Secure User Authentication, Supports banning, deletion, adding, etc. Based on MySQL Backend. ALWAYS LATEST CODE! http://www.phpportalen.net/viewtopic.php?t=10568#56993
Download
View Source (print view)
Rating : 4.7
Views : 313
<?php
/**
* Basic authentication with MySQL backend.
*
* Connection to database and session must be
* initilized before use of this class.
*
* @author Fredrik Haugbergsmyr <hagman@hotbrev.com>
* @copyright Fredrik Haugbergsmyr 2003
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @package User_Library
*/
/**
* @access public
* @author Fredrik Haugbergsmyr <hagman@hotbrev.com>
* @package User_Library
* @version 0.9.0
*/
class usrlib
{
/**
* @access public
* @var bool If user is logged in.
*/
var $logged_in = false;
/**
* @access public
* @var int days a user should be banned
*/
var $bantime = 14;
/**
* @access private
* @var bool If user is admin user.
*/
var $_admin = false;
/**
* @access private
* @var string username of logged in user.
*/
var $_username = '';
/**
* @access private
* @var int Id of logged in user.
*/
var $_id = 0;
/**
* Class constructor
*/
function usrlib()
{
if (!empty($_SESSION['_usrlib'])) {
$this->_admin = @$_SESSION['_usrlib']['admin'];
$this->_id = @$_SESSION['_usrlib']['id'];
$this->_username = @$_SESSION['_usrlib']['username'];
}
if ($this->logged_in === true)
return ($this->logged_in = true);
if (@$_SESSION['_usrlib']['logged_in'])
($this->logged_in = true);
return false;
}
/**
* Try to login.
*
* Returns true if user is already logged in
* otherwise does it tries to login.
*
* @access public
* @param string plain text username
* @param string plain text password
* @return bool true if user is successfully logged in false otherwise
* @uses _bantime_expired
* @uses _create_password
*/
function login($username, $password)
{
if ($this->logged_in)
return true;
$password = $this->_create_password($password);
$q = @mysql_query("SELECT * FROM users WHERE username = '$username' && password = '$password';");
if ($r = @mysql_fetch_assoc($q)) {
if ($r['banned'] == 'Y' && !$this->_bantime_expired($r['id']))
return false;
$this->logged_in = $_SESSION['_usrlib']['logged_in'] = true;
$this->_admin = $_SESSION['_usrlib']['admin'] = ($r['admin'] == 'Y' ? true : false);
$this->_id = $_SESSION['_usrlib']['id'] = $r['id'];
$this->_username = $_SESSION['_usrlib']['username'] = $r['username'];
return true;
}
sleep(6);
return false;
}
/**
* Logout and and unset session vars.
*
* @access public
* @return bool false
*/
function logout()
{
unset($this->_username, $this->_id, $this->_admin);
unset($_SESSION['_usrlib']);
return ($this->logged_in = false);
}
/**
* Checks if bantime has expired for user
*
* Revokes ban if bantime has expired.
*
* @access private
* @param int user id
* @return bool true on success, false other wise
* @see _get_user
*/
function _bantime_expired($id)
{
if (!$this->logged_in && !$this->_admin)
return false;
$user = $this->_get_user($id);
if (time() > $user['bantime'])
return (bool)$this->unban_user($id);
return false;
}
/**
* Create hash from plain text password.
*
* Returns a modified MD5 hash.
*
* @access private
* @param string plain text password
* @return string hashed password
*/
function _create_password($password)
{
$password = md5($password);
$replace = array(
'0' => '58t', '1' => '#Bä',
'2' => '=)s', '3' => '`3Y',
'4' => '{&4', '5' => 'GFO',
'6' => '´-U', '7' => ';_.',
'8' => 'Ã¥qA', '9' => '21g',
'a' => 'fÖ%', 'b' => '/}d',
'c' => '¤,a', 'd' => '*~P',
'e' => '?+]', 'f' => 'X<i');
$password = strtr($password, $replace);
$password = strrev(md5($password));
$password = strrev(strtr($password, $replace));
$password = md5($password);
return (string)strtoupper(md5(base_convert(strrev($password), 16, 20)));
}
/**
* Returns all info assciated with user
*
* Gets user info by id
*
* @access private
* @param int User id
* @return array associative array with user info
*/
function _get_user($id)
{
if (!$this->logged_in)
return false;
$q = @mysql_query("SELECT * FROM users WHERE id = '$id';");
return @mysql_fetch_assoc($q);
}
/**
* Performs a regexp on usernames and passwords.
*
* String may only contain A-Z, a-z and 0-9.
*
* @access private
* @param string String to check.
* @return bool True if string matched, false otherwise
*/
function _valid_value($string)
{
return (bool)preg_match('/(^[a-zA-Z0-9_]{4,32}$)/i', $string);
}
/**
* Changes users password
*
* Checks and creates a new password for user.
*
* @access public
* @param string plain text password
* @return bool true if new password was added to database, false otherwise
* @uses login
* @uses _valid_value
* @uses _create_password
*/
function change_password($password, $verpassword, $oldpassword)
{
if (!$this->logged_in)
return false;
if (!$this->_valid_value($password))
return false;
if (md5($password) != md5($verpassword))
return false;
if (!($user = $this->_get_user($this->_id)))
return false;
if ($this->_create_password($oldpassword) != $user['password'])
return false;
$verpassword = $this->_create_password($verpassword);
if (@mysql_query("UPDATE users SET password = '$verpassword' WHERE id = '{$this->_id}' LIMIT 1;")) {
$this->logged_in = false;
$this->login($this->_username, $password);
return true;
}
return false;
}
/**
* Adds admin flag to user
*
* Must be an admin to change this
*
* @access public
* @param mixed user id
* @return bool True if user was alterd, false otherwise
*/
function change_user($id, $admin = true)
{
if (!$this->logged_in || !$this->_admin)
return false;
if (is_array($id))
foreach ($id as $value)
$this->change_user($value);
$admin = ($admin == true ? 'Y' : 'N');
return (bool)@mysql_query("UPDATE users SET admin = '$admin' WHERE id != '{$id}' LIMIT 1;");
}
/**
* Bans user by id
*
* Bans users for a number of days
*
* @access public
* @param mixed user id
* @return bool true on success, false other wise
*/
function ban_user($id)
{
if (!$this->logged_in)
return false;
if (is_array($id))
foreach ($id as $value)
$this->ban_user($value);
$bantime = (time()+intval(60*60*24*$this->bantime));
return (bool)@mysql_query("UPDATE users SET bantime = '$bantime', banned = 'Y' WHERE id = '{$id}' && admin = 'N' LIMIT 1;");
}
/**
* Revokes Ban for user by id
*
* Removes ban
*
* @access public
* @param mixed user id
* @return bool true on success, false other wise
*/
function unban_user($id)
{
if (!$this->logged_in)
return false;
if (is_array($id))
foreach ($id as $value)
$this->unban_user($value);
return (bool)@mysql_query("UPDATE users SET bantime = '', banned = 'N' WHERE id = '{$id}' && admin = 'N' LIMIT 1;");
}
/**
* Add user to system.
*
* You can not add already added users. And you
* has to be an admin.
*
* @access public
* @param string plain text username
* @param string plain text password
* @param string plain text verify password
* @param bool admin user
* @return bool True if user is added, false if user already exists
* @uses _create_password
* @uses _valid_value
*/
function create_user($username, $password, $verpassword, $admin = false)
{
if (!$this->logged_in || !$this->_admin)
return false;
if (md5($password) != md5($verpassword))
return false;
if (!$this->_valid_value($username) || !$this->_valid_value($password))
return false;
$admin = ($admin == true ? 'Y' : 'N');
$password = $this->_create_password($password);
return (bool)@mysql_query("INSERT INTO users (username, password, admin) VALUES ('$username', '$password', '$admin');");
}
/**
* Delete user from system.
*
* You can not delete admins or yourself. And you
* has to be an admin.
*
* @access public
* @param mixed user id
* @return bool True if user is deleted, false otherwise
*/
function delete_user($id)
{
if (!$this->logged_in || !$this->_admin)
return false;
if (is_array($id))
foreach ($id as $value)
$this->delete_user($value);
return (bool)@mysql_query("DELETE FROM users WHERE id = '$id' && admin = 'N' && id != '{$this->_id}' LIMIT 1;");
}
}
?>
'php script, guestbook, doc, pdf, rtf, xsl files to a single pdf at runtime, utfraw, fedex, chat, design_in_php, eval, iaroi_adriana, rss, xslt, i need webmail login name and password, search results, project, php script" class="neww" target="_blank" title="im neuen, unction, yahoo status check, anton sorina, guest, php snips, doc,_pdf,_rtf,_xsl__files_to_a_single_pdf_at_runtime