Tutorial by tim_perdue_PHP, the original author of a function library for website user management

<?php $hidden_hash_var=your_password_here; $LOGGED_IN=false; //clear it out in case someone sets it in the URL or something unset($LOGGED_IN); /* create table user ( user_id int not null auto_increment primary key, user_name text, real_name text, email text, password text, remote_addr text, confirm_hash text, is_confirmed int not null default 0 ); */ function user_isloggedin() { global $user_name,$id_hash,$hidden_hash_var,$LOGGED_IN; //have we already run the hash checks? //If so, return the pre-set var if (isset($LOGGED_IN)) { return $LOGGED_IN; } if ($user_name && $id_hash) { $hash=md5($user_name.$hidden_hash_var); if ($hash == $id_hash) { $LOGGED_IN=true; return true; } else { $LOGGED_IN=false; return false; } } else { $LOGGED_IN=false; return false; } } function user_login($user_name,$password) { global $feedback; if (!$user_name || !$password) { $feedback .= ERROR - Missing user name or password ; return false; } else { $user_name=strtolower($user_name); $password=strtolower($password); $sql="SELECT * FROM user WHERE user_name=$user_name AND password=". md5($password) .""; $result=db_query($sql); if (!$result || db_numrows($result) < 1){ $feedback .= ERROR - User not found or password incorrect ; return false; } else { if (db_result($result,0,is_confirmed) == 1) { user_set_tokens($user_name); $feedback .= SUCCESS - You Are Now Logged In ; return true; } else { $feedback .= ERROR - You haven Confirmed Your Account Yet ; return false; } } } } function user_logout() { setcookie(user_name,,(time()+2592000),/,,0); setcookie(id_hash,,(time()+2592000),/,,0); } function user_set_tokens($user_name_in) { global $hidden_hash_var,$user_name,$id_hash; if (!$user_name_in) { $feedback .= ERROR - User Name Missing When Setting Tokens ; return false; } $user_name=strtolower($user_name_in); $id_hash= md5($user_name.$hidden_hash_var); setcookie(user_name,$user_name,(time()+2592000),/,,0); setcookie(id_hash,$id_hash,(time()+2592000),/,,0); } function user_confirm($hash,$email) { /* Call this function on the user confirmation page, which they arrive at when the click the link in the account confirmation email */ global $feedback,$hidden_hash_var; //verify that they didnt tamper with the email address $new_hash=md5($email.$hidden_hash_var); if ($new_hash && ($new_hash==$hash)) { //find this record in the db $sql="SELECT * FROM user WHERE confirm_hash=$hash"; $result=db_query($sql); if (!$result || db_numrows($result) < 1) { $feedback .= ERROR - Hash Not Found ; return false; } else { //confirm the email and set account to active $feedback .= User Account Updated - You Are Now Logged In ; user_set_tokens(db_result($result,0,user_name)); $sql="UPDATE user SET email=$email,is_confirmed=1 WHERE confirm_hash=$hash"; $result=db_query($sql); return true; } } else { $feedback .= HASH INVALID - UPDATE FAILED ; return false; } } function user_change_password ($new_password1,$new_password2,$change_user_name,$old_password) { global $feedback; //new passwords present and match? if ($new_password1 && ($new_password1==$new_password2)) { //is this password long enough? if (account_pwvalid($new_password1)) { //all vars are present? if ($change_user_name && $old_password) { //lower case everything $change_user_name=strtolower($change_user_name); $old_password=strtolower($old_password); $new_password1=strtolower($new_password1); $sql="SELECT * FROM user WHERE user_name=$change_user_name AND password=". md5($old_password) .""; $result=db_query($sql); if (!$result || db_numrows($result) < 1) { $feedback .= User not found or bad password .db_error(); return false; } else { $sql="UPDATE user SET password=". md5($new_password1). " ". "WHERE user_name=$change_user_name AND password=". md5($old_password). ""; $result=db_query($sql); if (!$result || db_affected_rows($result) < 1) { $feedback .= NOTHING Changed .db_error(); return false; } else { $feedback .= Password Changed ; return true; } } } else { $feedback .= Must Provide User Name And Old Password ; return false; } } else { $feedback .= New Passwords Doesn Meet Criteria ; return false; } } else { return false; $feedback .= New Passwords Must Match ; } } function user_lost_password ($email,$user_name) { global $feedback,$hidden_hash_var; if ($email && $user_name) { $user_name=strtolower($user_name); $sql="SELECT * FROM user WHERE user_name=$user_name AND email=$email"; $result=db_query($sql); if (!$result || db_numrows($result) < 1) { //no matching user found $feedback .= ERROR - Incorrect User Name Or Email Address ; return false; }else { //create a secure, new password $new_pass=strtolower(substr(md5(time().$user_name.$hidden_hash_var),1,14)); //update the database to include the new password $sql="UPDATE user SET password=". md5($new_pass) ." WHERE user_name=$user_name"; $result=db_query($sql); //send a simple email with the new password mail ($email,Password Reset,Your Password . has been reset to: .$new_pass,From: noreply@company.com); $feedback .= Your new password has been emailed to you. ; return true; } } else { $feedback .= ERROR - User Name and Email Address Are Required ; return false; } } function user_change_email ($password1,$new_email,$user_name) { global $feedback,$hidden_hash_var; if (validate_email($new_email)) { $hash=md5($new_email.$hidden_hash_var); //change the confirm hash in the db but not the email - //send out a new confirm email with a new hash $user_name=strtolower($user_name); $password1=strtolower($password1); $sql="UPDATE user SET confirm_hash=$hash WHERE user_name=$user_name AND password=". md5($password1) .""; $result=db_query($sql); if (!$result || db_affected_rows($result) < 1) { $feedback .= ERROR - Incorrect User Name Or Password ; return false; } else { $feedback .= Confirmation Sent ; user_send_confirm_email($new_email,$hash); return true; } } else { $feedback .= New Email Address Appears Invalid ; return false; } } function user_send_confirm_email($email,$hash) { /* Used in the initial registration function as well as the change email address function */ $message = "Thank You For Registering at PHPBuilder.com". " Simply follow this link to confirm your registration: ". "

http://www.phpbuilder.com/account/confirm.php?hash=$hash&email=". urlencode($email). "

Once you confirm, you can use the services on PHPBuilder."; mail ($email,PHPBuilder Registration Confirmation,$message,From: noreply@phpbuilder.com); } function user_register($user_name,$password1,$password2,$email,$real_name) { global $feedback,$hidden_hash_var; //all vars present and passwords match? if ($user_name && $password1 && $password1==$password2 && $email && validate_email($email)) { //password and name are valid? if (account_namevalid($user_name) && account_pwvalid($password1)) { $user_name=strtolower($user_name); $password1=strtolower($password1); //does the name exist in the database? $sql="SELECT * FROM user WHERE user_name=$user_name"; $result=db_query($sql); if ($result && db_numrows($result) > 0) { $feedback .= ERROR - USER NAME EXISTS ; return false; } else { //create a new hash to insert into the db and the confirmation email $hash=md5($email.$hidden_hash_var); $sql="INSERT INTO user (user_name,real_name,password,email,remote_addr,confirm_hash,is_confirmed) ". "VALUES ($user_name,$real_name,". md5($password1) .",$email,$GLOBALS[REMOTE_ADDR],$hash,0)"; $result=db_query($sql); if (!$result) { $feedback .= ERROR - .db_error(); return false; } else { //send the confirm email user_send_confirm_email($email,$hash); $feedback .= Successfully Registered. You Should Have a Confirmation Email Waiting ; return true; } } }

http://www.bkjia.com/PHPjc/532120.html www.bkjia.com true http://www.bkjia.com/PHPjc/532120.html TechArticle 0) { $feedback .= ERROR - USER NAME EXISTS ; return false; } else { //create a new hash to insert into the db and the confirmation email $hash=md5($email.$hidden_hash_var); $sql=IN...

Tutorial by tim_perdue_PHP, the original author of a function library for website user management

Related articles