Jump to content

Hello guys, i need help with a script

djfadeout

By djfadeout
in PHP Coding Help

Recommended Posts

djfadeout Newbie

djfadeout

Posted
Posted

I have a script on my website, freestudentcloud.com.

 

But i want:

1) that new users must activate there account.

2)If the user lose his pass that he can Change/renew his password.

 

I hope someone can help me with my problems.

 

I have no knowledge of php, but i have tried many thinks. like http://www.learnphponline.com/scripts/email-activation-for-php-forms

 

This is the users.php

<?php
if( ! defined( '_AppPath' ) ) { exit( 'Direct access to this script is not permitted' ); }

class Users
{
var $app;
function __construct( $app )
{
  $this->app = $app;
}
//******************************
// Insert new user
//******************************
function create($return = false)
{
  //Data validation
  $error;
  if(empty($_POST['password']))
   $error = 'Please enter a password';
  if(!empty($_POST['maxupload']) && !ctype_digit($_POST['maxupload']))
   $error = 'Please enter numeric values only for max. upload limit';
  if(empty($_POST['name']))
   $error = 'Please enter a username';   
  //Check for errors 
  if($error)
  {
   return array("error" => $error);
  }
  $user = array();
  $user['name']  = $this->app->db->real_escape_string($_POST['name']);  
  $user['password'] 	= md5('_password_'.$_POST['password']);
  $user['maxupload'] = $_POST['maxupload'] ? $_POST['maxupload'] : '';
  $user['admin']     = $_POST['admin'];
  
  //remove white space from username
  $user['name'] = str_replace(" ","",$user['name']);
  //Check for illegal characters
  $valid = array('-', '_');
  if(!ctype_alnum(str_replace($valid,'',$user['name'])))
   return array("error" => 'Only alphanumeric characters and "-" or "_" are allowed');
  if(strlen($user['name']) > 30)
   return array("error" => 'Username is too big (30 characters allowed)');
  
   
  //Insert user into database
  $query = "INSERT INTO users VALUES (NULL,
                                     '".$user['name']."',
                                     '".$user['password']."',
                                     '".$user['admin']."',
                                     '0',
                                     '".($user['maxupload']*1000)."')";
  if(!$user['maxupload'])		
   $query = "INSERT INTO users VALUES (NULL,
                                     '".$user['name']."',
                                     '".$user['password']."',
                                     '".$user['admin']."',
                                     '0',
                                     NULL)";																											
      
  //Save user record in database
  $result = $this->app->db->query($query);
  if(!$result)
   return array("error" => "The username you chose is taken already");
   
  //Set user id   																																			
  $user['id'] = sprintf("%011d", $this->app->db->insert_id); 
   
  //Create meta entries for new user
  $this->app->meta->create("downloads_".$user['id'],0,$user['id']); //downloads entry
  $this->app->meta->create("uploads_".$user['id'],0,$user['id']); //uplodads entry
  
  
  
  $user['password'] = '';
  //If is ajax call return upload data
  if($return == true) {
   return $user;
  }
}
//******************************
// Get users
//******************************
function get()
{
  $user = $this->app->session->get_var( 'id' );
  $query = "SELECT id,name, admin, space, maxspace FROM users WHERE id != '$user'";
  $response = $this->app->db->query($query);
  //Check if database has records
  if ($response->num_rows > 0)
  {
   //Records were found
   $users = array();
   while($row = $response->fetch_array())
   {
    //Change bytes to kylobytes if maxspace is set
    if($row['maxspace']) $row['maxspace'] = $row['maxspace'] / 1000;
    $users[] = $row;   	
   }
   return $users;
  }
  else return false;
}
function getinfo($user)
{
  $query = "SELECT id,name, admin, space, maxspace FROM users WHERE name = '$user' LIMIT 1";
  $response = $this->app->db->query($query);
  if ($response && $row = $response->fetch_assoc())
  {
   return $row;
  }
}
//******************************
// Delete user
//******************************
function delete($user)
{
  $query = "DELETE FROM users WHERE id = '$user'";
  $this->app->db->query($query);
  
  //Remove user meta entries
  $this->app->meta->delete("uploads_".$user); //uplodads entry
  $this->app->meta->delete("downloads_".$user); //uplodads entry
}
//******************************
// Change user password
//******************************
function updatepassword()
{
  //Data validation
  $error;
  if(empty($_POST['password']))
   $error = 'Please enter a password';
  //Check for errors 
  if($error)
  {
   return array("error" => $error);
  } 
  $password = md5('_password_'.$_POST['password']);  
  $user = $this->app->session->get_var( 'id' );  
  
  $query = "UPDATE users SET password = '$password' WHERE id = '$user'";                             
  $response = $this->app->db->query($query);
  
  return $response;
} 
//******************************
// Update user info
//******************************
function update($return = false)
{
  //Data validation
  $error;
  if(!empty($_POST['maxupload']) && !ctype_digit($_POST['maxupload']))
   $error = 'Please enter numeric values only for max. upload limit';   
  //Check for errors 
  if($error)
  {
   return array("error" => $error);
  }
  $user = array();
  $user['id']        = $_POST['value'];
  $user['maxupload'] = $_POST['maxupload'] ? $_POST['maxupload'] : NULL;
  $user['admin']     = $_POST['admin'];  
  //Update user in database
  $query = "UPDATE users SET maxspace = '".($user['maxupload']*1000)."',
                             admin    = '".$user['admin']."'  																											
                             WHERE id = '".$user['id']."'";
  
  if(is_null($user['maxupload']))
   $query = "UPDATE users SET maxspace = NULL,
                             admin    = '".$user['admin']."'  																											
                             WHERE id = '".$user['id']."'";   
  

  
  $response = $this->app->db->query($query);
  
  //If is ajax call return upload data
  if($return == true)
   return $user;

}
//******************************
// Update user used space
//******************************
function updatespace($space)
{
  $user = $this->app->session->get_var( 'username' );
  $query = "UPDATE users SET space = '$space' WHERE name = '$user' LIMIT 1";
  $response = $this->app->db->query($query);
  if($response)
   return $response;
}
//******************************
// Login user
//******************************
function login($user,$password)
{
  $user = $this->app->db->real_escape_string($user);
  $password = md5('_password_'.$password);
  
  $query = "SELECT * FROM users WHERE name = '$user' AND password = '$password'";
  $response = $this->app->db->query($query);
  if ($response && $row = $response->fetch_assoc())
  {
   // Credentials matched
   $this->app->session->add_var( array( 'username' => $row['name'],'id' => $row['id'] ));
   
   if( $_SESSION ) { session_regenerate_id( true ); }
   # Redirect to dashboard
   $path = $this->app->path."manage/";
   header ("Location: $path");
  }
  else
  {
   return "Incorrect";
  }
}
//******************************
// Logout user
//******************************
function logout()
{
  $path = $this->app->path."manage/";
  session_destroy();
  header("Location: $path");
}
}
?>

 

Register.php

<?php
if( ! defined( '_AppPath' ) ) { exit( 'Direct access to this script is not permitted' ); }

?>

<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8" />
<title>Login</title>	
<!--STYLES-->
<link rel="stylesheet" href="<?php echo $viewsdir ?>views/css/reset.css" type="text/css">
<link rel="stylesheet" href="<?php echo $viewsdir ?>views/css/styles.css" type="text/css">
<!--SRIPTS-->
<script src="<?php echo $viewsdir ?>views/plugins/jquery.js" type="text/javascript"></script>
<script src="<?php echo $viewsdir ?>views/plugins/jquery.form.js" type="text/javascript"></script>
<script src="<?php echo $viewsdir ?>views/plugins/core.js" type="text/javascript"></script>
<script>
 path = '';
</script>
</head>

<body>



<div id="main" class="notice container">
 <!--Wrapper-->
 <div id="wrapper" class="notice">
  
  <!--Content-->
  <div id="content" class="padding">
  
  <?php if($error) : ?>
  	<div id="message" class="one message invalid clearfix" style="display: block;">	  	
  	<?php echo $error ?>
  	</div>	  	
  <?php endif ?>
  
   <form id="on-login" method="post">
   	<!--Username-->
    <p class="placeholders">
    	<label for="user">Username</label>
    	<input name="name" type="text" autocomplete="off" value="<?php echo $_POST['name'] ?>">
    </p>
    <!--Password-->
    <p class="placeholders">
    	<label for="password">Password</label>
    	<input name="password" type="password" autocomplete="off">
    </p>	 		 
    <p>
    	<label for="robot">Are you human ? <span class="help">- how much is 2 + 3 ?</span></label>
    	<input type="text" name="robot" value="<?php echo $_POST['robot'] ?>">
    </p>
    
    
    <input type="submit" class="submit" name="action" value="register">	
    <a class="help one" href="<?php echo $path."manage/"; ?>">Log in</a>   
   </form>
   
  <!--End #content-->
  </div>   
 <!--End #wrapper-->
 </div>
<!--End .container-->
</div>
</body>
</html>

 

The database is:

table: users

Column: | id | name | email | password | admin | space | maxspace |

 

What can i do? i do not ask to make the whole sript :), i wanna learn, but i don't get it at all.

 

Thank you,

Tim

Link to comment
https://forums.phpfreaks.com/topic/259122-hello-guys-i-need-help-with-a-script/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.