time = time(); $this->startSession(); } /** * startSession - Performs all the actions necessary to * initialize this session object. Tries to determine if the * the user has logged in already, and sets the variables * accordingly. Also takes advantage of this page load to * update the active visitors tables. */ function startSession(){ global $database, $domain; //The database connection session_start(); //Tell PHP to start the session /* Determine if user is logged in */ $this->logged_in = $this->checkLogin(); /** * Set guest value to users not logged in, and update * active guests table accordingly. */ if(!$this->logged_in){ $this->username = $_SESSION['username'] = GUEST_NAME; $this->user_level = GUEST_LEVEL; $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time); } /* Update users last active timestamp */ else{ $database->addActiveUser($this->username, $this->time); } /* Remove inactive visitors from database */ $database->removeInactiveUsers(); $database->removeInactiveGuests(); /* Set referrer page */ if(isset($_SESSION['url'])){ $this->referrer = $_SESSION['url']; }else{ $this->referrer = "/"; } /* Set current url */ $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF']; //$this->referer=$_COOKIE["referer"]; $this->referer=$_SERVER['HTTP_REFERER'];//windows server //setcookie("referer", 'http://www.'.DOMAIN.$_SERVER['REQUEST_URI'], time()+COOKIE_EXPIRE,COOKIE_PATH); } /** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */ function checkLogin(){ global $database; //The database connection /* Check if user has been remembered */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){ $this->username = $_SESSION['username'] = $_COOKIE['cookname']; $this->user_ID = $_SESSION['user_ID'] = $_COOKIE['cookid']; } /* Username and user_ID have been set and not guest */ if(isset($_SESSION['username']) && isset($_SESSION['user_ID']) && $_SESSION['username'] != GUEST_NAME){ /* Confirm that user name and user_ID are valid */ if($database->confirmUserID($_SESSION['username'], $_SESSION['user_ID']) != 0){ /* Variables are incorrect, user not logged in */ unset($_SESSION['username']); unset($_SESSION['user_ID']); return false; } /* User is logged in, set class variables */ $this->userinfo = $database->getUserInfo($_SESSION['username']); $this->username = $this->userinfo['username']; $this->user_firstname = $this->userinfo['user_firstname']; $this->user_lastname = $this->userinfo['user_lastname']; $this->user_fullname = $this->userinfo['user_fullname']; $this->user_email = $this->userinfo['user_email']; $this->user_valid = $this->userinfo['user_valid']; $this->user_cont_main_cat_ID = $this->userinfo['user_cont_main_cat_ID']; $this->user_ID = $this->userinfo['user_ID']; $this->user_level = $this->userinfo['user_level']; $this->user_image = $this->userinfo['user_image']; return true; } /* User not logged in */ else{ return false; } } /** * login - The user has submitted his user name and password * through the login form, this function checks the authenticity * of that information in the database and creates the session. * Effectively logging in the user if all goes well. */ function login($subuser, $subpass, $subremember){ global $database, $form; //The database and form object /* Username error checking */ $field = "user"; //Use field name for user name if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "username not entered",2); } else{ /* Check if user name is not alphanumeric */ if(!preg_match("/^([0-9a-z])*$/i", $subuser)){ $form->setError($field, "username not alphanumeric"); } } /* Password error checking */ $field = "pass"; //Use field name for password if(!$subpass){ $form->setError($field, "password not entered"); } /* Return if form errors exist */ if($form->num_errors > 0){ return false; } /* Checks that user name is in database and password is correct */ $subuser = stripslashes($subuser); $result = $database->confirmUserPass($subuser, md5($subpass)); /* Check error codes */ if($result == 1){ $field = "user"; $form->setError($field, "username not found"); } else if($result == 2){ $field = "pass"; $form->setError($field, "invalid password"); } /* Return if form errors exist */ if($form->num_errors > 0){ return false; } /* Username and password correct, register session variables */ $this->userinfo = $database->getUserInfo($subuser); $this->username = $_SESSION['username'] = $this->userinfo['username']; $this->user_ID = $_SESSION['user_ID'] = $this->generateRandID(); $this->user_level = $this->userinfo['user_level']; /* Insert user_ID into database and update active users table */ $database->updateUserField($this->username, "user_ID", $this->user_ID); $database->addActiveUser($this->username, $this->time); $database->removeActiveGuest($_SERVER['REMOTE_ADDR']); /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his user name, * and one to hold his random value user_ID. It expires by the time * specified in constants.php. Now, next time he comes to our site, we will * log him in automatically, but only if he didn't log out before he left. */ if($subremember){ setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH); setcookie("cookid", $this->user_ID, time()+COOKIE_EXPIRE, COOKIE_PATH); }else{ setcookie('cookname','',time()-3600,COOKIE_PATH); setcookie('cookid','',time()-3600,COOKIE_PATH); } /* Login completed successfully */ return true; } /** * logout - Gets called when the user wants to be logged out of the * website. It deletes any cookies that were stored on the users * computer as a result of him wanting to be remembered, and also * unsets session variables and demotes his user level to guest. */ function logout(){ global $database; //The database connection /** * Delete cookies - the time must be in the past, * so just negate what you added when creating the * cookie. */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){ setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH); setcookie("cookid", "", time()-COOKIE_EXPIRE, COOKIE_PATH); } /* Unset PHP session variables */ unset($_SESSION['username']); unset($_SESSION['user_ID']); /* Reflect fact that user has logged out */ $this->logged_in = false; /** * Remove from active users table and add to * active guests tables. */ $database->removeActiveUser($this->username); $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time); /* Set user level to guest */ $this->username = GUEST_NAME; $this->user_level = GUEST_LEVEL; } function user($uname,$ulevel,$uban){ global $session, $form, $database; $ulevel; if($database->getUserLevel($uname)==ADMIN_LEVEL && $ulevel==1 && $uname==$session->username){ $field = "user_level"; $form->setError($field,"You can not lower your own level"); } if($uname==$session->username && $uban==1){ $field = "user_banned"; $form->setError($field,"You can not ban yourself"); } /* Errors exist, have user correct them */ if($form->num_errors > 0){ return 1; //Errors with form }else{ return 0; // No errors with form } } function userDelete($uname){ global $session, $form, $database; if($uname==$session->username){ $field = "row[".$session->username."]"; $form->setError($field,"You can not delete yourself"); } else if($database->getUserLevel($uname)==9){ $field = "row[".$uname."]"; $form->setError($field,"You can not delete administrators"); }else /* get user info */ $result = $database->getUserInfoByUsername($uname); /* count content */ $content_amount = count($result); if($content_amount>0){ $field = "row[".$uname."]"; $form->setError($field,"This user posted content. Delete this users content first"); } /* Errors exist, have user correct them */ if($form->num_errors > 0){ return 1; //Errors with form }else{ return 0; // No errors with form } } /** * register - Gets called when the user has just submitted the * registration form. Determines if there were any errors with * the entry fields, if so, it records the errors and returns * 1. If no errors were found, it registers the new user and * returns 0. Returns 2 if registration failed. */ function register( $subuser, $subpass, $subconfirmpass, $subemail, $subuser_fname, $subuser_lname, $subuser_address, $subuser_zip, $subuser_city, $subuser_country, $subuser_phone, $subuser_mobile, $subuser_fax, $subuser_bdate, $subuser_gender, $subuser_mail, $subuser_image ){ global $database, $form, $user_mailer; //The database, form and mailer object /* Username error checking */ $field = "user"; //Use field name for user name if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "username not entered"); } else{ /* Spruce up user name, check length */ $subuser = stripslashes($subuser); if(strlen($subuser) < 5){ $form->setError($field, "username below 5 characters"); } else if(strlen($subuser) > 30){ $form->setError($field, "username above 30 characters"); } /* Check if user name is not alphanumeric */ else if(!preg_match("/^([0-9a-z])+$/i", $subuser)){ $form->setError($field, "username not alfanumeric"); } /* Check if user name is reserved */ else if(strcasecmp($subuser, GUEST_NAME) == 0){ $form->setError($field, "username reserved word"); } /* Check if user name is already in use */ else if($database->usernameTaken($subuser)){ $form->setError($field, "username already in use"); } /* Check if user name is banned */ else if($database->usernameBanned($subuser)){ $form->setError($field, "username banned"); } } /* Password error checking */ $field = "pass"; //Use field name for password if(!$subpass){ $form->setError($field, "password not entered"); } else{ /* Spruce up password and check length */ $subpass = stripslashes($subpass); if(strlen($subpass) < 4){ $form->setError($field, "password too short"); } /* Check if password is not alphanumeric */ else if(!preg_match("/^([0-9a-z])+$/i", ($subpass = trim($subpass)))){ $form->setError($field, "password not alphanumeric"); } /** * Note: I trimmed the password only after I checked the length * because if you fill the password field up with spaces * it looks like a lot more characters than 4, so it looks * kind of stupid to report "password too short". */ } /* confirm pass */ $field = "confirm_pass"; //Use field name for password confirmation if(!$subconfirmpass){ $form->setError($field, "confirmation not entered"); } /* confirm pass */ else if($subpass!=$subconfirmpass){ $form->setError($field, "wrong password confirmation"); } /* Email error checking */ $field = "email"; //Use field name for email if(!$subemail || strlen($subemail = trim($subemail)) == 0){ $form->setError($field, "email not entered"); } else{ /* Check if valid email address */ $regex = "/^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*" ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*" ."\.([a-z]{2,}){1}$/i"; if(!preg_match($regex,$subemail)){ $form->setError($field, "email invalid"); } $subemail = stripslashes($subemail); } $field = "fname"; //Use field first name for user name if(!$subuser_fname || strlen($subuser_fname = trim($subuser_fname)) == 0){ //$form->setError($field,"first name not entered"); } $field = "lname"; //Use field last name for user name if(!$subuser_lname || strlen($subuser_lname = trim($subuser_lname)) == 0){ //$form->setError($field,"last name not entered"); } $field = "address"; //Use field last name for user name if(!$subuser_address || strlen($subuser_address = trim($subuser_address)) == 0){ //$form->setError($field,"address not entered"); }elseif(strlen($subuser_address = trim($subuser_address)) < 4){ //$form->setError($field,"address not valid"); } $field = "zip"; //Use field last name for user name if(!$subuser_zip || strlen($subuser_zip = trim($subuser_zip)) == 0){ //$form->setError($field,"zip not entered"); }else{ /* Check if valid zip (dutch) */ $regex="/[0-9]{4}/"; if(!preg_match($regex,$subuser_zip)){ //$form->setError($field,"zip not valid"); } } $field = "city"; //Use field last name for user name if(!$subuser_city || strlen($subuser_city = trim($subuser_city)) == 0){ //$form->setError($field,"city not entered"); } $field = "country"; //Use field last name for user name if(!$subuser_country || strlen($subuser_country = trim($subuser_country)) == 0){ //$form->setError($field,"select a country"); } $field = "phone"; //Use field phone if(!$subuser_phone || strlen($subuser_phone = trim($subuser_phone)) == 0 ){ if(!$subuser_mobile){ //$form->setError($field,"phone number not entered"); } }else{ /* Check if valid phone (dutch) */ $regex="/[0-9|-]{9}/";//international //$regex="^((\+?[1-9][0-9])|0) ?(6 ?-? ?[0-9\. ]{8,}|[1-9][0-9]{1,2} ?-? ?[0-9\. ]{7,}|[1-9]{2}[0-9] ?-? ?[0-9\. ]{6,})$";//dutch if(!preg_match($regex,$subuser_phone)){ //$form->setError($field,"phone number not valid"); } } $field = "mobile"; //Use field mobile if(!$subuser_mobile || strlen($subuser_mobile = trim($subuser_mobile)) == 0){ if(!$subuser_phone){ //$form->setError($field,"mobile number not entered"); } }else{ /* Check if valid phone (dutch) */ $regex="/[0-9|-]{9}/";//international //$regex="^((\+?[1-9][0-9])|0) ?(6 ?-? ?[0-9\. ]{8,}|[1-9][0-9]{1,2} ?-? ?[0-9\. ]{7,}|[1-9]{2}[0-9] ?-? ?[0-9\. ]{6,})$"; if(!preg_match($regex,$subuser_mobile)){ //$form->setError($field,"mobile number not valid"); } } $field = "bdate"; //Use field date if(!$subuser_bdate || strlen($subuser_bdate = trim($subuser_bdate)) == 0 ){ //$form->setError($field,"date of birth not entered"); }else{ /* Check if valid phone (dutch) */ $regex="/(0[1-9]|[12][0-9]|3[01])[-](0[1-9]|1[012])[-](19|20)[0-9]{2}/"; if(!preg_match($regex,$subuser_bdate)){ //$form->setError($field,"date of birth not valid"); } } $field = "gender"; //Use field last name for user name if(!$subuser_gender==int){ //$form->setError($field,"select a gender"); } $field = "file"; //Use field last name for user name //$file = $_FILES['img']; //echo $subuser_image[0]; exit; if(($subuser_image[0])){ $name_img = $subuser_image['name']; $size = $subuser_image['size']; $type = $subuser_image['type']; if(!preg_match('/\.(jpg|JPG|jpeg|JPEG)/', $name_img)){ $form->setError($field,"Wrong file format"); } elseif(!($type=='image/jpeg')){ $form->setError($field,"Wrong mime type"); } elseif($size>250000){ $form->setError($field,"File too large"); } } /* Errors exist, have user correct them */ if($form->num_errors > 0){ return 1; //Errors with form } /* No errors, add the new account to the */ else{ if($database->addNewUser( $subuser, md5($subpass), $subemail, $subuser_fname, $subuser_lname, $subuser_address, $subuser_zip, $subuser_city, $subuser_country, $subuser_phone, $subuser_mobile, $subuser_fax, $subuser_bdate, $subuser_gender, $subuser_mail, $name_img )){ if(EMAIL_WELCOME){ $user_mailer->sendWelcome($subuser,$subemail,$subpass,$subuser_fname,$subuser_lname); } return 0; //New user added succesfully }else{ return 2; //Registration attempt failed } } } /** * editAccount - Attempts to edit the user's account information * including the password, which it first makes sure is correct * if entered, if so and the new password is in the right * format, the change is made. All other fields are changed * automatically. */ function editAccount( $subcurpass, $subnewpass, $subemail,//3 $subuser_fname, $subuser_lname,//2 $subuser_address, $subuser_zip, $subuser_city, $subuser_country,//4 $subuser_phone, $subuser_mobile, $subuser_fax,//3 $subuser_bdate, $subuser_gender, $subuser_mail, $subuser_image, $subuser_del_image,//5 $subuser_var_1, $subuser_var_2, $subuser_var_3, $subuser_var_4, $subuser_var_5//5 ){ global $database, $form, $control; //The database and form object /* New password entered */ if($subnewpass){ /* Current Password error checking */ $field = "curpass"; //Use field name for current password if(!$subcurpass){ $form->setError($field, "current password not entered"); } else{ /* Check if password too short or is not alphanumeric */ $subcurpass = stripslashes($subcurpass); if(strlen($subcurpass) < 4 || !preg_match("/^([0-9a-z])+$/i", ($subcurpass = trim($subcurpass)))){ $form->setError($field, "current password incorrect"); } /* Password entered is incorrect */ if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){ $form->setError($field, "current password incorrect"); } } /* New Password error checking */ $field = "newpass"; //Use field name for new password /* Spruce up password and check length*/ $subpass = stripslashes($subnewpass); if(strlen($subnewpass) < 4){ $form->setError($field, "new password too short"); } /* Check if password is not alphanumeric */ else if(!preg_match("/^([0-9a-z])+$/i", ($subnewpass = trim($subnewpass)))){ $form->setError($field, "new password not alphanumeric"); } } /* Change Password attempted */ else if($subcurpass){ /* New Password error reporting */ $field = "newpass"; //Use field name for new password $form->setError($field, "new password not entered"); } /* Email error checking */ $field = "email"; //Use field name for email if($subemail && strlen($subemail = trim($subemail)) > 0){ /* Check if valid email address */ $regex = "/^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*" ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*" ."\.([a-z]{2,}){1}$/i"; if(!preg_match($regex,$subemail)){ $form->setError($field, "email invalid"); } $subemail = stripslashes($subemail); } /* fname */ $field = "fname"; //Use field first name for user name if(!$subuser_fname || strlen($subuser_fname = trim($subuser_fname)) == 0){ //$form->setError($field,"first name not entered"); } $field = "lname"; //Use field last name for user name if(!$subuser_lname || strlen($subuser_lname = trim($subuser_lname)) == 0){ //$form->setError($field,"last name not entered"); } $field = "address"; //Use field last name for user name if(!$subuser_address || strlen($subuser_address = trim($subuser_address)) == 0){ //$form->setError($field,"address not entered"); }elseif(strlen($subuser_address = trim($subuser_address)) < 4){ $form->setError($field,"address not valid"); } $field = "zip"; //Use field last name for user name if(!$subuser_zip || strlen($subuser_zip = trim($subuser_zip)) == 0){ //$form->setError($field,"zip not entered"); }else{ //Check if valid zip (dutch) $regex="/^([1-9][0-9]{3})( ?)([a-zA-Z]{2})$/i"; if(!preg_match($regex,$subuser_zip)){ $form->setError($field,"zip not valid"); } } $field = "city"; //Use field last name for user name if(!$subuser_city || strlen($subuser_city = trim($subuser_city)) == 0){ //$form->setError($field,"city not entered"); } $field = "country"; //Use field last name for user name if(!$subuser_country || strlen($subuser_country = trim($subuser_country)) == 0){ //$form->setError($field,"select a country"); } /* phone */ $field = "phone"; //Use field phone if(!$subuser_phone || strlen($subuser_phone = trim($subuser_phone)) == 0 ){ if(!$subuser_mobile){ //$form->setError($field,"phone number not entered"); } }else{ //Check if valid phone (dutch) $regex="/^((\+?[1-9][0-9])|0) ?(6 ?-? ?[0-9\. ]{8,}|[1-9][0-9]{1,2} ?-? ?[0-9\. ]{7,}|[1-9]{2}[0-9] ?-? ?[0-9\. ]{6,})$/"; if(!preg_match($regex,$subuser_phone)){ //$form->setError($field,"phone number not valid"); } } /* mobile */ $field = "mobile"; //Use field mobile if(!$subuser_mobile || strlen($subuser_mobile = trim($subuser_mobile)) == 0){ if(!$subuser_phone){ //$form->setError($field,"mobile number not entered"); } }else{ // Check if valid phone (dutch) $regex="/^((\+?[1-9][0-9])|0) ?(6 ?-? ?[0-9\. ]{8,}|[1-9][0-9]{1,2} ?-? ?[0-9\. ]{7,}|[1-9]{2}[0-9] ?-? ?[0-9\. ]{6,})$/"; if(!preg_match($regex,$subuser_mobile)){ //$form->setError($field,"mobile number not valid"); } } $field = "bdate"; //Use field date if(!$subuser_bdate || strlen($subuser_bdate = trim($subuser_bdate)) == 0 ){ //$form->setError($field,"date of birth not entered"); }else{ // Check if valid phone (dutch) $regex="/(0[1-9]|[12][0-9]|3[01])[-](0[1-9]|1[012])[-](19|20)[0-9]{2}/"; if(!preg_match($regex,$subuser_bdate)){ $form->setError($field,"date of birth not valid"); } } $field = "file"; //Use field last name for user name if($subuser_image['name']&&!$subuser_image['tmp_name']){ $form->setError($field,"file too big"); } //print_r($_POST); //print_r($_FILES); /* Errors exist, have user correct them */ if($form->num_errors > 0){ return false; //Errors with form } /* Update Password since there were no errors */ if($subcurpass && $subnewpass){ $database->updateUserField($this->username,"user_password",md5($subnewpass)); } /* Change Email */ if($subemail){ $database->updateUserField($this->username,"user_email",$subemail); } /* Change user firstname */ if($subuser_fname){ $database->updateUserField($this->username,"user_firstname",$subuser_fname); } /* Change user lastname */ if($subuser_lname){ $database->updateUserField($this->username,"user_lastname",$subuser_lname); } /* Change user fullname */ if($subuser_fname&&$subuser_lname){ $database->updateUserField($this->username,"user_fullname",$subuser_fname.' '.$subuser_lname); } /* Change user address */ if($subuser_address){ $database->updateUserField($this->username,"user_address",$subuser_address); } /* Change user zip */ if($subuser_zip){ $database->updateUserField($this->username,"user_zip",$subuser_zip); } /* Change user city */ if($subuser_city){ $database->updateUserField($this->username,"user_city",$subuser_city); } /* Change user country */ if($subuser_country){ $database->updateUserField($this->username,"user_country",$subuser_country); } /* Change user phone) */ if($subuser_phone){ $database->updateUserField($this->username,"user_phone",$subuser_phone); } /* Change user mobile */ if($subuser_mobile){ $database->updateUserField($this->username,"user_mobile",$subuser_mobile); } /* Change user fax */ if($subuser_fax){ $database->updateUserField($this->username,"user_fax",$subuser_fax); } /* Change user fax */ if($subuser_bdate){ $database->updateUserField($this->username,"user_birthdate",$subuser_bdate); } /* Change user fax */ if($subuser_gender){ $database->updateUserField($this->username,"user_gender",$subuser_gender); } /* Change user var 1 */ if($subuser_var_1){ $database->updateUserField($this->username,"user_var_1",$subuser_var_1); } /* Change user var 2 */ if($subuser_var_2){ $database->updateUserField($this->username,"user_var_2",$subuser_var_2); } /* Change user var 3 */ if($subuser_var_3){ $database->updateUserField($this->username,"user_var_3",$subuser_var_3); } /* Change user var 4 */ if($subuser_var_4){ $database->updateUserField($this->username,"user_var_4",$subuser_var_4); } /* Change user var 5 */ if($subuser_var_5){ $database->updateUserField($this->username,"user_var_5",$subuser_var_5); } /* Change user wants to receive mail */ $database->updateUserField($this->username,"user_mail",$subuser_mail); /* Change user image */ if($subuser_image['tmp_name']){ $control->delete_images('../../media/images',$this->user_image); $file = $control->copy_file('../../media/images/originals',$subuser_image,''); $control->make_thumbnails('media/images',$file,$subuser_image['type'],'center'); $database->updateUserField($this->username,"user_image",$file); }else{ } /* Delete user image */ if($subuser_del_image){ $control->delete_images('../../media/images',$this->user_image); $database->updateUserField($this->username,"user_image",''); } /* Success! */ return true; } /** * editPass - Attempts to edit the user's password information * which it first makes sure is correct * if entered, if so and the new password is in the right * format, the change is made. All other fields are changed * automatically. */ function editPass($subcurpass, $subnewpass){ global $database, $form, $control; //The database and form object if($subnewpass){ /* Current Password error checking */ $field = "curpass"; //Use field name for current password if(!$subcurpass){ $form->setError($field, "current password not entered"); } else{ /* Check if password too short or is not alphanumeric */ $subcurpass = stripslashes($subcurpass); if(strlen($subcurpass) < 4 || !preg_match("/^([0-9a-z])+$/i", ($subcurpass = trim($subcurpass)))){ $form->setError($field, "current password incorrect"); } /* Password entered is incorrect */ if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){ $form->setError($field, "current password incorrect"); } } /* New Password error checking */ $field = "newpass"; //Use field name for new password /* Spruce up password and check length*/ $subpass = stripslashes($subnewpass); if(strlen($subnewpass) < 4){ $form->setError($field, "new password too short"); } /* Check if password is not alphanumeric */ else if(!preg_match("/^([0-9a-z])+$/i", ($subnewpass = trim($subnewpass)))){ $form->setError($field, "new password not alphanumeric"); } } /* Change Password attempted */ else if($subcurpass){ /* New Password error reporting */ $field = "newpass"; //Use field name for new password $form->setError($field, "new password not entered"); } /* New password entered */ $field = "curpass"; if(!$subcurpass){ $form->setError($field, "current password not entered"); } $field = "newpass"; if(!$subnewpass){ $form->setError($field, "new password not entered"); } /* Errors exist, have user correct them */ if($form->num_errors > 0){ return false; //Errors with form } /* Update Password since there were no errors */ if($subcurpass && $subnewpass){ $database->updateUserField($this->username,"user_password",md5($subnewpass)); } /* Success! */ return true; } /** * editPass - Attempts to edit the user's password information * which it first makes sure is correct * if entered, if so and the new password is in the right * format, the change is made. All other fields are changed * automatically. */ function editInfo( $desc_l0, $desc_l1, $desc_l2, $desc_l3 ,$cv_l0, $cv_l1, $cv_l2, $cv_l3 ,$website ,$portfolio ,$rssfeed ,$facebook ,$twitter ,$youtube ,$vimeo ){ global $database; //The database object /* Update Password since there were no errors */ $database->updateUserField($this->username,"user_desc_l0",$desc_l0); $database->updateUserField($this->username,"user_desc_l1",$desc_l1); $database->updateUserField($this->username,"user_desc_l2",$desc_l2); $database->updateUserField($this->username,"user_desc_l3",$desc_l3); $database->updateUserField($this->username,"user_cv_l0",$cv_l0); $database->updateUserField($this->username,"user_cv_l1",$cv_l1); $database->updateUserField($this->username,"user_cv_l2",$cv_l2); $database->updateUserField($this->username,"user_cv_l3",$cv_l3); $database->updateUserField($this->username,"user_website",$website); $database->updateUserField($this->username,"user_portfolio",$portfolio); $database->updateUserField($this->username,"user_rssfeed",$rssfeed); $database->updateUserField($this->username,"user_facebook",$facebook); $database->updateUserField($this->username,"user_twitter",$twitter); $database->updateUserField($this->username,"user_youtube",$youtube); $database->updateUserField($this->username,"user_vimeo",$vimeo); /* Success! */ return true; } /** * isAdmin - Returns true if currently logged in user is * an administrator, false otherwise. */ function isAdmin(){ return ($this->user_level == ADMIN_LEVEL || $this->username == ADMIN_NAME); } /** * isAuthor - Returns true if currently logged in user is * an administrator, false otherwise. */ function isAuthor(){ return ($this->user_level == AUTHOR_LEVEL || $this->username == AUTHOR_NAME); } /** * generateRandID - Generates a string made up of randomized * letters (lower and upper case) and digits and returns * the md5 hash of it to be used as a user_ID. */ function generateRandID(){ return md5($this->generateRandStr(16)); } /** * generateRandStr - Generates a string made up of randomized * letters (lower and upper case) and digits, the length * is a specified parameter. */ function generateRandStr($length){ $randstr = ""; for($i=0; $i<$length; $i++){ $randnum = mt_rand(0,61); if($randnum < 10){ $randstr .= chr($randnum+48); }else if($randnum < 36){ $randstr .= chr($randnum+55); }else{ $randstr .= chr($randnum+61); } } return $randstr; } /** * Set error reporting */ function display_errors(){ global $database; /* start errors if admin */ if($this->username=='admin'){ ini_set('display_errors', 'off'); error_reporting(0); }else{ ini_set('display_errors', 'off'); error_reporting(0); } /* check admin pass */ if($database->wrong_pass>0&&$this->username=='admin'){ $this->admin_pass_alert .= '
Please change your password (admin) to something more secure!
'; } if(!$this->user_firstname||!$this->user_lastname){ $this->admin_pass_alert .= '
Error! Please update your profile!
'; } } }; /** * Initialize session object - This must be initialized before * the form object because the form uses session variables, * which cannot be accessed unless the session has started. */ $session = new Session; /* Initialize form object */ $form = new Form; /** * Include common functions. * This is used for the front * and admin as well! */ include_once(str_replace('//','/',dirname(__FILE__).'/') .SYSTEM_FOLDER.'/class.functions.php'); include_once(str_replace('//','/',dirname(__FILE__).'/') .SYSTEM_FOLDER.'/class.control.php');// To do. Try to remove this. include_once(str_replace('//','/',dirname(__FILE__).'/') .SYSTEM_FOLDER.'/loader_basic.php'); ?>