PHP Classes

File: dbum_class.inc

Recommend this page to a friend!
  Classes of Steffen Stollfuß   dbum_class.inc   dbum_class.inc   Download  
File: dbum_class.inc
Role: Class source
Content type: text/plain
Description: DBUM Class File
Class: dbum_class.inc
DataBase User Managment class
Author: By
Last change: /* Bug fix Release */
While i using this class in my own scripts
i detected many bugs that i have fixed....

In future i will dev (with more experience) a php5 version with less bugs an errors :)))

cya Jointy
Date: 19 years ago
Size: 73,767 bytes
 

Contents

Class file image Download
<?php /******************************************************************************* * DataBase User Managment Class based on PEAR DB * * dbum_class.inc * -------------------- * Begin: 17. July 2003 * * Author: Steffen Stollfu&szlig; <bestmischmaker@web.de> * * status: "search 4 a job" * * $ Id: - dbum_class.inc - v.0.9.8.2 - 03-07-2004 10:47:14 $ ******************************************************************************* * * - Change Log - begin v.0.8.4 * * * Date: 02.08.2003 * !!! v.0.8.4 beta coming public !!! * - documentaion v.0.5.3 * * Date: 03.08.2003 * - fix a bug in load_session() with cookie_params !!! * * Date: 21.08.2003 * - the function "change email" did not set new activ_id in database, * so the activation goes failed * * Date: 27.08.2003 * - constructor changes ( now only 2 parameters needed ) * ( $dbum = new DBUM($db , $debug); ) * - doc v.0.9.2 * * * Date: 28.08.2003 * !!! Experimental !!! - now max_len constans variable, have a look at doc how you use it !!! Experimental !!! * - max_failed_logins = 98 // that the maximum or "0" for deactivted (default = "5") * have a look at the documentation * * - new function (install_tables( $options )) * * Date: 29.08.2003 * - v.0.9.6 public comming out !!! * - doc v.0.9.5 public comming out !!! * Date: 31.08.2003 * - v.0.9.7 public out * - fixed a bug in is_numeric_array(), it will not work in v.0.9.6 * - if you use the class please update, thx * Date 23.06.2004 * - v.0.9.6.1 while using some new bugs occured, this i have fixed now * * * Date: 03.07.2004 * - v.0.9.8.2 new function added "forgot_password($email)" * - and some bugs fixed */ // SQL Tables if( !defined("DBUM_USERS_TABLE") ) define("DBUM_USERS_TABLE" , "dbum_users"); if( !defined("DBUM_SESSION_TABLE") ) define("DBUM_SESSION_TABLE" , "dbum_sessions" ); if( !defined("DBUM_GROUPS_TABLE") ) define("DBUM_GROUPS_TABLE" , "dbum_groups" ); // Error Constans define("DBUM_HACKER_ATTEMPT" , 1000 ); define("DBUM_INPUT_ERROR" , 1001 ); define("DBUM_SQL_ERROR" , 1002 ); define("DBUM_LOGIN_FAILED" , 1003 ); define("DBUM_USER_NOT_ACTIVATED" , 1004 ); define("DBUM_USER_EXISTS" , 1005 ); define("DBUM_CREATE_USER_FAILED" , 1006 ); define("DBUM_SESSION_START_FAILED" , 1007 ); define("DBUM_USER_LOCKED" , 1008 ); define("DBUM_INSERT_SESSION_FAILED" , 1009 ); define("DBUM_UPDATE_SESSION_FAILED" , 1010 ); define("DBUM_MAX_FAILED_LOGINS_REACHED" , 1011 ); define("DBUM_GROUP_NOT_ACTIVATED" , 1012 ); define("DBUM_GROUP_NOT_EXISTS" , 1013 ); define("DBUM_NOT_LOGGED" , 1014 ); define("DBUM_LOGIN_TIMEOUT_REACHED" , 1015 ); define("DBUM_UNLOCK_USER_FAILED" , 1016 ); define("DBUM_ACTIVATED_USER_FAILED" , 1017 ); define("DBUM_USER_NOT_EXISTS" , 1018 ); define("DBUM_CHANGE_PASSWORD_FAILED", 1019 ); define("DBUM_CHANGE_EMAIL_FAILED" , 1020 ); define("DBUM_ACCESS_DENIED" , 1021 ); define("DBUM_GROUP_EXISTS" , 1022 ); define("DBUM_USER_DELETE_FAILED" , 1023 ); define("DBUM_GROUP_DELETE_FAILED" , 1024 ); define("DBUM_GROUP_ACTIVATE_FAILED" , 1025 ); define("DBUM_GROUP_DEACTIVATE_FAILED" , 1026 ); define("DBUM_EDIT_USER_FAILED" , 1027 ); define("DBUM_GROUP_EDIT_FAILED" , 1028 ); define("DBUM_ACTION_FAILED" , 1029 ); define("DBUM_EMAIL_EXISTS" , 1030 ); define("DBUM_FORGOT_PASSWORD_FAILED" , 1031); define("DBUM_INSTALL_ERROR" , 1032 ); if(!defined("DBUM_MAX_FAILED_LOGINS") ) define("DBUM_MAX_FAILED_LOGINS" , 5 ); // !!! max 98 !!! // this will use if no timeout set when user will created define("DBUM_DEFAULT_USER_TIMEOUT" , 60); // mins // Input Constans if(!defined("DBUM_MAX_USERNAME_LEN") ) define("DBUM_MAX_USERNAME_LEN" , 20 ); if(!defined("DBUM_MAX_PASSWORD_LEN") ) define("DBUM_MAX_PASSWORD_LEN" , 35 ); if(!defined("DBUM_FIRST_NAME_MAX_LEN") ) define("DBUM_FIRST_NAME_MAX_LEN" , 50 ); if(!defined("DBUM_LAST_NAME_MAX_LEN") ) define("DBUM_LAST_NAME_MAX_LEN" , 75 ); if(!defined("DBUM_STREET_MAX_LEN") ) define("DBUM_STREET_MAX_LEN" , 255 ); if(!defined("DBUM_HOMETOWN_MAX_LEN") ) define("DBUM_HOMETOWN_MAX_LEN" , 100 ); if(!defined("DBUM_POSTCODE_MAX_LEN") ) define("DBUM_POSTCODE_MAX_LEN" , 10 ); if(!defined("DBUM_EMAIL_MAX_LEN") ) define("DBUM_EMAIL_MAX_LEN" , 200 ); if(!defined("DBUM_TELEPHONE_MAX_LEN") ) define("DBUM_TELEPHONE_MAX_LEN" , 50 ); if(!defined("DBUM_FAX_MAX_LEN") ) define("DBUM_FAX_MAX_LEN" , 50 ); if(!defined("DBUM_MOBIL_MAX_LEN") ) define("DBUM_MOBIL_MAX_LEN" , 25 ); if(!defined("DBUM_SIGNATURE_MAX_LEN") ) define("DBUM_SIGNATURE_MAX_LEN" , 65535 ); if(!defined("DBUM_ICQ_MAX_LEN") ) define("DBUM_ICQ_MAX_LEN" , 20 ); if(!defined("DBUM_MSN_MAX_LEN") ) define("DBUM_MSN_MAX_LEN" , 255 ); if(!defined("DBUM_AIM_MAX_LEN") ) define("DBUM_AIM_MAX_LEN" , 255 ); define("DBUM_TIMEOUT_MAX_LEN" , 4 ); if(!defined("DBUM_GROUP_NAME_MAX_LEN") ) define("DBUM_GROUP_NAME_MAX_LEN" , 100 ); if(!defined("DBUM_GROUP_DESC_MAX_LEN") ) define("DBUM_GROUP_DESC_MAX_LEN" , 255 ); if(!defined("DBUM_GROUP_LEVEL_MAX_LEN") ) define("DBUM_GROUP_LEVEL_MAX_LEN" , 3 ); // Class DataBase User Managment !!!! class dbum { // Error Vars var $err_code; var $err_title; var $err_msg; var $err_line; var $err_file; var $query; var $debug; var $result; var $db; var $unlock = array(); /* // Some Tests var $query_num = 0; var $queries = array(); */ // Constructor function dbum( &$db , $debug = FALSE ) { $this->debug = $debug; $this->db = $db; } function login( $username , $password ) { //////////////////////////////////////////////////////////////////////// // Check are Input data correct ! if( !$this->_valid_data( array( "username" => $username , "password" => $password ) ) ) { return FALSE; } //////////////////////////////////////////////////////////////////////// // Select "user_id , group_id , activated , locked , failed_logins , created , password , first_name , last_name , email" $this->query = ''; $this->query = 'SELECT user_id , group_id , activated , locked , failed_logins , created , password , first_name , last_name , email FROM '. DBUM_USERS_TABLE .' WHERE LOWER(username) = \''. strtolower($username) .'\''; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; //////////////////////////////////////////////////////////////////////// // Check is a Dataset founded ! if( !$row = $this->result->fetchRow( DB_FETCHMODE_ASSOC ) ) { $this->result->free(); return $this->message_return( DBUM_LOGIN_FAILED , "Login" , "Login goes failed", __LINE__ , __FILE__ ); } $this->result->free(); //////////////////////////////////////////////////////////////////////// // Check are failed_logins != DBUM_MAX_FAILED_LOGINS if( DBUM_MAX_FAILED_LOGINS != 0 ) { if( $row["failed_logins"] == DBUM_MAX_FAILED_LOGINS ) { if( !$this->lock_user( $username ) ) { return FALSE; } return $this->message_return( DBUM_MAX_FAILED_LOGINS_REACHED , "Login" , "Your account was locked now, because too many failed logins", __LINE__ , __FILE__ ); } } //////////////////////////////////////////////////////////////////////// // Check is User locked !!! if( $row["locked"] != 0) { return $this->message_return( DBUM_USER_LOCKED , "Login" , "Your account is locked", __LINE__ , __FILE__ ); } //////////////////////////////////////////////////////////////////////// // Check is Password valid, else set failed_login + 1 and return DBUM_LOGIN_FAILED if( $row["password"] != sha1( $password ) ) { $this->query = "UPDATE ". DBUM_USERS_TABLE ." SET failed_logins = '". ($row["failed_logins"] + 1) ."' WHERE LOWER(username) = '". strtolower($username) ."' LIMIT 1"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "", __LINE__ , __FILE__ ); } $this->query = ''; return $this->message_return( DBUM_LOGIN_FAILED , "Login" , "Login goes failed", __LINE__ , __FILE__ ); } //////////////////////////////////////////////////////////////////////// // Check is User activated ! if( $row["activated"] != 1) { return $this->message_return( DBUM_USER_NOT_ACTIVATED , "Login" , "Your account is not activated", __LINE__ , __FILE__ ); } //////////////////////////////////////////////////////////////////////// // set output user vars $output = array( "username" => $username , "password" => $password , "user_id" => $row["user_id"] , "group_id" => $row["group_id"] , "first_name" => $row["first_name"] , "last_name" => $row["last_name"] , "email" => $row["email"] , "created" => $row["created"] ); if( $row["failed_logins"] > DBUM_MAX_FAILED_LOGINS ) { $output["failed_logins"] = $row["failed_logins"] - 1; } else { $output["failed_logins"] = $row["failed_logins"]; } unset( $row ); //////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////// // Check Group Setting $this->query = 'SELECT group_name , group_desc , activated FROM '. DBUM_GROUPS_TABLE .' WHERE group_id = \''. $output["group_id"] .'\''; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; if( !$row = $this->result->fetchRow( DB_FETCHMODE_ASSOC ) ) { $this->result->free(); return $this->message_return( DBUM_GROUP_NOT_EXISTS , "Login" , "Given group_id does not exists", __LINE__ , __FILE__); } $this->result->free(); //////////////////////////////////////////////////////////////////////// // Check is Group activated if( $row["activated"] != 1 ) { return $this->message_return( DBUM_GROUP_NOT_ACTIVATED , "Login" , "Your group is not activated", __LINE__ , __FILE__); } //////////////////////////////////////////////////////////////////////// // Set output group vars $output["group_name"] = $row["group_name"]; $output["group_desc"] = $row["group_desc"]; //////////////////////////////////////////////////////////////////////// // Set Users last action timestamp $output["last_action"] = $this->_timestamp(); unset( $row ); //////////////////////////////////////////////////////////////////////// // Update Session Data Section $this->query = "UPDATE ". DBUM_SESSION_TABLE ." SET user_id = '". $output["user_id"] ."', last_action = '". $output["last_action"] ."' WHERE session_id = '". session_id() ."' LIMIT 1"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ""; if( $this->db->affectedRows( $this->result ) != 1 ) { return $this->message_return( DBUM_UPDATE_SESSION_FAILED , "DB_Handling" , "Something goes wrong, while updating session data" , __LINE__ , __FILE__ ); } //////////////////////////////////////////////////////////////////////// // Updating USERS Table !!! $this->query = "UPDATE ". DBUM_USERS_TABLE ." SET session_id = '". session_id() ."', failed_logins = '0' WHERE user_id = '". $output["user_id"] ."' LIMIT 1"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; if( $this->db->affectedRows( $this->result ) != 1 ) { return $this->message_return( DBUM_UPDATE_SESSION_FAILED , "DB_Handling" , "Something goes wrong, while updating user data" , __LINE__ , __FILE__ ); } //////////////////////////////////////////////////////////////////////// // Return return $output; } /*************************************************************************** * - check is given session_id logged for a user * - if timeout set the function will return DBUM_LOGIN_TIMEOUT_REACHED, when reached * - if timeout reached function will logout user/session and destroy session !!! **************************************************************************/ function is_login( $session_id = NULL ) { if( is_null($session_id) ) { $session_id = session_id(); } $this->query = ""; $this->query = "SELECT s.last_action , u.timeout FROM ". DBUM_USERS_TABLE ." u, ". DBUM_SESSION_TABLE ." s WHERE u.session_id = '". $session_id ."' AND s.session_id = '". $session_id ."' AND s.user_id = u.user_id"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; if( !$row = $this->result->fetchRow( DB_FETCHMODE_ASSOC ) ) { $this->result->free(); return $this->message_return( DBUM_NOT_LOGGED , "Login" , "You are not logged" ); } $this->result->free(); // Timeout min -> sec if( $row["timeout"] > "0" ) { $timeout_sec = $row["timeout"] * 60; $timeout_diff = $this->_timestamp() - $row["last_action"]; if( $timeout_diff > $timeout_sec ) { if( !$this->logout( $session_id ) ) { return FALSE; } $this->destroy_session( $session_id ); return $this->message_return( DBUM_LOGIN_TIMEOUT_REACHED , "Login" , "Login timeout reached" , __LINE__ , __FILE__ ); } } return TRUE; } /*************************************************************************** * - set "session_stop" , "last_action" and "user_id" = '' **************************************************************************/ function logout( $session_id = NULL ) { if( is_null( $session_id ) ) { $session_id = session_id(); } $this->query = ""; $this->query = "UPDATE ". DBUM_SESSION_TABLE ." SET session_stop = '". $this->_datetime() ."', last_action = '". $this->_timestamp() ."', user_id = '' WHERE session_id = '". $session_id ."' LIMIT 1"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; if( $this->db->affectedRows( $this->result ) != 1 ) { return $this->message_return( DBUM_UPDATE_SESSION_FAILED , "DB_Handling" , "Something goes wrong, could not updating session data", __LINE__ , __FILE__ ); } return TRUE; } /*************************************************************************** * - user must be logged , befor you can use this function !!! * - **************************************************************************/ function is_authorized( $need_level ) { $this->query = ""; $this->query = "SELECT g.level FROM ". DBUM_USERS_TABLE ." u, ". DBUM_GROUPS_TABLE ." g WHERE u.session_id = '". @session_id() ."' AND g.group_id = u.group_id"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; if( !$row = $this->result->fetchRow( DB_FETCHMODE_ASSOC ) ) { $this->result->free(); return $this->message_return( DBUM_ACCESS_DENIED , "Access Denied" , "You cannot access to this site" ); } $this->result->free(); if( $row["level"] > $need_level ) { return $this->message_return( DBUM_ACCESS_DENIED , "Access Denied" , "You cannot access to this site" ); } return TRUE; } /*************************************************************************** * - set last_action field in dbum session table * - **************************************************************************/ function action( $session_id = NULL ) { if( is_null( $session_id ) ) { $session_id = @session_id(); } else { if( !$this->_valid_data( array("session_id" => $session_id) ) ) { return FALSE; } } $this->query = ""; $this->query = "UPDATE ". DBUM_SESSION_TABLE ." SET last_action = '". $this->_timestamp() ."' WHERE session_id = '". $session_id ."'"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" ,"" ,__LINE__ , __FILE__ ); } $this->query = ''; if( $this->db->affectedRows( $this->result ) != 1 ) { return $this->message_return( DBUM_ACTION_FAILED , "Action" , "Something goes wrong, while do action" , __LINE__ , __FILE__ ); } return TRUE; } /* * check is given email address valid * try to get an username for this email * changed the pass to a new one * return the new password */ function forgot_password( $email ) { if( !$this->_valid_data( array("email"=>$email) ) ) return FALSE; // Check is user already exists !!! $this->query = ""; $this->query = "SELECT username FROM ". DBUM_USERS_TABLE ." WHERE email = '".$email."'"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ""; if( !$row = $this->result->fetchRow( DB_FETCHMODE_ASSOC ) ) { $this->result->free(); return $this->message_return( DBUM_FORGOT_PASSWORD_FAILED , "No Username found" , "Cant find any username for this email address ".$email , __LINE__ , __FILE__ ); } $this->result->free(); // Genereate a new password $new_pass = substr($this->_generate_id($row["username"]),0,rand(6,12)); // Set this new password in USERS Table $this->query = "UPDATE ". DBUM_USERS_TABLE ." SET password = '". sha1( $new_pass ) ."' WHERE email = '".$email."'"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ""; if( $this->db->affectedRows( $this->result ) != 1 ) { return $this->message_return( DBUM_FORGOT_PASSWORD_FAILED , "Forgot Password" , "Something goes wrong, while changing your password" , __LINE__ , __FILE__ ); } return $new_pass; } /*************************************************************************** * - check if all input data are valid !!! * - check is User already exists !!! * - generate a activation id that will return if all right * - create user **************************************************************************/ function create_user( $user ) { // Check are all input data valid !!! if( !$this->_valid_data( $user ) ) { return FALSE; } // Check is Username already exists !!! if( !$this->_user_not_exists( $user["username"] ) ) { return FALSE; } // check is email address already store !!! if( !$this->_email_not_exists( $user["email"] ) ) { return FALSE; } // Generate Activation ID !!! $user["session_id"] = $this->_generate_id( $user["username"] ); //////////////////////////////////////////////////////////////////////// // DB Handling $this->query = ''; $this->query = 'INSERT INTO '. DBUM_USERS_TABLE .' VALUES ( \'\' , \''. $user["group_id"].'\' , \''. $user["session_id"] .'\' , \'0\', \'0\', \''. (( !isset($user["activated"]) ) ? FALSE : $user["activated"]) .'\', \''. (( !isset($user["timeout"]) || empty($user["timeout"]) ) ? DBUM_DEFAULT_USER_TIMEOUT : $user["timeout"]) .'\', \''. $this->_datetime() .'\', \''. $user["username"] .'\' , \''. sha1($user["password"]) .'\' , \''. (( !isset($user["first_name"]) || empty($user["first_name"]) ) ? NULL : $user["first_name"]) .'\' , \''. (( !isset($user["last_name"]) || empty($user["last_name"]) ) ? NULL : $user["last_name"]) .'\' , \''. (( !isset($user["street"]) || empty($user["street"]) ) ? NULL : $user["street"]) .'\' , \''. (( !isset($user["postcode"]) || empty($user["postcode"]) ) ? NULL : $user["postcode"]) .'\' , \''. (( !isset($user["hometown"]) || empty($user["hometown"]) ) ? NULL : $user["hometown"]) .'\' , \''. $user["email"] .'\' , \''. (( !isset($user["website"]) || empty($user["website"]) ) ? NULL : $user["website"]) .'\' , \''. (( !isset($user["telephone"]) || empty($user["telephone"]) ) ? NULL : $user["telephone"]) .'\' , \''. (( !isset($user["fax"]) || empty($user["fax"]) ) ? NULL : $user["fax"]) .'\' , \''. (( !isset($user["mobil"]) || empty($user["mobil"]) ) ? NULL : $user["mobil"]) .'\' , \''. (( !isset($user["signature"]) || empty($user["signature"]) ) ? NULL : $user["signature"]) .'\' , \''. (( !isset($user["icq"]) || empty($user["icq"]) ) ? NULL : $user["icq"]) .'\' , \''. (( !isset($user["msn"]) || empty($user["msn"]) ) ? NULL : $user["msn"]) .'\' , \''. (( !isset($user["aim"]) || empty($user["aim"]) ) ? NULL : $user["aim"]) .'\' )'; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; if( $this->db->affectedRows( $this->result ) != 1 ) { return $this->message_return( DBUM_CREATE_USER_FAILED , "DB_Handling" , "Something goes wrong, while create user" , __LINE__ , __FILE__ ); } //////////////////////////////////////////////////////////////////////// // Return return $user["session_id"]; } /*************************************************************************** * - check input data * - activate user **************************************************************************/ function activated_user( $username , $activ_id ) { if( !$this->_valid_data( array("username" => $username , "unlock_id" => $activ_id) ) ) { return FALSE; } $this->query = ""; $this->query = "UPDATE ". DBUM_USERS_TABLE ." SET activated = '1' WHERE username = '". $username ."' AND session_id = '". $activ_id ."' LIMIT 1"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } if( $this->db->affectedRows( $this->result ) != 1 ) { return $this->message_return( DBUM_ACTIVATED_USER_FAILED , "DB Handling" , "Something goes wrong, while activate your user account" , __LINE__ , __FILE__ ); } return TRUE; } /*************************************************************************** * set the unlock array * set in table users **************************************************************************/ function lock_user( $username ) { if( !$this->_valid_data( array("username" => $username) ) ) { return FALSE; } $this->query = ""; $this->query = "SELECT email FROM ". DBUM_USERS_TABLE ." WHERE username = '". $username ."'"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ""; if( !$row = $this->result->fetchRow( DB_FETCHMODE_ASSOC ) ) { return $this->message_return( DBUM_USER_NOT_EXISTS , "Lock User" , "User you try to lock does not exists" ); } $this->result->free(); // Created unlock_id and set it in session_id field $this->unlock["id"] = $this->_generate_id( $username ); $this->unlock["username"] = $username; // $this->unlock["password"] = substr( $this->unlock["id"] , 9 , 18 ); $this->unlock["email"] = $row["email"]; unset( $row ); $this->query = "UPDATE ". DBUM_USERS_TABLE ." SET locked = '1' , failed_logins = '". (DBUM_MAX_FAILED_LOGINS + 1) ."' , session_id = '". $this->unlock["id"] ."' ". // password = '". sha1( $this->unlock["password"] ) ."' "WHERE LOWER(username) = '". strtolower($username) ."' LIMIT 1"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; return TRUE; } /*************************************************************************** * - set locked in DB "0" false !!! **************************************************************************/ function unlock_user( $username , $unlock_id ) { if( !$this->_valid_data( array( "username" => $username , "unlock_id" => $unlock_id ) ) ) { return FALSE; } $this->query = ""; $this->query = "UPDATE ". DBUM_USERS_TABLE ." SET locked= '0' WHERE session_id = '". $unlock_id ."' AND LOWER(username) = '". strtolower($username) ."' LIMIT 1"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query= ''; if( $this->db->affectedRows( $this->result ) != 1 ) { return $this->message_return( DBUM_UNLOCK_USER_FAILED , "Unlock_User" , "Something goes wrong, while unlock user" , __LINE__ , __FILE__ ); } return TRUE; } /*************************************************************************** * - check are all given string valid * - check is * - change password when old pwd is correct **************************************************************************/ function change_password( $username , $old_pwd , $new_pwd , $re_new_pwd ) { if( !$this->_valid_data( array( "username" => $username , "password" => array($old_pwd , $new_pwd , $re_new_pwd) ) ) ) { return FALSE; } if( empty($new_pwd) || ($new_pwd != $re_new_pwd) ) { return $this->message_return( DBUM_CHANGE_PASSWORD_FAILED , "Change Password" , "Your new 2 password strings are not the same or empty" , __LINE__ , __FILE__ ); } $this->query = ""; $this->query = "UPDATE ". DBUM_USERS_TABLE ." SET password = '". sha1( $new_pwd ) ."' WHERE LOWER(username) = '". strtolower($username) ."' AND password = '". sha1( $old_pwd ) ."' LIMIT 1"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; if( $this->db->affectedRows( $this->result ) != 1 ) { return $this->message_return( DBUM_CHANGE_PASSWORD_FAILED , "Change Password" , "Your old password was not correct" , __LINE__ , __FILE__ ); } return TRUE; } /*************************************************************************** * - check is new email format valid * - generate new activation_id and set it in db * - change email , if not exists because email field is "unique_id" * and set activated = FALSE * - return activ_id **************************************************************************/ function change_email( $username , $new_email ) { if( !$this->_valid_data( array( "username" => $username , "email" => $new_email ) ) ) { return FALSE; } $activ_id = $this->_generate_id( $username ); $this->query = ""; $this->query = "UPDATE ". DBUM_USERS_TABLE ." SET email = '". $new_email ."' , session_id = '". $activ_id ."' , activated = '0' WHERE LOWER(username) = '". strtolower($username) ."' LIMIT 1"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; if( $this->db->affectedRows( $this->result ) != 1 ) { return $this->message_return( DBUM_CHANGE_EMAIL_FAILED , "DB Handling" , "Something goes wrong, while changing your email" , __LINE__ , __FILE__ ); } return $activ_id; } /*************************************************************************** * - check all data !!! * - update User data in Database **************************************************************************/ function edit_user( $user ) { if( !$this->_valid_data($user) ) { return FALSE; } $this->query = ""; $this->query = "UPDATE ". DBUM_USERS_TABLE ." SET timeout = '". ( (!isset($user["timeout"]) || empty($user["timeout"])) ? DBUM_DEFAULT_USER_TIMEOUT : $user["timeout"] ) ."', first_name = '". ( (!isset($user["first_name"]) || empty($user["first_name"])) ? NULL : $user["first_name"] ) ."', last_name = '". ( (!isset($user["last_name"]) || empty($user["last_name"])) ? NULL : $user["last_name"] ) ."', street = '". ( (!isset($user["street"]) || empty($user["street"])) ? NULL : $user["street"] ) ."', postcode = '". ( (!isset($user["postcode"]) || empty($user["postcode"])) ? NULL : $user["postcode"] ) ."', hometown = '". ( (!isset($user["hometown"]) || empty($user["hometown"])) ? NULL : $user["hometown"] ) ."', website = '". ( (!isset($user["website"]) || empty($user["website"])) ? NULL : $user["website"] ) ."', telephone = '". ( (!isset($user["telephone"]) || empty($user["telephone"])) ? NULL : $user["telephone"] ) ."', fax = '". ( (!isset($user["fax"]) || empty($user["fax"])) ? NULL : $user["fax"] ) ."', mobil = '". ( (!isset($user["mobil"]) || empty($user["mobil"])) ? NULL : $user["mobil"] ) ."', signature = '". ( (!isset($user["signature"]) || empty($user["signature"])) ? NULL : $user["signature"] ) ."', icq = '". ( (!isset($user["icq"]) || empty($user["icq"])) ? NULL : $user["icq"] ) ."', msn = '". ( (!isset($user["msn"]) || empty($user["msn"])) ? NULL : $user["msn"] ) ."', aim = '". ( (!isset($user["aim"]) || empty($user["aim"])) ? NULL : $user["aim"] ) ."' WHERE LOWER(username) = '". strtolower($user["username"]) ."' LIMIT 1"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; if( $this->db->affectedRows( $this->result ) != 1 ) { return $this->message_return( DBUM_EDIT_USER_FAILED , "DB Handling" , "Something goes wrong, while edit your user data" ); } return TRUE; } /*************************************************************************** * - check is user_id valid * - return all found able user data **************************************************************************/ function return_user( $user_id ) { if( !$this->_valid_data( array("icq" => $user_id) ) ) { return FALSE; } $this->query = ''; $this->query = 'SELECT * FROM '. DBUM_USERS_TABLE .' WHERE user_id = \''. $user_id .'\' LIMIT 1'; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; if( !$row = $this->result->fetchRow( DB_FETCHMODE_ASSOC ) ) { return $this->message_return( DBUM_USER_NOT_EXISTS , "User" , "User doesnot exists" ); } $this->result->free(); // Remove the password field unset($row["password"]); return $row; } /*************************************************************************** * - check are given username valid * - delete all data for given username **************************************************************************/ function delete_user( $username ) { if( !$this->_valid_data( array("username" => $username) ) ) { return FALSE; } $this->query = ''; $this->query = 'DELETE FROM '. DBUM_USERS_TABLE .' WHERE LOWER(username) = \''. strtolower($username) .'\' LIMIT 1'; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; if( $this->db->affectedRows( $this->result ) ) { return $this->message_return( DBUM_USER_DELETE_FAILED , "DB Handling" , "Something goes wrong, while delete user" , __LINE__ , __FILE__ ); } return TRUE; } /*************************************************************************** * - check are given datas correct * - check is group already exists * - create group **************************************************************************/ function create_group( $group ) { if( !$this->_valid_data( $group ) ) { return FALSE; } // Check is group already exists if( !$this->_group_not_exists( $group["group_name"] ) ) { return FALSE; } if( !isset($group["level"]) || $group["level"] == '' ) { $group["level"] = 999; } $this->query = ''; $this->query = 'INSERT INTO '. DBUM_GROUPS_TABLE .' VALUES ( \'\', \''. $group["group_name"] .'\', \''. $group_desc["group_desc"] .'\', \''. $group["activated"] .'\', \''. $group["level"] .'\' )'; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; if( $this->db->affectedRows( $this->result ) != 1 ) { return $this->message_return( DBUM_CREATE_GROUP_FAILED , "DB Handling" , "Something goes wrong, while created group" , __LINE__ , __FILE__ ); } return TRUE; } /*************************************************************************** * - check is given group name valid * - activate group if exists **************************************************************************/ function activate_group( $group_name ) { if( !$this->_valid_data( array( "group_name" => $group_name ) ) ) { return FALSE; } $this->query = ""; $this->query = "UPDATE ". DBUM_GROUPS_TABLE ." SET activated = '1', WHERE LOWER(group_name) = '". strtolower($group_name) ."' LIMIT 1"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; if( $this->db->affectedRows( $this->result ) != 1 ) { return $this->message_return( DBUM_GROUP_ACTIVATE_FAILED , "Activate Group" , "Something goes wrong, while activate group" , __LINE__ , __FILE__ ); } return TRUE; } /*************************************************************************** * - check is group_name valid * - deactivate group if exists **************************************************************************/ function deactivate_group( $group_name ) { if( !$this->_valid_data( array( "group_name" => $group_name ) ) ) { return FALSE; } $this->query = ""; $this->query = "UPDATE ". DBUM_GROUPS_TABLE ." SET activated = '0', WHERE LOWER(group_name) = '". strtolower($group_name) ."' LIMIT 1"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; if( $this->db->affectedRows( $this->result ) != 1 ) { return $this->message_return( DBUM_GROUP_DEACTIVATE_FAILED , "Deactivate Group" , "Something goes wrong, while deactivate group" , __LINE__ , __FILE__ ); } return TRUE; } /*************************************************************************** * - if you not set level it will set to default "999" **************************************************************************/ function edit_group( $group ) { if( !$this->_valid_data( $group ) ) { return FALSE; } if( !isset($group["level"]) || $group["level"] == '' ) { $group["level"] = 999; } $this->query = ""; $this->query = "UPDATE ". DBUM_GROUPS_TABLE ." SET group_name = '". $group["group_name"] ."', group_desc = '". $group["group_desc"] ."', activated = '". $group["activated"] ."', level = '". $group["level"] ."' WHERE LOWER(group_name) = '". strtolower($group["group_name"]) ."' LIMIT 1"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; if( $this->db->affectedRows( $this->result ) != 1 ) { return $this->message_return( DBUM_GROUP_EDIT_FAILED , "Edit Group" , "Something goes wrong, while edit group" , __LINE__ , __FILE__ ); } // Return if all right return TRUE; } /*************************************************************************** * - check is given group_name valid * - delete all groupdata **************************************************************************/ function delete_group( $group_name ) { if( !$this->_valid_data( array( "group_name" => $group_name ) ) ) { return FALSE; } $this->query = ''; $this->query = 'DELETE FROM '. DBUM_GROUPS_TABLE .' WHERE LOWER(group_name) = \''. strtolower($group_name) .'\' LIMIT 1'; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; if( $this->db->affectedRows( $this->result ) != 1 ) { return $this->message_return( DBUM_GROUP_DELETE_FAILED , "DB Handling" , "Something goes wrong, while delete group" , __LINE__ , __FILE__ ); } return TRUE; } // Will load the session is given by sess_id , else it will start a new one and put this data to sessions table !!! // function load_session( $sess_id = NULL , $sess_name = "DBUM_SID" , $sess_cache_limiter = "private_no_expire" , $sess_cache_expire = "0" , $cookie_params = array() ) { if( !is_null($sess_id) ) { session_id($sess_id); } // Set session name session_name( $sess_name ); // "private" , "public" , "nocache" , "private_no_expire" // http://de2.php.net/manual/en/function.session-cache-limiter.php session_cache_limiter( $sess_cache_limiter ); // Browser Cache Time // 0 = Browser restarted session_cache_expire( $sess_cache_expire ); // Cookie Parameters // http://de2.php.net/manual/en/function.session-set-cookie-params.php ( !isset( $cookie_params["ttl"] ) ) ? $ttl = 0 : $ttl = $cookie_params["ttl"]; ( !isset( $cookie_params["path"] ) || $cookie_params["path"] == "" ) ? $path = "/" : $path = $cookie_params["path"]; ( !isset( $cookie_params["domain"] ) || empty($cookie_params["domain"]) ) ? $domain = $_SERVER["HTTP_HOST"]. dirname($_SERVER['PHP_SELF']) : $domain = $cookie_params["domain"]; ( !isset( $cookie_params["secure"] ) ) ? $secure = FALSE : $secure = $cookie_params["secure"]; session_set_cookie_params( $ttl , $path , $domain , $secure ); // start session if( !session_start() ) { return $this->message_return( DBUM_SESSION_START_FAILED , "Session" , "Cannot start session" ); } header("Cache-control: ".$sess_cache_limiter); //IE 6 Fix //////////////////////////////////////////////////////////////////////// // Updating Session Table if( $sess_id != session_id() ) { $this->query= ""; $this->query = "INSERT INTO ". DBUM_SESSION_TABLE ." VALUES ( '' , '". session_id() ."', '". $this->_datetime() ."' , '' , '' , '". $this->_timestamp() ."' , '". $this->_get_clientip() ."' , '". $this->_get_browser() ."' , '". $this->_get_referer() ."' )"; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; if( $this->db->affectedRows( $this->result ) != 1 ) { return $this->message_return( DBUM_INSERT_SESSION_FAILED , "DB_Handling" , "Something goes wrong, while insert session data" , __LINE__ , __FILE__ ); } // $this->result->free(); } //////////////////////////////////////////////////////////////////////// return TRUE; } /*************************************************************************** * - unset all session vars * - destroy session and go secure is session file delete **************************************************************************/ function destroy_session() { $session_id = session_id(); // Unset all Session Vars session_unset(); // Destroy Session session_destroy(); // Get session file and delete it !!! if (strtolower('files' == session_module_name())) { $os = substr(PHP_OS, 0, 3); if( $os == 'WIN' ) { $tz = "//"; $path = str_replace( chr(92) , $tz , session_save_path() ); } else { $tz = "/"; $path = session_save_path(); } @unlink($path . $tz .'sess_'. $session_id ); } return TRUE; } /*************************************************************************** * $options = array( "groups_table" => array( "name" => "100", * "desc" => "255", * "level" => "3" ), * "users_table" => array( "username" => "45", * "password" => "35", ) , * "groups" => array( array( "group_name" => "admin", * "group_desc" => "Administrators Group", * "level" => "100", * "activated" => "1" ), * array( "group_name" => "user", * "group_desc" => "Users Group", * "level" => "500", * "activated" => "1" ), * array( "group_name" => "public", * "group_desc" => "Public Group", * "level" => "900", * "activated" => "1" ) ), * "users" => array( array( "username" => "admin" * ) * **************************************************************************/ function install_tables( $options = array() ) { while( $k = key( $options ) ) { // check is a numeric array() if( is_array( $options[$k] ) ) { if( !$this->_is_numeric_array( $options[$k] ) ) { return $this->message_return( DBUM_INSTALL_ERROR , "Parameters" , "Options->". $k ." is not a numeric array.") ; } } else { return $this->message_return( DBUM_INSTALL_ERROR , "Parameters" , "Options->". $k ." is not an array."); } /* // Check are given data valid for( $i=0; $i < count($options[$k]); $i++ ) { if( !$this->_valid_data( $options[$k][$i] ) ) { return FALSE; } } */ } $this->query = ''; $this->query = 'CREATE TABLE '. DBUM_SESSION_TABLE .' ( id bigint(20) unsigned NOT NULL auto_increment, session_id varchar(32) NOT NULL default \'\', session_start datetime NOT NULL default \'NOW()\', session_stop datetime default NULL, user_id int(10) unsigned NOT NULL default \'0\', last_action int(10) UNSIGNED NOT NULL default \'0\', remoteip varchar(15) NOT NULL default \'\', browser varchar(255) default NULL, referer varchar(255) default NULL, PRIMARY KEY ( id ), UNIQUE KEY session_id ( session_id ) ) TYPE=MyISAM COMMENT=\'DBUM Session Data\' AUTO_INCREMENT=1 '; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query= ''; $this->query = 'CREATE TABLE '. DBUM_GROUPS_TABLE .' ( group_id int(10) unsigned NOT NULL auto_increment, group_name varchar(100) NOT NULL default \'\', group_desc varchar(255) default NULL, activated tinyint(1) unsigned NOT NULL default \'1\', level smallint(3) unsigned NOT NULL default \'999\', PRIMARY KEY ( group_id ), UNIQUE KEY group_name ( group_name ) ) TYPE=MyISAM COMMENT=\'DBUM Groups Table\' AUTO_INCREMENT=1 '; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; for( $i = 0; $i < count($options["groups"]); $i++ ) { if( !$this->create_group( $options["groups"][$i] ) ) { return FALSE; } } $this->query = 'CREATE TABLE '. DBUM_USERS_TABLE .' ( user_id int(10) unsigned NOT NULL auto_increment, group_id int(10) unsigned NOT NULL default \'0\', session_id varchar(32) NOT NULL , failed_logins smallint(2) unsigned NOT NULL default \'0\', locked tinyint(1) unsigned NOT NULL default \'0\', activated tinyint(1) unsigned NOT NULL default \'0\', created datetime NOT NULL default \'0000-00-00 00:00:00\', username varchar(50) NOT NULL , password varchar(40) NOT NULL , first_name varchar(100) default NULL, last_name varchar(100) default NULL, street varchar(255) default NULL, postcode varchar(20) default NULL, hometown varchar(150) default NULL, email varchar(150) NOT NULL, website varchar(255) NULL, telephone varchar(50) default NULL, fax varchar(50) default NULL, mobil varchar(50) default NULL, signature text default NULL, icq bigint(20) default NULL, msn varchar(255) default NULL, aim varchar(255) default NULL, PRIMARY KEY (user_id), UNIQUE KEY session_id (session_id), UNIQUE KEY username (username), UNIQUE KEY email (email) ) TYPE=MyISAM COMMENT=\'DBUM Users Data Table\' AUTO_INCREMENT=1 '; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } $this->query = ''; unset( $this->result ); for( $i = 0; $i< count( $options["users"] ); $i++ ) { if( !$this->create_user( $options["users"][$i] ) ) { return FALSE; } } return TRUE; } function message_return( $msg_code , $msg_title = "" , $msg_text = "" , $line = "" , $file = "" ) { if( $msg_code == DBUM_SQL_ERROR ) { $this->err_code = $msg_code; if( !$this->debug ) { $this->err_title = "SQL_Error"; $this->err_msg = $this->result->getMessage(); } else { $this->err_title = $this->result->getMessage(); $this->err_msg = $this->result->getUserInfo(); $this->err_line = $line; $this->err_file = $file; } } if( $msg_code == DBUM_INSERT_SESSION_FAILED || $msg_code == DBUM_CREATE_USER_FAILED || $msg_code == DBUM_UPDATE_SESSION_FAILED || $msg_code == DBUM_UNLOCK_USER_FAILED || $msg_code == DBUM_ACTIVATED_USER_FAILED || $msg_code == DBUM_CHANGE_EMAIL_FAILED || $msg_code == DBUM_GROUP_DELETE_FAILED || $msg_code == DBUM_GROUP_ACTIVATE_FAILED || $msg_code == DBUM_GROUP_DEACTIVATE_FAILED || $msg_code == DBUM_GROUP_EDIT_FAILED || $msg_code == DBUM_ACTION_FAILED ) { $this->err_code = $msg_code; $this->err_title = $msg_title; $this->err_msg = $msg_text; $this->err_line = $line; $this->err_file = $file; } if( $msg_code == DBUM_INPUT_ERROR ) { $this->err_code = $msg_code; if( $msg_title == "" ) { $this->err_title = "Input Error"; } else { $this->err_title = $msg_title; } $this->err_msg = $msg_text; } if( $msg_code == DBUM_LOGIN_FAILED || $msg_code == DBUM_USER_NOT_ACTIVATED || $msg_code == DBUM_USER_EXISTS || $msg_code == DBUM_SESSION_START_FAILED || $msg_code == DBUM_USER_LOCKED || $msg_code == DBUM_GROUP_NOT_EXISTS || $msg_code == DBUM_GROUP_NOT_ACTIVATED || $msg_code == DBUM_NOT_LOGGED || $msg_code == DBUM_LOGIN_TIMEOUT_REACHED || $msg_code == DBUM_USER_NOT_EXISTS || $msg_code == DBUM_CHANGE_PASSWORD_FAILED || $msg_code == DBUM_ACCESS_DENIED || $msg_code == DBUM_GROUP_EXISTS || $msg_code == DBUM_EDIT_USER_FAILED || $msg_code == DBUM_FORGOT_PASSWORD_FAILED) { $this->err_code = $msg_code; $this->err_title = $msg_title; $this->err_msg = $msg_text; if( $this->debug ) { $this->err_line = $line; $this->err_file = $file; } } if( $msg_code == DBUM_HACKER_ATTEMPT ) { $this->err_code = $msg_code; $this->err_title = "Hacker attempt"; $this->err_msg = "You try to hack this site, an email with your data was send to admin"; } if( isset($this->result) ) { // $this->result->free(); } return FALSE; } function _valid_data( $user ) { while(list($key , $value ) = each( $user )) { if( !is_array($value) ) $value = strip_tags( $value ); // Check is Username String valid if( preg_match("/username/i" , $key ) ) { if( strlen( $value ) > DBUM_MAX_USERNAME_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } if( !preg_match("/^[A-Za-z0-9_-]+$/" , $value ) ) { return $this->message_return( DBUM_INPUT_ERROR , "Username" , "Invalid chars in your username" ); } } // Check is Password String valid if( preg_match("/password/i" , $key ) ) { if( is_array($value) ) { foreach( $value as $v ) { if( strlen( $v ) > DBUM_MAX_PASSWORD_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } } } else { if( strlen( $value ) > DBUM_MAX_PASSWORD_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } } } // Check is first_name String valid if( preg_match("/first_name/i" , $key) ) { if( !empty( $value ) ) { if( strlen( $value ) > DBUM_FIRST_NAME_MAX_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } if( !preg_match("/^[A-Za-z0-9_-]+$/" , $value ) ) { return $this->message_return( DBUM_INPUT_ERROR , "First_Name" , "Invalid chars in your first_name" ); } } } // Check is last_name String valid if( preg_match("/last_name/i" , $key) ) { if( strlen( $value ) > DBUM_LAST_NAME_MAX_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } if( !empty($value) && !preg_match("/^[A-Za-z0-9_-]+$/" , $value ) ) { return $this->message_return( DBUM_INPUT_ERROR , "Last_Name" , "Invalid chars in your last_name" ); } } // Check is street String valid if( preg_match("/street/i" , $key) ) { if( !empty($value) ) { if( strlen( $value ) > DBUM_STREET_MAX_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } if( !preg_match("/^[A-Za-z0-9.-]+$/" , $value ) ) { return $this->message_return( DBUM_INPUT_ERROR , "Street" , "Invalid chars in your street string" ); } } } // Check is hometown String valid if( preg_match("/hometown/i" , $key) ) { if( !empty($value) ) { if( strlen( $value ) > DBUM_HOMETOWN_MAX_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } if( !preg_match("/^[A-Za-z0-9-_]+$/" , $value ) ) { return $this->message_return( DBUM_INPUT_ERROR , "HomeTown" , "Invalid chars in your hometown" ); } } } // Check is postcode String valid if( preg_match("/postcode/i" , $key) ) { if( !empty($value) ) { if( strlen( $value ) > DBUM_POSTCODE_MAX_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } if( !preg_match("/^[0-9]+$/" , $value ) ) { return $this->message_return( DBUM_INPUT_ERROR , "Postcode" , "Invalid chars in your postcode" ); } } } // Check is E-Mail String valid if( preg_match("/email/i" , $key) ) { if( strlen( $value ) > DBUM_EMAIL_MAX_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } if( !preg_match("/[a-z0-9_-]+(\.[a-z0-9_-]+)*@([0-9a-z][0-9a-z-]*[0-9a-z]\.)+([a-z]{2,4}|museum)/i" , $value ) ) { return $this->message_return( DBUM_INPUT_ERROR , "E-Mail" , "Invalid email address" ); } } // Check is telephone valid if( preg_match("/telephone/i" , $key) ) { if( strlen( $value ) > DBUM_TELEPHONE_MAX_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } } // Check is FAX valid if( preg_match("/fax/i" , $key) ) { if( strlen( $value ) > DBUM_FAX_MAX_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } } // Check is Mobil valid if( preg_match("/mobil/i" , $key) ) { if( strlen( $value ) > DBUM_MOBIL_MAX_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } } // Check is ICQ Number valid if( preg_match("/icq/i" , $key) ) { if( !empty($value) ) { if( strlen( $value ) > DBUM_ICQ_MAX_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } if( !preg_match("/^[0-9]+$/" , $value ) ) { return $this->message_return( DBUM_INPUT_ERROR , "ICQ_Number" , "Invalid chars in your icq number" ); } } } // Check is MSN valid if( preg_match("/msn/i" , $key) ) { if( strlen( $value ) > DBUM_MSN_MAX_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } } // Check is AIM valid if( preg_match("/aim/i" , $key) ) { if( strlen( $value ) > DBUM_AIM_MAX_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } } // Check is Website valid if( preg_match("/website/i" , $key) ) { if( !empty($value) ) { if( strlen( $value ) > DBUM_WEBSITE_MAX_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } if( !preg_match("/^http:+./i" , $value) ) { return $this->message_return( DBUM_INPUT_ERROR , "Website" , "Invalid URL given" ); } } } // Extra checks if( preg_match("/unlock_id|session_id/i" , $key) ) { if( strlen( $value ) > 32 ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } if( !preg_match("/^[a-z0-9]+$/" , $value) ) { return $this->message_return( DBUM_INPUT_ERROR , "Id" , "Invalid ". $key ." given" ); } } if( preg_match("/group_name/i" , $key ) ) { if( strlen( $value ) > DBUM_GROUP_NAME_MAX_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } if( !preg_match("/^[A-Za-z0-9_-]+$/" , $value) ) { return $this->message_return( DBUM_INPUT_ERROR , "Group Name" , "Invalid group_name given" ); } } if( preg_match("/group_desc/i" , $key ) ) { if( !empty($value) ) { if( strlen( $value ) > DBUM_GROUP_DESC_MAX_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } if( !preg_match("/^[A-Za-z0-9_-]+$/" , $value) ) { return $this->message_return( DBUM_INPUT_ERROR , "Group Description" , "Invalid group_desc given" ); } } } if( preg_match("/level/i" , $key ) ) { if( strlen( $value ) > DBUM_GROUP_LEVEL_MAX_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } if( !preg_match("/^[A-Za-z0-9_-]+$/" , $value) ) { return $this->message_return( DBUM_INPUT_ERROR , "Group Description" , "Invalid group_desc given" ); } } if( preg_match("/timeout/i" , $key ) ) { if( strlen( $value ) > DBUM_TIMEOUT_MAX_LEN ) { return $this->message_return( DBUM_HACKER_ATTEMPT ); } if( !preg_match("/^[0-9]+$/" , $value ) ) { return $this->message_return( DBUM_INPUT_ERROR , "Timeout" , "Invalid timeout given" ); } } } return TRUE; } function _user_not_exists( $username ) { // DB Handling $this->query = ''; $this->query = 'SELECT user_id FROM '. DBUM_USERS_TABLE .' WHERE LOWER(username) = \''. strtolower($username) .'\' LIMIT 1'; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR ); } $this->query = ''; // check is a Dataset founded ! if( $row = $this->result->fetchRow() ) { $this->result->free(); return $this->message_return( DBUM_USER_EXISTS , "Username" , "User alreadey exists" , __LINE__ , __FILE__ ); } // Free Result $this->result->free(); // Return return TRUE; } /*************************************************************************** * **************************************************************************/ function _group_not_exists( $group_name ) { $this->query = ''; $this->query = 'SELECT group_id FROM '. DBUM_GROUPS_TABLE .' WHERE LOWER(group_name) = \''. strtolower($group_name) .'\' LIMIT 1'; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } if( $row = $this->result->fetchRow() ) { $this->result->free(); return $this->message_return( DBUM_GROUP_EXISTS , "GroupName" , "Group does already exists" ); } $this->result->free(); return TRUE; } /* * * */ function _email_not_exists( $email ) { $this->query = ''; $this->query = 'SELECT username FROM '. DBUM_USERS_TABLE .' WHERE email = \''. $email .'\' LIMIT 1'; $this->result = $this->db->query( $this->query ); if( DB::isError( $this->result ) ) { return $this->message_return( DBUM_SQL_ERROR , "" , "" , __LINE__ , __FILE__ ); } if( $row = $this->result->fetchRow() ) { $this->result->free(); return $this->message_return( DBUM_EMAIL_EXISTS , "Email address" , "Given email address already exists" ); } $this->result->free(); return TRUE; } /*************************************************************************** * _generate_password * - ONLY EXPERIMENTAL - not more - **************************************************************************/ function _generate_password( $string ) { $output = ''; for($i = 0; $i <= 2; $i++ ) { $output .= substr( $string , substr(time(),-1) ); } return substr( $output, -8 ); } /*************************************************************************** * return a md5 id * **************************************************************************/ function _generate_id( $username ) { return md5($this->_get_microtime().$username); } function _get_clientip() { if( getenv("HTTP_X_FORWARDED_FOR") != '' ) { $client_ip = $_SERVER["REMOTE_ADDR"]; if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) ) { $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10.\.*/', '/^224.\.*/', '/^240.\.*/'); $client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]); } } else { $client_ip = $_SERVER["REMOTE_ADDR"]; if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) ) { $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10.\.*/', '/^224.\.*/', '/^240.\.*/'); $client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]); } } return $client_ip; } // Return if isset HTTP REFERER , else NULL function _get_referer() { if( isset($_SERVER["HTTP_REFERER"]) && $_SERVER["HTTP_REFERER"] != '' ) { return $_SERVER["HTTP_REFERER"]; } else { return NULL; } } // Return if isset $_SERVER["HTTP_USER_AGENT"] , else NULL function _get_browser() { if( isset($_SERVER["HTTP_USER_AGENT"]) && $_SERVER["HTTP_USER_AGENT"] != '' ) { return $_SERVER["HTTP_USER_AGENT"]; } else { return NULL; } } // Return TRUE if given array only with numeric keys, else FALSE function _is_numeric_array( $a ) { if( !is_array( $a ) ) return FALSE; foreach( $a as $k ){ if( !is_numeric( $k ) ) return FALSE; } return TRUE; } // Return Unix Timestamp function _timestamp() { return date('U'); } // Get Mircotime function _get_microtime() { list( $usec , $sec ) = explode(" ", microtime()); return ((float)$usec + (float)$sec); } // Return Formatted datetime function _datetime() { return date('Y-m-d H:i:s'); } } ?>