removing e-mail feature from available code.

hdry · March 16, 2010

I had to re-do my project, since for some reason they didn't like my work, even after extensive consultation with my supervisor about it.

So one of the things I had to re-do was the admin and login code, and since they felt it was too simple, I had to find a better solution for it, and at first, I thought this seems fine: http://www.ineedtutorials.com/code/php/com...em-php-tutorial

Now keep in mind that I can't host my project on a server, in fact I can only host it on my own laptop, which is quite a downer as it could've made my work easier.

I then removed these following features:

a) e-mail activation

b) lost password feature (since it requires the site to send an e-mail to the user)

After removing them, I tried to register, but it simply didn't want to add me into the database. Even if a user is added via SQL, I also can't log into the site.

Here's the code that I've made changes to:

//functions.inc.php
<?php

require_once("validation.functions.inc.php");
require_once("user.functions.inc.php");
require_once("display.functions.inc.php");
require_once("login.functions.inc.php");

function generate_code($length = 10)
{

    if ($length <= 0)
    {
        return false;
    }

    $code = "";
    $chars = "abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ123456789";
    srand((double)microtime() * 1000000);
    for ($i = 0; $i < $length; $i++)
    {
        $code = $code . substr($chars, rand() % strlen($chars), 1);
    }
    return $code;

}

?>

//display.functions.inc.php
<?php

#### Display Functions ####

function show_userbox()
{
    // retrieve the session information
    $u = $_SESSION['username'];
    $uid = $_SESSION['loginid'];
    // display the user box
    echo "<div id='userbox'>
  	Welcome $u
    <a href='./logout.php'>Logout</a>
  	</ul>
   </div>";
}

function show_loginform($disabled = false)
{

    echo '<form name="login-form" id="login-form" method="post" action="./index.php"> 
  <fieldset> 
  <legend>Please login</legend> 
  <dl> 
    <dt><label title="Username">Username: </label></dt> 
    <dd><input tabindex="1" accesskey="u" name="username" type="text" maxlength="30" id="username" /></dd> 
  </dl> 
  <dl> 
    <dt><label title="Password">Password: </label></dt> 
    <dd><input tabindex="2" accesskey="p" name="password" type="password" maxlength="15" id="password" /></dd> 
  </dl> 
  <ul> 
    <li><a href="./register.php" title="Register">Register</a></li> 
    <li><a href="./lostpassword.php" title="Lost Password">Lost password?</a></li> 
  </ul> 
  <p><input tabindex="3" accesskey="l" type="submit" name="cmdlogin" value="Login" ';
    if ($disabled == true)
    {
        echo 'disabled="disabled"';
    }
    echo ' /></p></fieldset></form>';


}

function show_registration_form(){

echo '<form action="./register.php" method="post"> 
<fieldset><legend>Register</legend>
  <dl> 
    <dt><label for="username">Username:</label></dt> 
    <dd><input name="username" type="text" id="username" maxlength="30">
    </dd> 
  </dl> 
  <dl> 
    <dt><label for="password">Password:</label></dt> 
    <dd><input name="password" type="password" id="password" maxlength="15">
    </dd> 
  </dl> 
  <dl> 
    <dt><label for="password2">Re-type password:</label></dt> 
    <dd><input name="password2" type="password" id="password2" maxlength="15">
    </dd> 
  </dl> 
  <dl> 
    <dt><label for="email">email:</label></dt> 
    <dd><input name="email" type="text" id="email" maxlength="255">
    </dd> 
  </dl> 
  <p> 
    <input name="reset" type="reset" value="Reset"> 
    <input name="register" type="submit" value="Register"> 
  </p> 
  </fieldset>
</form>';

}
?>

login.functions.inc.php
<?php

#### Login Functions #####


function isLoggedIn()
{

    if (session_is_registered('loginid') && session_is_registered('username'))
    {
        return true; // the user is loged in
    } else
    {
        return false; // not logged in
    }

    return false;

}

function checkLogin($u, $p)
{
global $seed; // global because $seed is declared in the header.php file

    if (!valid_username($u) || !valid_password($p) || !user_exists($u))
    {
        return false; // the name was not valid, or the password, or the username did not exist
    }

    //Now let us look for the user in the database.
    $query = sprintf("
  SELECT loginid 
  FROM login 
  WHERE 
  username = '%s' AND password = '%s' 
  LIMIT 1;", mysql_real_escape_string($u), mysql_real_escape_string(sha1($p . $seed)));
    $result = mysql_query($query);
    // If the database returns a 0 as result we know the login information is incorrect.
    // If the database returns a 1 as result we know  the login was correct and we proceed.
    // If the database returns a result > 1 there are multple users
    // with the same username and password, so the login will fail.
    if (mysql_num_rows($result) != 1)
    {
        return false;
    } else
    {
        // Login was successfull
        $row = mysql_fetch_array($result);
        // Save the user ID for use later
        $_SESSION['loginid'] = $row['loginid'];
        // Save the username for use later
        $_SESSION['username'] = $u;
        // Now we show the userbox
        return true;
    }
    return false;
}

?>

user.functions.inc.php
<?php

##### User Functions #####

function user_exists($username)
{
    if (!valid_username($username))
    {
        return false;
    }

    $query = sprintf("SELECT loginid FROM login WHERE username = '%s' LIMIT 1",
        mysql_real_escape_string($username));

    $result = mysql_query($query);

    if (mysql_num_rows($result) > 0)
    {
        return true;
    } else
    {
        return false;
    }

    return false;

}

function registerNewUser($username, $password, $password2, $email)
{

    global $seed;

    if (!valid_username($username) || !valid_password($password) || 
        	!valid_email($email) || $password != $password2 || user_exists($username))
    {
        return false;
    }


    $code = generate_code(20);
    $sql = sprintf("insert into login (username,password,email) value ('%s','%s','%s','%s')",
        mysql_real_escape_string($username), mysql_real_escape_string(sha1($password . $seed))
  , mysql_real_escape_string($email));


    if (mysql_query($sql))
    {
        $id = mysql_insert_id();

        if (sendActivationEmail($username, $password, $id, $email, $code))
        {

            return true;
        } else
        {
            return false;
        }

    } else
    {
        return false;
    }
    return false;

}

?>


validation.functions.inc.php
<?php

#### Validation functions ####

function valid_email($email)
{

    // First, we check that there's one @ symbol, and that the lengths are right
    if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email))
    {
        // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
        return false;
    }
    // Split it into sections to make life easier
    $email_array = explode("@", $email);
    $local_array = explode(".", $email_array[0]);
    for ($i = 0; $i < sizeof($local_array); $i++)
    {
        if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$",
            $local_array[$i]))
        {
            return false;
        }
    }
    if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1]))
    { // Check if domain is IP. If not, it should be valid domain name
        $domain_array = explode(".", $email_array[1]);
        if (sizeof($domain_array) < 2)
        {
            return false; // Not enough parts to domain
        }
        for ($i = 0; $i < sizeof($domain_array); $i++)
        {
            if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i]))
            {
                return false;
            }
        }
    }
    return true;
}

function valid_username($username, $minlength = 3, $maxlength = 30)
{

    $username = trim($username);

    if (empty($username))
    {
        return false; // it was empty
    }
    if (strlen($username) > $maxlength)
    {
        return false; // to long
    }
    if (strlen($username) < $minlength)
    {

        return false; //toshort
    }

    $result = ereg("^[A-Za-z0-9_\-]+$", $username); //only A-Z, a-z and 0-9 are allowed

    if ($result)
    {
        return true; // ok no invalid chars
    } else
    {
        return false; //invalid chars found
    }

    return false;

}

function valid_password($pass, $minlength = 6, $maxlength = 15)
{
    $pass = trim($pass);

    if (empty($pass))
    {
        return false;
    }

    if (strlen($pass) < $minlength)
    {
        return false;
    }

    if (strlen($pass) > $maxlength)
    {
        return false;
    }

    $result = ereg("^[A-Za-z0-9_\-]+$", $pass);

    if ($result)
    {
        return true;
    } else
    {
        return false;
    }

    return false;

}

?>

and the registration code:

<?php

require_once "header.php"; 

if (isset($_POST['register'])){

if (registerNewUser($_POST['username'], $_POST['password'], $_POST['password2'], $_POST['email'])){

  echo "Thank you for registering.
  <a href='./index.php'>Click here to login.</a>
  ";

}else {

  echo "Registration failed! Please try again.";
  show_registration_form();

}

} else {
// has not pressed the register button
show_registration_form();	
}

require_once "footer.php";
?>

note that I didn't include the activation code, disabled and enabled features in the sql table in my database, and I also didn't include mail.functions.inc.php file, lostpassword.php file, changepassword.php file and also the activate.php files (since I deemed them unnecessary), and I'm pretty sure it's something I missed somewhere, but I'm not too sure myself, or is it impossible to remove the e-mailing feature?

Sign In

removing e-mail feature from available code.

Recommended Posts

hdry

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information