Problem when you login script user maneger
see message /// Please enter a correct username and password
-----------------------
-----------------------
I can not change or modify username and password I do not have real bassword
this is class
-------------------
1) Membership.php
-------------------
PHP Code:
<?php
class Membership extends ClassAbstract {
function validate_user($un, $pwd) {
global $mysql;
global $log;
$error = "";
$this->setUsername($un);
$this->setRemoteAddress($_SERVER['REMOTE_ADDR']);
if (preg_match('/^([A-Za-z1-90]+)$/', $un)) {
$clean_un = $un;
} else {
$error = "Bad Username";
$log->LogWarn('User [' . $this->getUsername() . '](' . $this->getRemoteAddress() . ') try to log in to system. Login Denied. BAD Username or Password.');
}
if ($clean_pwd = preg_match('/^([A-Za-z0-9]+)$/', $pwd)) {
$clean_pwd = $pwd;
} else {
if ($error != "") {
$error .=" And Bad Password";
$log->LogWarn('User [' . $this->getUsername() . '](' . $this->getRemoteAddress() . ') try to log in to system. Login Denied. BAD Username or Password.');
} else {
$error = "Bad Password";
$log->LogWarn('User [' . $this->getUsername() . '](' . $this->getRemoteAddress() . ') try to log in to system. Login Denied. BAD Username or Password.');
}
}
if ($error != "")
return $error;
$ensure_credentials = $mysql->verify_Username_and_Pass($clean_un, md5($clean_pwd));
$reseller = $mysql->get_reseller_id($un);
$permission = $mysql->get_permission_id($un);
if ($ensure_credentials) {
$this->setStatus('authorized');
$this->setReseller($mysql->get_reseller_id($un));
$this->setPersmission($mysql->get_permission_id($un));
$this->setServerAllow($mysql->get_member_serverallow($un));
$this->setProfileAllow($mysql->get_member_profileallow($un));
$this->setTotalUser($mysql->get_member_total_user($un));
$this->setActiveUser($mysql->get_member_active_user($un));
$this->setUpdateActiveTotalUser(1);
$this->setCurrActiveTotalUser($this->getReseller());
$this->setServerList();
$this->setGroupList();
$this->cspUpdateTime = "";
/*
* Save all member data in session
*/
$this->setSessionData();
header("location: index.php");
$log->LogInfo('User [' . $this->getUsername() . '] (' . $this->getRemoteAddress() . ') Logged in Successfully.');
} else {
$log->LogWarn('User [' . $this->getUsername() . '](' . $this->getRemoteAddress() . ') Login Denied. Wrong Username or Password.');
return "[COLOR="Red"]Please enter a correct username and password[/COLOR]";
}
}
function log_User_Out() {
global $log;
if (isset($_SESSION['status'])) {
unset($_SESSION['status']);
$log->LogInfo('User [' . $_SESSION['username'] . '] Logged Out Successfully.');
if (isset($_COOKIE[session_name()]))
setcookie(session_name(), '', time() - 1000);
session_destroy();
}
}
function confirm_Member() {
// session_start();
if ($_SESSION['status'] != 'authorized')
header("location: login.php");
}
function confirm_permision($section_permission, $user_permission) {
global $mysql;
if (!$mysql->bitwise_check($section_permission, $user_permission)) {
echo "Sorry... \nYou are not allow to enter this section. </br>";
echo '<a href=index.php>back to previous page</a>';
die();
}
}
}
$membership = new Membership();
-------------
2) Mysql.php
-------------
PHP Code:
<?php
class Mysql {
private $conn;
private $query;
private $log_init;
private $log;
private $groupList=array();
private $serverList=array();
function __construct() {
global $logger;
$this->log =& $logger;
if ( !empty($_SESSION['status']) && $_SESSION['status'] == "authorized" ) {
$this->log_init = 'User [' . $_SESSION['username'] . '] (' . $_SESSION['remote_address'] . ') | ';
}
$this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or
die('There was a problem connecting to the database.');
date_default_timezone_set('Africa/Khartoum');
}
function verify_Username_and_Pass($un, $pwd) {
$query = "SELECT *FROM members
WHERE username = ? AND password = ?
LIMIT 1";
if ($stmt = $this->conn->prepare($query)) {
$stmt->bind_param('ss', $un, $pwd);
$stmt->execute();
unset($query);
if ($stmt->fetch()) {
$stmt->close();
return true;
}
}
}
$mysql = New Mysql();
----------------
3) functions.php
----------------
PHP Code:
<?php
function strip_zeros_from_date( $marked_string="" ) {
// first remove the marked zeros
$no_zeros = str_replace('*0', '', $marked_string);
// then remove any remaining marks
$cleaned_string = str_replace('*', '', $no_zeros);
return $cleaned_string;
}
function redirect_to( $location = NULL ) {
if ($location != NULL) {
header("Location: {$location}");
exit;
}
}
function output_message($message="") {
if (!empty($message)) {
return "<p class=\"message\">{$message}</p>";
} else {
return "";
}
}
function __autoload($class_name) {
//$class_name = strtolower($class_name);
$path = "{$class_name}.php";
if (require_once($path)) {
} else {
die("The file {$class_name}.php could not be found.");
}
}
function include_layout_template($template="") {
$b=SITE_ROOT;
include(SITE_ROOT.DS.'public'.DS.'layouts'.DS.$template);
}
function log_action($action, $message="") {
$logfile = SITE_ROOT.DS.'logs'.DS.'log.txt';
$new = file_exists($logfile) ? false : true;
if($handle = fopen($logfile, 'a')) { // append
$timestamp = strftime("%Y-%m-%d %H:%M:%S", time());
$content = "{$timestamp} | {$action}: {$message}\n";
fwrite($handle, $content);
fclose($handle);
if($new) { chmod($logfile, 0755); }
} else {
echo "Could not open log file for writing.";
}
}
function datetime_to_text($datetime="") {
$unixdatetime = strtotime($datetime);
return strftime("%B %d, %Y at %I:%M %p", $unixdatetime);
}
?>
-------------
4)Others.php
-------------
PHP Code:
<?php
//$urlpath = explode('/',$_SERVER['SCRIPT_NAME']);
//count($urlpath) > 2 ? $urlpath= $urlpath[1] : $urlpath="";
//
//$includes_path=$_SERVER['DOCUMENT_ROOT'].'/'.$urlpath.'/includes/';
//$classes_path=$_SERVER['DOCUMENT_ROOT'].'/'.$urlpath.'/classes/';
require_once ('includes/constants.php');
//require_once('includes/FirePHP.class.php'); //must be delete when all prog is finished
//$firephp = FirePHP::getInstance(true); //must be delete when all prog is finished
//$firephp->log($x,'X'); //must be delete when all prog is finished
//$firephp->log($val); //must be delete when all prog is finished
class Others {
private $conn;
function __construct() {
$this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or
die('There was a problem connecting to the database.');
}
//Get the greater number from list at table
function get_greater_number($db_table_name, $list_field, $field_name = 0, $item_name = 0) {
if (isset($field_name) && $field_name != "0") {
$query = "SELECT $list_field
FROM $db_table_name
WHERE $field_name = '$item_name'";
}
else
{
$query = "SELECT $list_field
FROM $db_table_name";
}
if($stmt = $this->conn->query($query) ) {
if ( $stmt->num_rows >= 1 ){
while($row = $stmt->fetch_row()) { $newarray[] = $row;}
$val = max($newarray);
$x = $val[0];
//$x = settype($val,'int');
//$x = explode("",$val);
/* free result set */
$stmt->close();
return $x;
} else {
return 0;
}
}
} // End -> Get the greater number from list at table
//Listing Server
function print_server_list() {
}//End -> Listing Server
//Generate Password Randomlly
function generatePassword($length=6, $strength=0) {
$vowels = 'aeuy';
$consonants = 'bdghjmnpqrstvz';
if ($strength & 1) {
$consonants .= 'BDGHJLMNPQRSTVWXZ';
}
if ($strength & 2) {
$vowels .= "AEUY";
}
if ($strength & 4) {
$consonants .= '23456789';
}
if ($strength & 8) {
$consonants .= '@#$%';
}
$password = '';
$alt = time() % 2;
for ($i = 0; $i < $length; $i++) {
if ($alt == 1) {
$password .= $consonants[(rand() % strlen($consonants))];
$alt = 0;
} else {
$password .= $vowels[(rand() % strlen($vowels))];
$alt = 1;
}
}
return $password;
} //End -> Generate Password Randomlly
//Generate Token Randomlly
function generateToken($length=12) {
$prifix = "ABCDEF";
$vowels = 'aeuy';
$consonants = '123456789';
$password = '';
$password .= $prifix[(rand() % strlen($prifix))];
$password .= $prifix[(rand() % strlen($prifix))];
$alt = time() % 2;
for ($i = 0; $i < $length; $i++) {
if ($alt == 1) {
$password .= $consonants[(rand() % strlen($consonants))];
$alt = 0;
} else {
$password .= $consonants[(rand() % strlen($vowels))];
$alt = 1;
}
}
return $password;
} //End -> Generate Token Randomlly
//Dump Data
function dump($data) {
echo '<pre style="background:#fff; text-align:left">';
var_dump($data);
echo'</pre>';
}
function check_username($username) {
$username = trim($username); // strip any white space
$response = array(); // our response
// if the username is blank
if (!$username) {
$response = array(
'ok' => false,
'msg' => "Please specify a username");
// if the username does not match a-z or '.', '-', '_' then it's not valid
} else if (!preg_match('/^[a-z0-9.-_]+$/', $username)) {
$response = array(
'ok' => false,
'msg' => "Your username can only contain alphanumerics and period, dash and underscore (.-_)");
// this would live in an external library just to check if the username is taken
} else if (username_taken($username)) {
$response = array(
'ok' => false,
'msg' => "The selected username is not available");
// it's all good
} else {
$response = array(
'ok' => true,
'msg' => "This username is free");
}
return $response;
}
//Get time lift for user = expire - now ;
function timeleft($expire) {
list ($dayx, $monthx, $yearx) = explode ("/", $expire);
$now = mktime (0, 0, 0, date ("m"), date ("d"), date ("Y"));
$expire = mktime (0, 0, 0, $monthx, $dayx, $yearx);
$timeleft = $expire-$now;
if ($timeleft <= 0)
{
$daysleft = 0;
}
else
{
$daysleft = round((($timeleft/24)/60)/60); //probably...
}
return array(timeleft=>$timeleft,daysleft=>$daysleft);
}
//Get time lift for user = expire - now ;
public static function Statictimeleft($expire) {
list ($dayx, $monthx, $yearx) = explode ("/", $expire);
$now = mktime (0, 0, 0, date ("m"), date ("d"), date ("Y"));
$expire = mktime (0, 0, 0, $monthx, $dayx, $yearx);
$timeleft = $expire-$now;
if ($timeleft <= 0)
{
$daysleft = 0;
}
else
{
$daysleft = round((($timeleft/24)/60)/60); //probably...
}
return array("timeleft" => $timeleft, "daysleft" => $daysleft);
}
and 6 file class
class.phpmailer.php , class.smtp.php ,ClassAbstract.php ,initialize.php,KLogger.php ,paginator.class.php
-----------------
and this login.php
-----------------
PHP Code:
<?php
session_start();
require_once 'classes/initialize.php';
// If the user clicks the "Log Out" link on the index page.
if(isset($_GET['status']) && $_GET['status'] == 'loggedout') {
$membership->log_User_Out();
}
// Did the user enter a password/username and click submit?
if($_POST && !empty($_POST['username']) && !empty($_POST['pwd'])) {
$response = $membership->validate_User($_POST['username'], $_POST['pwd']);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>CSP User Manager</title>
<link rel="stylesheet" type="text/css" href="css/style.css"/>
<script type="text/javascript" src="js/jquery.js"></script>
<script type="text/javascript" src="js/main.js"></script>
</head>
<body>
<div id="main">
<div id="header">
<div id="headerInfoLeft"><strong>CSP User Manager</strong></div>
<div id="headerInfo"><img id="busyImg" src="./images/bigrotation.gif" alt="loading" ></div>
</div>
<div id="subheader">
<?php if (isset($_SESSION['status']) && $_SESSION['status'] =='authorized' ){ echo "<a id=\"logout\" href=\"login.php?status=loggedout\">logout</a>"; }?>
</div>
<div id="mainstart"></div>
<div id="mainbody">
<div id="login">
<form method="post" action="">
<h2>Login <small>enter your credentials</small></h2>
<p>
<label for="name">Username: </label>
<input type="text" name="username" />
</p>
<p>
<label for="pwd">Password: </label>
<input type="password" name="pwd" />
</p>
<p>
<input type="submit" id="submit" value="Login" name="submit" />
</p>
</form>
<?php if(isset($response)) echo "<p class='alert'>" . $response . "</p>"; ?>
</div><!--end login-->
</div></div>
<?php include ("includes/footer.php"); ?>
------------------
and this index.php
------------------
PHP Code:
<?php
ob_start();
session_start();
require_once 'classes/initialize.php';
$membership->confirm_Member();
$membership->confirm_permision($_SESSION['permission'],3);
// If the user clicks the "Log Out" link on the index page.
if(isset($_GET['status']) && $_GET['status'] == 'loggedout') {
$membership->log_User_Out();
}
// Did the user enter a password/username and click submit?
if($_POST && !empty($_POST['username']) && !empty($_POST['pwd'])) {
;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>CSP Main</title>
<link rel="stylesheet" type="text/css" href="css/default.css"/>
<link rel="stylesheet" type="text/css" href="css/style.css"/>
<script type="text/javascript" src="./includes/jquery.js"></script>
<script type="text/javascript" src="js/main.js"></script>
<script type="text/javascript" src="js/tablesort.js"></script>
</head>
<body id="everything">
<div id="main">
<?php include 'includes/top_menu.php';?>
<div id="mainstart"></div>
<div id="mainbody">
</div></div>
<?php include ("includes/footer.php"); ?>
Sorry this is so lengthy
Before you post, read our: 
