03-23-2006, 04:50 PM
|
#3
|
|
Member (5 bit)
Join Date: Nov 2002
Posts: 24
|
here's are the fields on my database, the new fields I just added are join_date and last_login
Code:
id
username
password
email
firstname
lastname
addr1
addr2
addr3
addr4
addr5
addr6
phone
icq
status
confirm
join_date
last_login
Index.php
PHP Code:
<?php
define('IN_ILOGIN', true);
require_once("ilogin_core.inc.php");
//
// Generates a random string with the specified length
// Chars are chosen from the provided [optional] list
//
function simpleRandString($length=16, $list="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ")
{
mt_srand((double)microtime()*1000000);
$newstring="";
if($length>0)
{
while(strlen($newstring)<$length)
{
$newstring.=$list[mt_rand(0, strlen($list)-1)];
}
}
return $newstring;
}
$action = ilogin_get_post("action");
$ilogin_title = "$ilogin_siteName - New User Signup";
if (("$action" == "confirm") && (!$ilogin_demoMode))
{
$ilogin_title = "$ilogin_siteName - New User Confirmation";
}
else if ("$action" == "add")
{
$ilogin_title = "$ilogin_siteName - New User Signup";
}
else
{
$action = "signup";
$ilogin_title = "$ilogin_siteName - New User Signup";
}
echo <<<EOF
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE>$ilogin_title</TITLE>
<META HTTP-EQUIV="Content-Type" content="text/html; charset=utf-8">
<META HTTP-EQUIV="Content-Language" CONTENT="EN">
<META NAME="copyright" CONTENT="Copyright Ian Willis. All rights reserved.">
</HEAD>
<BODY BGCOLOR="$ilogin_pageBackgroundColour" TEXT="$ilogin_textColour">
<CENTER>
<H1>$ilogin_title</H1>
EOF;
if ("$action" == "signup")
{
echo <<<EOF
<FORM ACTION="$PHP_SELF" METHOD="POST">
<TABLE BORDER="0" WIDTH="350" NOWRAP="NOWRAP" BGCOLOR="$ilogin_formBackgroundColour">
<TR>
<TD><B>To create an acount, please enter the following information</B><BR>
<FONT COLOR="#FF0000"><B>Fields marked with an asterisk are<BR>required input fields.</B></FONT><BR><BR>
</TD>
</TR>
<TR><TD><INPUT TYPE="text" NAME="firstname"> First Name *</TD></TR>
<TR><TD><INPUT TYPE="text" NAME="lastname"> Last Name *</TD></TR>
<TR><TD><INPUT TYPE="text" NAME="email"> E-Mail Address *</TD></TR>
<TR><TD><B>Choose a User Name</B><BR>
<INPUT TYPE="text" NAME="username"> User Name *</TD></TR>
<TR><TD><B>Choose a Password</B><BR>
<INPUT TYPE="password" NAME="password"> Password *<BR>
<INPUT TYPE="password" NAME="password_confirm"> Verify Password *</TD></TR>
EOF;
if ($ilogin_recordPostalAddress)
{
echo <<<EOF
<TR><TD><B>Your Postal Address</B><BR>
<INPUT TYPE="text" NAME="addr1"> Address Line 1 *<BR>
<INPUT TYPE="text" NAME="addr2"> Address Line 2<BR>
<INPUT TYPE="text" NAME="addr3"> City *<BR>
<INPUT TYPE="text" NAME="addr4"> State/Province/County<BR>
<INPUT TYPE="text" NAME="addr5"> Postal/Zip Code<BR>
<INPUT TYPE="text" NAME="addr6"> Country *</TD></TR>
EOF;
}
if (($ilogin_recordGender) || ($ilogin_recordDateOfBirth))
{
echo " <TR><TD><B>Other Details</B><BR>\n";
if ($ilogin_recordGender)
{
echo " <INPUT TYPE=\"text\" NAME=\"phone\"> Phone *<BR>\n";
}
if ($ilogin_recordDateOfBirth)
{
echo " <INPUT TYPE=\"text\" NAME=\"icq\"> ICQ </TD></TR>\n";
}
}
echo <<<EOF
<TR><TD><INPUT TYPE="submit" VALUE="- Sign Up -"><INPUT TYPE="RESET" VALUE="- Clear Form -"></TD></TR>
</TABLE>
<INPUT TYPE="hidden" NAME="action" VALUE="add">
</FORM>
EOF;
}
else if ("$action" == "add")
{
$user = strip_tags(strtolower(ilogin_get_post("username")));
$pass = strtolower(ilogin_get_post("password"));
$pass_confirm = strtolower(ilogin_get_post("password_confirm"));
$firstname = strip_tags(ilogin_get_post("firstname"));
$lastname = strip_tags(ilogin_get_post("lastname"));
$email = ilogin_get_post("email");
if ($ilogin_recordPostalAddress)
{
$addr1 = ilogin_get_post("addr1");
$addr2 = ilogin_get_post("addr2");
$addr3 = ilogin_get_post("addr3");
$addr4 = ilogin_get_post("addr4");
$addr5 = ilogin_get_post("addr5");
$addr6 = ilogin_get_post("addr6");
}
if ($ilogin_recordGender)
{
$gender = ilogin_get_post("gender");
}
if ($ilogin_recordDateOfBirth)
{
$dob = ilogin_get_post("dob");
}
$signupError = "";
if ($user == "")
{
$signupError .= "<P>An empty username is not allowed.";
}
else if (!ereg("^[a-z0-9]+$", $user))
{
$signupError .= "<P>The username you chose contains invalid characters. Only letters and numbers may be used.";
}
else if (!$ilogin_demoMode)
{
$result = mysql_query("select * from $ilogin_table where username='$user'", $ilogin_db);
/* check that at least one row was returned */
if (($result) && ($row = mysql_fetch_object($result)))
{
$signupError .= "<P>The username you chose has already been used.";
}
}
if (strlen($pass) < 6)
{
$signupError .= "<P>Your password must be at least 6 characters long.";
}
else if (ereg($user, $pass))
{
$signupError .= "<P>Your password must not match your username.";
}
else if (!ereg("^[a-z0-9]+$", $pass))
{
$signupError .= "<P>Your password contains invalid characters. Only letters and numbers may be used.";
}
else if ($pass != $pass_confirm)
{
$signupError .= "<P>Your password and confirmation password do not match.";
}
if ($email == "")
{
$signupError .= "<P>You must provide your email address.";
}
else if (!eregi( '^[-_\.a-z0-9]+@([-a-z0-9]+\.)+[a-z]{2,}$', $email))
{
$signupError .= "<P>The email address given is not valid.";
}
$result = mysql_query("select * from $ilogin_table where email='$email'", $ilogin_db);
/* check that at least one row was returned */
if (($result) && ($row = mysql_fetch_object($result)))
{
$signupError .= "<P>The email address you chose has already been used.";
}
if (("$firstname" == "") || ("$lastname" == ""))
{
$signupError .= "<P>You must supply your full name.";
}
if (($ilogin_recordPostalAddress) &&
(("$addr1" == "") || ("$addr3" == "") || ("$addr6" == "")))
{
$signupError .= "<P>You must supply your postal address.";
}
if (($ilogin_recordGender) &&
(("$gender" == "")))
{
$signupError .= "<P>You must supply your gender.";
}
if ("$signupError" == "")
{
if ($ilogin_demoMode)
{
echo <<<EOF
}
else
{
mysql_query ("INSERT INTO $ilogin_table (username, password, email, firstname, lastname, status) VALUES ('$user', '$pass', '$email', '" . mysql_escape_string($firstname) . "', '" . mysql_escape_string($lastname) . "', 'New' )", $ilogin_db);
if (($result = mysql_query ("SELECT id FROM $ilogin_table WHERE username='$user'")) &&
($item = mysql_fetch_object($result)))
{
$id = $item->id;
}
if ($ilogin_recordPostalAddress)
{
mysql_query("UPDATE $ilogin_table SET " .
"addr1='" . mysql_escape_string($addr1) . "', " .
"addr2='" . mysql_escape_string($addr2) . "', " .
"addr3='" . mysql_escape_string($addr3) . "', " .
"addr4='" . mysql_escape_string($addr4) . "', " .
"addr5='" . mysql_escape_string($addr5) . "', " .
"addr6='" . mysql_escape_string($addr6) . "' " .
"WHERE username='$user'", $ilogin_db);
}
if ($ilogin_recordGender)
{
mysql_query("UPDATE $ilogin_table SET " .
"dob='" . mysql_escape_string($gender) . "' " .
"WHERE username='$user'", $ilogin_db);
}
if ($ilogin_recordDateOfBirth)
{
mysql_query("UPDATE $ilogin_table SET " .
"gender='" . mysql_escape_string($dob) . "' " .
"WHERE username='$user'", $ilogin_db);
}
if ($ilogin_verifyEmailAddresses)
{
$confirm = simpleRandString();
/* Store the confirmation string in the database. Table has the structure:
* id unique ID
* email email address of voter
* confirm random confirmation string
* confirmed 'n' or 'y'
* siteid ID in link table
* rating rating that this voter has given
*/
mysql_query("UPDATE $ilogin_table SET confirm='$confirm' WHERE username='$user'", $ilogin_db);
/* Send a confirmation email to the user */
$mailSubject = "$ilogin_siteName - confirm your membership";
$mailBody = "Hi $firstname,\n";
$mailBody .= "\n";
$mailBody .= "Thankyou for joining $ilogin_siteName.\n";
$mailBody .= "\n";
$mailBody .= "Please click the following link to confirm your membership. If clicking does\n";
$mailBody .= "not work, please copy and paste into your browser manually.\n";
$mailBody .= "\n";
$mailBody .= "http://$ilogin_serverName$PHP_SELF?action=confirm&id=$id&confirm=$confirm\n";
$mailBody .= "\n";
$mailBody .= "Thankyou.\n";
$mailHeaders = "From: $ilogin_adminEmail\n";
$mailHeaders = "ReplyTo: $ilogin_adminEmail\n";
mail($email, $mailSubject, $mailBody, $mailHeaders);
echo("<P>You will soon receive an email. Please click on the link contained within it to confirm your membership.");
}
else
{
if (!$ilogin_demoMode)
{
mysql_query("UPDATE $ilogin_table SET status='Active' WHERE username='$user'", $ilogin_db);
ilogin_write_htpasswd();
}
echo <<<EOF
<P>Your member account has been created. You can now login to the <A HREF="$ilogin_protectedUrl">password protected pages</A> on this site.
EOF;
}
}
}
else
{
echo <<<EOF
<P>The following errors ocurred. Please
<SCRIPT LANGUAGE="JavaScript">
<!--
document.write("<A HREF=\"javascript:history.back()\">go back</A>");
// -->
</SCRIPT>
<NOSCRIPT>
use your browsers back button to go back
</NOSCRIPT>
and fix them.
$signupError
EOF;
}
}
else if ("$action" == "confirm")
{
$id = ilogin_get_post("id");
$confirm = ilogin_get_post("confirm");
$result = mysql_query ("SELECT * FROM $ilogin_table WHERE id='$id' AND confirm='$confirm' AND status='New'");
if ((! $result) || (mysql_num_rows($result) < 1))
{
echo <<<EOF
<H1>ERROR</H1>
<P>Invalid confirmation. Did you already confirm your membership?
EOF;
}
else
{
mysql_query("UPDATE $ilogin_table SET status='Active' WHERE id='$id'", $ilogin_db);
ilogin_write_htpasswd();
echo <<<EOF
<P>Thankyou for confirming your membership.
<P>Your member account has been created. You can now login to the <A HREF="$ilogin_protectedUrl">password protected pages</A> on this site.
EOF;
}
}
echo <<<EOF
</CENTER>
</BODY>
</HTML>
EOF;
if (!$ilogin_demoMode)
{
mysql_close($ilogin_db);
}
?>
ilogin_config.inc.php
PHP Code:
<?php
if ( !defined('IN_ILOGIN') )
{
die("Hacking attempt");
}
/******************************************************************************
* START OF BASIC CONFIGURATION OPTIONS *
* *
* You must set these options for iLogin to work. *
******************************************************************************/
/* Fill in the following as applicable for your MySQL configuration. If you
* do not know what to put here, please contact your hosting service provider.
*/
$ilogin_sql_server = "localhost";
$ilogin_sql_username = "username";
$ilogin_sql_password = "password";
$ilogin_sql_database = "ilogin";
/* The "friendly" name that you want your site to be known as. This can either
* be you domain name (e.g. "YourSite.com") or a name (e.g. "Your Site).
*/
$ilogin_siteName = "domain";
/* The email address that confirmation emails should be sent from. This
* email address will not by published on your web site, and is only used
* for sending confirmation emails.
*/
$ilogin_adminEmail = "webmaster@domain.com";
/* URL of a password protected page on your site. When a new user signs up
* they are given a link to this page. This can be a full URL
* ("http://www.yoursite.com/members") or relative to the iLogin installation
* directory.
*/
$ilogin_protectedUrl = "http://www.domain.com";
/* Password used to access the iLogin administration page. Change this to a
* secret password.
*/
$login_adminPassword = "adminpassword";
/******************************************************************************
* START OF ADVANCED CONFIGURATION OPTIONS *
* *
* These options allow you to fine tune some aspects of iLogin for your *
* site. It is not normally necessary to change these. *
******************************************************************************/
/* You can change the table name that iLogin uses.
*
* Recommended value is "ilogin".
*/
$ilogin_table = "ilogin";
/* Path to your .htpasswd file. This is relative to the directory in which
* iLogin is installed.
*
* Recommended value is ".htpasswd" (.htpasswd is in the ilogin directory)
*/
$ilogin_htpasswd_path = ".htpasswd";
/* Define some fields that iLogin asks new users to provide. If these are set to
* True new users will be prompted to enter the relevant information. If set to
* False, they will not be prompted for this information.
*
* $ilogin_recordPostalAddress - When True, new users are prompted for a full
* postal address
* $ilogin_recordPhoneNumber - When True, new users are prompted for a
* telephone number.
* $ilogin_recordIcq - When True, new users are prompted for an ICQ
* handle.
*
* The iLogin administrator can always provide this informaiton for a user after
* they have registered.
*/
$ilogin_recordPostalAddress = True;
$ilogin_recordPhoneNumber = True;
$ilogin_recordIcq = True;
/* Define whether or not email addresses are verified, or whether we trust the
* visitor to provide us with a valid email address.
*
* When set to True, a user will be sent an email when they sign up. They must
* click on the link provided within this email to activate their account. When
* set to False, new accounts will be activated immediately.
*
* Recommended value is True.
*/
$ilogin_verifyEmailAddresses = True;
/* When set to True user accounts will not be created or altered and the
* .htpasswd file will not be changed. This is used to show the demo at
* http://www.z-host.com/scripts/ilogin/demo
*
* Recommended value is False.
*/
$ilogin_demoMode = False;
/* Set colours for page background, form background and text
*/
$ilogin_pageBackgroundColour = "#12161F";
$ilogin_formBackgroundColour = "#12161F";
$ilogin_textColour = "#ffffff";
/* Set to true if your web server requires passwords to be stored in MD5 format.
* If set to False, the old crypt method will be used.
*
* If you have problems with user authentication (no passwords are accepted),
* try changing this setting.
*
* Default value is False.
*/
$ilogin_useMd5 = True;
?>
ilogin_core.inc.php
PHP Code:
<?php
if ( !defined('IN_ILOGIN') )
{
die("Hacking attempt");
}
require_once("ilogin_config.inc.php");
/* Die function - called on a fatal error */
function ilogin_die( $error = "unknown" )
{
echo "<H1>iLogin Error:". $error."</H1>";
exit;
}
function ilogin_write_htpasswd()
{
global $ilogin_table;
global $ilogin_db;
global $ilogin_htpasswd_path;
global $ilogin_demoMode;
if ($ilogin_demoMode)
{
return True;
}
$result = mysql_query ("SELECT * FROM $ilogin_table WHERE status='Active'", $ilogin_db);
$content = "";
if ($result)
{
while ($item = mysql_fetch_object($result))
{
{
$password = ($item->password);
}
{
}
$content .= "$item->username:$password\n";
}
}
$last_ignore_user_abort = ignore_user_abort (True);
$fh = fopen($ilogin_htpasswd_path, "a+");
if (!$fh)
{
echo "<P>An error ocurred. Unable to open password file for writing. Please check the file permissions on your password file.\n";
ignore_user_abort($last_ignore_user_abort);
return False;
}
// Flock always fails on FAT file systems.
$flock_ok = flock($fh, LOCK_EX);
fseek($fh, 0);
ftruncate($fh, 0);
fwrite($fh, $content);
fflush($fh);
if ($flock_ok)
{
flock($fh, LOCK_UN);
}
fclose($fh);
ignore_user_abort($last_ignore_user_abort);
return True;
}
function ilogin_get_post($varname)
{
if (isset($_GET[$varname]))
{
return $_GET[$varname];
}
else if (isset($_POST[$varname]))
{
return $_POST[$varname];
}
else if (isset($$varname))
{
return $$varname;
}
return "";
}
$ilogin_db = mysql_connect($ilogin_sql_server, $ilogin_sql_username, $ilogin_sql_password) or ilogin_die("Unable to connect to database. Please check your iLogin MySQL server, username and password configuration options.");
mysql_select_db($ilogin_sql_database, $ilogin_db) or ilogin_die("Unable to select the database. Please check your iLogin MySQL database configuration option.");
//mysql_query("DROP TABLE $ilogin_table");
/* Check whether table exists */
if (! mysql_query("DESCRIBE $ilogin_table", $ilogin_db))
{
/* Create the table */
mysql_query("CREATE TABLE $ilogin_table (id INT(10) NOT NULL primary key auto_increment, username VARCHAR(255) NOT NULL, password VARCHAR(255) NOT NULL, email VARCHAR(255) NOT NULL, firstname VARCHAR(255) NOT NULL, lastname VARCHAR(255) NOT NULL, addr1 VARCHAR(255) NOT NULL, addr2 VARCHAR(255) NOT NULL, addr3 VARCHAR(255) NOT NULL, addr4 VARCHAR(255) NOT NULL, addr5 VARCHAR(255) NOT NULL, addr6 VARCHAR(255) NOT NULL, Dob VARCHAR(255) NOT NULL, Sex VARCHAR(255) NOT NULL, status VARCHAR(255) NOT NULL, confirm VARCHAR(255) NOT NULL)", $ilogin_db);
/* Write the (empty) .htpasswd file */
ilogin_write_htpasswd();
}
/* Determine the server name */
if (isset($_SERVER["HTTP_HOST"]))
{
$ilogin_serverName = $_SERVER["HTTP_HOST"];
}
else if (isset($_SERVER["SERVER_NAME"]))
{
$ilogin_serverName = $_SERVER["SERVER_NAME"];
}
else
{
$ilogin_serverName = "$ilogin_siteName";
}
if (isset($_SERVER['PHP_SELF']))
{
$PHP_SELF=$_SERVER['PHP_SELF'];
}
?>
login_check.php
PHP Code:
<?php
ob_start();
include("ilogin_config.inc.php");
// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());
// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());
$match = "select id from $table where username = '".$_POST['username']."'
and password = '".$_POST['password']."';";
$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);
if ($num_rows <= 0) {
echo "<center><font face='Verdana' size='4' color=red><b>Sorry, there is no username $username with the specified password.";
echo "<a href=login.php>Try again</a>";
exit;
} else {
setcookie("loggedin", "TRUE", time()+(3600 * 24),"/");
setcookie("mysite_username", $_POST["username"], time()+(3600 * 24),"/");
echo "<center>Processing Login";
}
ob_end_flush();
?>
|
|
|
Linear Mode
