no dice.
I just get id at the end =(
updated code
<?PHP
/*
Registration/Login script from HTML Form Guide
V1.0
This program is free software published under the
terms of the GNU Lesser General Public License.
http://www.gnu.org/copyleft/lesser.html
This program is distributed in the hope that it will
be useful - WITHOUT ANY WARRANTY; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
For updates, please visit:
http://www.html-form-guide.com/php-form ... -form.html
http://www.html-form-guide.com/php-form ... -form.html
*/
require_once("class.phpmailer.php");
require_once("formvalidator.php");
class FGMembersite
{
var $admin_email;
var $from_address;
var $username;
var $pwd;
var $database;
var $tablename;
var $connection;
var $rand_key;
var $error_message;
//-----Initialization -------
function FGMembersite()
{
$this->sitename = 'YourWebsiteName.com';
$this->rand_key = '0iQx5oBk66oVZep';
}
function InitDB($host,$uname,$pwd,$database,$tablename)
{
$this->db_host = $host;
$this->username = $uname;
$this->pwd = $pwd;
$this->database = $database;
$this->tablename = $tablename;
}
function fetch_users(){
$result = mysql_query("SELECT `id_user` AS `id`, `username` AS `username` FROM `fgusers3` ");
$users = array();
while (($row = mysql_fetch_assoc($result)) !== false){
$users[] = $row;
}echo mysql_error();
return $users;
}
function fetch_user_info($uid){
$uid = (int)$uid;
$sql = "SELECT
`username` AS `username`,
`user_about` AS `about`,
`user_location` AS `location`,
`user_gender` AS `gender`
FROM `fgusers3`
WHERE `id_user`= '{$uid}'" ;
$result = mysql_query($sql);
return mysql_fetch_assoc($result);
}
function SetAdminEmail($email)
{
$this->admin_email = $email;
}
function SetWebsiteName($sitename)
{
$this->sitename = $sitename;
}
function SetRandomKey($key)
{
$this->rand_key = $key;
}
//-------Main Operations ----------------------
function RegisterUser()
{
if(!isset($_POST['submitted']))
{
return false;
}
$formvars = array();
if(!$this->ValidateRegistrationSubmission())
{
return false;
}
$this->CollectRegistrationSubmission($formvars);
if(!$this->SaveToDatabase($formvars))
{
return false;
}
if(!$this->SendUserConfirmationEmail($formvars))
{
return false;
}
$this->SendAdminIntimationEmail($formvars);
return true;
}
function ConfirmUser()
{
if(empty($_GET['code'])||strlen($_GET['code'])<=10)
{
$this->HandleError("Please provide the confirm code");
return false;
}
$user_rec = array();
if(!$this->UpdateDBRecForConfirmation($user_rec))
{
return false;
}
$this->SendUserWelcomeEmail($user_rec);
$this->SendAdminIntimationOnRegComplete($user_rec);
return true;
}
function validate_credentials($user, $pass){
$user = mysql_real_escape_string($user);
$pass = sha1($pass);
$result = mysql_query("SELECT `id_user` FROM `fgusers3` WHERE `username` = '{$user}' AND `password` = '{$pass}'");
if (mysql_num_rows($result) != 1){
return false;
}
return mysql_result($result, 0);
}
function Login($user, $pass){
$user = mysql_real_escape_string($user);
$pass = sha1($pass);
$result = mysql_query("SELECT `id_user` FROM `fgusers3` WHERE `username` = '{$user}' AND `password` = '{$pass}'");
if (mysql_num_rows($result) != 1){
return false;
}
return mysql_result($result, 0);
}
function UserID()
{
return isset($_SESSION['id_of_user'])?$_SESSION['id_of_user']:'';
}
function CheckLogin()
{
if (($uid = validate_credentials($_POST['user'], $_POST['pass']) !== false){
$_SESSION['uid'] = $uid;
header('Location: somewhere.php');
die();
}
}
function UserFullName()
{
return isset($_SESSION['name_of_user'])?$_SESSION['name_of_user']:'';
}
function UserEmail()
{
return isset($_SESSION['email_of_user'])?$_SESSION['email_of_user']:'';
}
function LogOut()
{
session_start();
$sessionvar = $this->GetLoginSessionVar();
$_SESSION[$sessionvar]=NULL;
unset($_SESSION[$sessionvar]);
}
function EmailResetPasswordLink()
{
if(empty($_POST['email']))
{
$this->HandleError("Email is empty!");
return false;
}
$user_rec = array();
if(false === $this->GetUserFromEmail($_POST['email'], $user_rec))
{
return false;
}
if(false === $this->SendResetPasswordLink($user_rec))
{
return false;
}
return true;
}
function ResetPassword()
{
if(empty($_GET['email']))
{
$this->HandleError("Email is empty!");
return false;
}
if(empty($_GET['code']))
{
$this->HandleError("reset code is empty!");
return false;
}
$email = trim($_GET['email']);
$code = trim($_GET['code']);
if($this->GetResetPasswordCode($email) != $code)
{
$this->HandleError("Bad reset code!");
return false;
}
$user_rec = array();
if(!$this->GetUserFromEmail($email,$user_rec))
{
return false;
}
$new_password = $this->ResetUserPasswordInDB($user_rec);
if(false === $new_password || empty($new_password))
{
$this->HandleError("Error updating new password");
return false;
}
if(false == $this->SendNewPassword($user_rec,$new_password))
{
$this->HandleError("Error sending new password");
return false;
}
return true;
}
function ChangePassword()
{
if(!$this->CheckLogin())
{
$this->HandleError("Not logged in!");
return false;
}
if(empty($_POST['oldpwd']))
{
$this->HandleError("Old password is empty!");
return false;
}
if(empty($_POST['newpwd']))
{
$this->HandleError("New password is empty!");
return false;
}
$user_rec = array();
if(!$this->GetUserFromEmail($this->UserEmail(),$user_rec))
{
return false;
}
$pwd = trim($_POST['oldpwd']);
if($user_rec['password'] != md5($pwd))
{
$this->HandleError("The old password does not match!");
return false;
}
$newpwd = trim($_POST['newpwd']);
if(!$this->ChangePasswordInDB($user_rec, $newpwd))
{
return false;
}
return true;
}
//-------Public Helper functions -------------
function GetSelfScript()
{
return htmlentities($_SERVER['PHP_SELF']);
}
function SafeDisplay($value_name)
{
if(empty($_POST[$value_name]))
{
return'';
}
return htmlentities($_POST[$value_name]);
}
function RedirectToURL($url)
{
header("Location: $url");
exit;
}
function GetSpamTrapInputName()
{
return 'sp'.md5('KHGdnbvsgst'.$this->rand_key);
}
function GetErrorMessage()
{
if(empty($this->error_message))
{
return '';
}
$errormsg = nl2br(htmlentities($this->error_message));
return $errormsg;
}
//-------Private Helper functions-----------
function HandleError($err)
{
$this->error_message .= $err."\r\n";
}
function HandleDBError($err)
{
$this->HandleError($err."\r\n mysqlerror:".mysql_error());
}
function GetFromAddress()
{
if(!empty($this->from_address))
{
return $this->from_address;
}
$host = $_SERVER['SERVER_NAME'];
$from ="nobody@$host";
return $from;
}
function GetLoginSessionVar()
{
$retvar = md5($this->rand_key);
$retvar = 'usr_'.substr($retvar,0,10);
return $retvar;
}
function CheckLoginInDB($username,$password)
{
if(!$this->DBLogin())
{
$this->HandleError("Database login failed!");
return false;
}
$username = $this->SanitizeForSQL($username);
$pwdmd5 = md5($password);
$qry = "Select name, email from $this->tablename where username='$username' and password='$pwdmd5' and confirmcode='y'";
$result = mysql_query($qry,$this->connection);
if(!$result || mysql_num_rows($result) <= 0)
{
$this->HandleError("Error logging in. The username or password does not match");
return false;
}
$row = mysql_fetch_assoc($result);
$_SESSION['id_of_user'] = $row['id_user'];
$_SESSION['name_of_user'] = $row['name'];
$_SESSION['email_of_user'] = $row['email'];
return true;
}
function UpdateDBRecForConfirmation(&$user_rec)
{
if(!$this->DBLogin())
{
$this->HandleError("Database login failed!");
return false;
}
$confirmcode = $this->SanitizeForSQL($_GET['code']);
$result = mysql_query("Select name, email from $this->tablename where confirmcode='$confirmcode'",$this->connection);
if(!$result || mysql_num_rows($result) <= 0)
{
$this->HandleError("Wrong confirm code.");
return false;
}
$row = mysql_fetch_assoc($result);
$user_rec['name'] = $row['name'];
$user_rec['email']= $row['email'];
$qry = "Update $this->tablename Set confirmcode='y' Where confirmcode='$confirmcode'";
if(!mysql_query( $qry ,$this->connection))
{
$this->HandleDBError("Error inserting data to the table\nquery:$qry");
return false;
}
return true;
}
function ResetUserPasswordInDB($user_rec)
{
$new_password = substr(md5(uniqid()),0,10);
if(false == $this->ChangePasswordInDB($user_rec,$new_password))
{
return false;
}
return $new_password;
}
function ChangePasswordInDB($user_rec, $newpwd)
{
$newpwd = $this->SanitizeForSQL($newpwd);
$qry = "Update $this->tablename Set password='".md5($newpwd)."' Where id_user=".$user_rec['id_user']."";
if(!mysql_query( $qry ,$this->connection))
{
$this->HandleDBError("Error updating the password \nquery:$qry");
return false;
}
return true;
}
function GetUserFromEmail($email,&$user_rec)
{
if(!$this->DBLogin())
{
$this->HandleError("Database login failed!");
return false;
}
$email = $this->SanitizeForSQL($email);
$result = mysql_query("Select * from $this->tablename where email='$email'",$this->connection);
if(!$result || mysql_num_rows($result) <= 0)
{
$this->HandleError("There is no user with email: $email");
return false;
}
$user_rec = mysql_fetch_assoc($result);
return true;
}
function SendUserWelcomeEmail(&$user_rec)
{
$mailer = new PHPMailer();
$mailer->CharSet = 'utf-8';
$mailer->AddAddress($user_rec['email'],$user_rec['name']);
$mailer->Subject = "Welcome to ".$this->sitename;
$mailer->From = $this->GetFromAddress();
$mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n".
"Welcome! Your registration with ".$this->sitename." is completed.\r\n".
"\r\n".
"Regards,\r\n".
"Webmaster\r\n".
$this->sitename;
if(!$mailer->Send())
{
$this->HandleError("Failed sending user welcome email.");
return false;
}
return true;
}
function SendAdminIntimationOnRegComplete(&$user_rec)
{
if(empty($this->admin_email))
{
return false;
}
$mailer = new PHPMailer();
$mailer->CharSet = 'utf-8';
$mailer->AddAddress($this->admin_email);
$mailer->Subject = "Registration Completed: ".$user_rec['name'];
$mailer->From = $this->GetFromAddress();
$mailer->Body ="A new user registered at ".$this->sitename."\r\n".
"Name: ".$user_rec['name']."\r\n".
"Email address: ".$user_rec['email']."\r\n";
if(!$mailer->Send())
{
return false;
}
return true;
}
function GetResetPasswordCode($email)
{
return substr(md5($email.$this->sitename.$this->rand_key),0,10);
}
function SendResetPasswordLink($user_rec)
{
$email = $user_rec['email'];
$mailer = new PHPMailer();
$mailer->CharSet = 'utf-8';
$mailer->AddAddress($email,$user_rec['name']);
$mailer->Subject = "Your reset password request at ".$this->sitename;
$mailer->From = $this->GetFromAddress();
$link = $this->GetAbsoluteURLFolder().
'/resetpwd.php?email='.
urlencode($email).'&code='.
urlencode($this->GetResetPasswordCode($email));
$mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n".
"There was a request to reset your password at ".$this->sitename."\r\n".
"Please click the link below to complete the request: \r\n".$link."\r\n".
"Regards,\r\n".
"Webmaster\r\n".
$this->sitename;
if(!$mailer->Send())
{
return false;
}
return true;
}
function SendNewPassword($user_rec, $new_password)
{
$email = $user_rec['email'];
$mailer = new PHPMailer();
$mailer->CharSet = 'utf-8';
$mailer->AddAddress($email,$user_rec['name']);
$mailer->Subject = "Your new password for ".$this->sitename;
$mailer->From = $this->GetFromAddress();
$mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n".
"Your password is reset successfully. ".
"Here is your updated login:\r\n".
"username:".$user_rec['username']."\r\n".
"password:$new_password\r\n".
"\r\n".
"Login here: ".$this->GetAbsoluteURLFolder()."/login.php\r\n".
"\r\n".
"Regards,\r\n".
"Webmaster\r\n".
$this->sitename;
if(!$mailer->Send())
{
return false;
}
return true;
}
function ValidateRegistrationSubmission()
{
//This is a hidden input field. Humans won't fill this field.
if(!empty($_POST[$this->GetSpamTrapInputName()]) )
{
//The proper error is not given intentionally
$this->HandleError("Automated submission prevention: case 2 failed");
return false;
}
$validator = new FormValidator();
$validator->addValidation("name","req","Please fill in Name");
$validator->addValidation("email","email","The input for Email should be a valid email value");
$validator->addValidation("email","req","Please fill in Email");
$validator->addValidation("username","req","Please fill in UserName");
$validator->addValidation("password","req","Please fill in Password");
if(!$validator->ValidateForm())
{
$error='';
$error_hash = $validator->GetErrors();
foreach($error_hash as $inpname => $inp_err)
{
$error .= $inpname.':'.$inp_err."\n";
}
$this->HandleError($error);
return false;
}
return true;
}
function CollectRegistrationSubmission(&$formvars)
{
$formvars['name'] = $this->Sanitize($_POST['name']);
$formvars['email'] = $this->Sanitize($_POST['email']);
$formvars['username'] = $this->Sanitize($_POST['username']);
$formvars['password'] = $this->Sanitize($_POST['password']);
}
function SendUserConfirmationEmail(&$formvars)
{
$mailer = new PHPMailer();
$mailer->CharSet = 'utf-8';
$mailer->AddAddress($formvars['email'],$formvars['name']);
$mailer->Subject = "Your registration with ".$this->sitename;
$mailer->From = $this->GetFromAddress();
$confirmcode = $formvars['confirmcode'];
$confirm_url = $this->GetAbsoluteURLFolder().'/confirmreg.php?code='.$confirmcode;
$mailer->Body ="Hello ".$formvars['name']."\r\n\r\n".
"Thanks for your registration with ".$this->sitename."\r\n".
"Please click the link below to confirm your registration.\r\n".
"$confirm_url\r\n".
"\r\n".
"Regards,\r\n".
"Webmaster\r\n".
$this->sitename;
if(!$mailer->Send())
{
$this->HandleError("Failed sending registration confirmation email.");
return false;
}
return true;
}
function GetAbsoluteURLFolder()
{
$scriptFolder = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) ? 'https://' : 'http://';
$scriptFolder .= $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']);
return $scriptFolder;
}
function SendAdminIntimationEmail(&$formvars)
{
if(empty($this->admin_email))
{
return false;
}
$mailer = new PHPMailer();
$mailer->CharSet = 'utf-8';
$mailer->AddAddress($this->admin_email);
$mailer->Subject = "New registration: ".$formvars['name'];
$mailer->From = $this->GetFromAddress();
$mailer->Body ="A new user registered at ".$this->sitename."\r\n".
"Name: ".$formvars['name']."\r\n".
"Email address: ".$formvars['email']."\r\n".
"UserName: ".$formvars['username'];
if(!$mailer->Send())
{
return false;
}
return true;
}
function SaveToDatabase(&$formvars)
{
if(!$this->DBLogin())
{
$this->HandleError("Database login failed!");
return false;
}
if(!$this->Ensuretable())
{
return false;
}
if(!$this->IsFieldUnique($formvars,'email'))
{
$this->HandleError("This email is already registered");
return false;
}
if(!$this->IsFieldUnique($formvars,'username'))
{
$this->HandleError("This UserName is already used. Please try another username");
return false;
}
if(!$this->InsertIntoDB($formvars))
{
$this->HandleError("Inserting to Database failed!");
return false;
}
return true;
}
function IsFieldUnique($formvars,$fieldname)
{
$field_val = $this->SanitizeForSQL($formvars[$fieldname]);
$qry = "select username from $this->tablename where $fieldname='".$field_val."'";
$result = mysql_query($qry,$this->connection);
if($result && mysql_num_rows($result) > 0)
{
return false;
}
return true;
}
function DBLogin()
{
$this->connection = mysql_connect($this->db_host,$this->username,$this->pwd);
if(!$this->connection)
{
$this->HandleDBError("Database Login failed! Please make sure that the DB login credentials provided are correct");
return false;
}
if(!mysql_select_db($this->database, $this->connection))
{
$this->HandleDBError('Failed to select database: '.$this->database.' Please make sure that the database name provided is correct');
return false;
}
if(!mysql_query("SET NAMES 'UTF8'",$this->connection))
{
$this->HandleDBError('Error setting utf8 encoding');
return false;
}
return true;
}
function Ensuretable()
{
$result = mysql_query("SHOW COLUMNS FROM $this->tablename");
if(!$result || mysql_num_rows($result) <= 0)
{
return $this->CreateTable();
}
return true;
}
function CreateTable()
{
$qry = "Create Table $this->tablename (".
"id_user INT NOT NULL AUTO_INCREMENT ,".
"name VARCHAR( 128 ) NOT NULL ,".
"email VARCHAR( 64 ) NOT NULL ,".
"phone_number VARCHAR( 16 ) NOT NULL ,".
"username VARCHAR( 16 ) NOT NULL ,".
"password VARCHAR( 32 ) NOT NULL ,".
"confirmcode VARCHAR(32) ,".
"PRIMARY KEY ( id_user )".
")";
if(!mysql_query($qry,$this->connection))
{
$this->HandleDBError("Error creating the table \nquery was\n $qry");
return false;
}
return true;
}
function InsertIntoDB(&$formvars)
{
$confirmcode = $this->MakeConfirmationMd5($formvars['email']);
$formvars['confirmcode'] = $confirmcode;
$insert_query = 'insert into '.$this->tablename.'(
name,
email,
username,
password,
confirmcode
)
values
(
"' . $this->SanitizeForSQL($formvars['name']) . '",
"' . $this->SanitizeForSQL($formvars['email']) . '",
"' . $this->SanitizeForSQL($formvars['username']) . '",
"' . md5($formvars['password']) . '",
"' . $confirmcode . '"
)';
if(!mysql_query( $insert_query ,$this->connection))
{
$this->HandleDBError("Error inserting data to the table\nquery:$insert_query");
return false;
}
return true;
}
function MakeConfirmationMd5($email)
{
$randno1 = rand();
$randno2 = rand();
return md5($email.$this->rand_key.$randno1.''.$randno2);
}
function SanitizeForSQL($str)
{
if( function_exists( "mysql_real_escape_string" ) )
{
$ret_str = mysql_real_escape_string( $str );
}
else
{
$ret_str = addslashes( $str );
}
return $ret_str;
}
/*
Sanitize() function removes any potential threat from the
data submitted. Prevents email injections or any other hacker attempts.
if $remove_nl is true, newline chracters are removed from the input.
*/
function Sanitize($str,$remove_nl=true)
{
$str = $this->StripSlashes($str);
if($remove_nl)
{
$injections = array('/(\n+)/i',
'/(\r+)/i',
'/(\t+)/i',
'/(%0A+)/i',
'/(%0D+)/i',
'/(%08+)/i',
'/(%09+)/i'
);
$str = preg_replace($injections,'',$str);
}
return $str;
}
function StripSlashes($str)
{
if(get_magic_quotes_gpc())
{
$str = stripslashes($str);
}
return $str;
}
}
?>