· 8 years ago · May 31, 2017, 01:52 AM
1<?php
2/******************* COPYRIGHT ******************/
3/* DO NOT REMOVE */
4/* Copyright © made by Jean-Luc Tallis */
5/************************************************/
6
7/******************* VERSIONS *******************/
8/* - Version 1 Beta */
9/* Released at May 2010 */
10/************************************************/
11
12/********************* USAGE ********************/
13/* - Restrict information to logged in users */
14/* if($session->logged_in == true) { Do this } */
15/* */
16/* - To log a user out */
17/* session->logout(); */
18/* */
19/* - Check User Login and return array of data */
20/* $user = session->checkLogin; */
21/************************************************/
22
23class Session extends User {
24
25 public $time;
26 public $logged_in = NULL;
27 public $ip;
28
29 public function __construct() {
30 $this->time = time();
31 $this->ip = $_SERVER['REMOTE_ADDR'];
32
33 $this->startSession();
34 }
35
36 public function startSession() {
37 session_start();
38 }
39
40 public function checkLogin($secret_key) {
41 global $db;
42
43 if (isset($_COOKIE['HORBLECOOKIE'])) :
44 $data = explode('-', $_COOKIE['HORBLECOOKIE']);
45 $_SESSION['uid'] = $data[1];
46 $_SESSION['hash'] = $data[0];
47 endif;
48
49 $this->uid = $_SESSION['uid'];
50 $this->hashkey = $_SESSION['hash'];
51
52 if (!isset($this->uid) || !isset($this->hashkey)) {
53 $this->logout();
54 } else {
55 $check = sha1($this->uid . $this->ip . $secret_key);
56 if ($check != $this->hashkey) {
57 $this->logout();
58 } else {
59 $query = $db->execute("SELECT * FROM users WHERE id='".$this->uid."'") or die(mysql_error());
60 $userarray = $db->fetchassoc($query);
61 if ($db->numrows($query) == 0) {
62 $this->logout();
63 }
64 foreach($userarray as $key=>$value) {
65 $user->$key = $value;
66 }
67 $this->logged_in = 1;
68 return $user;
69 }
70 }
71 }
72
73 public function login($email, $password, $keepmein, $secret_key) {
74 global $msgError;
75
76 $this->email = clean($email, 1, 1, 3);
77 $this->password = clean($password, 1 , 1, 0);
78
79 if (empty($this->email) || empty($this->password)) {
80
81 $msgError = "You have left empty fields!";
82
83 return;
84
85 }
86
87 $result = User::confirmUserPass($this->email, $this->password);
88
89 if ($result == 1 || $result == 3) {
90
91 $msgError = "Please enter valid email and password.";
92
93 return;
94
95 } elseif ($result == 2) {
96
97 $msgError = "Your user account has not been activated yet!";
98
99 return;
100
101 }
102
103 if (empty($msgError)) {
104
105 $this->userinfo = User::getUserInfo('users', 'email', $this->email);
106
107 $this->id = $_SESSION['uid'] = $this->userinfo['id'];
108 $this->hashkey = $_SESSION['hash'] = sha1($this->id . $this->ip . $secret_key);
109
110 User::updateUserField('users', 'displayname', $this->displayname, "last_login", $this->time);
111 User::updateUserField('users', 'displayname', $this->displayname, "ip", $this->ip);
112 User::updateUserField('users', 'displayname', $this->displayname, "times_logged", $this->userinfo['times_logged'] + 1);
113
114 if ($keepmein) {
115
116 setcookie("HORBLECOOKIE", $this->hashkey . '-' . $this->id, $this->time + COOKIE_EXPIRE);
117
118 }
119
120 $this->logged_in = 1;
121
122 return true;
123
124 } else {
125
126 return false;
127
128 }
129 }
130
131 public function logout() {
132 if (isset($_COOKIE['HORBLECOOKIE'])) {
133 setcookie("HORBLECOOKIE", "", $this->time - COOKIE_EXPIRE);
134 }
135
136 session_unset();
137
138 session_destroy();
139
140 $this->logged_in = 0;
141
142 redirect("/new/index.php");
143 }
144
145 public function register($name, $displayname, $email, $password, $verifypass, $gender, $dob, $captcha) { //Etc Etc
146 global $mailer, $msgError, $msgOk, $showMsg;
147
148 $this->name = clean($name,1,0,3);
149 $this->displayname = clean($displayname,1,1,2);
150 $this->email = clean($email,1,1,3);
151 $this->password = clean($password,1,1,0);
152 $this->verifypass = clean($verifypass,1,1,0);
153 $this->gender = clean($gender,1,0,3);
154 $this->dob = clean($dob,1,1,0);
155 $this->captcha = $captcha;
156
157 $this->msgs = array();
158
159 $namecheck = trim($this->name);
160 if (empty($namecheck) || empty($this->email) || empty($this->password) || empty($this->verifypass) || empty($this->gender) || empty($this->dob) || empty($this->captcha)) {
161 $this->msgs[] = "You have left empty fields";
162 } else {
163 $name = explode(' ', $name);
164 if(strlen($name[0]) > 15) {
165 $this->msgs[] = "First name is too long";
166 }
167
168 if (User::isValidEmail($this->email) == true) {
169 $value = User::emailExists($this->email);
170 if ($value == 1) :
171 $this->msgs[] = "Sorry, this Email already exists";
172 endif;
173 } else {
174 $this->msgs[] = "Incorrect Email Format";
175 }
176
177 if(empty($this->displayname)) {
178 $this->displayname = $name[0] . rand(1,999);
179 }
180
181 if (strlen($this->password) < 6) {
182 $this->msgs[] = "Password is too short (less than 6 characters long)";
183 } elseif(!preg_match("/^([0-9a-z])+$/i", $this->password)) {
184 $this->msgs[] = "Password entered is not alphanumeric";
185 } elseif ($this->password != $this->verifypass) {
186 $this->msgs[] = "Your password did not match the confirmed password!";
187 }
188
189 if(getAge($this->dob) < 13) {
190 $this->msgs[] = "You must be of 13 age or over to register";
191 } else {
192 $this->dob = date("D-M-Y", strtotime($this->dob));
193 }
194
195 if(strtolower($this->captcha) != strtolower($_SESSION['ckey'])) {
196 $this->msgs[] = "You captcha image was incorrect!";
197 }
198 }
199
200 if (empty($this->msgs)) {
201 $this->newpassword = md5($this->email . $this->password);
202 $this->actkey = $this->generateRandID();
203
204 User::addNewUser($this->email, $this->displayname, $this->newpassword, $this->name, $this->gender, $this->dob, $this->time, $this->ip, $this->actkey);
205
206 $link = $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) .
207 "/index.php?action=activate&mail=" . urlencode($this->email) . "&key=" . $this->actkey;
208
209 $sendMail = $mailer->sendWelcome(ucwords($this->name), $this->email, $this->password, $link);
210
211 if ($sendMail) {
212 $msgOk = "Registered";
213 }
214 } else {
215 $showMsg = '<div class="error"><span>Error(s):</span><ul>';
216
217 foreach ($this->msgs as $msg) { $showMsg .= "<li>" . $msg . "</li>\n"; }
218
219 $showMsg .= '</ul></div>';
220 }
221 }
222
223 public function forgotPass($email) {
224 global $mailer, $msgError, $msgOk;
225
226 $this->email = clean($email, 1, 1, 3);
227
228 if (empty($this->email)) {
229 $msgError = 'You have left empty fields!';
230
231 return;
232 } else {
233 if (User::isValidEmail($this->email) == false) {
234 $msgError = "Entered Email Address is not valid.";
235
236 return;
237 } else {
238 if(User::emailExists($this->email) == false) {
239 $msgError = "That email does not exist";
240 return;
241 }
242 }
243 }
244
245 if (empty($msgError)) {
246 $this->pass = $this->generateRandStr(8);
247 $this->encrypted_pass = md5($this->email . $this->pass);
248
249 $this->userinfo = User::getUserInfo('users', 'email', $this->email);
250
251 $mail = $mailer->sendNewPass($this->userinfo['name'], $this->email, $this->pass);
252
253 if ($mail) {
254 User::updateUserField('users', 'email', $this->email, 'password', $this->encrypted_pass);
255
256 $msgOk = "Success!";
257 }
258 }
259 }
260
261 public function resendAct($email) {
262 global $mailer, $msgError, $msgOk;
263
264 $this->email = clean($email, 1, 1, 3);
265
266 if (empty($this->email)) {
267 $msgError = 'You have left empty fields!';
268
269 return;
270 } else {
271 if (User::emailExists($this->email) == false) {
272 $msgError = "That email does not exist";
273
274 return;
275 }
276 }
277
278 if (empty($msgError)) {
279 $this->userinfo = User::getUserInfo('users', 'email', $this->email);
280 $act_key = $this->userinfo['actkey'];
281
282 $link = $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/index.php?action=activate&mail=" . urlencode($this->email) . "&key=" . $act_key;
283
284 $mail = $mailer->sendActivation(ucwords($this->userinfo['name']), $this->email, $link);
285
286 $msgOk = 'Success. You should have recieved your activation email';
287 }
288 }
289
290 public function activateUser($email, $act_key) {
291 global $msgAlert, $msgOk, $msgError;
292
293 $this->email = clean($email,1,0,3);
294 $this->act_key = clean($act_key,1,0,0);
295
296 if(empty($this->email) || empty($this->act_key)) {
297 $msgError = "Your activation link must contain your email and activation key";
298 return;
299 }
300
301 $validation = User::validateActivation($this->email, $this->act_key);
302
303 if($validation == 1) {
304 $msgError = "The email address is not valid";
305 return;
306 } elseif($validation == 2) {
307 $msgError = "You are already activated";
308 return;
309 } elseif($validation == 3) {
310 $msgError = "There are two accounts under the same email address, and activation key. Please contact us";
311 return;
312 } elseif($validation == 4) {
313 $msgError = "The email address or activation code is not valid";
314 return;
315 } else {
316 if(User::setUserActive($this->email, $this->act_key)) {
317 $msgOk = "<span>Success!</span> Thank you. Your account is now active. You may now log in.";
318 return;
319 } else {
320 $msgError = "There was an error processing your request. Please try again";
321 return;
322 }
323 }
324 }
325
326 public function buyFeature($user) {
327 global $secret_key, $db;
328
329 if($user->credits < '1000')
330 {
331 $error = '<span style="color:#e11919;">Not enough credits!</span>';
332
333 return;
334 }
335 else
336 {
337 $query = $db->execute("SELECT id, user_id FROM featured_member ORDER BY date DESC LIMIT 10");
338 if($db->numrows($query) > 1)
339 {
340 while($row = $db->fetchassoc($query))
341 {
342 if($row['user_id'] == $user->id)
343 {
344 $delfeature = $db->execute("DELETE FROM featured_member WHERE id = '" . $row['id'] . "'");
345 }
346 }
347 }
348 else
349 {
350 if($db->numrows($query) == 1)
351 {
352 $row = $db->fetchassoc($query);
353 if($row['user_id'] == $user->id)
354 {
355 $delfeature = $db->execute("DELETE FROM featured_member WHERE id = '" . $row['id'] . "'");
356 }
357 }
358 }
359
360 $time = time();
361 $query = $db->execute("INSERT INTO featured_member (user_id, views, date) VALUES ('$user->id', '0', '$time')");
362 if($query)
363 {
364 $credits = $user->credits - 1000;
365 $query = $db->execute("UPDATE users SET credits = '$credits' WHERE id = '$user->id'");
366
367 $user = $session->checkLogin($secret_key);
368 }
369 }
370 }
371
372 public function postStatus($status, $user) {
373 if(!empty($status)) : $status = bbcode_format($status,1); endif;
374
375 $status = clean($status,1,0,0);
376
377 $query = mysql_query("insert into `user_status` (user_id, status, posted) VALUES ('$user->id', '$status', '$this->time')");
378
379 if($query) : echo '<span style="color:#e11919;">Status Updated!</span>'; endif;
380
381 return;
382 }
383
384 public function getStatus($user) {
385 global $db;
386
387 $query = $db->execute("SELECT `status` FROM `user_status` WHERE `user_id` = '$user->id' ORDER BY `posted` DESC LIMIT 1");
388
389 $row = $db->fetcharray($query);
390
391 if(!empty($row['status'])) :
392 return $row['status'];
393 else :
394 return '<em>Has no status.</em>';
395 endif;
396 }
397
398 public function generateRandID() {
399 return md5($this->generateRandStr(16));
400 }
401
402
403 /* Session::generateRandStr() */
404 public function generateRandStr($length) {
405 $randstr = "";
406
407 for ($i = 0; $i < $length; $i++) {
408 $randnum = mt_rand(0, 61);
409
410 if ($randnum < 10) {
411 $randstr .= chr($randnum + 48);
412 } elseif ($randnum < 36) {
413 $randstr .= chr($randnum + 55);
414 } else {
415 $randstr .= chr($randnum + 61);
416 }
417
418 }
419
420 return $randstr;
421 }
422
423}
424
425function clean($foo, $a, $b, $c) {
426 if($b == '1') : $foo = trim($foo); endif;
427
428 if(get_magic_quotes_gpc()) : $foo = stripslashes($foo); endif;
429 if($a == '1') : $foo = mysql_real_escape_string($foo); endif;
430
431 if($c == '1') : $foo = ucwords($foo); endif;
432 if($c == '2') : $foo = ucfirst($foo); endif;
433 if($c == '3') : $foo = strtolower($foo); endif;
434 if($c == '4') : $foo = strtoupper($foo); endif;
435
436 return $foo;
437}
438
439function display_msg($mode) {
440 if($mode == 'ERROR') {
441 global $msgError, $showMsg;
442
443 if (!empty($msgError)) :
444 echo '<div class="error">' . $msgError . '</div>';
445 endif;
446
447 if (!empty($showMsg)) :
448 echo $showMsg;
449 endif;
450 }
451 if($mode == 'SUCCESS') {
452 global $msgOk;
453
454 if (!empty($msgOk)) :
455 echo '<div class="success">' . $msgOk . '</div>';
456 endif;
457 }
458}
459
460function redirect($location) {
461 if(!headers_sent()) :
462 header('Location: ' . $location);
463 else :
464 echo '<script type="text/javascript">window.location.href="' . $location . '";</script>';
465 echo '<noscript><meta http-equiv="refresh" content="0;url=' . $location . '" /></noscript>';
466 endif;
467}
468
469function getAge($iTimestamp) {
470 $iTimestamp = strtotime($iTimestamp);
471 $iDiffYear = date('Y') - date('Y', $iTimestamp);
472 $iDiffMonth = date('n') - date('n', $iTimestamp);
473 $iDiffDay = date('j') - date('j', $iTimestamp);
474
475 // If birthday has not happen yet for this year, subtract 1.
476 if ($iDiffMonth < 0 || ($iDiffMonth == 0 && $iDiffDay < 0)) {
477 $iDiffYear--;
478 }
479
480 return $iDiffYear;
481}
482
483function bbcode_format ($str, $type) {
484 // Do simple BBCode's
485 if($type == '1') {
486 $str = strip_tags($str);
487 $str = htmlentities($str);
488 $bbcode = array(
489 //Bold
490 '/\[b\](.*?)\[\/b\]/is',
491 //Italic
492 '/\[i\](.*?)\[\/i\]/is',
493 //Underline
494 '/\[u\](.*?)\[\/u\]/is',
495 //Font Family
496 '/\[font\=(.*?)\](.*?)\[\/font\]/is',
497 //Colors
498 '/\[c\=(.*?)\](.*?)\[\/c\]/is',
499 //Code presentation
500 '/\[code\](.*?)\[\/code\]/is'
501 );
502
503 $htmlcode = array(
504 //Bold
505 '<strong>$1</strong>',
506 //Italic
507 '<em>$1</em>',
508 //Underline
509 '<u>$1</u>',
510 //Font Family
511 '<span style="font-family: $1;">$2</span>',
512 //Colors
513 '<span style="color: $1;">$2</span>',
514 //Code presentation
515 '<pre class="code">$1</pre>'
516 );
517 $str = preg_replace($bbcode, $htmlcode, $str);
518 } else {
519 if($type == '2') {
520 $bbcode = array(
521 //Bold
522 '[b]$1[/b]',
523 //Italic
524 '[i]$1[/i]',
525 //Underline
526 '[u]$1[/u]',
527 //Font Family
528 '[font=$1]$2[/font]',
529 //Colors
530 '[c=$1]$2[/c]',
531 //Code presentation
532 '[code]$1[/code]'
533 );
534
535 $htmlcode = array(
536 //Bold
537 '/\<strong\>(.*?)\<\/strong\>/is',
538 //Italic
539 '/\<em\>(.*?)\<\/em\>/is',
540 //Underline
541 '/\<u\>(.*?)\<\/u\>/is',
542 //Font Family
543 '/\<span style=\"font-family: (.*?);\"\>(.*?)\<\/span\>/is',
544 //Colors
545 '/\<span style=\"color: (.*?);\">(.*?)\<\/span\>/is',
546 //Code presentation
547 '/\<pre class=\"code\"\>(.*?)\<\/pre\>/is'
548 );
549
550 $str = preg_replace($htmlcode, $bbcode, $str);
551 }
552 }
553
554 return $str;
555}
556
557function time_since($original) {
558 // array of time period chunks
559 $chunks = array(
560 array(60 * 60 * 24 * 365 , 'year'),
561 array(60 * 60 * 24 * 30 , 'month'),
562 array(60 * 60 * 24 * 7, 'week'),
563 array(60 * 60 * 24 , 'day'),
564 array(60 * 60 , 'hour'),
565 array(60 , 'minute'),
566 );
567
568 $today = time(); /* Current unix time */
569 $since = $today - $original;
570
571 if($since > 604800) {
572 $print = date("F jS", $original);
573 if($since > 31536000) {
574 $print .= ", " . date("Y", $original);
575 }
576 return $print;
577 }
578
579 // $j saves performing the count function each time around the loop
580 for ($i = 0, $j = count($chunks); $i < $j; $i++) {
581 $seconds = $chunks[$i][0];
582 $name = $chunks[$i][1];
583 // finding the biggest chunk (if the chunk fits, break)
584 if (($count = floor($since / $seconds)) != 0) {
585 // DEBUG print "<!-- It's $name -->\n";
586 break;
587 }
588 }
589 $print = ($count == 1) ? '1 '.$name : "$count {$name}s";
590 return $print . " ago";
591}
592?>