Programming Languages: 4 May 2012

Friday, 4 May 2012

Step 17: Creating the activate.php file

Step 17: Creating the activate.php file
On this page users can activate their account.

file: activate.php

<?php
 
require_once "header.php";
 
$uid = (int)htmlentities(strip_tags($_GET['uid']));
$actcode = htmlentities(strip_tags($_GET['actcode']));
 if (activateUser($uid, $actcode) == true)
{
        echo "Thank you for activating your account, You can now login.
                <a href='./index.php'>Click here to login.</a>";
} else
{
        echo "Activation failed! Please try again.";
        echo "If problem presists please contact the webmaster.";
}
 
require_once "footer.php";
?>

Step 16: Creating the register.php file

Step 16: Creating the register.php file
On this page users can create an account.

file: register.php

<?php
 
require_once "header.php";
 if (isset($_POST['register'])){
 
        if (registerNewUser($_POST['username'], $_POST['password'], $_POST['password2'], $_POST['email'])){
 
                echo "Thank you for registering, an email has been sent to your inbox, Please activate your account.
                <a href='./index.php'>Click here to login.</a>
                ";
 
        }else {
 
                echo "Registration failed! Please try again.";
                show_registration_form();
 
        }
 } else {
// has not pressed the register button
        show_registration_form();
}
 
 require_once "footer.php";
?>

Step 15: Creating the changepassword.php file

Step 15: Creating the changepassword.php file
On this page the user can change his password, ofcouse he has to be logged in first. He will also have to enter his old password.

file: changepassword.php

<?php
 
require_once "header.php";
 if (isLoggedIn() == true)
{
 
        if (isset($_POST['change']))
        {
 
                if (changePassword($_POST['username'], $_POST['oldpassword'], $_POST['password'],
                        $_POST['password2']))
                {
                        echo "Your password has been changed ! <br /> <a href='./index.php'>Return to homepage</a>";
 
                } else
                {
                        echo "Password change failed! Please try again.";
                        show_changepassword_form();
                }
 
        } else
        {
                show_changepassword_form();
        }
 } else {
        // user is not loggedin
        show_loginform();
}
 
require_once "footer.php";
 ?>

Step 14: Creating the lostpassword.php file

Step 14: Creating the lostpassword.php file
When the user lost his password he can request a new temporary password. He has to enter his username and his password, if they are correct his password will be reset to a radom generated password and an email will be sent containing this new password, the user can use this password to login and change its password.

file: lostpassword.php

<?php
 
require_once "header.php";
 if (isset($_POST['lostpass'])){
 
        if (lostPassword($_POST['username'], $_POST['email'])){
 
                echo "Your password has been reset, an email containing your new password has been sent to your inbox.<br />
                <a href='./index.php'>Click here to return to the homepage.</a>
                ";
 
        }else {
 
                echo "Username or email was incorrect !";
                show_lostpassword_form();
 
        }
 } else {
        //user has not pressed the button
        show_lostpassword_form();
}
 
 require_once "footer.php";
?>

Step 13: Creating the validation.functions.inc.php file

Step 13: Creating the validation.functions.inc.php file
This file will contain the validation functions, these function will validate the user input to see if it’s valid and doesn’t contain any illegal characters.

file: validation.functions.inc.php

<?php
 #### Validation functions ####
function valid_email($email)
{
 
        // First, we check that there's one @ symbol, and that the lengths are right
        if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email))
        {
                // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
                return false;
        }
        // Split it into sections to make life easier
        $email_array = explode("@", $email);
        $local_array = explode(".", $email_array[0]);
        for ($i = 0; $i < sizeof($local_array); $i++)
        {
                if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$",
                        $local_array[$i]))
                {
                        return false;
                }
        }
        if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1]))
        { // Check if domain is IP. If not, it should be valid domain name
                $domain_array = explode(".", $email_array[1]);
                if (sizeof($domain_array) < 2)
                {
                        return false; // Not enough parts to domain
                }
                for ($i = 0; $i < sizeof($domain_array); $i++)
                {
                        if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i]))
                        {
                                return false;
                        }
                }
        }
        return true;
}
 function valid_username($username, $minlength = 3, $maxlength = 30)
{
 
        $username = trim($username);
 
        if (empty($username))
        {
                return false; // it was empty
        }
        if (strlen($username) > $maxlength)
        {
                return false; // to long
        }
        if (strlen($username) < $minlength)
        {
 
                return false; //toshort
        }
 
        $result = ereg("^[A-Za-z0-9_\-]+$", $username); //only A-Z, a-z and 0-9 are allowed
 
        if ($result)
        {
                return true; // ok no invalid chars
        } else
        {
                return false; //invalid chars found
        }
 
        return false;
 }
 function valid_password($pass, $minlength = 6, $maxlength = 15)
{
        $pass = trim($pass);
 
        if (empty($pass))
        {
                return false;
        }
 
        if (strlen($pass) < $minlength)
        {
                return false;
        }
 
        if (strlen($pass) > $maxlength)
        {
                return false;
        }
 
        $result = ereg("^[A-Za-z0-9_\-]+$", $pass);
 
        if ($result)
        {
                return true;
        } else
        {
                return false;
        }
 
        return false;
 }
 ?>

Step 12: Creating the user.functions.inc.php file

Step 12: Creating the user.functions.inc.php file
This file will contain the user functions

file: user.functions.inc.php

<?php
 ##### User Functions #####
function changePassword($username,$currentpassword,$newpassword,$newpassword2){
global $seed;
        if (!valid_username($username) || !user_exists($username))
        {
                return false;
        }
        if (! valid_password($newpassword) || ($newpassword != $newpassword2)){
 
                return false;
        }
 
        // we get the current password from the database
        $query = sprintf("SELECT password FROM login WHERE username = '%s' LIMIT 1",
                mysql_real_escape_string($username));
 
        $result = mysql_query($query);
        $row= mysql_fetch_row($result);
 
        // compare it with the password the user entered, if they don't match, we return false, he needs to enter the correct password.
        if ($row[0] != sha1($currentpassword.$seed)){
 
                return false;
        }
 
        // now we update the password in the database
        $query = sprintf("update login set password = '%s' where username = '%s'",
                mysql_real_escape_string(sha1($newpassword.$seed)), mysql_real_escape_string($username));
 
        if (mysql_query($query))
        {
                return true;
        }else {return false;}
        return false;
}
 
 function user_exists($username)
{
        if (!valid_username($username))
        {
                return false;
        }
 
        $query = sprintf("SELECT loginid FROM login WHERE username = '%s' LIMIT 1",
                mysql_real_escape_string($username));
 
        $result = mysql_query($query);
 
        if (mysql_num_rows($result) > 0)
        {
                return true;
        } else
        {
                return false;
        }
 
        return false;
 }
 function activateUser($uid, $actcode)
{
 
        $query = sprintf("select activated from login where loginid = '%s' and actcode = '%s' and activated = 0  limit 1",
                mysql_real_escape_string($uid), mysql_real_escape_string($actcode));
 
        $result = mysql_query($query);
 
        if (mysql_num_rows($result) == 1)
        {
 
                $sql = sprintf("update login set activated = '1'  where loginid = '%s' and actcode = '%s'",
                        mysql_real_escape_string($uid), mysql_real_escape_string($actcode));
 
                if (mysql_query($sql))
                {
                        return true;
                } else
                {
                        return false;
                }
 
        } else
        {
 
                return false;
 
        }
 }
 function registerNewUser($username, $password, $password2, $email)
{
 
        global $seed;
 
        if (!valid_username($username) || !valid_password($password) 
                        !valid_email($email) || $password != $password2 || user_exists($username))
        {
                return false;
        }
 
 
        $code = generate_code(20);
        $sql = sprintf("insert into login (username,password,email,actcode) value ('%s','%s','%s','%s')",
                mysql_real_escape_string($username), mysql_real_escape_string(sha1($password . $seed))
                , mysql_real_escape_string($email), mysql_real_escape_string($code));
 
 
        if (mysql_query($sql))
        {
                $id = mysql_insert_id();
 
                if (sendActivationEmail($username, $password, $id, $email, $code))
                {
 
                        return true;
                } else
                {
                        return false;
                }
 
        } else
        {
                return false;
        }
        return false;
 }
 function lostPassword($username, $email)
{
 
        global $seed;
        if (!valid_username($username) || !user_exists($username) || !valid_email($email))
        {
 
                return false;
        }
 
        $query = sprintf("select loginid from login where username = '%s' and email = '%s' limit 1",
                $username, $email);
 
        $result = mysql_query($query);
 
        if (mysql_num_rows($result) != 1)
        {
 
                return false;
        }
 
 
        $newpass = generate_code(8);
 
        $query = sprintf("update login set password = '%s' where username = '%s'",
                mysql_real_escape_string(sha1($newpass.$seed)), mysql_real_escape_string($username));
 
        if (mysql_query($query))
        {
 
                        if (sendLostPasswordEmail($username, $email, $newpass))
                {
                        return true;
                } else
                {
                        return false;
                }
 
        } else
        {
                return false;
        }
 
        return false;
 }
 ?>