Enjoy an ad free experience by logging in. Not a member yet?
Register .
PM User | 1
New Coder
Join Date: Oct 2011
Posts: 10
Thanks: 0
Thanked 1 Time in 1 Post
How to add sha1 hash password to LOGIN page
Hi guys I have a script which i've been playing around with for over a day now with no luck!
Now i can't seem to correctly create a login page to pass the hashed password using (sha1).
Now all i want to do is verify the username and the (hashed) password according to the database and allow the user in. The script i am using to check login works fine without a hashed password in the database. But ideally i'd like to use a hashed form of password.
Can somebody show me what change i need to make in this script below in order to pass a sha1 hashed password? I'm guessing it's a really small change from the examples i've seen online, but i just cant seem to get mine to work. :|
Your help would be much appreciated.
Login Page PHP:
PHP Code:
< form name = "login" method = "post" action = "check_login.php3" >
p >< strong > Secured Area User Log - in </ strong ></ p >
p > Username : < input name = "bioname" type = "text" id = "bioname" ></ p >
p > Password : < input name = "biopass" type = "password" id = "biopass" ></ p >
p > </ p >
p >< input type = "submit" name = "Submit" value = "Login" ></ p >
form >
Check Login Processor (which is the file i that needs the sha1 added somewhere i think)
PHP Code:
<?php
require_once( 'config.php3' );
// Connect to the server and select the database.
mysql_connect ( "$host" , "$username" , "$password" )or die( "cannot connect" );
mysql_select_db ( "$db" )or die( "Unable to select database" );
//
$loginusername = false ;
$loginpassword = false ;
$err = false ; // default error message is empty
if (isset( $_POST [ 'bioname' ])) $loginusername = $_POST [ 'bioname' ];
$_POST [ 'biopass' ])) $loginpassword = $_POST [ 'biopass' ];
// if either isnt filled in, tell the user, a very basic bit of validation
if (! $loginusername || ! $loginpassword ) $err = "please complete the form" ;
$err ) //if no error continue
{
//The following bit of coding protects from MySQL injection attacks
$loginusername = stripslashes ( $loginusername );
$loginpassword = stripslashes ( $loginpassword );
$loginusername = mysql_real_escape_string ( $loginusername );
$loginpassword = mysql_real_escape_string ( $loginpassword );
//you could add other things like check for text only blah blah
$sql = "SELECT * FROM $tbl WHERE bioname='$loginusername' and biopass='$loginpassword'" ;
$result = mysql_query ( $sql );
// Count how many results were pulled from the table
$count = mysql_num_rows ( $result );
// If the result equals 1, continue
if( $count == 1 )
session_start ();
$_SESSION [ 'user' ] = $loginusername ; // store session data
header ( "Location: {$loginusername}/index.php3" );
$err = "Wrong Username or Password" ;
// end login if statement
if ( $err ) // show error message if there is one
{
$err ;
"<br>Please go back in your browser and try again" ;
?>
The secure page:
PHP Code:
<?php
();
$mypath = $_SERVER [ "REQUEST_URI" ];
//echo $mypath; // for debugging
if( strpos ( $mypath , "/" . $_SESSION [ 'user' ]. "/" )) //on testing it failed initially as username test is found in path /test2/ so i added the slashes to stop that. so /test/ doesnt get found in /test2/
{
"congratulations you are the right person in the right place" ;
session_destroy (); //kill the session, naughty person trying to come here
header ( "Location: ../login.php3" );
// stop page executing any further
}
?>
Thanks and i look forward to your replies.
PM User | 2
Super Moderator
Join Date: Mar 2007
Location: Florida, USA
Posts: 3,601
Thanks: 2
Thanked 397 Times in 390 Posts
PHP Code:
$loginpassword = sha1 ( $loginpassword );
Boom.
PM User | 3
New Coder
Join Date: Oct 2011
Posts: 10
Thanks: 0
Thanked 1 Time in 1 Post
Quote:
Originally Posted by
Inigoesdr
PHP Code:
$loginpassword = sha1 ( $loginpassword );
Boom.
Crank
Doesn't work
I could be placing it in the wrong place. Could you also give me one with salt? I think the passwords are salted... or that doesn't matter?
PM User | 4
Super Moderator
Join Date: Mar 2007
Location: Florida, USA
Posts: 3,601
Thanks: 2
Thanked 397 Times in 390 Posts
Quote:
Originally Posted by
Kayz
Crank
Doesn't work
You're going to have to put forth some effort with the debugging process. We can't tell you what is wrong when you provide no feedback whatsoever.
Quote:
Originally Posted by
Kayz
I think the passwords are salted... or that doesn't matter?
It does matter, and there are many ways to salt a password so you have to be more specific if you want an example.
PM User | 5
New Coder
Join Date: Oct 2011
Posts: 10
Thanks: 0
Thanked 1 Time in 1 Post
Quote:
Originally Posted by
Inigoesdr
You're going to have to put forth some effort with the debugging process. We can't tell you what is wrong when you provide no feedback whatsoever.
Apologies, well ive tried various methods and have practically spent an entire weekend trying to get this to work. After placing the snippets it simply dosent login because my passwords in the database are hashed. I tried with plain text passwords and my script works fine. So its just the Sha1 encryption which im trying to pass through my login script thats all.
I am using my own login script to log into another system script which is a 'user managment' system (this works fine).
Now i discovered this is the hash that is being used.
PHP Code:
$code = '' ;
$x = 0 ; $x < 6 ; $x ++) {
$code .= '-' . substr ( strtoupper ( sha1 ( rand ( 0 , 999999999999999 ))), 2 , 6 );
$code = substr ( $code , 1 );
$code ;
So im trying to login into the system using my 'own' login script which im trying to get to work and validate the user according to sha1 and the values above? (I hope im making sense!)
Cheers
Users who have thanked Kayz for this post:
PM User | 6
Senior Coder
Join Date: Jan 2010
Location: Behind the Wall
Posts: 2,857
Thanks: 9
Thanked 288 Times in 284 Posts
Quote:
Originally Posted by
Kayz
I tried with plain text passwords and my script works fine.
if you can login without hashing, doesn’t that mean the passwords ain’t hashed?
__________________
PM User | 7
New Coder
Join Date: Oct 2011
Posts: 10
Thanks: 0
Thanked 1 Time in 1 Post
Quote:
Originally Posted by
Dormilich
if you can login without hashing, doesn’t that mean the passwords ain’t hashed?
Yes to test the script i set a password to plain text which worked, now the passwords are hashed hence im trying to implement sha1 hash to pass at login.
PM User | 8
Senior Coder
Join Date: Jan 2010
Location: Behind the Wall
Posts: 2,857
Thanks: 9
Thanked 288 Times in 284 Posts
unless you know exactly how the passwords were hashed, there is no way to find that out by trying in PHP.
__________________
PM User | 9
New Coder
Join Date: Oct 2011
Posts: 10
Thanks: 0
Thanked 1 Time in 1 Post
Quote:
Originally Posted by
Dormilich
unless you know exactly how the passwords were hashed, there is no way to find that out by trying in PHP.
I have the script, the snippet of hash code i've provided above.
I believe this to be the full code...
functions.php
PHP Code:
<?php
if (! defined ( "_VALID_PHP" ))
'Direct access to this location is not allowed.' );
/**
function redirect_to ( $location )
headers_sent ()) {
header ( 'Location: ' . $location );
'<script type="text/javascript">' ;
'window.location.href="' . $location . '";' ;
'</script>' ;
'<noscript>' ;
'<meta http-equiv="refresh" content="0;url=' . $location . '" />' ;
'</noscript>' ;
/**
function countEntries ( $table , $where = '' , $what = '' )
$db ;
$where ) && isset( $what )) {
$q = "SELECT COUNT(*) FROM " . $table . " WHERE " . $where . " = '" . $what . "' LIMIT 1" ;
$q = "SELECT COUNT(*) FROM " . $table . " LIMIT 1" ;
$record = $db -> query ( $q );
$total = $db -> fetchrow ( $record );
$total [ 0 ];
/**
function getChecked ( $row , $status )
$row == $status ) {
"checked=\"checked\"" ;
/**
function post ( $var )
$_POST [ $var ]))
$_POST [ $var ];
/**
function get ( $var )
$_GET [ $var ]))
$_GET [ $var ];
/**
function sanitize ( $string , $trim = false , $int = false , $str = false )
$string = filter_var ( $string , FILTER_SANITIZE_STRING );
$string = trim ( $string );
$string = stripslashes ( $string );
$string = strip_tags ( $string );
$string = str_replace (array( '‘' , '’' , '“' , '”' ), array( "'" , "'" , '"' , '"' ), $string );
$trim )
$string = substr ( $string , 0 , $trim );
$int )
$string = preg_replace ( "/[^0-9\s]/" , "" , $string );
$str )
$string = preg_replace ( "/[^a-zA-Z\s]/" , "" , $string );
$string ;
/**
function getValue ( $what , $table , $where )
$db ;
$sql = "SELECT $what FROM $table WHERE $where" ;
$row = $db -> first ( $sql );
$row [ $what ];
/**
function tooltip ( $tip )
'<img src="' . SITEURL . '/images/tooltip.png" alt="Tip" class="tooltip" title="' . $tip . '" />' ;
/**
function required ()
'<img src="' . SITEURL . '//images/required.png" alt="Required Field" class="tooltip" title="Required Field" />' ;
/**
function cleanOut ( $text ) {
$text = strtr ( $text , array( '\r\n' => "" , '\r' => "" , '\n' => "" ));
$text = html_entity_decode ( $text , ENT_QUOTES , 'UTF-8' );
$text = str_replace ( '<br>' , '<br />' , $text );
stripslashes ( $text );
/**
function isAdmin ( $userlevel )
$userlevel ) {
9 :
$display = '<img src="' . SITEURL . '/images/superadmin.png" alt="" class="tooltip" title="Super Admin"/>' ;
7 :
$display = '<img src="' . SITEURL . '/images/level7.png" alt="" class="tooltip" title="User Level 7"/>' ;
6 :
$display = '<img src="' . SITEURL . '/images/level6.png" alt="" class="tooltip" title="User Level 6"/>' ;
5 :
$display = '<img src="' . SITEURL . '/images/level5.png" alt="" class="tooltip" title="User Level 5"/>' ;
4 :
$display = '<img src="' . SITEURL . '/images/level4.png" alt="" class="tooltip" title="User Level 4"/>' ;
3 :
$display = '<img src="' . SITEURL . '/images/level6.png" alt="" class="tooltip" title="User Level 3"/>' ;
2 :
$display = '<img src="' . SITEURL . '/images/level5.png" alt="" class="tooltip" title="User Level 2"/>' ;
1 :
$display = '<img src="' . SITEURL . '/images/user.png" alt="" class="tooltip" title="User"/>' ;
$display ;;
/**
function userStatus ( $status )
$status ) {
"y" :
$display = '<img src="' . SITEURL . '/images/u_active.png" alt="" class="tooltip" title="User Active"/>' ;
"n" :
$display = '<img src="' . SITEURL . '/images/u_inactive.png" alt="" class="tooltip" title="User Inactive"/>' ;
"t" :
$display = '<img src="' . SITEURL . '/images/u_pending.png" alt="" class="tooltip" title="User Pending"/>' ;
"b" :
$display = '<img src="' . SITEURL . '/images/u_banned.png" alt="" class="tooltip" title="User Banned"/>' ;
$display ;;
/**
function isActive ( $id )
$id == 1 ) {
$display = '<img src="' . SITEURL . '/images/yes.png" alt="" class="tooltip img-wrap2" title="Active"/>' ;
$display = '<img src="' . SITEURL . '/images/no.png" alt="" class="tooltip img-wrap2" title="Inactive"/>' ;
$display ;;
/**
function barHeight ( $total )
$total ) {
$total <= 10 ):
10 ;
$total >= 10 && $total <= 50 ):
20 ;
$total >= 50 && $total <= 100 ):
30 ;
$total >= 100 && $total <= 200 ):
40 ;
$total >= 200 && $total <= 300 ):
50 ;
$total >= 300 && $total <= 500 ):
60 ;
$total >= 500 && $total <= 700 ):
70 ;
$total >= 700 && $total <= 900 ):
80 ;
$total >= 900 && $total <= 1000 ):
90 ;
$total >= 1000 && $total > 3000 ):
99 ;
/**
function randName () {
$code = '' ;
$x = 0 ; $x < 6 ; $x ++) {
$code .= '-' . substr ( strtoupper ( sha1 ( rand ( 0 , 999999999999999 ))), 2 , 6 );
$code = substr ( $code , 1 );
$code ;
?>
Last edited by Kayz; 10-24-2011 at 02:42 PM ..
PM User | 10
New Coder
Join Date: Oct 2011
Posts: 10
Thanks: 0
Thanked 1 Time in 1 Post
The next script is too long for the forum, i will post this script in two different posts.. this is one file.
Also this script:
class_user.php - Part 1
PHP Code:
<?php
if (! defined ( "_VALID_PHP" ))
'Direct access to this location is not allowed.' );
Users
{
$uTable = "users" ;
$logged_in = null ;
$uid = 0 ;
$userid = 0 ;
$username ;
$email ;
$name ;
$bioname ;
$membership_id = 0 ;
$userlevel ;
$lastlogin = "NOW()" ;
/**
function __construct ()
$this -> getUserId ();
$this -> startSession ();
/**
private function getUserId ()
$core ;
$_GET [ 'userid' ])) {
$userid = ( is_numeric ( $_GET [ 'userid' ]) && $_GET [ 'userid' ] > - 1 ) ? intval ( $_GET [ 'userid' ]) : false ;
$userid = sanitize ( $userid );
$userid == false ) {
$core -> error ( "You have selected an Invalid Userid" , "Users::getUserId()" );
$this -> userid = $userid ;
/**
private function startSession ()
session_start ();
$this -> logged_in = $this -> loginCheck ();
$this -> logged_in ) {
$this -> username = $_SESSION [ 'username' ] = "Guest" ;
$this -> userlevel = 0 ;
/**
private function loginCheck ()
$_SESSION [ 'username' ]) && $_SESSION [ 'username' ] != "Guest" ) {
$row = $this -> getUserInfo ( $_SESSION [ 'username' ]);
$this -> uid = $row [ 'id' ];
$this -> username = $row [ 'username' ];
$this -> email = $row [ 'email' ];
$this -> name = $row [ 'fname' ]. ' ' . $row [ 'lname' ];
$this -> bioname = $row [ 'bioname' ];
$this -> userlevel = $row [ 'userlevel' ];
$this -> membership_id = $row [ 'membership_id' ];
true ;
false ;
/**
public function is_Admin ()
$this -> userlevel == 9 );
/**
public function login ( $username , $pass )
$db , $core ;
$username == "" && $pass == "" ) {
$core -> msgs [ 'username' ] = 'Please enter valid username and password.' ;
$status = $this -> checkStatus ( $username , $pass );
$status ) {
0 :
$core -> msgs [ 'username' ] = 'Login and/or password did not match to the database.' ;
1 :
$core -> msgs [ 'username' ] = 'Your account has been banned.' ;
2 :
$core -> msgs [ 'username' ] = 'Your account it\'s not activated.' ;
3 :
$core -> msgs [ 'username' ] = 'You need to verify your email address.' ;
$core -> msgs ) && $status == 5 ) {
$row = $this -> getUserInfo ( $username );
$this -> uid = $_SESSION [ 'userid' ] = $row [ 'id' ];
$this -> username = $_SESSION [ 'username' ] = $row [ 'username' ];
$this -> email = $_SESSION [ 'email' ] = $row [ 'email' ];
$this -> name = $_SESSION [ 'userlevel' ] = $row [ 'userlevel' ];
$this -> userlevel = $_SESSION [ 'userlevel' ] = $row [ 'userlevel' ];
$this -> bioname = $_SESSION [ 'bioname' ] = $row [ 'bioname' ];
$this -> membership_id = $_SESSION [ 'membership_id' ] = $row [ 'membership_id' ];
$data = array(
'lastlogin' => $this -> lastlogin ,
'lastip' => sanitize ( $_SERVER [ 'REMOTE_ADDR' ])
$db -> update ( $this -> uTable , $data , "username='" . $this -> username . "'" );
$this -> validateMembership ()) {
$data = array(
'membership_id' => 0 ,
'mem_expire' => "0000-00-00 00:00:00"
);
$db -> update ( $this -> uTable , $data , "username='" . $this -> username . "'" );
true ;
$core -> msgStatus ();
/**
public function logout ()
$_SESSION [ 'username' ]);
$_SESSION [ 'email' ]);
$_SESSION [ 'name' ]);
$_SESSION [ 'membership_id' ]);
$_SESSION [ 'userid' ]);
session_destroy ();
session_regenerate_id ();
$this -> logged_in = false ;
$this -> username = "Guest" ;
$this -> userlevel = 0 ;
/**
private function getUserInfo ( $username )
$db ;
$username = sanitize ( $username );
$username = $db -> escape ( $username );
$sql = "SELECT * FROM " . $this -> uTable . " WHERE username = '" . $username . "'" ;
$row = $db -> first ( $sql );
$username )
false ;
$row ) ? $row : 0 ;
/**
public function checkStatus ( $username , $pass )
$db ;
$username = sanitize ( $username );
$username = $db -> escape ( $username );
$pass = sanitize ( $pass );
$sql = "SELECT password, active FROM " . $this -> uTable
. "\n WHERE username = '" . $username . "'" ;
$result = $db -> query ( $sql );
$db -> numrows ( $result ) == 0 )
0 ;
$row = $db -> fetch ( $result );
$entered_pass = sha1 ( $pass );
$row [ 'active' ]) {
"b" :
1 ;
"n" :
2 ;
"t" :
3 ;
"y" && $entered_pass == $row [ 'password' ]:
5 ;
/**
public function getUsers ( $from = false )
$db , $pager , $core ;
BASEPATH . "lib/class_paginate.php" );
$pager = new Paginator ();
$counter = countEntries ( $this -> uTable );
$pager -> items_total = $counter ;
$pager -> default_ipp = $core -> perpage ;
$pager -> paginate ();
$counter == 0 ) {
$pager -> limit = null ;
$_GET [ 'sort' ])) {
$sort , $order ) = explode ( "-" , $_GET [ 'sort' ]);
$sort = sanitize ( $sort );
$order = sanitize ( $order );
in_array ( $sort , array( "username" , "fname" , "lname" , "email" , "created" ))) {
$ord = ( $order == 'DESC' ) ? " DESC" : " ASC" ;
$sorting = " u." . $sort . $ord ;
$sorting = " u.created DESC" ;
$sorting = " u.created DESC" ;
$clause = (isset( $clause )) ? $clause : null ;
$_POST [ 'fromdate' ]) && $_POST [ 'fromdate' ] <> "" || isset( $from ) && $from != '' ) {
$enddate = date ( "Y-m-d" );
$fromdate = (empty( $from )) ? $_POST [ 'fromdate' ] : $from ;
$_POST [ 'enddate' ]) && $_POST [ 'enddate' ] <> "" ) {
$enddate = $_POST [ 'enddate' ];
$clause .= " WHERE u.created BETWEEN '" . trim ( $fromdate ) . "' AND '" . trim ( $enddate ) . " 23:59:59'" ;
$sql = "SELECT u.*, CONCAT(u.fname,' ',u.lname) as name, m.title, m.id as mid,"
. "\n DATE_FORMAT(u.created, '%d. %b. %Y.') as cdate,"
. "\n DATE_FORMAT(u.lastlogin, '%d. %b. %Y.') as adate"
. "\n FROM " . $this -> uTable . " as u"
. "\n LEFT JOIN memberships as m ON m.id = u.membership_id"
. "\n " . $clause
. "\n ORDER BY " . $sorting . $pager -> limit ;
$row = $db -> fetch_all ( $sql );
$row ) ? $row : 0 ;
/**
public function processUser ()
$db , $core ;
$this -> userid ) {
$_POST [ 'username' ]))
$core -> msgs [ 'username' ] = 'Please Enter Valid Username' ;
$value = $this -> usernameExists ( $_POST [ 'username' ])) {
$value == 1 )
$core -> msgs [ 'username' ] = 'Username Is Too Short (less Than 4 Characters Long).' ;
$value == 2 )
$core -> msgs [ 'username' ] = 'Invalid Characters Found In Username.' ;
$value == 3 )
$core -> msgs [ 'username' ] = 'Sorry, This Username Is Already Taken' ;
$_POST [ 'fname' ]))
$core -> msgs [ 'fname' ] = 'Please Enter First Name' ;
$_POST [ 'lname' ]))
$core -> msgs [ 'lname' ] = 'Please Enter Last Name' ;
$this -> userid ) {
$_POST [ 'password' ]))
$core -> msgs [ 'password' ] = 'Please Enter Valid Password.' ;
$_POST [ 'bioname' ]))
$core -> msgs [ 'bioname' ] = 'Please Enter Bio Name' ;
$_POST [ 'email' ]))
$core -> msgs [ 'email' ] = 'Please Enter Valid Email Address' ;
$this -> userid ) {
$this -> emailExists ( $_POST [ 'email' ]))
$core -> msgs [ 'email' ] = 'Entered Email Address Is Already In Use.' ;
$this -> isValidEmail ( $_POST [ 'email' ]))
$core -> msgs [ 'email' ] = 'Entered Email Address Is Not Valid.' ;
$core -> msgs )) {
$data = array(
'username' => sanitize ( $_POST [ 'username' ]),
'email' => sanitize ( $_POST [ 'email' ]),
'lname' => sanitize ( $_POST [ 'lname' ]),
'fname' => sanitize ( $_POST [ 'fname' ]),
'bioname' => sanitize ( $_POST [ 'bioname' ]),
'membership_id' => intval ( $_POST [ 'membership_id' ]),
'mem_expire' => $this -> calculateDays ( $_POST [ 'membership_id' ]),
'newsletter' => intval ( $_POST [ 'newsletter' ]),
'userlevel' => intval ( $_POST [ 'userlevel' ]),
'active' => sanitize ( $_POST [ 'active' ])
$this -> userid )
$data [ 'created' ] = "NOW()" ;
$this -> userid )
$userrow = $core -> getRowById ( $this -> uTable , $this -> userid );
$_POST [ 'password' ] != "" ) {
$data [ 'password' ] = sha1 ( $_POST [ 'password' ]);
$data [ 'password' ] = $userrow [ 'password' ];
$_POST [ 'biopass' ] != "" ) {
$data [ 'biopass' ] = sha1 ( $_POST [ 'biopass' ]);
$data [ 'biopass' ] = $userrow [ 'biopass' ];
/**
public function updateProfile ()
$db , $core ;
$_POST [ 'fname' ]))
$core -> msgs [ 'fname' ] = 'Please Enter First Name' ;
$_POST [ 'lname' ]))
$core -> msgs [ 'lname' ] = 'Please Enter Last Name' ;
$_POST [ 'bioname' ]))
$core -> msgs [ 'bioname' ] = 'Please Enter Bio Name' ;
$_POST [ 'email' ]))
$core -> msgs [ 'email' ] = 'Please Enter Valid Email Address' ;
$this -> isValidEmail ( $_POST [ 'email' ]))
$core -> msgs [ 'email' ] = 'Entered Email Address Is Not Valid.' ;
$core -> msgs )) {
$data = array(
'email' => sanitize ( $_POST [ 'email' ]),
'bioname' => sanitize ( $_POST [ 'bioname' ]),
'lname' => sanitize ( $_POST [ 'lname' ]),
'fname' => sanitize ( $_POST [ 'fname' ]),
'newsletter' => intval ( $_POST [ 'newsletter' ])
$userpass = getValue ( "password" , $this -> uTable , "id = '" . $this -> uid . "'" );
$_POST [ 'password' ] != "" ) {
$data [ 'password' ] = sha1 ( $_POST [ 'password' ]);
$data [ 'password' ] = $userpass ;
$biopass = getValue ( "biopass" , $this -> uTable , "id = '" . $this -> uid . "'" );
$_POST [ 'biopass' ] != "" ) {
$data [ 'biopass' ] = sha1 ( $_POST [ 'biopass' ]);
$data [ 'biopass' ] = $biopass ;
// Start Avatar Upload
include( BASEPATH . "lib/class_imageUpload.php" );
BASEPATH . "lib/class_imageResize.php" );
$newName = "IMG_" . randName ();
$ext = substr ( $_FILES [ 'avatar' ][ 'name' ], strrpos ( $_FILES [ 'avatar' ][ 'name' ], '.' ) + 1 );
$name = $newName . "." . strtolower ( $ext );
$als = new Upload ();
$als -> File = $_FILES [ 'avatar' ];
$als -> method = 1 ;
$als -> SavePath = UPLOADS ;
$als -> NewWidth = $core -> thumb_w ;
$als -> NewHeight = $core -> thumb_h ;
$als -> NewName = $newName ;
$als -> OverWrite = true ;
$err = $als -> UploadFile ();
$this -> userid ) {
$avatar = getValue ( "avatar" , $this -> uTable , "id = '" . $this -> userid . "'" );
$_FILES [ 'avatar' ][ 'name' ])) {
$avatar ) {
unlink ( $als -> SavePath . $avatar );
$data [ 'avatar' ] = $name ;
$data [ 'avatar' ] = $avatar ;
$_FILES [ 'avatar' ][ 'name' ]))
$data [ 'avatar' ] = $name ;
count ( $err ) > 0 and is_array ( $err )) {
$err as $key => $val ) {
$core -> msgError ( $val , false );
$this -> userid ) ? $db -> update ( $this -> uTable , $data , "id='" . (int) $this -> userid . "'" ) : $db -> insert ( $this -> uTable , $data );
$message = ( $this -> userid ) ? '<span>Success!</span>User updated successfully!' : '<span>Success!</span>User added successfully!' ;
$db -> affected ()) {
$core -> msgOk ( $message );
$_POST [ 'notify' ]) && intval ( $_POST [ 'notify' ]) == 1 ) {
BASEPATH . "lib/class_mailer.php" );
$mailer = $mail -> sendMail ();
$row = $core -> getRowById ( "email_templates" , 3 );
$body = str_replace (array( '[USERNAME]' , '[PASSWORD]' , '[BIONAME]' , '[BIOPASS]' , '[NAME]' , '[SITE_NAME]' , '[URL]' ),
$data [ 'username' ], $_POST [ 'password' ], $_POST [ 'bioname' ], $_POST [ 'biopass' ], $data [ 'fname' ]. ' ' . $data [ 'lname' ], $core -> site_name , $core -> site_url ), $row [ 'body' ]);
$message = Swift_Message :: newInstance ()
setSubject ( $row [ 'subject' ])
setTo (array( $data [ 'email' ] => $data [ 'fname' ]. ' ' . $data [ 'lname' ]))
setFrom (array( $core -> site_email => $core -> site_name ))
setBody ( cleanOut ( $body ), 'text/html' );
$mailer -> send ( $message );
$core -> msgAlert ( '<span>Alert!</span>Nothing to process.' );
$core -> msgStatus ();
Last edited by Kayz; 10-24-2011 at 02:43 PM ..
PM User | 11
New Coder
Join Date: Oct 2011
Posts: 10
Thanks: 0
Thanked 1 Time in 1 Post
Continued.
class_user.php - Part 2
PHP Code:
// Start Avatar Upload
include( BASEPATH . "lib/class_imageUpload.php" );
BASEPATH . "lib/class_imageResize.php" );
$newName = "IMG_" . randName ();
$ext = substr ( $_FILES [ 'avatar' ][ 'name' ], strrpos ( $_FILES [ 'avatar' ][ 'name' ], '.' ) + 1 );
$name = $newName . "." . strtolower ( $ext );
$als = new Upload ();
$als -> File = $_FILES [ 'avatar' ];
$als -> method = 1 ;
$als -> SavePath = UPLOADS ;
$als -> NewWidth = $core -> thumb_w ;
$als -> NewHeight = $core -> thumb_h ;
$als -> NewName = $newName ;
$als -> OverWrite = true ;
$err = $als -> UploadFile ();
$avatar = getValue ( "avatar" , $this -> uTable , "id = '" . $this -> uid . "'" );
$_FILES [ 'avatar' ][ 'name' ])) {
$avatar ) {
unlink ( $als -> SavePath . $avatar );
$data [ 'avatar' ] = $name ;
$data [ 'avatar' ] = $avatar ;
count ( $err ) > 0 and is_array ( $err )) {
$err as $key => $val ) {
$core -> msgError ( $val , false );
$db -> update ( $this -> uTable , $data , "id='" . (int) $this -> uid . "'" );
$db -> affected ()) ? $core -> msgOk ( '<span>Success!</span> You have successfully updated your profile.' ) : $core -> msgAlert ( '<span>Alert!</span>Nothing to process.' );
$core -> msgStatus ();
/**
public function register ()
$db , $core ;
$_POST [ 'username' ]))
$core -> msgs [ 'username' ] = 'Please Enter Valid Username' ;
$value = $this -> usernameExists ( $_POST [ 'username' ])) {
$value == 1 )
$core -> msgs [ 'username' ] = 'Username Is Too Short (less Than 4 Characters Long).' ;
$value == 2 )
$core -> msgs [ 'username' ] = 'Invalid Characters Found In Username.' ;
$value == 3 )
$core -> msgs [ 'username' ] = 'Sorry, This Username Is Already Taken' ;
$_POST [ 'fname' ]))
$core -> msgs [ 'fname' ] = 'Please Enter First Name' ;
$_POST [ 'lname' ]))
$core -> msgs [ 'lname' ] = 'Please Enter Last Name' ;
$_POST [ 'bioname' ]))
$core -> msgs [ 'bioname' ] = 'Please Enter Valid Bioname' ;
$_POST [ 'pass' ]))
$core -> msgs [ 'pass' ] = 'Please Enter Valid Password.' ;
strlen ( $_POST [ 'pass' ]) < 6 )
$core -> msgs [ 'pass' ] = 'Password is too short (less than 6 characters long)' ;
preg_match ( "/^([0-9a-z])+$/i" , ( $_POST [ 'pass' ] = trim ( $_POST [ 'pass' ]))))
$core -> msgs [ 'pass' ] = 'Password entered is not alphanumeric.' ;
$_POST [ 'pass' ] != $_POST [ 'pass2' ])
$core -> msgs [ 'pass' ] = 'Your password did not match the confirmed password!.' ;
$_POST [ 'biopass' ]))
$core -> msgs [ 'pass' ] = 'Please Enter Valid Password.' ;
$_POST [ 'email' ]))
$core -> msgs [ 'email' ] = 'Please Enter Valid Email Address' ;
$this -> emailExists ( $_POST [ 'email' ]))
$core -> msgs [ 'email' ] = 'Entered Email Address Is Already In Use.' ;
$this -> isValidEmail ( $_POST [ 'email' ]))
$core -> msgs [ 'email' ] = 'Entered Email Address Is Not Valid.' ;
$_POST [ 'captcha' ]))
$core -> msgs [ 'captcha' ] = 'Please enter the total amount.' ;
$_POST [ 'captcha' ] != "9" )
$core -> msgs [ 'captcha' ] = 'Entered total amount is incorrect.' ;
$core -> msgs )) {
$token = ( $core -> reg_verify == 1 ) ? $this -> generateRandID () : 0 ;
$pass = sanitize ( $_POST [ 'pass' ]);
$core -> reg_verify == 1 ) {
$active = "t" ;
$core -> auto_verify == 0 ) {
$active = "n" ;
$active = "y" ;
$data = array(
'username' => sanitize ( $_POST [ 'username' ]),
'password' => sha1 ( $_POST [ 'pass' ]),
'bioname' => sanitize ( $_POST [ 'bioname' ]),
'biopass' => sha1 ( $_POST [ 'biopass' ]),
'email' => sanitize ( $_POST [ 'email' ]),
'fname' => sanitize ( $_POST [ 'fname' ]),
'lname' => sanitize ( $_POST [ 'lname' ]),
'token' => $token ,
'active' => $active ,
'created' => "NOW()"
);
$db -> insert ( $this -> uTable , $data );
BASEPATH . "lib/class_mailer.php" );
$core -> reg_verify == 1 ) {
$actlink = $core -> site_url . "/activate.php" ;
$row = $core -> getRowById ( "email_templates" , 1 );
$body = str_replace (
'[NAME]' , '[USERNAME]' , '[PASSWORD]' , '[TOKEN]' , '[EMAIL]' , '[URL]' , '[LINK]' , '[SITE_NAME]' ),
$data [ 'fname' ]. ' ' . $data [ 'lname' ], $data [ 'username' ], $_POST [ 'pass' ], $token , $data [ 'email' ], $core -> site_url , $actlink , $core -> site_name ), $row [ 'body' ]
$newbody = cleanOut ( $body );
$mailer = $mail -> sendMail ();
$message = Swift_Message :: newInstance ()
setSubject ( $row [ 'subject' ])
setTo (array( $data [ 'email' ] => $data [ 'username' ]))
setFrom (array( $core -> site_email => $core -> site_name ))
setBody ( $newbody , 'text/html' );
$mailer -> send ( $message );
$core -> auto_verify == 0 ) {
$row = $core -> getRowById ( "email_templates" , 14 );
$body = str_replace (
'[NAME]' , '[USERNAME]' , '[PASSWORD]' , '[BIONAME]' , '[BIOPASS]' , '[URL]' , '[SITE_NAME]' ),
$data [ 'fname' ]. ' ' . $data [ 'lname' ], $data [ 'username' ], $_POST [ 'pass' ], $_POST [ 'bioname' ], $_POST [ 'biopass' ], $core -> site_url , $core -> site_name ), $row [ 'body' ]
$newbody = cleanOut ( $body );
$mailer = $mail -> sendMail ();
$message = Swift_Message :: newInstance ()
setSubject ( $row [ 'subject' ])
setTo (array( $data [ 'email' ] => $data [ 'username' ]))
setFrom (array( $core -> site_email => $core -> site_name ))
setBody ( $newbody , 'text/html' );
$mailer -> send ( $message );
$row = $core -> getRowById ( "email_templates" , 7 );
$body = str_replace (
'[NAME]' , '[USERNAME]' , '[PASSWORD]' , '[BIONAME]' , '[BIOPASS]' , '[URL]' , '[SITE_NAME]' ),
$data [ 'fname' ]. ' ' . $data [ 'lname' ], $data [ 'username' ], $_POST [ 'pass' ], $_POST [ 'bioname' ], $_POST [ 'biopass' ], $core -> site_url , $core -> site_name ), $row [ 'body' ]
$newbody = cleanOut ( $body );
$mailer = $mail -> sendMail ();
$message = Swift_Message :: newInstance ()
setSubject ( $row [ 'subject' ])
setTo (array( $data [ 'email' ] => $data [ 'username' ]))
setFrom (array( $core -> site_email => $core -> site_name ))
setBody ( $newbody , 'text/html' );
$mailer -> send ( $message );
$core -> notify_admin ) {
$arow = $core -> getRowById ( "email_templates" , 13 );
$abody = str_replace (
'[USERNAME]' , '[EMAIL]' , '[NAME]' , '[BIONAME]' , '[BIOPASS]' , '[IP]' ),
$data [ 'username' ], $data [ 'email' ], $data [ 'fname' ]. ' ' . $data [ 'lname' ], $_POST [ 'bioname' ], $_POST [ 'biopass' ], $_SERVER [ 'REMOTE_ADDR' ]), $arow [ 'body' ]
$anewbody = cleanOut ( $abody );
$amailer = $mail -> sendMail ();
$amessage = Swift_Message :: newInstance ()
setSubject ( $arow [ 'subject' ])
setTo (array( $core -> site_email => $core -> site_name ))
setFrom (array( $core -> site_email => $core -> site_name ))
setBody ( $anewbody , 'text/html' );
$amailer -> send ( $amessage );
$db -> affected () && $mailer ) ? print "OK" : $core -> msgError ( '<span>Error!</span>There was an error during registration process. Please contact the administrator...' , false );
$core -> msgStatus ();
/**
public function passReset ()
$db , $core ;
$_POST [ 'uname' ]))
$core -> msgs [ 'uname' ] = 'Please Enter Valid Username' ;
$uname = $this -> usernameExists ( $_POST [ 'uname' ]);
strlen ( $_POST [ 'uname' ]) < 4 || strlen ( $_POST [ 'uname' ]) > 30 || ! preg_match ( "/^([0-9a-z])+$/i" , $_POST [ 'uname' ]) || $uname != 3 )
$core -> msgs [ 'uname' ] = 'We are sorry, selected username does not exist in our database' ;
$_POST [ 'email' ]))
$core -> msgs [ 'email' ] = 'Please Enter Valid Email Address' ;
$this -> emailExists ( $_POST [ 'email' ]))
$core -> msgs [ 'uname' ] = 'Entered Email Address Does Not Exists.' ;
$_POST [ 'captcha' ]))
$core -> msgs [ 'captcha' ] = 'Please enter the total amount' ;
$_POST [ 'captcha' ] != "10" )
$core -> msgs [ 'captcha' ] = 'Entered total amount is incorrect' ;
$core -> msgs )) {
$user = $this -> getUserInfo ( $_POST [ 'uname' ]);
$randpass = $this -> getUniqueCode ( 12 );
$newpass = sha1 ( $randpass );
$data [ 'password' ] = $newpass ;
$db -> update ( $this -> uTable , $data , "username = '" . $user [ 'username' ] . "'" );
BASEPATH . "lib/class_mailer.php" );
$row = $core -> getRowById ( "email_templates" , 2 );
$body = str_replace (
'[USERNAME]' , '[PASSWORD]' , '[URL]' , '[LINK]' , '[IP]' , '[SITE_NAME]' ),
$user [ 'username' ], $randpass , $core -> site_url , $core -> site_url , $_SERVER [ 'REMOTE_ADDR' ], $core -> site_name ), $row [ 'body' ]
$newbody = cleanOut ( $body );
$mailer = $mail -> sendMail ();
$message = Swift_Message :: newInstance ()
setSubject ( $row [ 'subject' ])
setTo (array( $user [ 'email' ] => $user [ 'username' ]))
setFrom (array( $core -> site_email => $core -> site_name ))
setBody ( $newbody , 'text/html' );
$db -> affected () && $mailer -> send ( $message )) ? $core -> msgOk ( '<span>Success!</span>You have successfully changed your password. Please check your email for further info!' , false ) : $core -> msgError ( '<span>Error!</span>There was an error during the process. Please contact the administrator.' , false );
$core -> msgStatus ();
/**
public function activateUser ()
$db , $core ;
$_POST [ 'email' ]))
$core -> msgs [ 'email' ] = 'Please Enter Valid Email Address' ;
$this -> emailExists ( $_POST [ 'email' ]))
$core -> msgs [ 'email' ] = 'Entered Email Address Does Not Exists.' ;
$_POST [ 'token' ]))
$core -> msgs [ 'token' ] = 'The token code is not valid' ;
$this -> validateToken ( $_POST [ 'token' ]))
$core -> msgs [ 'token' ] = 'This account has been already activated!' ;
$core -> msgs )) {
$email = sanitize ( $_POST [ 'email' ]);
$token = sanitize ( $_POST [ 'token' ]);
$message = ( $core -> auto_verify == 1 ) ? '<span>Success!</span>You have successfully activated your account!' : '<span>Success!</span>Your account is now active. However you still need to wait for administrative approval.' ;
$data = array(
'token' => 0 ,
'active' => ( $core -> auto_verify ) ? "y" : "n"
);
$db -> update ( $this -> uTable , $data , "email = '" . $email . "' AND token = '" . $token . "'" );
$db -> affected ()) ? $core -> msgOk ( $message , false ) : $core -> msgError ( '<span>Error!</span>There was an error during the activation process. Please contact the administrator.' , false );
$core -> msgStatus ();
/**
public function getUserData ()
$db , $core ;
$sql = "SELECT *, DATE_FORMAT(created, '%a. %d, %M %Y') as cdate,"
. "\n DATE_FORMAT(lastlogin, '%a. %d, %M %Y') as ldate"
. "\n FROM " . $this -> uTable
. "\n WHERE id = '" . $this -> uid . "'" ;
$row = $db -> first ( $sql );
$row ) ? $row : 0 ;
/**
public function getUserMembership ()
$db , $core ;
$sql = "SELECT u.*, m.title,"
. "\n DATE_FORMAT(u.mem_expire, '%d. %b. %Y.') as expiry"
. "\n FROM " . $this -> uTable . " as u"
. "\n LEFT JOIN memberships as m ON m.id = u.membership_id"
. "\n WHERE u.id = '" . $this -> uid . "'" ;
$row = $db -> first ( $sql );
$row ) ? $row : 0 ;
/**
public function calculateDays ( $membership_id )
$db ;
$now = date ( 'Y-m-d H:i:s' );
$row = $db -> first ( "SELECT days, period FROM memberships WHERE id = '" . (int) $membership_id . "'" );
$row ) {
$row [ 'period' ]) {
"D" :
$diff = $row [ 'days' ];
"W" :
$diff = $row [ 'days' ] * 7 ;
"M" :
$diff = $row [ 'days' ] * 30 ;
"Y" :
$diff = $row [ 'days' ] * 365 ;
$expire = date ( "Y-m-d H:i:s" , strtotime ( $now . + $diff . " days" ));
$expire = "0000-00-00 00:00:00" ;
$expire ;
/**
public function trialUsed ()
$db ;
$sql = "SELECT trial_used"
. "\n FROM " . $this -> uTable
. "\n WHERE id ='" . $this -> uid . "'"
. "\n LIMIT 1" ;
$row = $db -> first ( $sql );
$row [ 'trial_used' ] == 1 ) ? true : false ;
/**
public function validateMembership ()
$db ;
$sql = "SELECT mem_expire"
. "\n FROM " . $this -> uTable
. "\n WHERE id = '" . $this -> uid . "'"
. "\n AND TO_DAYS(mem_expire) > TO_DAYS(NOW())" ;
$row = $db -> first ( $sql );
$row ) ? $row : 0 ;
/**
public function checkMembership ( $memids )
$db ;
$m_arr = explode ( "," , $memids );
reset ( $m_arr );
$this -> logged_in and $this -> validateMembership () and in_array ( $this -> membership_id , $m_arr )) {
true ;
false ;
/**
private function usernameExists ( $username )
$db ;
$username = sanitize ( $username );
strlen ( $db -> escape ( $username )) < 4 )
1 ;
$alpha_num = str_replace ( " " , "" , $username );
ctype_alnum ( $alpha_num ))
2 ;
$sql = $db -> query ( "SELECT username"
. "\n FROM users"
. "\n WHERE username = '" . $username . "'"
. "\n LIMIT 1" );
$count = $db -> numrows ( $sql );
$count > 0 ) ? 3 : false ;
/**
private function emailExists ( $email )
$db ;
$sql = $db -> query ( "SELECT email"
. "\n FROM users"
. "\n WHERE email = '" . sanitize ( $email ) . "'"
. "\n LIMIT 1" );
$db -> numrows ( $sql ) == 1 ) {
true ;
false ;
/**
private function isValidEmail ( $email )
function_exists ( 'filter_var' )) {
filter_var ( $email , FILTER_VALIDATE_EMAIL )) {
true ;
false ;
preg_match ( '/^[a-zA-Z0-9._+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$/' , $email );
/**
private function validateToken ( $token )
$db ;
$token = sanitize ( $token , 40 );
$sql = "SELECT token"
. "\n FROM " . $this -> uTable
. "\n WHERE token ='" . $db -> escape ( $token ) . "'"
. "\n LIMIT 1" ;
$result = $db -> query ( $sql );
$db -> numrows ( $result ))
true ;
/**
private function getUniqueCode ( $length = "" )
$code = sha1 ( uniqid ( rand (), true ));
$length != "" ) {
substr ( $code , 0 , $length );
$code ;
/**
private function generateRandID ()
sha1 ( $this -> getUniqueCode ( 24 ));
/**
public function levelCheck ( $levels )
$db ;
$m_arr = explode ( "," , $levels );
reset ( $m_arr );
$this -> logged_in and in_array ( $this -> userlevel , $m_arr ))
true ;
/**
public function getUserLevels ( $level = false )
$arr = array(
9 => 'Super Admin' ,
1 => 'Registered User' ,
2 => 'User Level 2' ,
3 => 'User Level 3' ,
4 => 'User Level 4' ,
5 => 'User Level 5' ,
6 => 'User Level 6' ,
7 => 'User Level 7'
);
$list = '' ;
$arr as $key => $val ) {
$key == $level ) {
$list .= "<option selected=\"selected\" value=\"$key\">$val</option>\n" ;
$list .= "<option value=\"$key\">$val</option>\n" ;
$val );
$list ;
/**
public function getUserFilter ()
$arr = array(
'username-ASC' => 'Username ↑' ,
'username-DESC' => 'Username & ↓' ,
'fname-ASC' => 'First Name ↑' ,
'fname-DESC' => 'First Name ↓' ,
'lname-ASC' => 'Last Name ↑' ,
'lname-DESC' => 'Last Name ↓' ,
'email-ASC' => 'Email Address ↑' ,
'email-DESC' => 'Email Address ↓' ,
'created-ASC' => 'Registered ↑' ,
'created-DESC' => 'Registered ↓' ,
$filter = '' ;
$arr as $key => $val ) {
$key == get ( 'sort' )) {
$filter .= "<option selected=\"selected\" value=\"$key\">$val</option>\n" ;
$filter .= "<option value=\"$key\">$val</option>\n" ;
$val );
$filter ;
?>
Last edited by Kayz; 10-24-2011 at 02:43 PM ..
PM User | 12
Senior Coder
Join Date: Jan 2010
Location: Behind the Wall
Posts: 2,857
Thanks: 9
Thanked 288 Times in 284 Posts
the password in the insertion code is not passed through stripslashes()/mysql_real_escape_string(), that might be a reason.
__________________
PM User | 13
New Coder
Join Date: Oct 2011
Posts: 10
Thanks: 0
Thanked 1 Time in 1 Post
Quote:
Originally Posted by
Dormilich
the password in the insertion code is not passed through stripslashes()/mysql_real_escape_string(), that might be a reason.
I've commented them out, still to no avail...
PM User | 14
New Coder
Join Date: Oct 2011
Posts: 10
Thanks: 0
Thanked 1 Time in 1 Post
I was just about to upload all the files for you all to test until i realised what the problem was.
Jump To Top of Thread
Thread Tools
Rate This Thread
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
All times are GMT +1. The time now is 05:35 AM .
Advertisement
Log in to turn off these ads.
Before you post, read our: 
How to add sha1 hash password to LOGIN page
