I have a script on my website, freestudentcloud.com.
But i want:
1) that new users must activate there account.
2)If the user lose his pass that he can Change/renew his password.
I hope someone can help me with my problems.
I have no knowledge of php, but i have tried many thinks. like http://www.learnphponline.com/scripts/email-activation-for-php-forms
This is the users.php
<?php
if( ! defined( '_AppPath' ) ) { exit( 'Direct access to this script is not permitted' ); }
class Users
{
var $app;
function __construct( $app )
{
$this->app = $app;
}
//******************************
// Insert new user
//******************************
function create($return = false)
{
//Data validation
$error;
if(empty($_POST['password']))
$error = 'Please enter a password';
if(!empty($_POST['maxupload']) && !ctype_digit($_POST['maxupload']))
$error = 'Please enter numeric values only for max. upload limit';
if(empty($_POST['name']))
$error = 'Please enter a username';
//Check for errors
if($error)
{
return array("error" => $error);
}
$user = array();
$user['name'] = $this->app->db->real_escape_string($_POST['name']);
$user['password'] = md5('_password_'.$_POST['password']);
$user['maxupload'] = $_POST['maxupload'] ? $_POST['maxupload'] : '';
$user['admin'] = $_POST['admin'];
//remove white space from username
$user['name'] = str_replace(" ","",$user['name']);
//Check for illegal characters
$valid = array('-', '_');
if(!ctype_alnum(str_replace($valid,'',$user['name'])))
return array("error" => 'Only alphanumeric characters and "-" or "_" are allowed');
if(strlen($user['name']) > 30)
return array("error" => 'Username is too big (30 characters allowed)');
//Insert user into database
$query = "INSERT INTO users VALUES (NULL,
'".$user['name']."',
'".$user['password']."',
'".$user['admin']."',
'0',
'".($user['maxupload']*1000)."')";
if(!$user['maxupload'])
$query = "INSERT INTO users VALUES (NULL,
'".$user['name']."',
'".$user['password']."',
'".$user['admin']."',
'0',
NULL)";
//Save user record in database
$result = $this->app->db->query($query);
if(!$result)
return array("error" => "The username you chose is taken already");
//Set user id
$user['id'] = sprintf("%011d", $this->app->db->insert_id);
//Create meta entries for new user
$this->app->meta->create("downloads_".$user['id'],0,$user['id']); //downloads entry
$this->app->meta->create("uploads_".$user['id'],0,$user['id']); //uplodads entry
$user['password'] = '';
//If is ajax call return upload data
if($return == true) {
return $user;
}
}
//******************************
// Get users
//******************************
function get()
{
$user = $this->app->session->get_var( 'id' );
$query = "SELECT id,name, admin, space, maxspace FROM users WHERE id != '$user'";
$response = $this->app->db->query($query);
//Check if database has records
if ($response->num_rows > 0)
{
//Records were found
$users = array();
while($row = $response->fetch_array())
{
//Change bytes to kylobytes if maxspace is set
if($row['maxspace']) $row['maxspace'] = $row['maxspace'] / 1000;
$users[] = $row;
}
return $users;
}
else return false;
}
function getinfo($user)
{
$query = "SELECT id,name, admin, space, maxspace FROM users WHERE name = '$user' LIMIT 1";
$response = $this->app->db->query($query);
if ($response && $row = $response->fetch_assoc())
{
return $row;
}
}
//******************************
// Delete user
//******************************
function delete($user)
{
$query = "DELETE FROM users WHERE id = '$user'";
$this->app->db->query($query);
//Remove user meta entries
$this->app->meta->delete("uploads_".$user); //uplodads entry
$this->app->meta->delete("downloads_".$user); //uplodads entry
}
//******************************
// Change user password
//******************************
function updatepassword()
{
//Data validation
$error;
if(empty($_POST['password']))
$error = 'Please enter a password';
//Check for errors
if($error)
{
return array("error" => $error);
}
$password = md5('_password_'.$_POST['password']);
$user = $this->app->session->get_var( 'id' );
$query = "UPDATE users SET password = '$password' WHERE id = '$user'";
$response = $this->app->db->query($query);
return $response;
}
//******************************
// Update user info
//******************************
function update($return = false)
{
//Data validation
$error;
if(!empty($_POST['maxupload']) && !ctype_digit($_POST['maxupload']))
$error = 'Please enter numeric values only for max. upload limit';
//Check for errors
if($error)
{
return array("error" => $error);
}
$user = array();
$user['id'] = $_POST['value'];
$user['maxupload'] = $_POST['maxupload'] ? $_POST['maxupload'] : NULL;
$user['admin'] = $_POST['admin'];
//Update user in database
$query = "UPDATE users SET maxspace = '".($user['maxupload']*1000)."',
admin = '".$user['admin']."'
WHERE id = '".$user['id']."'";
if(is_null($user['maxupload']))
$query = "UPDATE users SET maxspace = NULL,
admin = '".$user['admin']."'
WHERE id = '".$user['id']."'";
$response = $this->app->db->query($query);
//If is ajax call return upload data
if($return == true)
return $user;
}
//******************************
// Update user used space
//******************************
function updatespace($space)
{
$user = $this->app->session->get_var( 'username' );
$query = "UPDATE users SET space = '$space' WHERE name = '$user' LIMIT 1";
$response = $this->app->db->query($query);
if($response)
return $response;
}
//******************************
// Login user
//******************************
function login($user,$password)
{
$user = $this->app->db->real_escape_string($user);
$password = md5('_password_'.$password);
$query = "SELECT * FROM users WHERE name = '$user' AND password = '$password'";
$response = $this->app->db->query($query);
if ($response && $row = $response->fetch_assoc())
{
// Credentials matched
$this->app->session->add_var( array( 'username' => $row['name'],'id' => $row['id'] ));
if( $_SESSION ) { session_regenerate_id( true ); }
# Redirect to dashboard
$path = $this->app->path."manage/";
header ("Location: $path");
}
else
{
return "Incorrect";
}
}
//******************************
// Logout user
//******************************
function logout()
{
$path = $this->app->path."manage/";
session_destroy();
header("Location: $path");
}
}
?>
Register.php
<?php
if( ! defined( '_AppPath' ) ) { exit( 'Direct access to this script is not permitted' ); }
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8" />
<title>Login</title>
<!--STYLES-->
<link rel="stylesheet" href="<?php echo $viewsdir ?>views/css/reset.css" type="text/css">
<link rel="stylesheet" href="<?php echo $viewsdir ?>views/css/styles.css" type="text/css">
<!--SRIPTS-->
<script src="<?php echo $viewsdir ?>views/plugins/jquery.js" type="text/javascript"></script>
<script src="<?php echo $viewsdir ?>views/plugins/jquery.form.js" type="text/javascript"></script>
<script src="<?php echo $viewsdir ?>views/plugins/core.js" type="text/javascript"></script>
<script>
path = '';
</script>
</head>
<body>
<div id="main" class="notice container">
<!--Wrapper-->
<div id="wrapper" class="notice">
<!--Content-->
<div id="content" class="padding">
<?php if($error) : ?>
<div id="message" class="one message invalid clearfix" style="display: block;">
<?php echo $error ?>
</div>
<?php endif ?>
<form id="on-login" method="post">
<!--Username-->
<p class="placeholders">
<label for="user">Username</label>
<input name="name" type="text" autocomplete="off" value="<?php echo $_POST['name'] ?>">
</p>
<!--Password-->
<p class="placeholders">
<label for="password">Password</label>
<input name="password" type="password" autocomplete="off">
</p>
<p>
<label for="robot">Are you human ? <span class="help">- how much is 2 + 3 ?</span></label>
<input type="text" name="robot" value="<?php echo $_POST['robot'] ?>">
</p>
<input type="submit" class="submit" name="action" value="register">
<a class="help one" href="<?php echo $path."manage/"; ?>">Log in</a>
</form>
<!--End #content-->
</div>
<!--End #wrapper-->
</div>
<!--End .container-->
</div>
</body>
</html>
The database is:
table: users
Column: | id | name | email | password | admin | space | maxspace |
What can i do? i do not ask to make the whole sript , i wanna learn, but i don't get it at all.
Thank you,
Tim