Tak že pre začiatok by som rád pripomenul že tento login system ma stál dosť veľa energie a preto by som ocenil keby v nom nájdete nejaký zádrhel aby ste mi to napísali do tohto topicu.
Na úvod by som chcel upresniť rozloženie súborov. Vytvoríme si priečinok login, v ktorom sa budú nachádzať 2 priečinky admin a include a 6 PHP scriptov. Konkretne forgotpass.php, main.php, process.php, register.php, useredit.php a userinfo.php. V priečinku admin sa nachádzajú 2 PHP scripty a to admin.php a adminprocess.php. V priečinku include sa nachádza 6 PHP scriptov a to constants.php, database.php, form.php, mailer.php, session.php a view_active.php.
To sú všetky scripty ktoré náš login obsahuje. Bodme si to zopakovat:
login/admin/admin.php
login/admin/adminprocess.php
login/include/constants.php
login/include/database.php
login/include/form.php
login/include/mailer.php
login/include/session.php
login/include/view_active.php
login/forgotpass.php
login/main.php
login/process.php
login/register.php
login/useredit.php
login/userinfo.php
Tak to by sme mali kompletný strom našich scriptov.
Začneme s databázov. Vytvoríme si databázu ktorá vypadá asi takto:
Potom v priečinku login postupne vytvoríme nasledovné súbory.Code:-- -- Štruktúra tabuľky pre tabuľku `active_guests` -- CREATE TABLE `active_guests` ( `ip` varchar(15) collate latin2_czech_cs NOT NULL, `timestamp` int(11) unsigned NOT NULL, PRIMARY KEY (`ip`) ) ENGINE=MyISAM DEFAULT CHARSET=latin2 COLLATE=latin2_czech_cs; -- -- Sťahujem dáta pre tabuľku `active_guests` -- -- -- Štruktúra tabuľky pre tabuľku `active_users` -- CREATE TABLE `active_users` ( `username` varchar(30) collate latin2_czech_cs NOT NULL, `timestamp` int(11) unsigned NOT NULL, PRIMARY KEY (`username`) ) ENGINE=MyISAM DEFAULT CHARSET=latin2 COLLATE=latin2_czech_cs; -- -- Sťahujem dáta pre tabuľku `active_users` -- -- -- Štruktúra tabuľky pre tabuľku `banned_users` -- CREATE TABLE `banned_users` ( `username` varchar(30) collate latin2_czech_cs NOT NULL, `timestamp` int(11) unsigned NOT NULL, PRIMARY KEY (`username`) ) ENGINE=MyISAM DEFAULT CHARSET=latin2 COLLATE=latin2_czech_cs; -- -- Sťahujem dáta pre tabuľku `banned_users` -- -- -- Štruktúra tabuľky pre tabuľku `users` -- CREATE TABLE `users` ( `username` varchar(30) collate latin2_czech_cs NOT NULL, `password` varchar(32) collate latin2_czech_cs default NULL, `userid` varchar(32) collate latin2_czech_cs default NULL, `userlevel` tinyint(1) unsigned NOT NULL, `email` varchar(50) collate latin2_czech_cs default NULL, `timestamp` int(11) unsigned NOT NULL, PRIMARY KEY (`username`) ) ENGINE=MyISAM DEFAULT CHARSET=latin2 COLLATE=latin2_czech_cs; -- -- Sťahujem dáta pre tabuľku `users` --
forgotpass.php
main.phpCode:<?php include("include/session.php"); ?> <html> <title>Login</title> <style type="text/css"> <!-- body,td,th { color: #FFFFFF; } --> </style><body> <?php if(isset($_SESSION['forgotpass'])){ if($_SESSION['forgotpass']){ echo "<h1>Nove heslo</h1>"; echo " Nove heslo bolo vytvorene a zaslane " ."na vasu e-mailovu adresu ktora prinalezi k vasmu uctu. " ."<a href=\"main.php\">Main</a>.</p>"; } else{ echo "<h1>Error</h1>"; echo " Nastali problemy pri vytvarani hesla " ."e-mail s heslo nebol zaslany, a preto vase heslo nebolo zmenene. " ."<a href=\"main.php\">Main</a>.</p>"; } unset($_SESSION['forgotpass']); } else{ ?> <center> <h1>Nove heslo</h1> Po zadani vaseho prihlasovacieho mena vam bude zaslane nove heslo ktore ste zadali pri registracii. <?php echo $form->error("user"); ?></p> <form action="process.php" method="POST"> Meno: <input type="text" name="user" maxlength="30" value="<?php echo $form->value("user"); ?>"> <input type="hidden" name="subforgot" value="1"> <input type="submit" value="Chcem nove heslo"> </form> </center> <? } ?> </body> </html>
process.phpCode:<?php include("include/session.php"); ?> <html> <title>Login</title> <body text="#FFFFFF"> <table> <tr><td> <?php if($session->logged_in){ echo "Vitaj $session->username, si uspesne prihlaseny. " ."[<a href=\"index.php?p=info\">Moj ucet</a>] " ."[<a href=\"index.php?p=edit\">Editovat ucet</a>] "; if($session->isAdmin()){ echo "[<a href=\"admin/admin.php\">Admin Center</a>] "; } echo "[<a href=\"process.php\">Logout</a>]"; } else{ ?> <?php if($form->num_errors > 0){ echo "<font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font>"; } ?> <form action="process.php" method="POST"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr><td>Meno:</td><td><input type="text" name="user" maxlength="30" value="<?php echo $form->value("user"); ?>"></td><td> <?php echo $form->error("user"); ?></td></tr> <tr><td>Heslo:</td><td><input type="password" name="pass" maxlength="30" value="<?php echo $form->value("pass"); ?>"></td><td> <?php echo $form->error("pass"); ?></td></tr> <tr><td colspan="2" align="left"><input type="checkbox" name="remember" <?php if($form->value("remember") != ""){ echo "checked"; } ?>> <font size="2">Pamätat si ma. <input type="hidden" name="sublogin" value="1"> <input type="submit" value="Login"></td></tr> <tr><td colspan="2" align="left"> <font size="2">[Zabudli ste heslo?]</font></td><td align="right"></td></tr> </table> </form> <?php } echo "</td></tr><tr><td align=\"center\"> "; echo "Uzivatelia: ".$database->getNumMembers()." "; echo "Uzivatelia online: $database->num_active_users "; echo "Navstevnici: $database->num_active_guests. "; ?> </td></tr> </table> </body> </html>
register.phpCode:<?php include("include/session.php"); class Process { function Process(){ global $session; if(isset($_POST['sublogin'])){ $this->procLogin(); } else if(isset($_POST['subjoin'])){ $this->procRegister(); } else if(isset($_POST['subforgot'])){ $this->procForgotPass(); } else if(isset($_POST['subedit'])){ $this->procEditAccount(); } else if($session->logged_in){ $this->procLogout(); } else{ header("Location: main.php"); } } function procLogin(){ global $session, $form; $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember'])); if($retval){ header("Location: ".$session->referrer); } else{ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } } function procLogout(){ global $session; $retval = $session->logout(); header("Location: main.php"); } function procRegister(){ global $session, $form; if(ALL_LOWERCASE){ $_POST['user'] = strtolower($_POST['user']); } $retval = $session->register($_POST['user'], $_POST['pass'], $_POST['email']); if($retval == 0){ $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = true; header("Location: ".$session->referrer); } else if($retval == 1){ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } else if($retval == 2){ $_SESSION['reguname'] = $_POST['user']; $_SESSION['regsuccess'] = false; header("Location: ".$session->referrer); } } function procForgotPass(){ global $database, $session, $mailer, $form; $subuser = $_POST['user']; $field = "user"; if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "* Nezadali ste uzivatelske meno "); } else{ $subuser = stripslashes($subuser); if(strlen($subuser) < 5 || strlen($subuser) > 30 || !eregi("^([0-9a-z])+$", $subuser) || (!$database->usernameTaken($subuser))){ $form->setError($field, "* Neexistujuci uzivatel "); } } if($form->num_errors > 0){ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); } else{ $newpass = $session->generateRandStr(8); $usrinf = $database->getUserInfo($subuser); $email = $usrinf['email']; if($mailer->sendNewPass($subuser,$email,$newpass)){ /* Email sent, update database */ $database->updateUserField($subuser, "password", md5($newpass)); $_SESSION['forgotpass'] = true; } else{ $_SESSION['forgotpass'] = false; } } header("Location: ".$session->referrer); } function procEditAccount(){ global $session, $form; $retval = $session->editAccount($_POST['curpass'], $_POST['newpass'], $_POST['email']); if($retval){ $_SESSION['useredit'] = true; header("Location: ".$session->referrer); } else{ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } } }; $process = new Process; ?>
useredit.phpCode:<?php include("include/session.php"); ?> <html> <title>Registracia</title> <style type="text/css"> <!-- body,td,th { color: #FFFFFF; } --> </style><body> <?php if($session->logged_in){ echo "<h1>Registracia</h1>"; echo " Ospravedlnujeme sa $session->username, ale už si registrovaný. " ."<a href=\"main.php\">Main</a>.</p>"; } else if(isset($_SESSION['regsuccess'])){ if($_SESSION['regsuccess']){ echo "<h1>Si zaregistrovaný!</h1>"; echo " Dakujeme ".$_SESSION['reguname'].", bol si uspesne zaregistrovany, " ."teraz sa mozes <a href=\"main.php\">prihlasit</a>.</p>"; } else{ echo "<h1>Error</h1>"; echo " Ospravedlnujeme sa ale nastaly problemy pri registracii mena ".$_SESSION['reguname'].", " ."a preto registracia neprebehla. Prosim skuste neskor.</p>"; } unset($_SESSION['regsuccess']); unset($_SESSION['reguname']); } else{ ?> <center> <h1>Registracia</h1> </center> <?php if($form->num_errors > 0){ echo "<td><font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font></td>"; } ?> <center> <form action="process.php" method="POST"> <table align="center" border="0" cellspacing="0" cellpadding="3"> <tr><td>Meno:</td><td><input type="text" name="user" maxlength="30" value="<?php echo $form->value("user"); ?>"></td><td><? echo $form->error("user"); ?></td></tr> <tr><td>Heslo:</td><td><input type="password" name="pass" maxlength="30" value="<?php echo $form->value("pass"); ?>"></td><td><? echo $form->error("pass"); ?></td></tr> <tr><td>Email:</td><td><input type="text" name="email" maxlength="50" value="<?php echo $form->value("email"); ?>"></td><td><? echo $form->error("email"); ?></td></tr> <tr><td colspan="2" align="center"> <input type="hidden" name="subjoin" value="1"> <input type="submit" value="Odoslat"></td></tr> </table> </form> </center> <?php } ?> </body> </html>
userinfo.phpCode:<?php include("include/session.php"); ?> <html> <title>Edit</title> <style type="text/css"> <!-- body,td,th { color: #FFFFFF; } --> </style><body> <? if(isset($_SESSION['useredit'])){ unset($_SESSION['useredit']); echo "<h1>Vas ucet bol uspesne zmeney!</h1>"; echo " $session->username, vykonane zmeny boli uspesne ulozene. " ."<a href=\"main.php\">Main</a>.</p>"; } else{ ?> <?php if($session->logged_in){ ?> <center> <h1>Editacia uzivatela : <?php echo $session->username; ?></h1> <? if($form->num_errors > 0){ echo "<td><font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font></td>"; } ?> <form action="process.php" method="POST"> <table align="center" border="0" cellspacing="0" cellpadding="3"> <tr> <td>Stare heslo:</td> <td><input type="password" name="curpass" maxlength="30" value=" <?echo $form->value("curpass"); ?>"></td> <td><? echo $form->error("curpass"); ?></td> </tr> <tr> <td>Nove heslo:</td> <td><input type="password" name="newpass" maxlength="30" value=" <? echo $form->value("newpass"); ?>"></td> <td><? echo $form->error("newpass"); ?></td> </tr> <tr> <td>Email:</td> <td><input type="text" name="email" maxlength="50" value=" <? if($form->value("email") == ""){ echo $session->userinfo['email']; }else{ echo $form->value("email"); } ?>"> </td> <td><? echo $form->error("email"); ?></td> </tr> <tr><td colspan="2" align="center"> <input type="hidden" name="subedit" value="1"> <input type="submit" value="Zmenit"> <input type="reset" value="Reset"> </td></tr> <tr><td colspan="2" align="center"></td></tr> </table> </form> </center> <? } } ?> </body> </html>
Ok tak to by sme mali súbory s jadra. teraz sa presunieme do priečinku admin a tam vytvoríme nasledovné súbory.Code:<?php include("include/session.php"); ?> <html> <title>Login</title> <body> <?php $req_user = trim($_GET['user']); if(!$req_user || strlen($req_user) == 0 || !eregi("^([0-9a-z])+$", $req_user) || !$database->usernameTaken($req_user)){ die("Neexistujuci zivatel"); } if(strcmp($session->username,$req_user) == 0){ echo "<h1>Moj ucet</h1>"; } else{ echo "<h1>Info</h1>"; } $req_user_info = $database->getUserInfo($req_user); echo "Uzivatel: ".$req_user_info['username']." "; echo "Email: ".$req_user_info['email']." "; if(strcmp($session->username,$req_user) == 0){ echo " <a href=\"useredit.php\">Editovat ucet</a> "; } echo " [<a href=\"main.php\">Main</a>] "; ?> </body> </html>
admin.php
adminprocess.phpCode:<?php include("../include/session.php"); function displayUsers(){ global $database; $q = "SELECT username,userlevel,email,timestamp " ."FROM ".TBL_USERS." ORDER BY userlevel DESC,username"; $result = $database->query($q); $num_rows = mysql_numrows($result); if(!$result || ($num_rows < 0)){ echo "Error"; return; } if($num_rows == 0){ echo "Databaza je prazdna"; return; } echo "<table align=\"left\" border=\"1\" cellspacing=\"0\" cellpadding=\"3\">\n"; echo "<tr><td>Meno</td><td>Level</td><td>Email</td><td>Naposledy online</td></tr>\n"; for($i=0; $i<$num_rows; $i++){ $uname = mysql_result($result,$i,"username"); $ulevel = mysql_result($result,$i,"userlevel"); $email = mysql_result($result,$i,"email"); $time = mysql_result($result,$i,"timestamp"); echo "<tr><td>$uname</td><td>$ulevel</td><td>$email</td><td>$time</td></tr>\n"; } echo "</table> \n"; } function displayBannedUsers(){ global $database; $q = "SELECT username,timestamp " ."FROM ".TBL_BANNED_USERS." ORDER BY username"; $result = $database->query($q); $num_rows = mysql_numrows($result); if(!$result || ($num_rows < 0)){ echo "Error"; return; } if($num_rows == 0){ echo "Databaza je prazdna"; return; } echo "<table align=\"left\" border=\"1\" cellspacing=\"0\" cellpadding=\"3\">\n"; echo "<tr><td>Meno</td><td>Cas banu</td></tr>\n"; for($i=0; $i<$num_rows; $i++){ $uname = mysql_result($result,$i,"username"); $time = mysql_result($result,$i,"timestamp"); echo "<tr><td>$uname</td><td>$time</td></tr>\n"; } echo "</table> \n"; } if(!$session->isAdmin()){ header("Location: ../main.php"); } else{ ?> <html> <title>Admin center</title> <body bgcolor="#000000" text="#FFFFFF" link="#976832"> <h1>Admin Center</h1> <font size="5" color="#ff0000"> </font> <font size="4">Vitaj <?php echo $session->username; ?></font> Spet na web [Home] <?php if($form->num_errors > 0){ echo "<font size=\"4\" color=\"#ff0000\">" ."!*** Problem s poziadavkou.</font> "; } ?> <table align="left" border="0" cellspacing="5" cellpadding="5"> <tr><td> <h3>Registrovaný užívatelia:</h3> <?php displayUsers(); ?> </td></tr> <tr> <td> <h3>Editovanie levelu užívatela:</h3> <? echo $form->error("upduser"); ?> <table> <form action="adminprocess.php" method="POST"> <tr><td> Meno: <input type="text" name="upduser" maxlength="30" value="<? echo $form->value("upduser"); ?>"> </td> <td> Level: <select name="updlevel"> <option value="1">1 <option value="9">9 </select> </td> <td> <input type="hidden" name="subupdlevel" value="1"> <input type="submit" value="Update Level"> </td></tr> </form> </table> </td> </tr> <tr> <td><hr></td> </tr> <tr> <td> <h3>Zmazat užívatela:</h3> <?php echo $form->error("deluser"); ?> <form action="adminprocess.php" method="POST"> Meno: <input type="text" name="deluser" maxlength="30" value="<? echo $form->value("deluser"); ?>"> <input type="hidden" name="subdeluser" value="1"> <input type="submit" value="Delete User"> </form> </td> </tr> <tr> <td><hr></td> </tr> <tr> <td> <h3>Zmazat neaktívnych užívatelov:</h3> <table> <form action="adminprocess.php" method="POST"> <tr><td> Dni: <select name="inactdays"> <option value="3">3 <option value="7">7 <option value="14">14 <option value="30">30 <option value="100">100 <option value="365">365 </select> </td> <td> <input type="hidden" name="subdelinact" value="1"> <input type="submit" value="Zmazat neaktivnych"> </td> </form> </table> </td> </tr> <tr> <td><hr></td> </tr> <tr> <td> <h3>Zabanovat užívatela:</h3> <? echo $form->error("banuser"); ?> <form action="adminprocess.php" method="POST"> Meno: <input type="text" name="banuser" maxlength="30" value="<? echo $form->value("banuser"); ?>"> <input type="hidden" name="subbanuser" value="1"> <input type="submit" value="Ban"> </form> </td> </tr> <tr> <td><hr></td> </tr> <tr><td> <h3>Zabanovaný užívatelia:</h3> <?php displayBannedUsers(); ?> </td></tr> <tr> <td><hr></td> </tr> <tr> <td> <h3>Vymazat zabanovaných hrácov:</h3> <? echo $form->error("delbanuser"); ?> <form action="adminprocess.php" method="POST"> Meno: <input type="text" name="delbanuser" maxlength="30" value="<? echo $form->value("delbanuser"); ?>"> <input type="hidden" name="subdelbanned" value="1"> <input type="submit" value="Vymazat"> </form> </td> </tr> </table> </body> </html> <? } ?>
Tak to by sme mali v podstate celý administrátorský panel a môžeme sa vrhnúť na priečnik includes do ktorého dáme pomocné súbory.Code:<?php include("../include/session.php"); class AdminProcess { function AdminProcess(){ global $session; if(!$session->isAdmin()){ header("Location: ../main.php"); return; } if(isset($_POST['subupdlevel'])){ $this->procUpdateLevel(); } else if(isset($_POST['subdeluser'])){ $this->procDeleteUser(); } else if(isset($_POST['subdelinact'])){ $this->procDeleteInactive(); } else if(isset($_POST['subbanuser'])){ $this->procBanUser(); } else if(isset($_POST['subdelbanned'])){ $this->procDeleteBannedUser(); } else{ header("Location: ../main.php"); } } function procUpdateLevel(){ global $session, $database, $form; $subuser = $this->checkUsername("upduser"); if($form->num_errors > 0){ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } else{ $database->updateUserField($subuser, "userlevel", (int)$_POST['updlevel']); header("Location: ".$session->referrer); } } function procDeleteUser(){ global $session, $database, $form; $subuser = $this->checkUsername("deluser"); if($form->num_errors > 0){ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } else{ $q = "DELETE FROM ".TBL_USERS." WHERE username = '$subuser'"; $database->query($q); header("Location: ".$session->referrer); } } function procDeleteInactive(){ global $session, $database; $inact_time = $session->time - $_POST['inactdays']*24*60*60; $q = "DELETE FROM ".TBL_USERS." WHERE timestamp < $inact_time " ."AND userlevel != ".ADMIN_LEVEL; $database->query($q); header("Location: ".$session->referrer); } function procBanUser(){ global $session, $database, $form; $subuser = $this->checkUsername("banuser"); if($form->num_errors > 0){ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } else{ $q = "DELETE FROM ".TBL_USERS." WHERE username = '$subuser'"; $database->query($q); $q = "INSERT INTO ".TBL_BANNED_USERS." VALUES ('$subuser', $session->time)"; $database->query($q); header("Location: ".$session->referrer); } } function procDeleteBannedUser(){ global $session, $database, $form; $subuser = $this->checkUsername("delbanuser", true); if($form->num_errors > 0){ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ".$session->referrer); } else{ $q = "DELETE FROM ".TBL_BANNED_USERS." WHERE username = '$subuser'"; $database->query($q); header("Location: ".$session->referrer); } } function checkUsername($uname, $ban=false){ global $database, $form; $subuser = $_POST[$uname]; $field = $uname; if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "* Nezadali ste uzivatela "); } else{ $subuser = stripslashes($subuser); if(strlen($subuser) < 5 || strlen($subuser) > 30 || !eregi("^([0-9a-z])+$", $subuser) || (!$ban && !$database->usernameTaken($subuser))){ $form->setError($field, "* Neexistujuci uzivatel "); } } return $subuser; } }; $adminprocess = new AdminProcess; ?>
constants.php
database.phpCode:<?php define("DB_SERVER", "localhost"); define("DB_USER", "root"); define("DB_PASS", "heslo"); define("DB_NAME", "login"); define("TBL_USERS", "users"); define("TBL_ACTIVE_USERS", "active_users"); define("TBL_ACTIVE_GUESTS", "active_guests"); define("TBL_BANNED_USERS", "banned_users"); define("ADMIN_NAME", "admin"); define("GUEST_NAME", "Guest"); define("ADMIN_LEVEL", 9); define("USER_LEVEL", 1); define("GUEST_LEVEL", 0); define("TRACK_VISITORS", true); define("USER_TIMEOUT", 10); define("GUEST_TIMEOUT", 5); define("COOKIE_EXPIRE", 60*60*24*100); define("COOKIE_PATH", "/"); define("EMAIL_FROM_NAME", "admin"); define("EMAIL_FROM_ADDR", "mail@abc.sk"); define("EMAIL_WELCOME", false); define("ALL_LOWERCASE", false); ?>
form.phpCode:<?php include("constants.php"); class MySQLDB { var $connection; var $num_active_users; var $num_active_guests; var $num_members; function MySQLDB(){ $this->connection = mysql_connect("localhost", "root", "") or die(mysql_error()); mysql_select_db("login", $this->connection) or die(mysql_error()); $this->num_members = -1; if(TRACK_VISITORS){ $this->calcNumActiveUsers(); $this->calcNumActiveGuests(); } } function confirmUserPass($username, $password){ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } $q = "SELECT password FROM ".TBL_USERS." WHERE username = '$username'"; $result = mysql_query($q, $this->connection); if(!$result || (mysql_numrows($result) < 1)){ return 1; } $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); if($password == $dbarray['password']){ return 0; } else{ return 2; } } function confirmUserID($username, $userid){ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } $q = "SELECT userid FROM ".TBL_USERS." WHERE username = '$username'"; $result = mysql_query($q, $this->connection); if(!$result || (mysql_numrows($result) < 1)){ return 1; } $dbarray = mysql_fetch_array($result); $dbarray['userid'] = stripslashes($dbarray['userid']); $userid = stripslashes($userid); if($userid == $dbarray['userid']){ return 0; } else{ return 2; } } function usernameTaken($username){ if(!get_magic_quotes_gpc()){ $username = addslashes($username); } $q = "SELECT username FROM ".TBL_USERS." WHERE username = '$username'"; $result = mysql_query($q, $this->connection); return (mysql_numrows($result) > 0); } function usernameBanned($username){ if(!get_magic_quotes_gpc()){ $username = addslashes($username); } $q = "SELECT username FROM ".TBL_BANNED_USERS." WHERE username = '$username'"; $result = mysql_query($q, $this->connection); return (mysql_numrows($result) > 0); } function addNewUser($username, $password, $email){ $time = time(); if(strcasecmp($username, ADMIN_NAME) == 0){ $ulevel = ADMIN_LEVEL; }else{ $ulevel = USER_LEVEL; } $q = "INSERT INTO ".TBL_USERS." VALUES ('$username', '$password', '0', $ulevel, '$email', $time)"; return mysql_query($q, $this->connection); } function updateUserField($username, $field, $value){ $q = "UPDATE ".TBL_USERS." SET ".$field." = '$value' WHERE username = '$username'"; return mysql_query($q, $this->connection); } function getUserInfo($username){ $q = "SELECT * FROM ".TBL_USERS." WHERE username = '$username'"; $result = mysql_query($q, $this->connection); if(!$result || (mysql_numrows($result) < 1)){ return NULL; } $dbarray = mysql_fetch_array($result); return $dbarray; } function getNumMembers(){ if($this->num_members < 0){ $q = "SELECT * FROM ".TBL_USERS; $result = mysql_query($q, $this->connection); $this->num_members = mysql_numrows($result); } return $this->num_members; } function calcNumActiveUsers(){ $q = "SELECT * FROM ".TBL_ACTIVE_USERS; $result = mysql_query($q, $this->connection); $this->num_active_users = mysql_numrows($result); } function calcNumActiveGuests(){ $q = "SELECT * FROM ".TBL_ACTIVE_GUESTS; $result = mysql_query($q, $this->connection); $this->num_active_guests = mysql_numrows($result); } function addActiveUser($username, $time){ $q = "UPDATE ".TBL_USERS." SET timestamp = '$time' WHERE username = '$username'"; mysql_query($q, $this->connection); if(!TRACK_VISITORS) return; $q = "REPLACE INTO ".TBL_ACTIVE_USERS." VALUES ('$username', '$time')"; mysql_query($q, $this->connection); $this->calcNumActiveUsers(); } function addActiveGuest($ip, $time){ if(!TRACK_VISITORS) return; $q = "REPLACE INTO ".TBL_ACTIVE_GUESTS." VALUES ('$ip', '$time')"; mysql_query($q, $this->connection); $this->calcNumActiveGuests(); } function removeActiveUser($username){ if(!TRACK_VISITORS) return; $q = "DELETE FROM ".TBL_ACTIVE_USERS." WHERE username = '$username'"; mysql_query($q, $this->connection); $this->calcNumActiveUsers(); } function removeActiveGuest($ip){ if(!TRACK_VISITORS) return; $q = "DELETE FROM ".TBL_ACTIVE_GUESTS." WHERE ip = '$ip'"; mysql_query($q, $this->connection); $this->calcNumActiveGuests(); } function removeInactiveUsers(){ if(!TRACK_VISITORS) return; $timeout = time()-USER_TIMEOUT*60; $q = "DELETE FROM ".TBL_ACTIVE_USERS." WHERE timestamp < $timeout"; mysql_query($q, $this->connection); $this->calcNumActiveUsers(); } function removeInactiveGuests(){ if(!TRACK_VISITORS) return; $timeout = time()-GUEST_TIMEOUT*60; $q = "DELETE FROM ".TBL_ACTIVE_GUESTS." WHERE timestamp < $timeout"; mysql_query($q, $this->connection); $this->calcNumActiveGuests(); } function query($query){ return mysql_query($query, $this->connection); } }; $database = new MySQLDB; ?>
mailer.phpCode:<?php class Form { var $values = array(); var $errors = array(); var $num_errors; function Form(){ if(isset($_SESSION['value_array']) && isset($_SESSION['error_array'])){ $this->values = $_SESSION['value_array']; $this->errors = $_SESSION['error_array']; $this->num_errors = count($this->errors); unset($_SESSION['value_array']); unset($_SESSION['error_array']); } else{ $this->num_errors = 0; } } function setValue($field, $value){ $this->values[$field] = $value; } function setError($field, $errmsg){ $this->errors[$field] = $errmsg; $this->num_errors = count($this->errors); } function value($field){ if(array_key_exists($field,$this->values)){ return htmlspecialchars(stripslashes($this->values[$field])); }else{ return ""; } } function error($field){ if(array_key_exists($field,$this->errors)){ return "<font size=\"2\" color=\"#ff0000\">".$this->errors[$field]."</font>"; }else{ return ""; } } function getErrorArray(){ return $this->errors; } }; ?>
session.phpCode:<?php class Mailer { function sendWelcome($user, $email, $pass){ $from = "From: ".EMAIL_FROM_NAME." <".EMAIL_FROM_ADDR.">"; $subject = "Vitajte!"; $body = $user.",\n\n" ."Vitajte, zaregistrovali ste sa na nasej stranke ........ " ."a vyplniliste registraciu nasledovne:\n\n" ."Uzivatelske meno: ".$user."\n" ."Heslo: ".$pass."\n\n"; return mail($email,$subject,$body,$from); } function sendNewPass($user, $email, $pass){ $from = "From: ".EMAIL_FROM_NAME." <".EMAIL_FROM_ADDR.">"; $subject = "Vasa stranka - Nove heslo"; $body = $user.",\n\n" ."Vytvorili sme nove heslo pre vas ucet, " ."ktore mozete pouziti pri najblissom prihlaseni.\n\n" ."Uzivatelske meno: ".$user."\n" ."Nove heslo: ".$pass."\n\n"; return mail($email,$subject,$body,$from); } }; $mailer = new Mailer; ?>
view_active.phpCode:<?php include("database.php"); include("mailer.php"); include("form.php"); class Session { var $username; var $userid; var $userlevel; var $time; var $logged_in; var $userinfo = array(); var $url; var $referrer; function Session(){ $this->time = time(); $this->startSession(); } function startSession(){ global $database; session_start(); $this->logged_in = $this->checkLogin(); if(!$this->logged_in){ $this->username = $_SESSION['username'] = GUEST_NAME; $this->userlevel = GUEST_LEVEL; $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time); } else{ $database->addActiveUser($this->username, $this->time); } $database->removeInactiveUsers(); $database->removeInactiveGuests(); if(isset($_SESSION['url'])){ $this->referrer = $_SESSION['url']; }else{ $this->referrer = "/"; } $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF']; } function checkLogin(){ global $database; if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){ $this->username = $_SESSION['username'] = $_COOKIE['cookname']; $this->userid = $_SESSION['userid'] = $_COOKIE['cookid']; } if(isset($_SESSION['username']) && isset($_SESSION['userid']) && $_SESSION['username'] != GUEST_NAME){ if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){ unset($_SESSION['username']); unset($_SESSION['userid']); return false; } $this->userinfo = $database->getUserInfo($_SESSION['username']); $this->username = $this->userinfo['username']; $this->userid = $this->userinfo['userid']; $this->userlevel = $this->userinfo['userlevel']; return true; } else{ return false; } } function login($subuser, $subpass, $subremember){ global $database, $form; $field = "user"; if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "* Nezadali ste uzivatelske meno"); } else{ if(!eregi("^([0-9a-z])*$", $subuser)){ $form->setError($field, "* Uzivatelske meno moze pozostavat iba s cisel a pismen."); } } $field = "pass"; if(!$subpass){ $form->setError($field, "* Nezadali ste heslo"); } if($form->num_errors > 0){ return false; } $subuser = stripslashes($subuser); $result = $database->confirmUserPass($subuser, md5($subpass)); if($result == 1){ $field = "user"; $form->setError($field, "* Uzivatel nebol najdeny."); } else if($result == 2){ $field = "pass"; $form->setError($field, "* Zle heslo"); } if($form->num_errors > 0){ return false; } $this->userinfo = $database->getUserInfo($subuser); $this->username = $_SESSION['username'] = $this->userinfo['username']; $this->userid = $_SESSION['userid'] = $this->generateRandID(); $this->userlevel = $this->userinfo['userlevel']; $database->updateUserField($this->username, "userid", $this->userid); $database->addActiveUser($this->username, $this->time); $database->removeActiveGuest($_SERVER['REMOTE_ADDR']); if($subremember){ setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH); setcookie("cookid", $this->userid, time()+COOKIE_EXPIRE, COOKIE_PATH); } return true; } function logout(){ global $database; if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){ setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH); setcookie("cookid", "", time()-COOKIE_EXPIRE, COOKIE_PATH); } unset($_SESSION['username']); unset($_SESSION['userid']); $this->logged_in = false; $database->removeActiveUser($this->username); $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time); $this->username = GUEST_NAME; $this->userlevel = GUEST_LEVEL; } function register($subuser, $subpass, $subemail){ global $database, $form, $mailer; $field = "user"; if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "* Nezadali ste uzivatelske meno"); } else{ $subuser = stripslashes($subuser); if(strlen($subuser) < 5){ $form->setError($field, "* Uzivatelske meno je zle."); } else if(strlen($subuser) > 30){ $form->setError($field, "* Uzivatelske meno je zle"); } else if(!eregi("^([0-9a-z])+$", $subuser)){ $form->setError($field, "* Uzivatelske meno musi pozostavat s cisel alebo pismen"); } else if(strcasecmp($subuser, GUEST_NAME) == 0){ $form->setError($field, "* Uzivatelske meno je zle"); } else if($database->usernameTaken($subuser)){ $form->setError($field, "* Uzivatelske meno je uz pouzivane"); } else if($database->usernameBanned($subuser)){ $form->setError($field, "* Uzivatel je zabanovany"); } } $field = "pass"; if(!$subpass){ $form->setError($field, "* Nezadali ste heslo"); } else{ $subpass = stripslashes($subpass); if(strlen($subpass) < 4){ $form->setError($field, "* Heslo je kratke"); } else if(!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))){ $form->setError($field, "* Heslo musi pozostavat s cisle a pismen"); } } $field = "email"; if(!$subemail || strlen($subemail = trim($subemail)) == 0){ $form->setError($field, "* Nezadali ste mail"); } else{ $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*" ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*" ."\.([a-z]{2,}){1}$"; if(!eregi($regex,$subemail)){ $form->setError($field, "* Zly email"); } $subemail = stripslashes($subemail); } if($form->num_errors > 0){ return 1; } else{ if($database->addNewUser($subuser, md5($subpass), $subemail)){ if(EMAIL_WELCOME){ $mailer->sendWelcome($subuser,$subemail,$subpass); } return 0; }else{ return 2; } } } function editAccount($subcurpass, $subnewpass, $subemail){ global $database, $form; if($subnewpass){ $field = "curpass"; if(!$subcurpass){ $form->setError($field, "* Nezadali ste heslo."); } else{ $subcurpass = stripslashes($subcurpass); if(strlen($subcurpass) < 4 || !eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))){ $form->setError($field, "* Heslo je zle"); } if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){ $form->setError($field, "* Heslo je zle"); } } $field = "newpass"; $subpass = stripslashes($subnewpass); if(strlen($subnewpass) < 4){ $form->setError($field, "* Nove heslo je moc kratke"); } else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))){ $form->setError($field, "* Nove heslo musi pozostavat s pismen a cislic"); } } else if($subcurpass){ $field = "newpass"; $form->setError($field, "* Nezadali ste nove heslo"); } $field = "email"; if($subemail && strlen($subemail = trim($subemail)) > 0){ $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*" ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*" ."\.([a-z]{2,}){1}$"; if(!eregi($regex,$subemail)){ $form->setError($field, "* Zly email"); } $subemail = stripslashes($subemail); } if($form->num_errors > 0){ return false; } if($subcurpass && $subnewpass){ $database->updateUserField($this->username,"password",md5($subnewpass)); } if($subemail){ $database->updateUserField($this->username,"email",$subemail); } return true; } function isAdmin(){ return ($this->userlevel == ADMIN_LEVEL || $this->username == ADMIN_NAME); } function generateRandID(){ return md5($this->generateRandStr(16)); } function generateRandStr($length){ $randstr = ""; for($i=0; $i<$length; $i++){ $randnum = mt_rand(0,61); if($randnum < 10){ $randstr .= chr($randnum+48); }else if($randnum < 36){ $randstr .= chr($randnum+55); }else{ $randstr .= chr($randnum+61); } } return $randstr; } }; $session = new Session; $form = new Form; ?>
No tak to by sme mali vsetko. Staci skopírovať uložiť tak ako je na začitku ukázané a zmeniť údaje o databáze v súboroch database.php a constants.php. No ako si čoskoro všimnete nedal som tam moc inteligentné logi. Preto by ste si ich mohli prepísať lebo zakaždím ked sa nieco stane tak sa vám vypíše budt error alebo podobne duchaplná hláška. Dalej pozor na to že som tam použil dosť vela vecí s PHP4 tak že sa nelakajte je to trochu zastarale ale svoj ucel to splní.Code:<?php if(!defined('TBL_ACTIVE_USERS')) { die("Error"); } $q = "SELECT username FROM ".TBL_ACTIVE_USERS ." ORDER BY timestamp DESC,username"; $result = $database->query($q); $num_rows = mysql_numrows($result); if(!$result || ($num_rows < 0)){ echo "Error pri zobrazovani Informacii o uzivateloch"; } else if($num_rows > 0){ echo "<table align=\"left\" border=\"1\" cellspacing=\"0\" cellpadding=\"3\">\n"; echo "<tr><td><font size=\"2\">\n"; for($i=0; $i<$num_rows; $i++){ $uname = mysql_result($result,$i,"username"); echo "<a href=\"userinfo.php?user=$uname\">$uname</a> / "; } echo "</font></td></tr></table> \n"; } ?>
P.S.
sorry za gramatiku moc vnej niesom dobrý.
Reply With Quote