bookmark_fns.php
<?php require_once('output_fns.php'); require_once('db_fns.php'); require_once('data_valid_fns.php'); require_once('url_fns.php'); require_once('user_auth_fns.php'); ?>
data_valid_fns.php
<?php // Test that each variable has a value function filled_out($form_vars) { foreach ($form_vars as $key => $value) { if ((!isset($key)) || ($value == '')) { return false; } } return true; } // Valid email function valid_email($address) { if (ereg('^[a-zA-Z0-9_\.\-]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$', $address)) { return true; }else { return false; } } ?>
db_fns.php
<?php //Conncet to db function db_connect() { $db = new mysqli('127.0.0.1', 'bm_user', 'password', 'bookmarks'); if (!$db) { throw new Exception("Could not connect to database server", 1); }else { return $db; } } ?>
user_auth_fns.php
<?php require_once('db_fns.php'); // register function register($username, $email, $password) { $conn = db_connect(); $results = $conn -> query("select * from user where username = '".$username."'"); if (!$results) { throw new Exception("Could not execute query", 1); } if ($results -> num_rows > 0) { throw new Exception("That username is taken - go back and choose another one.", 1); } $results = $conn -> query("insert into user values ('".$username."', sha1('".$email."'), '".$password."')"); if (!$results) { throw new Exception('Could not register you in database - please try again later.'); } return true; } // Log in function login($username, $password) { $conn = db_connect(); $results = $conn -> query("select * from user where username = '".$username."' and passwd = sha1('".$password."')"); if (!$results) { throw new Exception('Could not log you in.'); } if ($results -> num_rows > 0) { return true; }else { throw new Exception('Could not log you in.'); } } // Check valid user function check_valid_user() { if (isset($_SESSION['valid_user'])) { echo "Logged in as ".$_SESSION['valid_user'].".<br />"; }else { do_html_header('Problem:'); echo "You are not logged in.<br />"; do_html_url('login.php', 'Login'); do_html_foot(); exit; } } // change password function change_password($username, $old_password, $new_password) { login($username, $old_password); $conn = db_connect(); $result = $conn -> query("update user set passwd = sha1('".$new_password."') where username = '".$username."'"); if (!$result) { throw new Exception('Password could not be changed.'); } else { return true; // changed successfully } } function get_random_word($min_length, $max_length) { // grab a random word from dictionary between the two lengths // and return it // generate a random word $word = ''; // remember to change this path to suit your system $dictionary = '/usr/dict/words'; // the ispell dictionary $fp = @fopen($dictionary, 'r'); if(!$fp) { return false; } $size = filesize($dictionary); // go to a random location in dictionary $rand_location = rand(0, $size); fseek($fp, $rand_location); // get the next whole word of the right length in the file while ((strlen($word) < $min_length) || (strlen($word)>$max_length) || (strstr($word, "'"))) { if (feof($fp)) { fseek($fp, 0); // if at end, go to start } $word = fgets($fp, 80); // skip first word as it could be partial $word = fgets($fp, 80); // the potential password } $word = trim($word); // trim the trailing \n from fgets return $word; } function reset_password($username) { // set password for username to a random value // return the new password or false on failure // get a random dictionary word b/w 6 and 13 chars in length $new_password = get_random_word(6, 13); if($new_password == false) { throw new Exception('Could not generate new password.'); } // add a number between 0 and 999 to it // to make it a slightly better password $rand_number = rand(0, 999); $new_password .= $rand_number; // set user's password to this in database or return false $conn = db_connect(); $result = $conn->query("update user set passwd = sha1('".$new_password."') where username = '".$username."'"); if (!$result) { throw new Exception('Could not change password.'); // not changed } else { return $new_password; // changed successfully } } function notify_password($username, $password) { // notify the user that their password has been changed $conn = db_connect(); $result = $conn->query("select email from user where username='".$username."'"); if (!$result) { throw new Exception('Could not find email address.'); } else if ($result->num_rows == 0) { throw new Exception('Could not find email address.'); // username not in db } else { $row = $result->fetch_object(); $email = $row->email; $from = "From: support@phpbookmark \r\n"; $mesg = "Your PHPBookmark password has been changed to ".$password."\r\n" ."Please change it next time you log in.\r\n"; if (mail($email, 'PHPBookmark login information', $mesg, $from)) { return true; } else { throw new Exception('Could not send email.'); } } } ?>
url_fns.php