@Dw>TTj%A9yYwdxJWN~K{#tr)>AS(19|1|&'[(8g5NcY`QvOr]false,'UPDATE'=>true,'INSERT'=>true,'DELETE'=>true); private $LogoutRedir = false; // False if disabled; Set a URL when logging out, will direct users to a URL private $LoginRedir = false; // False if disabled; Set a URL, if when logged in Successfully, will direct users to a URL private $CookieLoginExpire = 259200; //60*60*24*3; // Seconds * Min * Hours * Days // FUTURE: Make this work public $UserData = false; // Holds User Data(array) when logged in /*function __construct() { if ( $this->LoggedIn() ) { $query = mysql_query('SELECT * FROM `'. $this->DBTableUser .'` WHERE `name` = "'. $_SESSION['USERNAME'] .'" AND WHERE `loginkey` = "'. $_SESSION['LOGINKEY'] .'" LIMIT 1'); if ( $query && mysql_num_rows($query) > 0 ) { $Data = mysql_fetch_array($query, MYSQL_ASSOC); foreach ($Data as $k => $v) { $this->UserData[$k] = $v; } } } }*/ // ================================================================== // | + Login Functions // ================================================================== // MAYBE: Integrate this into the __construct and use a variable as a way to tell login status // FUTURE: Exits whole website if user has a Temp Ban due to some reason // Returns True or False if any user is logged in public function LoggedIn() { // Check if session is active, session vars are set, and cookie is set. if ( session_id() == '' || !isset($_SESSION['USERNAME']) || !isset($_SESSION['LOGINKEY']) || !isset($_COOKIE['LOGINDATA']) ) goto NotLogged; // If We Got past all the initial checks... if ( $this->UserData != false && is_array($this->UserData) && count($this->UserData) > 0 ) $UserData = $this->UserData; else { $query = mysql_query('SELECT * FROM `'. $this->DBTableUser .'` WHERE `name` = "'. $_SESSION['USERNAME'] .'" LIMIT 1'); if ( mysql_num_rows($query) <= 0 ) goto NotLogged; // Couldn't find username (possible hacking attempt) else { $UserData = mysql_fetch_array($query, MYSQL_ASSOC); mysql_free_result($query); } } $c = unserialize($_COOKIE['LOGINDATA']); if ( $_SESSION['USERNAME'] != $c['USERNAME'] ) goto NotLogged; // Check DB string against Cookie and Session if ( $UserData['loginkey'] != $c['LOGINKEY'] || $UserData['loginkey'] != $_SESSION['LOGINKEY'] ) goto NotLogged; else goto Logged; NotLogged: { return false; } Logged: { setcookie('LOGINDATA', serialize($c), time() + $this->CookieLoginExpire); return true; } } public function IsAdmin() { if ( !isset($_SESSION['USER']) || !isset($_SESSION['LOGINKEY']) ) return false; // Nothing Set $query = mysql_query('SELECT * FROM `'. $this->DBTableUser .'` WHERE `name` = "'. $_SESSION['USER'] .'" LIMIT 1'); if ( mysql_num_rows($query) <= 0 ) return false; // Can't find username $data = mysql_fetch_array($query, MYSQL_ASSOC); if ( $data['level'] == '9' || $data['level'] == 9 ) return true; else return false; } // Does a couple of Logins // FUTURE: Make the class hold user information after login public function Login($args) { if ( !is_array($args) ) return false; // Required: USER, PASS // TODO: Login Hash switch($args['METHOD']) { case 'login-form': // FUTURE: Check if already logged in // Check if data is there if ( $args['USER'] == '' || $args['PASS'] == '' ) return 'e1'; // Form answers missing // FUTURE: Check Length on form submissions? if ( preg_match('/[^a-zA-Z0-9]/', $args['USER']) || preg_match('/[^a-zA-Z0-9]/', $args['PASS']) ) return 'e2'; // Invalid characters // Get User Data from Submitted Username $UserQ = mysql_query('SELECT * FROM `'. $this->DBTableUser .'` WHERE `name` = "'. $args['USER'] .'" LIMIT 1'); if ( $UserQ == false ) return 'e6'; // Bad Query // Check if user exists if ( mysql_num_rows($UserQ) <= 0 ) return 'e3'; // Wrong Username $UserData = mysql_fetch_array($UserQ, MYSQL_ASSOC); mysql_free_result($UserQ); // Check if password matches $SubmittedPass = $this->Hash(array( 'METHOD'=>'password', 'STR'=>$args['PASS'])); if ( $SubmittedPass != $UserData['pass'] ) return 'e4'; // Wrong password // Generate Login Hash and put it into the database $LoginHash = $this->Hash(array( 'METHOD'=>'login-key')); $query = mysql_query('UPDATE `'. $this->DBTableUser .'` SET `loginkey` = "'. $LoginHash .'" WHERE `name` = "'. $args['USER'] .'" LIMIT 1'); // FUTURE: Maybe use session_cache_expire() // FUTURE: Set user to logged in DB // Restart Session Information from Scratch, and set variables session_regenerate_id(true); $_SESSION['USERID'] = $UserData['id']; $_SESSION['USERNAME'] = $UserData['name']; $_SESSION['LOGINKEY'] = $LoginHash; // Cookie Data setcookie('LOGINDATA', serialize(array( 'USERID'=>$UserData['id'], 'USERNAME'=>$UserData['name'], 'LOGINKEY'=>$LoginHash )), time() + $this->CookieLoginExpire); if ( !isset($_SESSION['USERID']) || !isset($_SESSION['USERNAME']) || !isset($_SESSION['LOGINKEY']) || !isset($_COOKIE['LOGINDATA']) ) return 'e5'; // Couldn't set login data return true; case 'login-cookie': // FUTURE: "Stay Logged In" cookie? Even after closing window. break; } } // ...Seriously you don't know what this one is for? public function Logout() { // Removes User Loginkey if ( !isset($_SESSION['USERNAME']) ) { $c = unserialize($_COOKIE['LOGINDATA']); $user = $c['USERNAME']; } else $user = $_SESSION['USERNAME']; if ( $user ) $query = mysql_query('UPDATE `'. $this->DBTableUser .'` SET `loginkey` = 0 WHERE `name` = "'. $user .'" LIMIT 1'); // FUTURE: Remove User from "Users Logged In" DB Table session_destroy(); unset($_COOKIE['LOGINDATA']); unset($_COOKIE['login-attempts']); unset($_COOKIE['login-remember']); // Redirect user if desired if ( $this->LogoutRedir !== false ) header('Location: '. $this->LogoutRedir ); } // ================================================================== // ================================================================== // | + User Functionality // ================================================================== // Plethora of User functions public function User($args) { if ( !is_array($args) || count($args) <= 0 || !isset($args['METHOD']) || $args['METHOD'] == '' ) return false; switch($args['METHOD']) { // Requires: USER, PASS, LEVEL, EMAIL case 'user-add': if ( !isset($args['USER']) || $args['USER'] == '' || !isset($args['PASS']) || $args['PASS'] == '' || !isset($args['LEVEL']) || $args['LEVEL'] == '' ) return 'e1'; // Something wasn't set if ( preg_match('/[^a-zA-Z0-9]/', $args['USER']) || preg_match('/[^a-zA-Z0-9]/', $args['PASS']) ) return 'e2'; // Bad characters used if ( mysql_num_rows(mysql_query('SELECT `id` FROM `'. $this->DBTableUser .'` WHERE `name` = "'. $args['USER'] .'" LIMIT 1')) > 0 ) return 'e3'; // Username in use already if ( mysql_num_rows(mysql_query('SELECT `id` FROM `'. $this->DBTableUser .'` WHERE `email` = "'. $args['EMAIL'] .'" LIMIT 1')) > 0 ) return 'e4'; // Email in use already // FUTURE: Check to make sure Account Level exists // FUTURE: Check to make sure email is proper $pass = $this->Hash(array( 'METHOD'=>'password', 'STR'=>$args['PASS'])); $query = mysql_query('INSERT INTO `'. $this->DBTableUser .'` (`name`,`pass`,`level`) VALUES ("'. $args['USER'] .'", "'. $pass .'", "'. $args['LEVEL'] .'" )'); if ( !$query ) return 'e5'; // MySQL Error else return true; } } // ================================================================== // ================================================================== // | + Utility Functions // ================================================================== // Hashing function private function Hash($args) { // Needs a filled array with atleast METHOD value set if ( !is_array($args) || count($args) <= 0 || !isset($args['METHOD']) || $args['METHOD'] == '' ) return false; // Do Password Hash switch(strtolower($args['METHOD'])) { // When doing user login encryption case 'password': // If Salt needs to be used if ( $this->UseSalt ) $str = $str . $args['STR']; else $str = $args['STR']; // Hash the string $str = hash($this->HashChoice, $str); return $str; // Create a Login Hash for DB / Cookie / Session, for Session security case 'login-key': return hash($this->HashChoice, mt_rand(100000,1000000)); } } // Primary Deal here is to have choice of MySQL, or MySQLi functionality // Also to Log querys private function DBQuery($args) { if ( !is_array($args) || count($args) <= 0 ) return false; // Check what kind of query we are going to do $type = strtoupper(substr(trim($args['QUERY']), 0, 6)); if ( $type != 'SELECT' || $type != 'INSERT' || $type != 'UPDATE' || $type != 'DELETE' ) return false; // We'll only ever do these 4 query types switch($this->DBQueryType) { case 'mysql': $result = mysql_query($args['QUERY']); if ( !$result ) // Error Check $error = mysql_errno() . ': ' . mysql_error(); if ($this->DbQueryLog) $this->Log(array( 'METHOD'=>'query', 'TYPE'=> ($result) ? 'Success' : 'Failed', 'MSG'=> ($result) ? $args['QUERY'] : $args['QUERY'] . ' [' .$error. ']')); return ($result) ? $result : false; case 'mysqli': // FUTURE: Provide MySQLi support break; } } // Does Class logging private function Log($args) { // Needs a filled array with atleast METHOD value set if ( !is_array($args) || count($args) <= 0 || !isset($args['METHOD']) || $args['METHOD'] == '' ) return; switch($args['METHOD']) { // Requires: MSG, TYPE case 'login': $q = mysql_query('INSERT INTO `'. $this->DBLogLogin .'` (`date`, `type`, `ip`, `msg`) VALUES ( "'. time() .'", "'. $args['TYPE'] .'", "'. $_SERVER['REMOTE_ADDR'] .'", "'. $args['MSG'] .'" ) LIMIT 1'); break; // Requires: TYPE, QUERY case 'query': $q = mysql_query('INSERT INTO `'. $this->DBLogQuery .'~ (`date`, `type`, `user`, `query`) VALUES ( "'. time() .'", "'.$args['TYPE'].'", "'.$_SESSION['USER'].'", "'.$args['QUERY'].'") LIMIT 1'); break; } } // ================================================================== } // Database Table - Log Logins: id, date, status, ip, msg // Database Table - Log Querys: id, date, status, user, query /* ERRORS Login e1 -> Form Was Missing Something e2 -> Unexceptable characters in Username or Password e3 -> Couldn't find Username User-Create e1 -> Form Was Missing Something e2 -> Unexceptable characters in Username or Password e3 -> User Name in Use e4 -> Email in Use e5 -> MySQL error e6 -> Did not insert properly Recent Idea I've had: To make my functions more dynamic, I'll start passing an argument assoc array to each function and the function will do certain things depending on the the names of the assoc array. For example: $arg['METHOD'] = 'password'; -- This one will be required for more occasions. As its kinda of the type of action needed. $arg['SALT'] = true; $arg['LENGTH'] = 128; $arg['STR'] = 'cleaned form password'; $pass = $this->Hash($arg); Based on different "Methods" within the function it'll do different things. I had originally intended to do a big string that'd be striped down and processed in parts, but this method will be cleaner, and hopefully easier. Regular Expressions: /^[...]/ = NOT in this set preg_replace("/[^a-zA-Z0-9]\s\s+/", '', $str); // Trim non-alpha numeric characters */ ?>