sweeti

This is the way it should come.... U_id:uid1 U_id:uid2 U_id:uid3 Name:name1 Name:name2 Name:name3 Team name:teamname1 Team name:teamname2 Team name:teamname3 coins:coins1 coins:coins2 coins:coins3

You could try something like the following: <?php $uid_data = ''; $name_data = ''; $teamname_data = ''; $coins_data = ''; $cash_data = ''; for($i=0;$i<=25;$i++) { if($i%5==0) { $uid_data .= "<td>uid$i</td>"; $name_data .= "<td>name$i</td>"; $teamname_data .= "<td>teamname$i</td>"; $coins_data .= "<td>coins$i</td>"; $cash_data .= "<td>cash$i</td>"; } } print '<table>'; print "<tr><th scope='row'>U_Id</th>$uid_data</tr>"; print "<tr><th scope='row'>Name</th>$name_data</tr>"; print "<tr><th scope='row'>Teamname</th>$teamname_data</tr>"; print "<tr><th scope='row'>Coins</th>$coins_data</tr>"; print "<tr><th scope='row'>Cash</th>$cash_data</tr>"; print '</table><br/>'; ?> But the output is not coming as i desired.I was getting this out put earlier but not the kind of output i have given u as an example...

Yes the orientation does matter..if it was in my hand i would do it like the way you were suggesting but i have to do it the way i have given here.

What i exactly want is: U_id:uid1 U_id:uid2 U_id:uid3 Name:name1 Name:name2 Name:name3 Team name:teamname1 Team name:teamname2 Team name:teamname3 coins:coins1 coins:coins2 coins:coins3 . .

Please do let me know if you dint get my query.....

The problem is that i am getting result of 5 people's data.Hence i am getting 5 tables displayed one after another. What i want to do is display tables side by side.

I tried a lot of things can you all help me out what to do..

Hey everyone, I have a problem here.Now as u see my data is being displayed one after another in vertical manner.But what do i want to do is the entire table being displayed in same page continuously one after another in horizontal manner.how would i do that? (below a screen shot is given how my table looks like.) <code> <?php for($i=0;$i<=25;$i++) { if($i%5==0) { ?> <table> <tr> <th scope="row">U_Id :</th> <td><?php echo 'uid'; ?></td> </tr> <tr> <th scope="row">Name :</th> <td><?php echo "name"; ?></td> </tr> <tr> <th scope="row">Teamname :</th> <td><?php echo "teamname"; ?></td> </tr> <tr> <th scope="row">Coins :</th> <td><?php echo 'coins';?></td> </tr> <tr> <th scope="row">Cash:</th> <td><?php echo 'cash'; ?></td> </tr> </table> <br/> <?php //echo "$i<br/>"; } } ?> </code>

Hey everyone.. I cleared the earlier doubt i have a new doubt in the same system.. <code> public function login($uname, $pass,$remember=false) { $result =$this->db->query("SELECT * FROM tbl_userauth"); $result->execute(); $resl=$result->fetchAll(PDO::FETCH_ASSOC); if ($resl[0]['username'] !=$uname || $resl[0]['password']!=$pass) { return $this->error("User not Found"); } else { $userID=$resl[0]['userid']; $_SESSION['userid']=$userID; $uname=$resl[0]['username']; $_SESSION['uname']=$uname; if(isset($_SESSION['userid'])) { header("location:dash.php"); } else { header("location:login.php"); } } </code> No this is my system actually i wanted to do session checking..Rite now when i am logging in the system i am able to log in but the same URL if i copy and paste in another browser i dont have to log in i am already logged in that's not rite Na?? I mean in another browser i should b logging in and then able to access in rite????What am i doing wrong???? PLease guide me through..Thank you..

Im getting a perfectly fine result when me doing mysql but when converting it to PDO i am getting an error..

I had tested with || operator too..I am totally getting an error even when my username and password both right..n i just have one row in my database so....

public function login( $uname, $pass, $remember=false ) { $uname = $this->escape($uname); $password = $pass; $pass = $this->escape($pass); $result = $this->db->query("SELECT `{$this->table['id']}`,`{$this->table['pass']}`,`{$this->table['active']}` FROM ".TBL_USERS." WHERE `{$this->table['user']}` = '$uname' LIMIT 1"); // If user not found if ($result->num_rows == 0) { return $this->error("Username Not Found"); } // If user is found else { $row = $result->fetch_array(); // Compare passwords if(!$this->comparePassword($pass, $row[$this->table['pass']])) { return $this->error("Invalid username/Password"); } // If passwords match but user is not verified if($row[$this->table['active']] < 1) { return $this->error("Account not verified or inactive"); } // If everything goes well, set the userID $this->userID = $row[$this->table['id']]; } } This was the original code in mysql bt i tried to do in PDO in a simplified manner...can you please tell me where i went wrong???????

hey guys i tried doing that but some how the password is not getting validated..with a wrong password to i can log in the system

He means how is your password stored in the database, have you used md5 or sha1 or something else to encrypt it. When you compare the passwords you need to do the same thing so the values are the same or they will not match and hence you have an issue. I am using sha1()..

Then you need to hash it before your comparison. And in whole words? How would you hash it????i am new at php and trying to learn can you please guide me..

Ya m password is hashed.. Besides, you should be executing your check within your actual query.??????wt exactly u mean by dt..

Please help guys...im stuck here <code> public function login($uname, $pass) { $result =$this->db->query("SELECT * FROM tbl_userauth"); $result->execute(); $resl=$result->fetchAll(PDO::FETCH_ASSOC); if ($resl[0]['username'] !=$uname && $resl[0]['password']!=$pass) { return $this->error("Username or Password Not Found"); } else{ header("location:dash.php"); } } </code> In this i am not able to validate password field..i am able to validate username but not able to validate password field in PDO.

The class you found expects an instance of a mysqli database object, not an instance of a PDO class. They are not directly interchangeable. Whomever altered the code with the new PDO() logic, needs to put it back to the original new mysqli() logic or rewrite and test all the database statements to use PDO. Can u help me how to change all the database statements into PDO im not getting what exactly im messing up...

Hey thank you for all your replies but i am new to php so i am not understanding where and how to use prepare...please help...

Im currently using mysqli but nw im using PDO as my coonection to database but aftr the creation of PDO object i dnt know how to got about the code. And i am getting this error too: Fatal error: Call to undefined method PDO::real_escape_string() MY CODE: <?php class UserAuth { private $db; // Our MySQLi DB object private $userID; // The userid of the active user private $table; // Array containing table fields private $session = array("session","id","time"); // Array containing fields that have to be stored in session variable private $userData = array(); // Array of user data public $actualPath; /** * Constructor - Sets up some global settings, connects to db * * @param MySQLi database object (optional) **/ public function __construct($dbc=null) { // If running on dev mode if(DEV_MODE) { error_reporting(E_ALL | E_NOTICE | E_STRICT); ini_set("display_errors", TRUE); } // Get the actual working path of the user scripts $this->actualPath = $this->getActualPath(); // Set the parameters $this->table = unserialize(TABLE_FIELDS); if(SESSION_FIELDS != '') { $a = explode(',',SESSION_FIELDS); foreach($a as $k) array_push( $this->session, $k ); } // If no database object is passed, create a new db connection if( !is_object($dbc) ) { try { $port = '3307'; $this->db= new PDO("mysql:host=".DB_HOST.";port=$port;dbname=".DB_NAME, DB_USER, DB_PASS); } catch(PDOException $e) { echo $e->getMessage(); } } // else assign the connection object to the passed connection else { $this->db = $dbc; } // If the session is not started yet if( !isset($_SESSION) ) { session_start(); } // If there is a cookie, retrieve its value and try logging in if ( REMEMBER_USER && isset($_COOKIE[COOKIE_NAME]) ) { $this->loadCookie(); } } /** * Loads the cookie and logs in the user * * @param none * @return bool **/ private function loadCookie() { $u = unserialize(base64_decode($_COOKIE[COOKIE_NAME])); // Check if a user exists in the table with the username and session id $sql = "SELECT `{$this->table['id']}`, `{$this->table['active']}` FROM ".TBL_USERS." WHERE `{$this->table['user']}` = '".$u['uname']."' AND `{$this->table['session']}` = '".$u['pass']."' LIMIT 1"; $result = $this->db->query($sql); if($result->num_rows == 1) { $row = $result->fetch_assoc(); // If the user is active, he can be logged in if($row[$this->table['active']] == 1) { $this->userID = $row[$this->table['id']]; $this->postLogin(true); } else { return $this->error("Account not verified or inactive"); } } else { $this->logout("Session Invalid",true); } return true; } /** * Destructor. Closes database connection * * @param none * @return void **/ /* public function __destruct() { if($this->db) { $thread = $this->db->thread_id; $this->db->kill($thread); $this->db->close(); } } */ /** * Login function - Called when logging in through form * * @param string username * @param string password * @param boolean Set cookie? * @return bool **/ public function login( $uname, $pass, $remember=false ) { $uname= $this->escape($uname); $password = $pass; $pass = $this->escape($pass); $result = $this->db->query("SELECT `{$this->table['id']}`,`{$this->table['pass']}`,`{$this->table['active']}` FROM ".TBL_USERS." WHERE `{$this->table['user']}` = '$uname' LIMIT 1"); // If user not found if ($result->num_rows == 0) { return $this->error("Username Not Found"); } // If user is found else { $row = $result->fetch_array(); // Compare passwords /*echo "Typed ".$pass; echo "<br />"; echo "From DB ".$row[$this->table['pass']]; */ if(!$this->comparePassword($pass, $row[$this->table['pass']])) { return $this->error("Invalid username/Password"); } // If passwords match but user is not verified if($row[$this->table['active']] < 1) { return $this->error("Account not verified or inactive"); } // If everything goes well, set the userID $this->userID = $row[$this->table['id']]; } $this->postLogin(); // If a cookie has to be set, do it if ( REMEMBER_USER && $remember) { $cookie = base64_encode(serialize(array('uname'=>$uname,'pass'=>$this->userData[$this->table['session']]))); $a = setcookie(COOKIE_NAME, $cookie, time()+COOKIE_EXPIRES, '/'); } return true; } /** * Sets session variables after logging in either through form or cookie * * @param boolean Using cookie? * @return bool **/ private function postLogin($cookie=false) { $this->loadUser($this->userID); if(!$cookie) { $this->userData[$this->table['session']] = MULTIPLE_SESSIONS ? $this->userData[$this->table['session']] : md5(uniqid(rand(), TRUE)); } $sql = "UPDATE ".TBL_USERS." SET `{$this->table['session']}` = '".$this->userData[$this->table['session']]."' WHERE `{$this->table['id']}` = '$this->userID'"; $res = $this->db->query($sql); if(!$res) { return $this->error($this->db->error); } $_SESSION[sESSION_VARIABLE] = array(); foreach ($this->session as $field) { if(isset($this->userData[$this->table[$field]])) $_SESSION[sESSION_VARIABLE][$field] = $this->userData[$this->table[$field]]; } if( SESSION_TIMEOUT != 0) $_SESSION[sESSION_VARIABLE]['time'] = time(); return true; } /** * User callable function. Checks if the user is logged in as the given user level * * @param Userlevel(s) defined in config.php separated by comma * @return bool **/ public function is($level="USER,MOD,ADMIN") { // Are the user details loaded into the session variable? if( $this->isLoaded() ) { // If a session timout is defined, check it here if( SESSION_TIMEOUT != 0) { if(time() - $_SESSION[sESSION_VARIABLE]['time'] > SESSION_TIMEOUT) { $this->logout("Session Timed out", true); } $_SESSION[sESSION_VARIABLE]['time'] = time(); } // Check if the user exists in the database $sql = "SELECT `{$this->table['level']}` FROM ".TBL_USERS." WHERE `{$this->table['id']}` = '".$_SESSION[sESSION_VARIABLE]['id']."' AND `{$this->table['session']}` = '".$_SESSION[sESSION_VARIABLE]['session']."'"; $res = $this->db->query($sql); if($res->num_rows != 1) { $this->logout("Session Invalid", true); } $row = $res->fetch_assoc(); $userLevel = $row[$this->table['level']]; // If the user is all right, update the last active time in the db $sql = "UPDATE ".TBL_USERS." SET `{$this->table['time']}` = '".date('Y-m-d H:i:s', time()-1)."' WHERE `{$this->table['id']}` = '".$_SESSION[sESSION_VARIABLE]['id']."' AND `{$this->table['session']}` = '".$_SESSION[sESSION_VARIABLE]['session']."'"; $res = $this->db->query($sql); // Check for the userlevels $level = explode(',',$level); $levels = array(); foreach($level as $k) { array_push($levels, constant($k)); } if( in_array ($userLevel, $levels) ) { return true; } else { $this->error("Insufficient Privilege"); exit; } } // Here, the user isn't logged in. So redirect him automatically to the login page // Some basic regex cleanup so that the user isn't redirected to a page outside the site $url = parse_url($this->getActualPath(true)); $replace = '/'.preg_replace('/\//','\/', $url['path']).'/'; $to = preg_replace($replace, '', $_SERVER['PHP_SELF']); //$path = $this->actualPath."login.php?to=$to"; $path = $this->actualPath."index.php"; $this->redirect($path); } /** * Load the user's data from the table * * @access private * @param string $userID * @return bool **/ private function loadUser( $userID ) { $result = $this->db->query("SELECT * FROM ".TBL_USERS." WHERE `{$this->table['id']}` = '".$this->escape($userID)."' LIMIT 1"); if ( $result->num_rows == 0 ) return false; $this->userData = $result->fetch_assoc(); return true; } /** * Produces the result of addslashes() with more safety * * @access private * @param string $str * @return string **/ private function escape($str) { $str = get_magic_quotes_gpc()?stripslashes($str):$str; $str = $this->db->real_escape_string($str); return $str; } /** * Error holder for the class * * @access private * @param string $error * @return bool **/ private function error($error) { echo '<b>Error: </b>'.$error.'<br />'; return false; } /** * Is the user logged in? * * @access public * @return bool **/ public function isLoaded() { return isset($_SESSION[sESSION_VARIABLE]) ? true : false; } /** * Produces a random 8 bit alpha numeric number for salting the password * * @access private * @return string **/ private function getPasswordSalt() { return substr( str_pad( dechex( mt_rand() ), 8, '0', STR_PAD_LEFT ), -8 ); } /** * Creates a salted password for storing in the database * * @access private * @return string **/ private function getPasswordHash( $salt, $password ) { return $salt . ( hash( 'sha1', $salt . $password ) ); } /** * Checks if the password provided, and the hashed password from the db match * * @access private * @return bool **/ private function comparePassword( $password, $hash ) { $salt = substr( $hash, 0, 8 ); return $hash === $this->getPasswordHash( $salt, $password ); } /** * Logs out the user by clearing the session and deleting the cookie * * @access public * @param string Reason for logging out * @param bool Should the script exit after logging out? **/ public function logout($reason = 'User Logged out', $die = false) { // Do this only if the user is logged in if($this->isLoaded()) { $res = $this->db->query("UPDATE ".TBL_USERS." SET `{$this->table['time']}` = '' WHERE `{$this->table['id']}` = ".$_SESSION[sESSION_VARIABLE]['id'].""); // Delete the cookie setcookie(COOKIE_NAME, '', time()-36000, '/'); unset($_SESSION[sESSION_VARIABLE]); $this->userData = null; if($die) { //echo "$reason <br /> Please click <a href='".$this->actualPath."login.php'>here</a> to login again<br />"; $path = $this->actualPath."index.php";//added on 01-06-2011 $this->redirect($path); //exit; } else { //echo "$reason. <br /> Redirecting to main page in 3 seconds"; //echo '<br /> Click <a href="'.$this->getActualPath(true).trim(LOGOUT_REDIRECT,'/ ').'">here</a> if your browser does not redirect you'; $path = $this->actualPath."index.php";//added on 01-06-2011 $this->redirect($path); ?> <script type="text/javascript"> function redirectTo() { window.location = <?php echo "'".$this->getActualPath(true).trim(LOGOUT_REDIRECT,'/ ')."'"; ?>; } window.onload = function() { setTimeout(redirectTo, 3000); } </script> <?php exit; } } //If the user tries logging out without logging in, redirect to the main page of the application else { $this->redirect($this->getActualPath(true)); } } /** * Get a property of a user. You should give here the name of the field that you seek from the user table * * @access public * @param string $property * @return string **/ public function getProperty($property) { // You cannot get certain sensitive fields $ignore = array('pass','vercode'); if(in_array($property, $ignore)) { return false; } if(!empty($this->userData)){ return $this->userData[$this->table[$property]]; } $this->loadUser($_SESSION[sESSION_VARIABLE]['id']); return $this->userData[$this->table[$property]]; } public function getMembersList($start=0, $count=10) { $list = Array(); $i = 0; $result = $this->db->query("SELECT `{$this->table['id']}`,`{$this->table['user']}`,`{$this->table['email']}`,`{$this->table['level']}`,`{$this->table['active']}` FROM ".TBL_USERS." WHERE `{$this->table['id']}` != '1' ORDER BY `{$this->table['id']}` LIMIT $start, $count"); while($row = $result->fetch_assoc()) { $list[$i] = $row; $i++; } return $list; } /** * Is the user an active user? * @return bool **/ public function isActive() { return $this->userData[$this->table['active']]; } /** * Is the user an active user? * @return bool **/ public function redirect($to) { if(!headers_sent()) { header('Location: '.$to); } else { ?> <script type="text/javascript"> <!-- window.location = <?php echo "'".$to."'"; ?>; //--> </script> <?php echo "If you are seeing this, we were not able to redirect you automatically"; echo "<br /> Please click <a href='$to'>here</a> to goto the intended page"; } } /* * Creates a user account. The array should have the form 'database field' => 'value' * @param array $data * return int **/ public function insertUser($data) { if (!is_array($data)) { $this->error('Data to be inserted is not an array'); } // CRITICAL!! DO NOT CHANGE!!! GENERATES A SALTED SHA1 HASH OF THE PASSWORD TO STORE IN THE DB $data['pass'] = $this->getPasswordHash( $this->getPasswordSalt(), $data['pass'] ); // Generate a random verification code $data['vercode'] = $this->randomPassword(50); $data['level'] = USER; $data['active'] = AUTO_ACTIVATE ? 1 : 0; foreach ($data as $k => $v ) $data[$k] = "'".$this->escape($v)."'"; $sql = "INSERT INTO ".TBL_USERS." (`".implode('`, `', array_values($this->table))."`) VALUES (".implode(", ", $data).")"; $result = $this->db->query($sql); // If the user is inserted successfully if( $this->db->affected_rows == 1 ) { // If the user should be auto activated, activate him and ask him to login if(AUTO_ACTIVATE) { //echo "Your account has been created and activated! Click <a href='login.php'>here</a> to login"; $path = $this->actualPath."index.php";//added on 01-06-2011 $this->redirect($path); //exit; } // If an activation mail has to be sent, do that else if(SEND_ACTIVATION_MAIL) { $data['email'] = trim($data['email'],"'"); $data['vercode'] = trim($data['vercode'],"'"); if($this->sendVerificationMail($data['email'], $data['vercode'])) { echo "Verification mail sent to ".$data['email']." <br />Please check your mailbox for instructions on how to verify your account"; } else { echo "Error sending verification mail. Please try again later"; } exit; } // If neither, the admin has to approve the account manually else { echo "Your account has been created. However, the administrator has to approve it manually before it can be used"; exit; } } else { echo "Error inserting user into database. Please contact the site administrator"; exit; } } /* * Creates a random password. You can use it to create a password or a hash for user activation * param int $length * param string $chrs * return string **/ private function randomPassword($length=10, $chrs = '1234567890AbCdEfGhIjKlMnOpQrStuVwXyZ') { $pwd =''; for($i = 0; $i < $length; $i++) { $pwd .= $chrs{mt_rand(0, strlen($chrs)-1)}; } return $pwd; } /** * Activates the user account * @return bool **/ function activateAccount($user) { $sql = "UPDATE ".TBL_USERS." SET `{$this->table['active']}` = '1' WHERE `{$this->table['user']}` = '{$this->escape($user)}'"; $res = $this->db->query($sql); return $this->db->affected_rows; } function checkExisting($field, $value) { if($field !== 'pass') { $res = $this->db->query("SELECT COUNT(*) FROM ".TBL_USERS." WHERE `{$this->table[$field]}` = '{$this->escape($value)}' LIMIT 1"); $row = $res->fetch_array(); return $row[0]; } else if($field == 'pass') { $res = $this->db->query("SELECT `{$this->table['pass']}`, sha1({$this->table['email']}) FROM ".TBL_USERS." WHERE `{$this->table['id']}` = '".$_SESSION[sESSION_VARIABLE]['id']."' LIMIT 1"); if($res->num_rows != 1) return false; $row = $res->fetch_array(); if(!$this->comparePassword($value, $row[0])) { return $this->error("Your current password is wrong! Please try again"); } else { return $row[1]; } } } /** * Checks for verification credentials * * @return array an array containing a status code and status message **/ public function verifyAccount( $email, $vercode ) { $query = "SELECT `{$this->table['active']}` FROM ".TBL_USERS." WHERE `{$this->table['vercode']}` = '{$this->escape($vercode)}' AND sha1({$this->table['email']}) = '{$this->escape($email)}' LIMIT 1"; $res = $this->db->query($query); if($res->num_rows == 0) { echo "That didn't seem right! You probably broke the activation/verification code"; echo "<br / Contact the site administrator for help"; exit; } $row = $res->fetch_assoc(); return $row[$this->table['active']]; } public function changePassword($p, $e) { // CRITICAL!! DO NOT CHANGE!!! GENERATES A SALTED SHA1 HASH OF THE PASSWORD TO STORE IN THE DB $p = $this->getPasswordHash( $this->getPasswordSalt(), $p ); $res = $this->db->query("UPDATE ".TBL_USERS." SET `{$this->table['pass']}` = '{$this->escape($p)}', `{$this->table['active']}` = 1, `{$this->table['session']}` = '' WHERE sha1({$this->table['email']}) = '{$this->escape($e)}'"); return $this->db->affected_rows; } public function updateProperty($field, $value, $id) { if(!$this->isLoaded()) return false; $res = $this->db->query("UPDATE ".TBL_USERS." SET `$field` = '{$this->escape($value)}' WHERE `{$this->table['id']}` = '{$this->escape($id)}'"); return $this->db->affected_rows; } public function updatePropertyArray($array, $id ) { if(!$this->isLoaded()) return false; $sql = "UPDATE ".TBL_USERS." SET "; foreach($array as $k => $v) { $sql .= "`$k` = '{$this->escape($v)}',"; } $sql = rtrim($sql, ","); $sql .= " WHERE `{$this->table['id']}` = '{$this->escape($id)}'"; $res = $this->db->query($sql); return $this->db->affected_rows; } /** * Sends an email to a user with a link to verify their new account * * @param string $email The user's email address * @param string $ver The random verification code for the user * @return boolean TRUE on successful send and FALSE on failure */ private function sendVerificationMail($to, $vercode) { $e = sha1($to); // For verification purposes $subject = "Activation email from " . SITE_NAME; $details = array ( '{VCODE}' => $vercode, '{ECODE}' => $e, '{SITE_NAME}' => SITE_NAME, '{SITE_ADDRESS}' => $this->actualPath, '{ADMIN_NAME}' => ADMIN_NAME, '{ADMIN_EMAIL}'=> ADMIN_EMAIL ); $path = $this->getActualDirectory(); $message = $this->parseTemplate( $details, $path."/templates/verification.html"); if ( $this->sendEmail ( $subject, $to, $message ) ) { return true; } return false; } public function resendVerificationMail($email) { if($this->checkExisting('email', $email)) { $res = $this->db->query("SELECT `{$this->table['vercode']}`, `{$this->table['active']}` FROM ".TBL_USERS." WHERE `{$this->table['email']}` = '{$this->escape($email)}'"); $row = $res->fetch_array(); if($row[1] == 1) { echo "User is already active!"; exit; } if($this->sendVerificationMail($email, $row[0])) return true; } return false; } public function sendUsername($email) { if($this->checkExisting('email',$email)) { $res = $this->db->query("SELECT `{$this->table['user']}` FROM ".TBL_USERS." WHERE `{$this->table['email']}` = '{$this->escape($email)}' LIMIT 1"); $row = $res->fetch_assoc(); // Send the mail $subject = "Your username for ".SITE_NAME; $details = array ( '{SITE_NAME}' => SITE_NAME, '{SITE_ADDRESS}' => $this->getActualPath(true), '{ADMIN_NAME}' => ADMIN_NAME, '{ADMIN_EMAIL}' => ADMIN_EMAIL, '{USERNAME}' => $row[$this->table['user']] ); $path = $this->getActualDirectory(); $message = $this->parseTemplate($details, $path.'/templates/username.html'); if( $this->sendEmail($subject, $email, $message) ) return true; return false; } else { echo "Email address not found!"; exit; } } public function sendPasswordReset($email) { if($this->checkExisting('email', $email)) { $v = $this->randomPassword(50); $res = $this->db->query("UPDATE ".TBL_USERS." SET`{$this->table['vercode']}` = '{$v}', `{$this->table['active']}`= 2 WHERE `{$this->table['email']}` = '{$this->escape($email)}'"); if($this->db->affected_rows != 1) { echo "Error updating verification code! Please try again later"; exit; } // Send the email $e = sha1($email); // For verification purposes $subject = "Reset your password for " . SITE_NAME; $details = array ( '{VCODE}' => $v, '{ECODE}' => $e, '{SITE_NAME}' => SITE_NAME, '{SITE_ADDRESS}' => $this->actualPath, '{ADMIN_NAME}' => ADMIN_NAME, '{ADMIN_EMAIL}'=> ADMIN_EMAIL ); $path = $this->getActualDirectory(); $message = $this->parseTemplate( $details, $path."/templates/password.html"); if ( $this->sendEmail ( $subject, $email, $message ) ) { return true; } return false; } else { echo "Email address not found!"; exit; } } private function parseTemplate( $data, $page ) { $tags = array(); $values = array(); foreach ($data as $k => $v) { array_push($tags, $k); array_push($values, $v); } $page = file_get_contents($page); return str_replace($tags, $values, $page); } public function sendEmail ( $subject, $to, $body, $from = FALSE ) { require_once('mailer.class.php'); $mailer = new PHPMailer(); //do we use SMTP? if ( USE_SMTP ) { $mailer->IsSMTP(); $mailer->SMTPAuth = true; $mailer->Host = SMTP_HOST; $mailer->Port = SMTP_PORT; $mailer->Password = SMTP_PASS; $mailer->Username = SMTP_USER; if(USE_SSL) $mailer->SMTPSecure = "ssl"; } $mailer->SetFrom($from?$from:ADMIN_EMAIL, ADMIN_NAME); $mailer->AddReplyTo ( ADMIN_EMAIL, ADMIN_NAME ); $mailer->AddAddress($to); $mailer->Subject = $subject; //$mailer->WordWrap = 100; $mailer->IsHTML ( TRUE ); $mailer->MsgHTML($body); require_once('util.class.php'); $mailer->AltBody = Util::html2text ( $body ); //$mail->AddAttachment("images/phpmailer.gif"); // attachment //$mail->AddAttachment("images/phpmailer_mini.gif"); // attachment if ( ! $mailer->Send() ) { return FALSE; } else { $mailer->ClearAllRecipients (); $mailer->ClearReplyTos (); return TRUE; } } public function getActualPath($onlySite = FALSE) { if( !defined('SITE_PATH') || SITE_PATH == "" ) $path = "http://".$_SERVER['SERVER_NAME']."/"; else $path = trim(SITE_PATH,'/ ').'/'; if($onlySite) return $path; if( !defined('USER_DIR') || USER_DIR == "" ) $dir = ""; else $dir = trim(USER_DIR,'/ '); if(empty($dir)) return $path; return $path.$dir.'/'; } public function getActualDirectory() { $path = pathinfo(__FILE__,PATHINFO_DIRNAME); $path .= '/../'; $path = realpath($path); return rtrim($path,'/ '); } } // end of class $user = new UserAuth();