Jump to content

Recommended Posts

 <?php $conn = mysql_connect("localhost", "root", "pass!");
mysql_select_db("login1", $conn)
or die ('Database not found ' . mysql_error() );
$cust = $_GET["username"];
$sql = "select * from weight";
$rs = mysql_query($sql, $conn)
or die ('Database not found ' . mysql_error() );

?>

<?php if (mysql_num_rows($rs)>0){ ?>
<table width="700" border="1" cellpadding="10">
<tr><td>Username</td><td>date</td><td>weight in lbs</td><td>weight in kg</td></tr>
<?php while ($row = mysql_fetch_array($rs)) { ?>
<tr>
<td><?php echo $row["username"]?></td>
<td><?php echo $row["date"]?></td>
<td><?php echo $row["weight_lb"]?></td>
<td><?php echo $row["weight_kg"]?></td></tr>
<?php } ?></table>
<?php }
else {?> <p>No weight with username<?php echo $username ?>
in  database.</p>
<?php } ?>

this is not my code. but everything works but it is showing all users data from the database. I just want it to show the user logged in data and not ever one else. but cant figure it out why its not doing it right.

Link to comment
https://forums.phpfreaks.com/topic/277045-showing-other-peoples-data/
Share on other sites

<?php $conn = mysql_connect("localhost", "root", "pass!");
mysql_select_db("login1", $conn)
or die ('Database not found ' . mysql_error() );
$cust = $_GET["username"];
$sql = "select * from weight";
$rs = mysql_query($sql, $conn)
or die ('Database not found ' . mysql_error() );

if (mysql_num_rows($rs)>0){
echo '<table width="700" border="1" cellpadding="10">
<tr>
<td>Username</td>
<td>date</td>
<td>weight in lbs</td>
<td>weight in kg</td>
</tr>';
while ($row = mysql_fetch_array($rs)) {
echo "<tr>
<td>{$row['username']}</td>
<td>{$row['date']}</td>
<td>{$row['weight_lb']}</td>
<td>{$row['weight_kg']}</td>
</tr>";
}

echo '</table>';
}else{
echo "<p>No weight with username: {$username} in database.</p>";
}
See how much easier to read that is? Don't go in and out of PHP all the time. Edited by Jessica
<?php 
	/** 
	* track_weight

	* @package Membership Manager Pro
	* @author wojoscripts.com
	* @copyright 2011
	* @version Id: track_weight.php, v2.00 2013-04-16 11:42:41 gewa Exp $
	*/
 
	 define("_VALID_PHP", true); 
	 require_once("init.php");


?> 
 
 <?php include("header.php");?> 
 
 
	 <?php if($user->checkMembership('1,6')): ?>
  <!-- ============= CONTENT AREA STARTS HERE ============== -->
        		<div id="content">
                
                		<!-- SLIDER STARTS HERE -->
						<div id="slider" class="slider2">
								<div >
										
								</div>
						  <h2 class="slider-head">Track your Weight</h2><br /><br />
						  <div id="whats-hot" > <p> The best time to weigh yourself is within the first hour as you wake up.
</p>

									</div>	<br /><br /><br />

	
			                <!-- end of news div --><!-- end of container div -->
 <div class="w-pet-border"> 
  <?php $conn = mysql_connect("localhost", "root", "pass!");
mysql_select_db("login1", $conn)
or die ('Database not found ' . mysql_error() );
$cust = $_GET["username"];
$sql = "select * from weight";
$rs = mysql_query($sql, $conn)
or die ('Database not found ' . mysql_error() );

if (mysql_num_rows($rs)>0){ 
	echo '<table width="700" border="1" cellpadding="10">
		<tr>
			<td>Username</td>
			<td>date</td>
			<td>weight in lbs</td>
			<td>weight in kg</td>
		</tr>';
	while ($row = mysql_fetch_array($rs)) {
		echo "<tr>
			<td>{$row['username']}</td>
			<td>{$row['date']}</td>
			<td>{$row['weight_lb']}</td>
			<td>{$row['weight_kg']}</td>
		</tr>";
	}
	
	echo '</table>';
}else{
	echo "<p>No weight with username: {$username} in  database.</p>";
}
    ?>
</table>
 </div><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
 
	 <?php else: ?>
 
	 <h2>Please <a href="index.php">Login</a> to view this page. or if you are logged in please weight 24 hour or less so Admin can change your Membership
	 </h2>
<?php endif; ?>
 
 
 <?php include("footer.php");?> 

so sorry. but really need help. the user is already logged in and it shows the table if the user was not logged in then it would show the login to view bit.

 

this has been racking my brain all day. surly if the user is already logged in then if I run the fetch script then it should just show the user logged in data.

could it be something todo with my database?

As gristoi hinted at in the first response, you have no conditions set on your query.

 

If it says there are no rows with that username, maybe there aren't.

 

As Jessica said, did you check the data in your database to see if that username is in the database?

 

Also, the code doesn't check for any "logged in" user at all. It just takes the "username" out of the URL.

 

Edit: I see the checkMembership part in your newest posted code now. I think the main problem is that you are getting the username from the URL. It should be stored in a session. Can you post the checkMembership function code?

Edited by lemmin

hi, lemmin. 

 

http://cffoodtoday.com/testing2/index.php  

username testing1

password lolclol

go in in nav bar to account - member area - then click on weight.... add a weight then click submit and you will see what I mean.

 

i got a  Membership Manager code then editing in the weight code

Edited by lolclol

That happens because you have no condition on the query. The user data is likely stored in the session.

 

I'm assuming you're using some kind of PHP framework that is handling the user system. If you could tell us what that is or post more information about the user object, it would be easier to help you fix the query.

hum all i know it Membership Manager Pro author wojoscripts.com

 

 

here is the class_user.php , if it helps

<?php
  /**
   * User Class
   *
   * @package Membership Manager Pro
   * @author wojoscripts.com
   * @copyright 2010
   * @version $Id: class_user.php, v2.00 2011-07-10 10:12:05 gewa Exp $
   */
  
  if (!defined("_VALID_PHP"))
      die('Direct access to this location is not allowed.');

  class Users
  {
	  private $uTable = "users";
	  public $logged_in = null;
	  public $uid = 0;
	  public $userid = 0;
      public $username;
	  public $email;
	  public $name;
	  public $membership_id = 0;
      public $userlevel;
	  public $cookie_id = 0;
	  private $lastlogin = "NOW()";
      

      /**
       * Users::__construct()
       * 
       * @return
       */
      function __construct()
      {
		  $this->getUserId();
		  $this->startSession();
      }

	  /**
	   * Users::getUserId()
	   * 
	   * @return
	   */
	  private function getUserId()
	  {
	  	  global $core;
		  if (isset($_GET['userid'])) {
			  $userid = (is_numeric($_GET['userid']) && $_GET['userid'] > -1) ? intval($_GET['userid']) : false;
			  $userid = sanitize($userid);
			  
			  if ($userid == false) {
				  $core->error("You have selected an Invalid Userid","Users::getUserId()");
			  } else
				  return $this->userid = $userid;
		  }
	  }  

      /**
       * Users::startSession()
       * 
       * @return
       */
      private function startSession()
      {
		session_start();
		$this->logged_in = $this->loginCheck();
		
		if (!$this->logged_in) {
			$this->username = $_SESSION['username'] = "Guest";
			$this->userlevel = 0;
		}
      }

	  /**
	   * Users::loginCheck()
	   * 
	   * @return
	   */
	  private function loginCheck()
	  {
		  
          if (isset($_COOKIE['MSM_SITECOOKIE']) && isset($_COOKIE['MSM_SITECOOKIE_ID'])) {
              $this->username = $_SESSION['username'] = $_COOKIE['MSM_SITECOOKIE'];
              $this->cookie_id = $_SESSION['cookie_id'] = $_COOKIE['MSM_SITECOOKIE_ID'];
          }
		  
          if (isset($_SESSION['username']) && isset($_SESSION['cookie_id']) && $_SESSION['username'] != "Guest") {
              if ($this->confirmUserID($_SESSION['username'], $_SESSION['cookie_id']) != 0) {
                  unset($_SESSION['username']);
                  unset($_SESSION['cookie_id']);
                  return false;
              }
              $row = $this->getUserInfo($_SESSION['username']);
			  $this->uid = $row['id'];
              $this->username = $row['username'];
			  $this->email = $row['email'];
			  $this->name = $row['fname'].' '.$row['lname'];
              $this->userlevel = $row['userlevel'];
			  $this->cookie_id = $row['cookie_id'];
			  $this->membership_id = $row['membership_id'];
              return true;
          } else {
              return false;
          }  
	  }

	  /**
	   * Users::is_Admin()
	   * 
	   * @return
	   */
	  public function is_Admin()
	  {
		  return($this->userlevel == 9);
	  
	  }	

	  /**
	   * Users::login()
	   * 
	   * @param mixed $username
	   * @param mixed $pass
	   * @return
	   */
	  public function login($username, $pass)
	  {
		  global $db, $core;

		  if ($username == "" && $pass == "") {
			  $core->msgs['username'] = 'Please enter valid username and password.';
		  } else {
			  $status = $this->checkStatus($username, $pass);
			  
			  switch ($status) {
				  case 0:
					  $core->msgs['username'] = 'Login and/or password did not match to the database.';
					  break;
					  
				  case 1:
					  $core->msgs['username'] = 'Your account has been banned.';
					  break;
					  
				  case 2:
					  $core->msgs['username'] = 'Your account it\'s not activated.';
					  break;
					  
				  case 3:
					  $core->msgs['username'] = 'You need to verify your email address.';
					  break;
			  }
		  }
		  if (empty($core->msgs) && $status == 5) {
			  $row = $this->getUserInfo($username);
			  $this->uid = $_SESSION['userid'] = $row['id'];
			  $this->username = $_SESSION['username'] = $row['username'];
			  $this->email = $_SESSION['email'] = $row['email'];
			  $this->name = $_SESSION['name'] = $row['fname'].' '. $row['lname'];
			  $this->userlevel = $_SESSION['userlevel'] = $row['userlevel'];
			  $this->cookie_id = $_SESSION['cookie_id'] = $this->generateRandID();
			  $this->membership_id = $_SESSION['membership_id'] = $row['membership_id'];

			  $data = array(
					'lastlogin' => $this->lastlogin, 
					'cookie_id' => $this->cookie_id,
					'lastip' => sanitize($_SERVER['REMOTE_ADDR'])
			  );
			  $db->update($this->uTable, $data, "username='" . $this->username . "'");
			  if(!$this->validateMembership()) {
				$data = array(
					  'membership_id' => 0, 
					  'mem_expire' => "0000-00-00 00:00:00"
				);
				$db->update($this->uTable, $data, "username='" . $this->username . "'");
			  }

			  if (isset($_POST['remember'])) {
				  setcookie("MSM_SITECOOKIE", $this->username, time() + 60 * 60 * 24 * 60, '/');
				  setcookie("MSM_SITECOOKIE_ID", $this->cookie_id, time() + 60 * 60 * 24 * 60, '/');
			  }
			  
			  return true;
		  } else
			  $core->msgStatus();
	  }

      /**
       * Users::logout()
       * 
       * @return
       */
      public function logout()
      {
		  
          if (isset($_COOKIE['MSM_SITECOOKIE']) && isset($_COOKIE['MSM_SITECOOKIE_ID'])) {
              setcookie("MSM_SITECOOKIE", "", time() - 60 * 60 * 24 * 60, '/');
              setcookie("MSM_SITECOOKIE_ID", "", time() - 60 * 60 * 24 * 60, '/');
          }
		  
          unset($_SESSION['username']);
		  unset($_SESSION['email']);
		  unset($_SESSION['name']);
		  unset($_SESSION['membership_id']);
          unset($_SESSION['userid']);
		  unset($_SESSION['cookie_id']);
          session_destroy();
		  session_regenerate_id();
          
          $this->logged_in = false;
          $this->username = "Guest";
          $this->userlevel = 0;
      }

      /**
       * User::confirmUserID()
       * 
       * @param mixed $username
       * @param mixed $cookie_id
       * @return
       */
      function confirmUserID($username, $cookie_id)
      {
          global $db;
          
          $sql = "SELECT cookie_id FROM users WHERE username = '" . $db->escape($username, true)."'";
          $result = $db->query($sql);
          if (!$result || ($db->numrows($result) < 1)) {
              return 1;
          }
          
          $row = $db->fetch($result);
          $row ['cookie_id'] = sanitize($row['cookie_id']);
          $cookie_id = sanitize($cookie_id);
          
          if ($cookie_id == $row['cookie_id']) {
              return 0;
          } else {
              return 2;
          }
      }
	  
	  /**
	   * Users::getUserInfo()
	   * 
	   * @param mixed $username
	   * @return
	   */
	  private function getUserInfo($username)
	  {
		  global $db;
		  $username = sanitize($username);
		  $username = $db->escape($username);
		  
		  $sql = "SELECT * FROM " . $this->uTable . " WHERE username = '" . $username . "'";
		  $row = $db->first($sql);
		  if (!$username)
			  return false;
		  
		  return ($row) ? $row : 0;
	  }

	  /**
	   * Users::checkStatus()
	   * 
	   * @param mixed $username
	   * @param mixed $pass
	   * @return
	   */
	  public function checkStatus($username, $pass)
	  {
		  global $db;
		  
		  $username = sanitize($username);
		  $username = $db->escape($username);
		  $pass = sanitize($pass);
		  
          $sql = "SELECT password, active FROM " . $this->uTable
		  . "\n WHERE username = '".$username."'";
          $result = $db->query($sql);
          
		  if ($db->numrows($result) == 0)
			  return 0;
			  
		  $row = $db->fetch($result);
		  $entered_pass = sha1($pass);
		  
		  switch ($row['active']) {
			  case "b":
				  return 1;
				  break;
				  
			  case "n":
				  return 2;
				  break;
				  
			  case "t":
				  return 3;
				  break;
				  
			  case "y" && $entered_pass == $row['password']:
				  return 5;
				  break;
		  }
	  }

	  /**
	   * Users::getUsers()
	   * 
	   * @param bool $from
	   * @return
	   */
	  public function getUsers($from = false)
	  {
		  global $db, $pager, $core;
		  
		  require_once(BASEPATH . "lib/class_paginate.php");
          $pager = new Paginator();
		  
          $counter = countEntries($this->uTable);
          $pager->items_total = $counter;
          $pager->default_ipp = $core->perpage;
          $pager->paginate();
          
          if ($counter == 0) {
              $pager->limit = null;
          }

		  if (isset($_GET['sort'])) {
			  list($sort, $order) = explode("-", $_GET['sort']);
			  $sort = sanitize($sort);
			  $order = sanitize($order);
			  if (in_array($sort, array("username", "fname", "lname", "email", "created"))) {
				  $ord = ($order == 'DESC') ? " DESC" : " ASC";
				  $sorting = " u." . $sort . $ord;
			  } else {
				  $sorting = " u.created DESC";
			  }
		  } else {
			  $sorting = " u.created DESC";
		  }
		  
		  $clause = (isset($clause)) ? $clause : null;
		  
          if (isset($_POST['fromdate']) && $_POST['fromdate'] <> "" || isset($from) && $from != '') {
              $enddate = date("Y-m-d");
              $fromdate = (empty($from)) ? $_POST['fromdate'] : $from;
              if (isset($_POST['enddate']) && $_POST['enddate'] <> "") {
                  $enddate = $_POST['enddate'];
              }
              $clause .= " WHERE u.created BETWEEN '" . trim($fromdate) . "' AND '" . trim($enddate) . " 23:59:59'";
          } 
		  
          $sql = "SELECT u.*, CONCAT(u.fname,' ',u.lname) as name, m.title, m.id as mid,"
		  . "\n DATE_FORMAT(u.created, '%d. %b. %Y.') as cdate,"
		  . "\n DATE_FORMAT(u.lastlogin, '%d. %b. %Y.') as adate"
		  . "\n FROM " . $this->uTable . " as u"
		  . "\n LEFT JOIN memberships as m ON m.id = u.membership_id" 
		  . "\n " . $clause
		  . "\n ORDER BY " . $sorting . $pager->limit;
          $row = $db->fetch_all($sql);
          
		  return ($row) ? $row : 0;
	  }

	  /**
	   * Users::processUser()
	   * 
	   * @return
	   */
	  public function processUser()
	  {
		  global $db, $core;

		  if (!$this->userid) {
			  if (empty($_POST['username']))
				  $core->msgs['username'] = 'Please Enter Valid Username';
			  
			  if ($value = $this->usernameExists($_POST['username'])) {
				  if ($value == 1)
					  $core->msgs['username'] = 'Username Is Too Short (less Than 4 Characters Long).';
				  if ($value == 2)
					  $core->msgs['username'] = 'Invalid Characters Found In Username.';
				  if ($value == 3)
					  $core->msgs['username'] = 'Sorry, This Username Is Already Taken';
			  }
		  }

		  if (empty($_POST['fname']))
			  $core->msgs['fname'] = 'Please Enter First Name';
			  
		  if (empty($_POST['lname']))
			  $core->msgs['lname'] = 'Please Enter Last Name';
			  
		  if (!$this->userid) {
			  if (empty($_POST['password']))
				  $core->msgs['password'] = 'Please Enter Valid Password.';
		  }

		  if (empty($_POST['email']))
			  $core->msgs['email'] = 'Please Enter Valid Email Address';
		  if (!$this->userid) {
			  if ($this->emailExists($_POST['email']))
				  $core->msgs['email'] = 'Entered Email Address Is Already In Use.';
		  }
		  if (!$this->isValidEmail($_POST['email']))
			  $core->msgs['email'] = 'Entered Email Address Is Not Valid.';

		  if (empty($core->msgs)) {
			  $trial =  $live = getValue("trial", "memberships", "id = " . intval($_POST['membership_id']) . "");
			  
			  $data = array(
				  'username' => sanitize($_POST['username']), 
				  'email' => sanitize($_POST['email']), 
				  'lname' => sanitize($_POST['lname']), 
				  'fname' => sanitize($_POST['fname']), 
				  'membership_id' => intval($_POST['membership_id']),
				  'mem_expire' => $this->calculateDays($_POST['membership_id']),
				  'trial_used' => ($trial) ? 1 : 0,
				  'newsletter' => intval($_POST['newsletter']),
				  'userlevel' => intval($_POST['userlevel']), 
				  'active' => sanitize($_POST['active'])
			  );

			  if (!$this->userid)
				  $data['created'] = "NOW()";
				   
			  if ($this->userid)
				  $userrow = $core->getRowById($this->uTable, $this->userid);
			  
			  if ($_POST['password'] != "") {
				  $data['password'] = sha1($_POST['password']);
			  } else {
				  $data['password'] = $userrow['password'];
			  }

			  // Start Avatar Upload
			  include(BASEPATH . "lib/class_imageUpload.php");
			  include(BASEPATH . "lib/class_imageResize.php");

			  $newName = "IMG_" . randName();
			  $ext = substr($_FILES['avatar']['name'], strrpos($_FILES['avatar']['name'], '.') + 1);
			  $name = $newName.".".strtolower($ext);
		
			  $als = new Upload();
			  $als->File = $_FILES['avatar'];
			  $als->method = 1;
			  $als->SavePath = UPLOADS;
			  $als->NewWidth = $core->thumb_w;
			  $als->NewHeight = $core->thumb_h;
			  $als->NewName  = $newName;
			  $als->OverWrite = true;
			  $err = $als->UploadFile();

			  if ($this->userid) {
				  $avatar = getValue("avatar",$this->uTable,"id = '".$this->userid."'");
				  if (!empty($_FILES['avatar']['name'])) {
					  if ($avatar) {
						  @unlink($als->SavePath . $avatar);
					  }
					  $data['avatar'] = $name;
				  } else {
					  $data['avatar'] = $avatar;
				  }
			  } else {
				  if (!empty($_FILES['avatar']['name'])) 
				  $data['avatar'] = $name;
			  }
			  
			  if (count($err) > 0 and is_array($err)) {
				  foreach ($err as $key => $val) {
					  $core->msgError($val, false);
				  }
			  }
				  
			  ($this->userid) ? $db->update($this->uTable, $data, "id='" . (int)$this->userid . "'") : $db->insert($this->uTable, $data);
			  $message = ($this->userid) ? '<span>Success!</span>User updated successfully!' : '<span>Success!</span>User added successfully!';

			  if ($db->affected()) {
				  $core->msgOk($message);
				  
				  if (isset($_POST['notify']) && intval($_POST['notify']) == 1) {
					  
					  require_once(BASEPATH . "lib/class_mailer.php");
					  $mailer = $mail->sendMail();	
								  
					  $row = $core->getRowById("email_templates", 3);
					  
					  $body = str_replace(array('[USERNAME]', '[PASSWORD]', '[NAME]', '[SITE_NAME]', '[URL]'), 
					  array($data['username'], $_POST['password'], $data['fname'].' '.$data['lname'], $core->site_name, $core->site_url), $row['body']);
			
					  $message = Swift_Message::newInstance()
								->setSubject($row['subject'])
								->setTo(array($data['email'] => $data['fname'].' '.$data['lname']))
								->setFrom(array($core->site_email => $core->site_name))
								->setBody(cleanOut($body), 'text/html');
								
					   $mailer->send($message);
				  }
			  } else
				  $core->msgAlert('<span>Alert!</span>Nothing to process.');
		  } else
			  print $core->msgStatus();
	  } 

	  /**
	   * Users::updateProfile()
	   * 
	   * @return
	   */
	  public function updateProfile()
	  {
		  global $db, $core;

		  if (empty($_POST['fname']))
			  $core->msgs['fname'] = 'Please Enter First Name';
			  
		  if (empty($_POST['lname']))
			  $core->msgs['lname'] = 'Please Enter Last Name';

		  if (empty($_POST['email']))
			  $core->msgs['email'] = 'Please Enter Valid Email Address';

		  if (!$this->isValidEmail($_POST['email']))
			  $core->msgs['email'] = 'Entered Email Address Is Not Valid.';

		  if (!empty($_FILES['avatar']['name'])) {
			  if (!preg_match("/(\.jpg|\.png|\.gif)$/i", $_FILES['avatar']['name'])) {
				  $core->msgs['avatar'] = 'Illegal file type. Only jpg,png and gif file types allowed.';
			  }
			  
			  $file_info = getimagesize($_FILES['avatar']['tmp_name']);
			  if(empty($file_info))
				  $core->msgs['avatar'] = 'Illegal file type. Only jpg,png and gif file types allowed.';
		  }
		  
		  if (empty($core->msgs)) {
			  
			  $data = array(
				  'email' => sanitize($_POST['email']), 
				  'lname' => sanitize($_POST['lname']), 
				  'fname' => sanitize($_POST['fname']), 
				  'newsletter' => intval($_POST['newsletter'])
			  );
				   
			  $userpass = getValue("password", $this->uTable, "id = '".$this->uid."'");
			  
			  if ($_POST['password'] != "") {
				  $data['password'] = sha1($_POST['password']);
			  } else
				  $data['password'] = $userpass;

			  // Start Avatar Upload
			  include(BASEPATH . "lib/class_imageUpload.php");
			  include(BASEPATH . "lib/class_imageResize.php");

			  $newName = "IMG_" . randName();
			  $ext = substr($_FILES['avatar']['name'], strrpos($_FILES['avatar']['name'], '.') + 1);
			  $name = $newName.".".strtolower($ext);
		
			  $als = new Upload();
			  $als->File = $_FILES['avatar'];
			  $als->method = 1;
			  $als->SavePath = UPLOADS;
			  $als->NewWidth = $core->thumb_w;
			  $als->NewHeight = $core->thumb_h;
			  $als->NewName  = $newName;
			  $als->OverWrite = true;
			  $err = $als->UploadFile();

			  $avatar = getValue("avatar",$this->uTable,"id = '".$this->uid."'");
			  if (!empty($_FILES['avatar']['name'])) {
				  if ($avatar) {
					  @unlink($als->SavePath . $avatar);
				  }
				  $data['avatar'] = $name;
			  } else {
				  $data['avatar'] = $avatar;
			  }
			  
			  if (count($err) > 0 and is_array($err)) {
				  foreach ($err as $key => $val) {
					  $core->msgError($val, false);
				  }
			  }
			  
			  $db->update($this->uTable, $data, "id='" . (int)$this->uid . "'");

			  ($db->affected()) ? $core->msgOk('<span>Success!</span> You have successfully updated your profile.') : $core->msgAlert('<span>Alert!</span>Nothing to process.');
		  } else
			  print $core->msgStatus();
	  } 

      /**
       * User::register()
       * 
       * @return
       */
	  public function register()
	  {
		  global $db, $core;
		  
		  if (empty($_POST['username']))
			  $core->msgs['username'] = 'Please Enter Valid Username';
		  
		  if ($value = $this->usernameExists($_POST['username'])) {
			  if ($value == 1)
				  $core->msgs['username'] = 'Username Is Too Short (less Than 4 Characters Long).';
			  if ($value == 2)
				  $core->msgs['username'] = 'Invalid Characters Found In Username.';
			  if ($value == 3)
				  $core->msgs['username'] = 'Sorry, This Username Is Already Taken';
		  }

		  if (empty($_POST['fname']))
			  $core->msgs['fname'] = 'Please Enter First Name';
			  
		  if (empty($_POST['lname']))
			  $core->msgs['lname'] = 'Please Enter Last Name';
			  
		  if (empty($_POST['pass']))
			  $core->msgs['pass'] = 'Please Enter Valid Password.';
		  
		  if (strlen($_POST['pass']) < 6)
			  $core->msgs['pass'] = 'Password is too short (less than 6 characters long)';
		  elseif (!preg_match("/^([0-9a-z])+$/i", ($_POST['pass'] = trim($_POST['pass']))))
			  $core->msgs['pass'] = 'Password entered is not alphanumeric.';
		  elseif ($_POST['pass'] != $_POST['pass2'])
			  $core->msgs['pass'] = 'Your password did not match the confirmed password!.';
		  
		  if (empty($_POST['email']))
			  $core->msgs['email'] = 'Please Enter Valid Email Address';
		  
		  if ($this->emailExists($_POST['email']))
			  $core->msgs['email'] = 'Entered Email Address Is Already In Use.';
		  
		  if (!$this->isValidEmail($_POST['email']))
			  $core->msgs['email'] = 'Entered Email Address Is Not Valid.';
			  		  
		  if ((int)empty($_POST['captcha']))
			  $core->msgs['captcha'] = 'Please enter the total amount.';
		  
		  if ($_POST['captcha'] != "9")
			  $core->msgs['captcha'] = 'Entered total amount is incorrect.';
		  
		  if (empty($core->msgs)) {

			  $token = ($core->reg_verify == 1) ? $this->generateRandID() : 0;
			  $pass = sanitize($_POST['pass']);
			  
			  if($core->reg_verify == 1) {
				  $active = "t";
			  } elseif($core->auto_verify == 0) {
				  $active = "n";
			  } else {
				  $active = "y";
			  }
				  
			  $data = array(
					  'username' => sanitize($_POST['username']), 
					  'password' => sha1($_POST['pass']),
					  'email' => sanitize($_POST['email']), 
					  'fname' => sanitize($_POST['fname']),
					  'lname' => sanitize($_POST['lname']),
					  'token' => $token,
					  'active' => $active, 
					  'created' => "NOW()"
			  );
			  
			  $db->insert($this->uTable, $data);
			  
			  require_once(BASEPATH . "lib/class_mailer.php");
			  
			  if ($core->reg_verify == 1) {
				  $actlink = $core->site_url . "/activate.php";
				  $row = $core->getRowById("email_templates", 1);
				  
				  $body = str_replace(
						array('[NAME]', '[USERNAME]', '[PASSWORD]', '[TOKEN]', '[EMAIL]', '[URL]', '[LINK]', '[SITE_NAME]'), 
						array($data['fname'].' '.$data['lname'], $data['username'], $_POST['pass'], $token, $data['email'], $core->site_url, $actlink, $core->site_name), $row['body']
						);
						
				 $newbody = cleanOut($body);	
					 
				  $mailer = $mail->sendMail();
				  $message = Swift_Message::newInstance()
							->setSubject($row['subject'])
							->setTo(array($data['email'] => $data['username']))
							->setFrom(array($core->site_email => $core->site_name))
							->setBody($newbody, 'text/html');
							
				 $mailer->send($message);
				 
			  } elseif ($core->auto_verify == 0) {
				  $row = $core->getRowById("email_templates", 14);
				  
				  $body = str_replace(
						array('[NAME]', '[USERNAME]', '[PASSWORD]', '[URL]', '[SITE_NAME]'), 
						array($data['fname'].' '.$data['lname'], $data['username'], $_POST['pass'], $core->site_url, $core->site_name), $row['body']
						);
						
				 $newbody = cleanOut($body);	

				  $mailer = $mail->sendMail();
				  $message = Swift_Message::newInstance()
							->setSubject($row['subject'])
							->setTo(array($data['email'] => $data['username']))
							->setFrom(array($core->site_email => $core->site_name))
							->setBody($newbody, 'text/html');
							
				 $mailer->send($message); 
				  
			  } else {
				  $row = $core->getRowById("email_templates", 7);
				  
				  $body = str_replace(
						array('[NAME]', '[USERNAME]', '[PASSWORD]', '[URL]', '[SITE_NAME]'), 
						array($data['fname'].' '.$data['lname'], $data['username'], $_POST['pass'], $core->site_url, $core->site_name), $row['body']
						);
						
				 $newbody = cleanOut($body);	

				  $mailer = $mail->sendMail();
				  $message = Swift_Message::newInstance()
							->setSubject($row['subject'])
							->setTo(array($data['email'] => $data['username']))
							->setFrom(array($core->site_email => $core->site_name))
							->setBody($newbody, 'text/html');
							
				 $mailer->send($message);

			  }
			  if($core->notify_admin) {
				$arow = $core->getRowById("email_templates", 13);
  
					$abody = str_replace(
						  array('[USERNAME]', '[EMAIL]', '[NAME]', '[IP]'), 
						  array($data['username'], $data['email'], $data['fname'].' '.$data['lname'], $_SERVER['REMOTE_ADDR']), $arow['body']
						  );
						  
				   $anewbody = cleanOut($abody);	
  
					$amailer = $mail->sendMail();
					$amessage = Swift_Message::newInstance()
							  ->setSubject($arow['subject'])
							  ->setTo(array($core->site_email => $core->site_name))
							  ->setFrom(array($core->site_email => $core->site_name))
							  ->setBody($anewbody, 'text/html');
							  
				   $amailer->send($amessage);
			  }
			  
			  ($db->affected() && $mailer) ?  print "OK" : $core->msgError('<span>Error!</span>There was an error during registration process. Please contact the administrator...',false);
		  } else
			  print $core->msgStatus();
	  } 
	  
      /**
       * User::passReset()
       * 
       * @return
       */
	  public function passReset()
	  {
		  global $db, $core;
		  
		  if (empty($_POST['uname']))
			  $core->msgs['uname'] = 'Please Enter Valid Username';
		  
		  $uname = $this->usernameExists($_POST['uname']);
		  if (strlen($_POST['uname']) < 4 || strlen($_POST['uname']) > 30 || !preg_match("/^([0-9a-z])+$/i", $_POST['uname']) || $uname != 3)
			  $core->msgs['uname'] = 'We are sorry, selected username does not exist in our database';

		  if (empty($_POST['email']))
			  $core->msgs['email'] = 'Please Enter Valid Email Address';

		  if (!$this->emailExists($_POST['email']))
			  $core->msgs['uname'] = 'Entered Email Address Does Not Exists.';
			    
		  if (empty($_POST['captcha']))
			  $core->msgs['captcha'] = 'Please enter the total amount';
		  
		  if ($_POST['captcha'] != "10")
			  $core->msgs['captcha'] = 'Entered total amount is incorrect';
		  
		  if (empty($core->msgs)) {
			  
              $user = $this->getUserInfo($_POST['uname']);
			  $randpass = $this->getUniqueCode(12);
			  $newpass = sha1($randpass);
			  
			  $data['password'] = $newpass;
			  
			  $db->update($this->uTable, $data, "username = '" . $user['username'] . "'");
		  
			  require_once(BASEPATH . "lib/class_mailer.php");
			  $row = $core->getRowById("email_templates", 2);
			  
			  $body = str_replace(
					array('[USERNAME]', '[PASSWORD]', '[URL]', '[LINK]', '[IP]', '[SITE_NAME]'), 
					array($user['username'], $randpass, $core->site_url, $core->site_url, $_SERVER['REMOTE_ADDR'], $core->site_name), $row['body']
					);
					
			  $newbody = cleanOut($body);

			  $mailer = $mail->sendMail();
			  $message = Swift_Message::newInstance()
						->setSubject($row['subject'])
						->setTo(array($user['email'] => $user['username']))
						->setFrom(array($core->site_email => $core->site_name))
						->setBody($newbody, 'text/html');
						
			  ($db->affected() && $mailer->send($message)) ? $core->msgOk('<span>Success!</span>You have successfully changed your password. Please check your email for further info!',false) : $core->msgError('<span>Error!</span>There was an error during the process. Please contact the administrator.',false);

		  } else
			  print $core->msgStatus();
	  }
	  
      /**
       * User::activateUser()
       * 
       * @return
       */
	  public function activateUser()
	  {
		  global $db, $core;
		  
		  if (empty($_POST['email']))
			  $core->msgs['email'] = 'Please Enter Valid Email Address';
		  
		  if (!$this->emailExists($_POST['email']))
			  $core->msgs['email'] = 'Entered Email Address Does Not Exists.';
		  
		  if (empty($_POST['token']))
			  $core->msgs['token'] = 'The token code is not valid';
		  
		  if (!$this->validateToken($_POST['token']))
			  $core->msgs['token'] = 'This account has been already activated!';
		  
		  if (empty($core->msgs)) {
			  $email = sanitize($_POST['email']);
			  $token = sanitize($_POST['token']);
			  $message = ($core->auto_verify == 1) ? '<span>Success!</span>You have successfully activated your account!' : '<span>Success!</span>Your account is now active. However you still need to wait for administrative approval.';
			  
			  $data = array(
					'token' => 0, 
					'active' => ($core->auto_verify) ? "y" : "n"
			  );
			  
			  $db->update($this->uTable, $data, "email = '" . $email . "' AND token = '" . $token . "'");
			  ($db->affected()) ? $core->msgOk($message,false) : $core->msgError('<span>Error!</span>There was an error during the activation process. Please contact the administrator.',false);
		  } else
			  print $core->msgStatus();
	  }

	  /**
	   * Users::getUserData()
	   * 
	   * @return
	   */
	  public function getUserData()
	  {
		  global $db, $core;
		  
		  $sql = "SELECT *, DATE_FORMAT(created, '%a. %d, %M %Y') as cdate,"
		  . "\n DATE_FORMAT(lastlogin, '%a. %d, %M %Y') as ldate"
		  . "\n FROM " . $this->uTable
		  . "\n WHERE id = '" . $this->uid . "'";
		  $row = $db->first($sql);

		  return ($row) ? $row : 0;
	  }

	  /**
	   * Users::getUserMembership()
	   * 
	   * @return
	   */
	  public function getUserMembership()
	  {
		  global $db, $core;
		  		  
          $sql = "SELECT u.*, m.title,"
		  . "\n DATE_FORMAT(u.mem_expire, '%d. %b. %Y.') as expiry"
		  . "\n FROM " . $this->uTable . " as u"
		  . "\n LEFT JOIN memberships as m ON m.id = u.membership_id" 
		  . "\n WHERE u.id = '" . $this->uid . "'";
          $row = $db->first($sql);
          
		  return ($row) ? $row : 0;
	  }

	  /**
	   * Users::calculateDays()
	   * 
	   * @return
	   */
	  public function calculateDays($membership_id)
	  {
		  global $db;
		  
		  $now = date('Y-m-d H:i:s');
		  $row = $db->first("SELECT days, period FROM memberships WHERE id = '" . (int)$membership_id . "'");
		  if($row) {
			  switch($row['period']) {
				  case "D" :
				  $diff = $row['days'];
				  break;
				  case "W" :
				  $diff = $row['days'] * 7;
				  break; 
				  case "M" :
				  $diff = $row['days'] * 30;
				  break;
				  case "Y" :
				  $diff = $row['days'] * 365;
				  break;
			  }
			$expire = date("Y-m-d H:i:s", strtotime($now . + $diff . " days"));
		  } else {
			$expire = "0000-00-00 00:00:00";
		  }
		  return $expire;
	  }
  
      /**
       * User::trialUsed()
       * 
       * @return
       */
     public function trialUsed()
      {
          global $db;

          $sql = "SELECT trial_used" 
		  . "\n FROM ".$this->uTable 
		  . "\n WHERE id ='" . $this->uid . "'" 
		  . "\n LIMIT 1";
          $row = $db->first($sql);
		  
		  return ($row['trial_used'] == 1) ? true : false;
      }

	  /**
	   * Users::validateMembership()
	   * 
	   * @return
	   */
	  public function validateMembership()
	  {
		  global $db;
		  
		  $sql = "SELECT mem_expire" 
		  . "\n FROM " . $this->uTable
		  . "\n WHERE id = '" . $this->uid . "'" 
		  . "\n AND TO_DAYS(mem_expire) > TO_DAYS(NOW())";
		  $row = $db->first($sql);
		  
		  return ($row) ? $row : 0;
	  }

	  /**
	   * Users::checkMembership()
	   * 
	   * @param string $memids
	   * @return
	   */
	  public function checkMembership($memids)
	  {
		  global $db;
		  
		  $m_arr = explode(",", $memids);
		  reset($m_arr);
		  
		  if ($this->logged_in and $this->validateMembership() and in_array($this->membership_id, $m_arr)) {
			  return true;
		  } else
			  return false;
	  }
	  	  	  	  	  	  	  	  
	  /**
	   * Users::usernameExists()
	   * 
	   * @param mixed $username
	   * @return
	   */
	  private function usernameExists($username)
	  {
		  global $db;
		  
		  $username = sanitize($username);
		  if (strlen($db->escape($username)) < 4)
			  return 1;
		  
		  $alpha_num = str_replace(" ", "", $username);
		  if (!ctype_alnum($alpha_num))
			  return 2;
		  
		  $sql = $db->query("SELECT username" 
		  . "\n FROM users" 
		  . "\n WHERE username = '" . $username . "'" 
		  . "\n LIMIT 1");
		  
		  $count = $db->numrows($sql);
		  
		  return ($count > 0) ? 3 : false;
	  }  	
	  
	  /**
	   * User::emailExists()
	   * 
	   * @param mixed $email
	   * @return
	   */
	  private function emailExists($email)
	  {
		  global $db;
		  
		  $sql = $db->query("SELECT email" 
		  . "\n FROM users" 
		  . "\n WHERE email = '" . sanitize($email) . "'" 
		  . "\n LIMIT 1");
		  
		  if ($db->numrows($sql) == 1) {
			  return true;
		  } else
			  return false;
	  }
	  
	  /**
	   * User::isValidEmail()
	   * 
	   * @param mixed $email
	   * @return
	   */
	  private function isValidEmail($email)
	  {
		  if (function_exists('filter_var')) {
			  if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
				  return true;
			  } else
				  return false;
		  } else
			  return preg_match('/^[a-zA-Z0-9._+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$/', $email);
	  } 	

      /**
       * User::validateToken()
       * 
       * @param mixed $token
       * @return
       */
     private function validateToken($token)
      {
          global $db;
          $token = sanitize($token,40);
          $sql = "SELECT token" 
		  . "\n FROM ".$this->uTable 
		  . "\n WHERE token ='" . $db->escape($token) . "'" 
		  . "\n LIMIT 1";
          $result = $db->query($sql);
          
          if ($db->numrows($result))
              return true;
      }
	  
	  /**
	   * Users::getUniqueCode()
	   * 
	   * @param string $length
	   * @return
	   */
	  private function getUniqueCode($length = "")
	  {
		  $code = sha1(uniqid(rand(), true));
		  if ($length != "") {
			  return substr($code, 0, $length);
		  } else
			  return $code;
	  }

	  /**
	   * Users::generateRandID()
	   * 
	   * @return
	   */
	  private function generateRandID()
	  {
		  return sha1($this->getUniqueCode(24));
	  }

	  /**
	   * Users::levelCheck()
	   * 
	   * @param string $levels
	   * @return
	   */
	  public function levelCheck($levels)
	  {
		  global $db;
		  $m_arr = explode(",", $levels);
		  reset($m_arr);
		  
		  if ($this->logged_in and in_array($this->userlevel, $m_arr))
		  return true;
	  }
	  
      /**
       * Users::getUserLevels()
       * 
       * @return
       */
      public function getUserLevels($level = false)
	  {
		  $arr = array(
				 9 => 'Super Admin',
				 1 => 'Registered User',
				 2 => 'User Level 2',
				 3 => 'User Level 3',
				 4 => 'User Level 4',
				 5 => 'User Level 5',
				 6 => 'User Level 6',
				 7 => 'User Level 7'
		  );
		  
		  $list = '';
		  foreach ($arr as $key => $val) {
				  if ($key == $level) {
					  $list .= "<option selected=\"selected\" value=\"$key\">$val</option>\n";
				  } else
					  $list .= "<option value=\"$key\">$val</option>\n";
		  }
		  unset($val);
		  return $list;
	  } 
	  	  	  
      /**
       * Users::getUserFilter()
       * 
       * @return
       */
      public function getUserFilter()
	  {
		  $arr = array(
				 'username-ASC' => 'Username ↑',
				 'username-DESC' => 'Username & ↓',
				 'fname-ASC' => 'First Name ↑',
				 'fname-DESC' => 'First Name ↓',
				 'lname-ASC' => 'Last Name ↑',
				 'lname-DESC' => 'Last Name ↓',
				 'email-ASC' => 'Email Address ↑',
				 'email-DESC' => 'Email Address ↓',
				 'created-ASC' => 'Registered ↑',
				 'created-DESC' => 'Registered ↓',
		  );
		  
		  $filter = '';
		  foreach ($arr as $key => $val) {
				  if ($key == get('sort')) {
					  $filter .= "<option selected=\"selected\" value=\"$key\">$val</option>\n";
				  } else
					  $filter .= "<option value=\"$key\">$val</option>\n";
		  }
		  unset($val);
		  return $filter;
	  } 	  	  	  	   
  }
?>
Edited by lolclol
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.