Respuesta: envia el pass encriptado al usuario :S login.functions.inc.php
<?php
#### Login Functions #####
function isLoggedIn()
{
if (session_is_registered('loginid') && session_is_registered('username'))
{
return true; // the user is loged in
} else
{
return false; // not logged in
}
return false;
}
function checkLogin($u, $p)
{
global $seed; // global because $seed is declared in the header.php file
if (!valid_username($u) || !valid_password($p) || !user_exists($u))
{
return false; // the name was not valid, or the password, or the username did not exist
}
//Now let us look for the user in the database.
$query = sprintf("
SELECT loginid
FROM login
WHERE
username = '%s' AND password = '%s'
AND disabled = 0 AND activated = 1
LIMIT 1;", mysql_real_escape_string($u), mysql_real_escape_string(sha1($p . $seed)));
$result = mysql_query($query);
// If the database returns a 0 as result we know the login information is incorrect.
// If the database returns a 1 as result we know the login was correct and we proceed.
// If the database returns a result > 1 there are multple users
// with the same username and password, so the login will fail.
if (mysql_num_rows($result) != 1)
{
return false;
} else
{
// Login was successfull
$row = mysql_fetch_array($result);
// Save the user ID for use later
$_SESSION['loginid'] = $row['loginid'];
// Save the username for use later
$_SESSION['username'] = $u;
// Now we show the userbox
return true;
}
return false;
}
?>
logout.php
<?php
session_start();
if( session_unregister('loginid') == true && session_unregister('username')==true ) {
session_destroy();
header('Location: index.php');
} else {
unset($_SESSION['loginid']);
unset($_SESSION['username']);
session_destroy();
header('Location: index.php');
}
?>
lostpassword.php
<?php
require_once "header.php";
if (isset($_POST['lostpass'])){
if (lostPassword($_POST['username'], $_POST['email'])){
echo "Your password has been reset, an email containing your new password has been sent to your inbox.<br />
<a href='./index.php'>Click here to return to the homepage.</a>
";
}else {
echo "Username or email was incorrect !";
show_lostpassword_form();
}
} else {
//user has not pressed the button
show_lostpassword_form();
}
require_once "footer.php";
?>
mail.functions.inc.php
<?php
##### Mail functions #####
function sendLostPasswordEmail($username, $email, $newpassword)
{
global $domain;
$message = "
You have requested a new password on http://www.$domain/,
Your new password information:
username: $username
password: $newpassword
Regards
$domain Administration
";
if (sendMail($email, "Your password has been reset.", $message, "no-reply@$domain"))
{
return true;
} else
{
return false;
}
}
function sendMail($to, $subject, $message, $from)
{
$from_header = "From: $from";
if (mail($to, $subject, $message, $from_header))
{
return true;
} else
{
return false;
}
return false;
}
function sendActivationEmail($username, $password, $uid, $email, $actcode)
{
global $domain;
$link = "http://www.$domain/activate.php?uid=$uid&actcode=$actcode";
$message = "
Thank you for registering on http://www.$domain/,
Your account information:
username: $username
password: $password
Please click the link below to activate your account.
$link
Regards
$domain Administration
";
if (sendMail($email, "Please activate your account.", $message, "no-reply@$domain"))
{
return true;
} else
{
return false;
}
}
?>
register.php
<?php
require_once "header.php";
if (isset($_POST['register'])){
if (registerNewUser($_POST['username'], $_POST['password'], $_POST['password2'], $_POST['email'])){
echo "Thank you for registering, an email has been sent to your inbox, Please activate your account.
<a href='./index.php'>Click here to login.</a>
";
}else {
echo "Registration failed! Please try again.";
show_registration_form();
}
} else {
// has not pressed the register button
show_registration_form();
}
require_once "footer.php";
?>
user.functions.inc.php
<?php
##### User Functions #####
function changePassword($username,$currentpassword,$newpass word,$newpassword2){
global $seed;
if (!valid_username($username) || !user_exists($username))
{
return false;
}
if (! valid_password($newpassword) || ($newpassword != $newpassword2)){
return false;
}
// we get the current password from the database
$query = sprintf("SELECT password FROM login WHERE username = '%s' LIMIT 1",
mysql_real_escape_string($username));
$result = mysql_query($query);
$row= mysql_fetch_row($result);
// compare it with the password the user entered, if they don't match, we return false, he needs to enter the correct password.
if ($row[0] != sha1($currentpassword.$seed)){
return false;
}
// now we update the password in the database
$query = sprintf("update login set password = '%s' where username = '%s'",
mysql_real_escape_string(sha1($newpassword.$seed)) , mysql_real_escape_string($username));
if (mysql_query($query))
{
return true;
}else {return false;}
return false;
}
function user_exists($username)
{
if (!valid_username($username))
{
return false;
}
$query = sprintf("SELECT loginid FROM login WHERE username = '%s' LIMIT 1",
mysql_real_escape_string($username));
$result = mysql_query($query);
if (mysql_num_rows($result) > 0)
{
return true;
} else
{
return false;
}
return false;
}
function activateUser($uid, $actcode)
{
$query = sprintf("select activated from login where loginid = '%s' and actcode = '%s' and activated = 0 limit 1",
mysql_real_escape_string($uid), mysql_real_escape_string($actcode));
$result = mysql_query($query);
if (mysql_num_rows($result) == 1)
{
$sql = sprintf("update login set activated = '1' where loginid = '%s' and actcode = '%s'",
mysql_real_escape_string($uid), mysql_real_escape_string($actcode));
if (mysql_query($sql))
{
return true;
} else
{
return false;
}
} else
{
return false;
}
}
function registerNewUser($username, $password, $password2, $email)
{
global $seed;
if (!valid_username($username) || !valid_password($password) ||
!valid_email($email) || $password != $password2 || user_exists($username))
{
return false;
}
$code = generate_code(20);
$sql = sprintf("insert into login (username,password,email,actcode) value ('%s','%s','%s','%s')",
mysql_real_escape_string($username), mysql_real_escape_string(sha1($password . $seed))
, mysql_real_escape_string($email), mysql_real_escape_string($code));
if (mysql_query($sql))
{
$id = mysql_insert_id();
if (sendActivationEmail($username, $password, $id, $email, $code))
{
return true;
} else
{
return false;
}
} else
{
return false;
}
return false;
}
function lostPassword($username, $email)
{
global $seed;
if (!valid_username($username) || !user_exists($username) || !valid_email($email))
{
return false;
}
$query = sprintf("select loginid from login where username = '%s' and email = '%s' limit 1",
$username, $email);
$result = mysql_query($query);
if (mysql_num_rows($result) != 1)
{
return false;
}
$newpass = generate_code(8);
$query = sprintf("update login set password = '%s' where username = '%s'",
mysql_real_escape_string(sha1($newpass.$seed)), mysql_real_escape_string($username));
if (mysql_query($query))
{
if (sendLostPasswordEmail($username, $email, $newpass))
{
return true;
} else
{
return false;
}
} else
{
return false;
}
return false;
}
?> |