h3>Delete User</h3>
    <? echo $form->error("deluser"); ?>
    <form action="adminprocess.php" method="POST">
    Username:<br>
    <input type="text" name="deluser" maxlength="30" value="<? echo $form->value("deluser"); ?>">
    <input type="hidden" name="subdeluser" value="1">
    <input type="submit" value="Delete User">
    </form>
    </td>
    </tr>
    <tr>
    <td><hr></td>
    </tr>
    <tr>
    <td>
    <?
    /**
     * Delete Inactive Users
     */
    ?>
    <h3>Delete Inactive Users</h3>
    This will delete all users (not administrators), who have not logged in to the site<br>
    within a certain time period. You specify the days spent inactive.<br><br>
    <table>
    <form action="adminprocess.php" method="POST">
    <tr><td>
    Days:<br>
    <select name="inactdays">
    <option value="3">3
    <option value="7">7
    <option value="14">14
    <option value="30">30
    <option value="100">100
    <option value="365">365
    </select>
    </td>
    <td>
    <br>
    <input type="hidden" name="subdelinact" value="1">
    <input type="submit" value="Delete All Inactive">
    </td>
    </form>
    </table>
    </td>
    </tr>
    <tr>
    <td><hr></td>
    </tr>
    <tr>
    <td>
    <?
    /**
     * Ban User
     */
    ?>
    <h3>Ban User</h3>
    <? echo $form->error("banuser"); ?>
    <form action="adminprocess.php" method="POST">
    Username:<br>
    <input type="text" name="banuser" maxlength="30" value="<? echo $form->value("banuser"); ?>">
    <input type="hidden" name="subbanuser" value="1">
    <input type="submit" value="Ban User">
    </form>
    </td>
    </tr>
    <tr>
    <td><hr></td>
    </tr>
    <tr><td>
    <?
    /**
     * Display Banned Users Table
     */
    ?>
    <h3>Banned Users Table Contents:</h3>
    <?
    displayBannedUsers();
    ?>
    </td></tr>
    <tr>
    <td><hr></td>
    </tr>
    <tr>
    <td>
    <?
    /**
     * Delete Banned User
     */
    ?>
    <h3>Delete Banned User</h3>
    <? echo $form->error("delbanuser"); ?>
    <form action="adminprocess.php" method="POST">
    Username:<br>
    <input type="text" name="delbanuser" maxlength="30" value="<? echo $form->value("delbanuser"); ?>">
    <input type="hidden" name="subdelbanned" value="1">
    <input type="submit" value="Delete Banned User">
    </form>
    </td>
    </tr>
    </table>
    </body>
    </html>
    <?
    }
    ?>
    
    
    
    /admin/adminprocess.php:
    
    <?
    /**
     * AdminProcess.php
     * 
     * The AdminProcess class is meant to simplify the task of processing
     * admin submitted forms from the admin center, these deal with
     * member system adjustments.
     *
     * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
     * Last Updated: August 15, 2004
     */
    include("../include/session.php");
    
    class AdminProcess
    {
       /* Class constructor */
       function AdminProcess(){
          global $session;
          /* Make sure administrator is accessing page */
          if(!$session->isAdmin()){
             header("Location: ../main.php");
             return;
          }
          /* Admin submitted update user level form */
          if(isset($_POST['subupdlevel'])){
             $this->procUpdateLevel();
          }
          /* Admin submitted delete user form */
          else if(isset($_POST['subdeluser'])){
             $this->procDeleteUser();
          }
          /* Admin submitted delete inactive users form */
          else if(isset($_POST['subdelinact'])){
             $this->procDeleteInactive();
          }
          /* Admin submitted ban user form */
          else if(isset($_POST['subbanuser'])){
             $this->procBanUser();
          }
          /* Admin submitted delete banned user form */
          else if(isset($_POST['subdelbanned'])){
             $this->procDeleteBannedUser();
          }
          /* Should not get here, redirect to home page */
          else{
             header("Location: ../main.php");
          }
       }
    
       /**
        * procUpdateLevel - If the submitted username is correct,
        * their user level is updated according to the admin's
        * request.
        */
       function procUpdateLevel(){
          global $session, $database, $form;
          /* Username error checking */
          $subuser = $this->checkUsername("upduser");
          
          /* Errors exist, have user correct them */
          if($form->num_errors > 0){
             $_SESSION['value_array'] = $_POST;
             $_SESSION['error_array'] = $form->getErrorArray();
             header("Location: ".$session->referrer);
          }
          /* Update user level */
          else{
             $database->updateUserField($subuser, "userlevel", (int)$_POST['updlevel']);
             header("Location: ".$session->referrer);
          }
       }
       
       /**
        * procDeleteUser - If the submitted username is correct,
        * the user is deleted from the database.
        */
       function procDeleteUser(){
          global $session, $database, $form;
          /* Username error checking */
          $subuser = $this->checkUsername("deluser");
          
          /* Errors exist, have user correct them */
          if($form->num_errors > 0){
             $_SESSION['value_array'] = $_POST;
             $_SESSION['error_array'] = $form->getErrorArray();
             header("Location: ".$session->referrer);
          }
          /* Delete user from database */
          else{
             $q = "DELETE FROM ".TBL_USERS." WHERE username = '$subuser'";
             $database->query($q);
             header("Location: ".$session->referrer);
          }
       }
       
       /**
        * procDeleteInactive - All inactive users are deleted from
        * the database, not including administrators. Inactivity
        * is defined by the number of days specified that have
        * gone by that the user has not logged in.
        */
       function procDeleteInactive(){
          global $session, $database;
          $inact_time = $session->time - $_POST['inactdays']*24*60*60;
          $q = "DELETE FROM ".TBL_USERS." WHERE timestamp < $inact_time "
              ."AND userlevel != ".ADMIN_LEVEL;
          $database->query($q);
          header("Location: ".$session->referrer);
       }
       
       /**
        * procBanUser - If the submitted username is correct,
        * the user is banned from the member system, which entails
        * removing the username from the users table and adding
        * it to the banned users table.
        */
       function procBanUser(){
          global $session, $database, $form;
          /* Username error checking */
          $subuser = $this->checkUsername("banuser");
          
          /* Errors exist, have user correct them */
          if($form->num_errors > 0){
             $_SESSION['value_array'] = $_POST;
             $_SESSION['error_array'] = $form->getErrorArray();
             header("Location: ".$session->referrer);
          }
          /* Ban user from member system */
          else{
             $q = "DELETE FROM ".TBL_USERS." WHERE username = '$subuser'";
             $database->query($q);
    
             $q = "INSERT INTO ".TBL_BANNED_USERS." VALUES ('$subuser', $session->time)";
             $database->query($q);
             header("Location: ".$session->referrer);
          }
       }
       
       /**
        * procDeleteBannedUser - If the submitted username is correct,
        * the user is deleted from the banned users table, which
        * enables someone to register with that username again.
        */
       function procDeleteBannedUser(){
          global $session, $database, $form;
          /* Username error checking */
          $subuser = $this->checkUsername("delbanuser", true);
          
          /* Errors exist, have user correct them */
          if($form->num_errors > 0){
             $_SESSION['value_array'] = $_POST;
             $_SESSION['error_array'] = $form->getErrorArray();
             header("Location: ".$session->referrer);
          }
          /* Delete user from database */
          else{
             $q = "DELETE FROM ".TBL_BANNED_USERS." WHERE username = '$subuser'";
             $database->query($q);
             header("Location: ".$session->referrer);
          }
       }
       
       /**
        * checkUsername - Helper function for the above processing,
        * it makes sure the submitted username is valid, if not,
        * it adds the appropritate error to the form.
        */
       function checkUsername($uname, $ban=false){
          global $database, $form;
          /* Username error checking */
          $subuser = $_POST[$uname];
          $field = $uname;  //Use field name for username
          if(!$subuser || strlen($subuser = trim($subuser)) == 0){
             $form->setError($field, "* Username not entered<br>");
          }
          else{
             /* Make sure username is in database */
             $subuser = stripslashes($subuser);
             if(strlen($subuser) < 5 || strlen($subuser) > 30 ||
                !eregi("^([0-9a-z])+$", $subuser) ||
                (!$ban && !$database->usernameTaken($subuser))){
                $form->setError($field, "* Username does not exist<br>");
             }
          }
          return $subuser;
       }
    };
    
    /* Initialize process */
    $adminprocess = new AdminProcess;
    
    ?>
    


    E é isto .. lol

    Cumps
     
    Última edição pelo moderador: 22 de Julho de 2007
  5. wrproject

    wrproject Power Member

    se kizerex fazer uma protecao em todax as paginas, fazex o seguinte:
    verifica.php
    <?php
    session_start();
    /*a linha seguinte
    verifica se a variavel $_session[user] foi declarada*/
    if(!isset($_SESSION['user'])){
    header("location:login.php")} /*se nao foi declarada, redirecciona para a pagina do login, simples nao?*/
    ?>
    vais ter de incluilo em todas as paginar, expero ter ajudado.
     
  6. Pq é que este pessoal teima em reinventar a roda, ainda para mais quando admite q n sabe como o fazer?

    Pq não começas por usar o Joomla, kitas akilo ao teu gosto e ganhas alguma experiencia sobre como um site em php deve funcionar.

    É como kereres construir um carro peça por peça sem nunca teres sido mecânico numa oficina... E não basta saber conduzir...
     
  7. FerreireX

    FerreireX Power Member

    bem eu ate estava a precisar algo assim e ate la sakei o teu codigo td e meti conforme diz e isto n deu :( aparece bues lixo :( n da pra mandarem os ficheiros?
     
  8. FerreireX

    FerreireX Power Member

  9. pimpz

    pimpz Power Member

    boas eu tambem estou a tentar usar sessions mas nao consigo meter aquilo a funcionar, alguem me podia ajudar ou indicar bons tuturials com isso?

    cumps
     
  10. pimpz

    pimpz Power Member

Partilhar esta Página