[ Поиск ] - [ Пользователи ] - [ Календарь ]
Полная Версия: Шаблоны кода
Миша
Слышал, что у программистов в тетрадочке или файле есть шаблон кода (готовые решения) Это правда? biggrin.gif

_____________
Принимаю заказы, писать в ЛС
T1grOK
Храню все наработки, некоторые faq, собираю библиотеки, шаблоны и т.д. (естественно нужные, файлопомойку не делаю).
Делаю резервные копии каждую неделю.

P.S. Вообще вопрос довольно странный. Разве не логично взять существующую наработку и потратить на реализацию задачи на пару часов меньше времени? Смысл 2-3..5 раз писать все заново....

_____________
Mysql, Postgresql, Redis, Memcached, Unit Testing, CI, Kohana, Yii, Phalcon, Zend Framework, Joomla, Open Cart, Ymaps, VK Api
Миша
Вопрос с подвохом smile.gif Поделитесь.. ?

_____________
Принимаю заказы, писать в ЛС
Миша
Вопрос ещё актуален.

_____________
Принимаю заказы, писать в ЛС
GET
Свернутый текст


_____________
Не тот велик, кто не падал, а тот кто падал и поднимался.
Миша
У кого есть готовое решение проверки текста из форм? (чисто текста, без php и т.п.) и проверка изображений.


_____________
Принимаю заказы, писать в ЛС
GET
Медведь

Так и быть держи...уговорил:

Свернутый текст
class auth
{
public $mysqli;
public $errormsg;
public $successmsg;

function __construct()
{
include("config.php");

$this->mysqli = new mysqli($db['host'], $db['user'], $db['pass'], $db['name']);
unset($db['pass']); // $mysqli is public, remove password for security
}

/*
* Log user in via MySQL Database
* @param string $username
* @param string $password
* @return boolean
*/


function login($username, $password)
{
include("config.php");
include("lang.php");

if(!isset($_COOKIE["auth_session"]))
{
$attcount = $this->getattempt($_SERVER['REMOTE_ADDR']);

if($attcount >= $auth_conf['max_attempts'])
{
$this->errormsg[] = $lang[$loc]['auth']['login_lockedout'];
$this->errormsg[] = $lang[$loc]['auth']['login_wait30'];

return false;
}
else
{
// Input verification :

if(strlen($username) == 0) { $this->errormsg[] = $lang[$loc]['auth']['login_username_empty']; return false; }
elseif(strlen($username) > 30) { $this->errormsg[] = $lang[$loc]['auth']['login_username_long']; return false; }
elseif(strlen($username) < 3) { $this->errormsg[] = $lang[$loc]['auth']['login_username_short']; return false; }
elseif(strlen($password) == 0) { $this->errormsg[] = $lang[$loc]['auth']['login_password_empty']; return false; }
elseif(strlen($password) > 30) { $this->errormsg[] = $lang[$loc]['auth']['login_password_short']; return false; }
elseif(strlen($password) < 5) { $this->errormsg[] = $lang[$loc]['auth']['login_password_long']; return false; }
else
{
// Input is valid

$password = $this->hashpass($password);

$query = $this->mysqli->prepare("SELECT isactive FROM users WHERE username = ? AND password = ?");
$query->bind_param("ss", $username, $password);
$query->bind_result($isactive);
$query->execute();
$query->store_result();
$count = $query->num_rows;
$query->fetch();
$query->close();

if($count == 0)
{
// Username and / or password are incorrect

$this->errormsg[] = $lang[$loc]['auth']['login_incorrect'];

$this->addattempt($_SERVER['REMOTE_ADDR']);

$attcount = $attcount + 1;
$remaincount = $auth_conf['max_attempts'] - $attcount;

$this->LogActivity("UNKNOWN", "AUTH_LOGIN_FAIL", "Username / Password incorrect - {$username} / {$password}");

$this->errormsg[] = sprintf($lang[$loc]['auth']['login_attempts_remaining'], $remaincount);

return false;
}
else
{
// Username and password are correct

if($isactive == "0")
{
// Account is not activated

$this->LogActivity($username, "AUTH_LOGIN_FAIL", "Account inactive");

$this->errormsg[] = $lang[$loc]['auth']['login_account_inactive'];

return false;
}
else
{
// Account is activated

$this->newsession($username);

$this->LogActivity($username, "AUTH_LOGIN_SUCCESS", "User logged in");

$this->successmsg[] = $lang[$loc]['auth']['login_success'];

return true;
}
}
}
}
}

else
{
// User is already logged in

$this->errormsg[] = $lang[$loc]['auth']['login_already'];

return false;
}
}


/*
* Register a new user into the database
* @param string $username
* @param string $password
* @param string $verifypassword
* @param string $email
* @return boolean
*/


function register($username, $password, $verifypassword, $email)
{
include("config.php");
include("lang.php");

if(!isset($_COOKIE["auth_session"]))
{

// Input Verification :

if(strlen($username) == 0) { $this->errormsg[] = $lang[$loc]['auth']['register_username_empty']; }
elseif(strlen($username) > 30) { $this->errormsg[] = $lang[$loc]['auth']['register_username_long']; }
elseif(strlen($username) < 3) { $this->errormsg[] = $lang[$loc]['auth']['register_username_short']; }
if(strlen($password) == 0) { $this->errormsg[] = $lang[$loc]['auth']['register_password_empty']; }
elseif(strlen($password) > 30) { $this->errormsg[] = $lang[$loc]['auth']['register_password_long']; }
elseif(strlen($password) < 5) { $this->errormsg[] = $lang[$loc]['auth']['register_password_short']; }
elseif($password !== $verifypassword) { $this->errormsg[] = $lang[$loc]['auth']['register_password_nomatch']; }
elseif(strstr($password, $username)) { $this->errormsg[] = $lang[$loc]['auth']['register_password_username']; }
if(strlen($email) == 0) { $this->errormsg[] = $lang[$loc]['auth']['register_email_empty']; }
elseif(strlen($email) > 100) { $this->errormsg[] = $lang[$loc]['auth']['register_email_long']; }
elseif(strlen($email) < 5) { $this->errormsg[] = $lang[$loc]['auth']['register_email_short']; }
elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)) { $this->errormsg[] = $lang[$loc]['auth']['register_email_invalid']; }

if(count($this->errormsg) == 0)
{
// Input is valid

$query = $this->mysqli->prepare("SELECT * FROM users WHERE username=?");
$query->bind_param("s", $username);
$query->execute();
$query->store_result();
$count = $query->num_rows;
$query->close();

if($count != 0)
{
// Username already exists

$this->LogActivity("UNKNOWN", "AUTH_REGISTER_FAIL", "Username ({$username}) already exists");

$this->errormsg[] = $lang[$loc]['auth']['register_username_exist'];

return false;
}
else
{
// Username is not taken

$query = $this->mysqli->prepare("SELECT * FROM users WHERE email=?");
$query->bind_param("s", $email);
$query->execute();
$query->store_result();
$count = $query->num_rows;
$query->close();

if($count != 0)
{
// Email address is already used

$this->LogActivity("UNKNOWN", "AUTH_REGISTER_FAIL", "Email ({$email}) already exists");

$this->errormsg[] = $lang[$loc]['auth']['register_email_exist'];

return false;
}
else
{
// Email address isn't already used

$password = $this->hashpass($password);
$activekey = $this->randomkey(15);

$query = $this->mysqli->prepare("INSERT INTO users (username, password, email, activekey) VALUES (?, ?, ?, ?)");
$query->bind_param("ssss", $username, $password, $email, $activekey);
$query->execute();
$query->close();

$message_from = $auth_conf['email_from'];
$message_subj = $auth_conf['site_name'] . " - Account activation required !";
$message_cont = "Hello {$username}<br/><br/>";
$message_cont .= "You recently registered a new account on " . $auth_conf['site_name'] . "<br/>";
$message_cont .= "To activate your account please click the following link<br/><br/>";
$message_cont .= "<b><a href=\"" . $auth_conf['base_url'] . "?page=activate&username={$username}&key={$activekey}\">Activate my account</a></b>";
$message_head = "From: {$message_from}" . "\r\n";
$message_head .= "MIME-Version: 1.0" . "\r\n";
$message_head .= "Content-type: text/html; charset=iso-8859-1" . "\r\n";

mail($email, $message_subj, $message_cont, $message_head);

$this->LogActivity($username, "AUTH_REGISTER_SUCCESS", "Account created and activation email sent");

$this->successmsg[] = $lang[$loc]['auth']['register_success'];

return true;
}
}
}

else
{
return false;
}
}

else
{
// User is logged in

$this->errormsg[] = $lang[$loc]['auth']['register_email_loggedin'];

return false;
}
}


/*
* Creates a new session for the provided username and sets cookie
* @param string $username
*/


function newsession($username)
{
include("config.php");

$hash = md5(microtime());

// Fetch User ID :

$query = $this->mysqli->prepare("SELECT id FROM users WHERE username=?");
$query->bind_param("s", $username);
$query->bind_result($uid);
$query->execute();
$query->fetch();
$query->close();

// Delete all previous sessions :

$query = $this->mysqli->prepare("DELETE FROM sessions WHERE username=?");
$query->bind_param("s", $username);
$query->execute();
$query->close();

$ip = $_SERVER['REMOTE_ADDR'];
$expiredate = date("Y-m-d H:i:s", strtotime($auth_conf['session_duration']));
$expiretime = strtotime($expiredate);

$query = $this->mysqli->prepare("INSERT INTO sessions (uid, username, hash, expiredate, ip) VALUES (?, ?, ?, ?, ?)");
$query->bind_param("issss", $uid, $username, $hash, $expiredate, $ip);
$query->execute();
$query->close();

setcookie("auth_session", $hash, $expiretime);
}

/*
* Deletes the user's session based on hash
* @param string $hash
*/


function deletesession($hash)
{
include("config.php");
include("lang.php");

$query = $this->mysqli->prepare("SELECT username FROM sessions WHERE hash=?");
$query->bind_param("s", $hash);
$query->bind_result($username);
$query->execute();
$query->store_result();
$count = $query->num_rows;
$query->fetch();
$query->close();

if($count == 0)
{
// Hash doesn't exist

$this->LogActivity("UNKNOWN", "AUTH_LOGOUT", "User session cookie deleted - Database session not deleted - Hash ({$hash}) didn't exist");

$this->errormsg[] = $lang[$loc]['auth']['deletesession_invalid'];

setcookie("auth_session", $hash, time() - 3600);
}
else
{
// Hash exists, Delete all sessions for that username :

$query = $this->mysqli->prepare("DELETE FROM sessions WHERE username=?");
$query->bind_param("s", $username);
$query->execute();
$query->close();

$this->LogActivity($username, "AUTH_LOGOUT", "User session cookie deleted - Database session deleted - Hash ({$hash})");

setcookie("auth_session", $hash, time() - 3600);
}
}


/*
* Provides an associative array of user info based on session hash
* @param string $hash
* @return array $session
*/


function sessioninfo($hash)
{
include("config.php");
include("lang.php");

$query = $this->mysqli->prepare("SELECT uid, username, expiredate, ip FROM sessions WHERE hash=?");
$query->bind_param("s", $hash);
$query->bind_result($session['uid'], $session['username'], $session['expiredate'], $session['ip']);
$query->execute();
$query->store_result();
$count = $query->num_rows;
$query->fetch();
$query->close();

if($count == 0)
{
// Hash doesn't exist

$this->errormsg[] = $lang[$loc]['auth']['sessioninfo_invalid'];

setcookie("auth_session", $hash, time() - 3600);

return false;
}
else
{
// Hash exists

return $session;
}
}


/*
* Checks if session is valid (Current IP = Stored IP + Current date < expire date)
* @param string $hash
* @return bool
*/


function checksession($hash)
{
$query = $this->mysqli->prepare("SELECT username, expiredate, ip FROM sessions WHERE hash=?");
$query->bind_param("s", $hash);
$query->bind_result($username, $db_expiredate, $db_ip);
$query->execute();
$query->store_result();
$count = $query->num_rows;
$query->fetch();
$query->close();

if($count == 0)
{
// Hash doesn't exist

setcookie("auth_session", $hash, time() - 3600);

$this->LogActivity($username, "AUTH_CHECKSESSION", "User session cookie deleted - Hash ({$hash}) didn't exist");

return false;
}
else
{
if($_SERVER['REMOTE_ADDR'] != $db_ip)
{
// Hash exists, but IP has changed

$query = $this->mysqli->prepare("DELETE FROM sessions WHERE username=?");
$query->bind_param("s", $username);
$query->execute();
$query->close();

setcookie("auth_session", $hash, time() - 3600);

$this->LogActivity($username, "AUTH_CHECKSESSION", "User session cookie deleted - IP Different ( DB : {$db_ip} / Current : " . $_SERVER['REMOTE_ADDR'] . " )");

return false;
}
else
{
$expiredate = strtotime($db_expiredate);
$currentdate = strtotime(date("Y-m-d H:i:s"));

if($currentdate > $expiredate)
{
// Hash exists, IP is the same, but session has expired

$query = $this->mysqli->prepare("DELETE FROM sessions WHERE username=?");
$query->bind_param("s", $username);
$query->execute();
$query->close();

setcookie("auth_session", $hash, time() - 3600);

$this->LogActivity($username, "AUTH_CHECKSESSION", "User session cookie deleted - Session expired ( Expire date : {$db_expiredate} )");

return false;
}
else
{
// Hash exists, IP is the same, date < expiry date

return true;
}
}
}
}


/*
* Returns a random string, length can be modified
* @param int $length
* @return string $key
*/


function randomkey($length = 10)
{
$chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890";
$key = "";

for($i = 0; $i < $length; $i++)
{
$key .= $chars{rand(0, strlen($chars) - 1)};
}

return $key;
}

/*
* Activate a user's account
* @param string $username
* @param string $key
* @return boolean
*/


function activate($username, $key)
{
include("config.php");
include("lang.php");

// Input verification

if(strlen($username) == 0) { $this->errormsg[] = $lang[$loc]['auth']['activate_username_empty']; return false; }
elseif(strlen($username) > 30) { $this->errormsg[] = $lang[$loc]['auth']['activate_username_long']; return false; }
elseif(strlen($username) < 3) { $this->errormsg[] = $lang[$loc]['auth']['activate_username_short']; return false; }
elseif(strlen($key) == 0) { $this->errormsg[] = $lang[$loc]['auth']['activate_key_empty']; return false; }
elseif(strlen($key) > 15) { $this->errormsg[] = $lang[$loc]['auth']['activate_key_long']; return false; }
elseif(strlen($key) < 15) { $this->errormsg[] = $lang[$loc]['auth']['activate_key_short']; return false; }
else
{
// Input is valid

$query = $this->mysqli->prepare("SELECT isactive, activekey FROM users WHERE username=?");
$query->bind_param("s", $username);
$query->bind_result($isactive, $activekey);
$query->execute();
$query->store_result();
$count = $query->num_rows;
$query->fetch();
$query->close();

if($count == 0)
{
// User doesn't exist

$this->LogActivity("UNKNOWN", "AUTH_ACTIVATE_FAIL", "Username Incorrect : {$username}");

$this->errormsg[] = $lang[$loc]['auth']['activate_username_incorrect'];

return false;
}
else
{
// User exists

if($isactive == 1)
{
// Account is already activated

$this->LogActivity($username, "AUTH_ACTIVATE_FAIL", "Account already activated");

$this->errormsg[] = $lang[$loc]['auth']['activate_account_activated'];

return true;
}
else
{
// Account isn't activated

if($key == $activekey)
{
// Activation keys match

$new_isactive = 1;
$new_activekey = "0";

$query = $this->mysqli->prepare("UPDATE users SET isactive=?, activekey=? WHERE username=?");
$query->bind_param("iss", $new_isactive, $new_activekey, $username);
$query->execute();
$query->close();

$this->LogActivity($username, "AUTH_ACTIVATE_SUCCESS", "Activation successful. Key Entry deleted.");

$this->successmsg[] = $lang[$loc]['auth']['activate_success'];

return true;
}
else
{
// Activation Keys don't match

$this->LogActivity($username, "AUTH_ACTIVATE_FAIL", "Activation keys don't match ( DB : {$activekey} / Given : {$key} )");

$this->errormsg[] = $lang[$loc]['auth']['activate_key_incorrect'];

return false;
}
}
}
}
}


/*
* Changes a user's password, providing the current password is known
* @param string $username
* @param string $currpass
* @param string $newpass
* @param string $verifynewpass
* @return boolean
*/


function changepass($username, $currpass, $newpass, $verifynewpass)
{
include("config.php");
include("lang.php");

if(strlen($username) == 0) { $this->errormsg[] = $lang[$loc]['auth']['changepass_username_empty']; }
elseif(strlen($username) > 30) { $this->errormsg[] = $lang[$loc]['auth']['changepass_username_long']; }
elseif(strlen($username) < 3) { $this->errormsg[] = $lang[$loc]['auth']['changepass_username_short']; }
if(strlen($currpass) == 0) { $this->errormsg[] = $lang[$loc]['auth']['changepass_currpass_empty']; }
elseif(strlen($currpass) < 5) { $this->errormsg[] = $lang[$loc]['auth']['changepass_currpass_short']; }
elseif(strlen($currpass) > 30) { $this->errormsg[] = $lang[$loc]['auth']['changepass_currpass_long']; }
if(strlen($newpass) == 0) { $this->errormsg[] = $lang[$loc]['auth']['changepass_newpass_empty']; }
elseif(strlen($newpass) < 5) { $this->errormsg[] = $lang[$loc]['auth']['changepass_newpass_short']; }
elseif(strlen($newpass) > 30) { $this->errormsg[] = $lang[$loc]['auth']['changepass_newpass_long']; }
elseif(strstr($newpass, $username)) { $this->errormsg[] = $lang[$loc]['auth']['changepass_password_username']; }
elseif($newpass !== $verifynewpass) { $this->errormsg[] = $lang[$loc]['auth']['changepass_password_nomatch']; }

if(count($this->errormsg) == 0)
{
$currpass = $this->hashpass($currpass);
$newpass = $this->hashpass($newpass);

$query = $this->mysqli->prepare("SELECT password FROM users WHERE username=?");
$query->bind_param("s", $username);
$query->bind_result($db_currpass);
$query->execute();
$query->store_result();
$count = $query->num_rows;
$query->fetch();
$query->close();

if($count == 0)
{
$this->LogActivity("UNKNOWN", "AUTH_CHANGEPASS_FAIL", "Username Incorrect ({$username})");

$this->errormsg[] = $lang[$loc]['auth']['changepass_username_incorrect'];

return false;
}
else
{
if($currpass == $db_currpass)
{
$query = $this->mysqli->prepare("UPDATE users SET password=? WHERE username=?");
$query->bind_param("ss", $newpass, $username);
$query->execute();
$query->close();

$this->LogActivity($username, "AUTH_CHANGEPASS_SUCCESS", "Password changed");

$this->successmsg[] = $lang[$loc]['auth']['changepass_success'];

return true;
}
else
{
$this->LogActivity($username, "AUTH_CHANGEPASS_FAIL", "Current Password Incorrect ( DB : {$db_currpass} / Given : {$currpass} )");

$this->errormsg[] = $lang[$loc]['auth']['changepass_currpass_incorrect'];

return false;
}
}
}

else
{
return false;
}
}


/*
* Changes the stored email address based on username
* @param string $username
* @param string $email
* @return boolean
*/


function changeemail($username, $email)
{
include("config.php");
include("lang.php");

if(strlen($username) == 0) { $this->errormsg[] = $lang[$loc]['auth']['changeemail_username_empty']; }
elseif(strlen($username) > 30) { $this->errormsg[] = $lang[$loc]['auth']['changeemail_username_long']; }
elseif(strlen($username) < 3) { $this->errormsg[] = $lang[$loc]['auth']['changeemail_username_short']; }
if(strlen($email) == 0) { $this->errormsg[] = $lang[$loc]['auth']['changeemail_email_empty']; }
elseif(strlen($email) > 100) { $this->errormsg[] = $lang[$loc]['auth']['changeemail_email_long']; }
elseif(strlen($email) < 5) { $this->errormsg[] = $lang[$loc]['auth']['changeemail_email_short']; }
elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)) { $this->errormsg[] = $lang[$loc]['auth']['changeemail_email_invalid']; }

if(count($this->errormsg) == 0)
{
$query = $this->mysqli->prepare("SELECT email FROM users WHERE username=?");
$query->bind_param("s", $username);
$query->bind_result($db_email);
$query->execute();
$query->store_result();
$count = $query->num_rows;
$query->fetch();
$query->close();

if($count == 0)
{
$this->LogActivity("UNKNOWN", "AUTH_CHANGEEMAIL_FAIL", "Username Incorrect ({$username})");

$this->errormsg[] = $lang[$loc]['auth']['changeemail_username_incorrect'];

return false;
}
else
{
if($email == $db_email)
{
$this->LogActivity($username, "AUTH_CHANGEEMAIL_FAIL", "Old and new email matched ({$email})");

$this->errormsg[] = $lang[$loc]['auth']['changeemail_email_match'];

return false;
}
else
{
$query = $this->mysqli->prepare("UPDATE users SET email=? WHERE username=?");
$query->bind_param("ss", $email, $username);
$query->execute();
$query->close();

$this->LogActivity($username, "AUTH_CHANGEEMAIL_SUCCESS", "Email changed from {$db_email} to {$email}");

$this->successmsg[] = $lang[$loc]['auth']['changeemail_success'];

return true;
}
}
}

else
{
return false;
}
}


/*
* Give the user the ability to change their password if the current password is forgotten
* by sending email to the email address associated to that user
* @param string $username
* @param string $email
* @param string $key
* @param string $newpass
* @param string $verifynewpass
* @return boolean
*/


function resetpass($username = '0', $email ='0', $key = '0', $newpass = '0', $verifynewpass = '0')
{
include("config.php");
include("lang.php");

$attcount = $this->getattempt($_SERVER['REMOTE_ADDR']);

if($attcount >= $auth_conf['max_attempts'])
{
$this->errormsg[] = $lang[$loc]['auth']['resetpass_lockedout'];
$this->errormsg[] = $lang[$loc]['auth']['resetpass_wait30'];

return false;
}
else
{
if($username == '0' && $key == '0')
{
if(strlen($email) == 0) { $this->errormsg[] = $lang[$loc]['auth']['resetpass_email_empty']; }
elseif(strlen($email) > 100) { $this->errormsg[] = $lang[$loc]['auth']['resetpass_email_long']; }
elseif(strlen($email) < 5) { $this->errormsg[] = $lang[$loc]['auth']['resetpass_email_short']; }
elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)) { $this->errormsg[] = $lang[$loc]['auth']['resetpass_email_invalid']; }

$resetkey = $this->randomkey(15);

$query = $this->mysqli->prepare("SELECT username FROM users WHERE email=?");
$query->bind_param("s", $email);
$query->bind_result($username);
$query->execute();
$query->store_result();
$count = $query->num_rows;
$query->fetch();
$query->close();

if($count == 0)
{
$this->errormsg[] = $lang[$loc]['auth']['resetpass_email_incorrect'];

$attcount = $attcount + 1;
$remaincount = $auth_conf['max_attempts'] - $attcount;

$this->LogActivity("UNKNOWN", "AUTH_RESETPASS_FAIL", "Email incorrect ({$email})");

$this->errormsg[] = sprintf($lang[$loc]['auth']['resetpass_attempts_remaining'], $remaincount);

$this->addattempt($_SERVER['REMOTE_ADDR']);

return false;
}
else
{
$query = $this->mysqli->prepare("UPDATE users SET resetkey=? WHERE username=?");
$query->bind_param("ss", $resetkey, $username);
$query->execute();
$query->close();

$message_from = $auth_conf['email_from'];
$message_subj = $auth_conf['site_name'] . " - Password reset request !";
$message_cont = "Hello {$username}<br/><br/>";
$message_cont .= "You recently requested a password reset on " . $auth_conf['site_name'] . "<br/>";
$message_cont .= "To proceed with the password reset, please click the following link :<br/><br/>";
$message_cont .= "<b><a href=\"" . $auth_conf['base_url'] . "?page=forgot&username={$username}&key={$resetkey}\">Reset My Password</a></b>";
$message_head = "From: {$message_from}" . "\r\n";
$message_head .= "MIME-Version: 1.0" . "\r\n";
$message_head .= "Content-type: text/html; charset=iso-8859-1" . "\r\n";

mail($email, $message_subj, $message_cont, $message_head);

$this->LogActivity($username, "AUTH_RESETPASS_SUCCESS", "Reset pass request sent to {$email} ( Key : {$resetkey} )");

$this->successmsg[] = $lang[$loc]['auth']['resetpass_email_sent'];

return true;
}
}

else
{
// Reset Password

if(strlen($key) == 0) { $this->errormsg[] = $lang[$loc]['auth']['resetpass_key_empty']; }
elseif(strlen($key) < 15) { $this->errormsg[] = $lang[$loc]['auth']['resetpass_key_short']; }
elseif(strlen($key) > 15) { $this->errormsg[] = $lang[$loc]['auth']['resetpass_key_long']; }
if(strlen($newpass) == 0) { $this->errormsg[] = $lang[$loc]['auth']['resetpass_newpass_empty']; }
elseif(strlen($newpass) > 30) { $this->errormsg[] = $lang[$loc]['auth']['resetpass_newpass_long']; }
elseif(strlen($newpass) < 5) { $this->errormsg[] = $lang[$loc]['auth']['resetpass_newpass_short']; }
elseif(strstr($newpass, $username)) { $this->errormsg[] = $lang[$loc]['auth']['resetpass_newpass_username']; }
elseif($newpass !== $verifynewpass) { $this->errormsg[] = $lang[$loc]['auth']['resetpass_newpass_nomatch']; }

if(count($this->errormsg) == 0)
{
$query = $this->mysqli->prepare("SELECT resetkey FROM users WHERE username=?");
$query->bind_param("s", $username);
$query->bind_result($db_key);
$query->execute();
$query->store_result();
$count = $query->num_rows;
$query->fetch();
$query->close();

if($count == 0)
{
$this->errormsg[] = $lang[$loc]['auth']['resetpass_username_incorrect'];

$attcount = $attcount + 1;
$remaincount = $auth_conf['max_attempts'] - $attcount;

$this->LogActivity("UNKNOWN", "AUTH_RESETPASS_FAIL", "Username incorrect ({$username})");

$this->errormsg[] = sprintf($lang[$loc]['auth']['resetpass_attempts_remaining'], $remaincount);

$this->addattempt($_SERVER['REMOTE_ADDR']);

return false;
}
else
{
if($key == $db_key)
{
$newpass = $this->hashpass($newpass);

$resetkey = '0';

$query = $this->mysqli->prepare("UPDATE users SET password=?, resetkey=? WHERE username=?");
$query->bind_param("sss", $newpass, $resetkey, $username);
$query->execute();
$query->close();

$this->LogActivity($username, "AUTH_RESETPASS_SUCCESS", "Password reset - Key reset");

$this->successmsg[] = $lang[$loc]['auth']['resetpass_success'];

return true;
}
else
{
$this->errormsg[] = $lang[$loc]['auth']['resetpass_key_incorrect'];

$attcount = $attcount + 1;
$remaincount = 5 - $attcount;

$this->LogActivity($username, "AUTH_RESETPASS_FAIL", "Key Incorrect ( DB : {$db_key} / Given : {$key} )");

$this->errormsg[] = sprintf($lang[$loc]['auth']['resetpass_attempts_remaining'], $remaincount);

$this->addattempt($_SERVER['REMOTE_ADDR']);

return false;
}
}
}

else
{
return false;
}
}
}
}


/*
* Checks if the reset key is correct for provided username
* @param string $username
* @param string $key
* @return boolean
*/


function checkresetkey($username, $key)
{
include("config.php");
include("lang.php");

$attcount = $this->getattempt($_SERVER['REMOTE_ADDR']);

if($attcount >= $auth_conf['max_attempts'])
{
$this->errormsg[] = $lang[$loc]['auth']['resetpass_lockedout'];
$this->errormsg[] = $lang[$loc]['auth']['resetpass_wait30'];

return false;
}
else
{

if(strlen($username) == 0) { return false; }
elseif(strlen($username) > 30) { return false; }
elseif(strlen($username) < 3) { return false; }
elseif(strlen($key) == 0) { return false; }
elseif(strlen($key) < 15) { return false; }
elseif(strlen($key) > 15) { return false; }
else
{
$query = $this->mysqli->prepare("SELECT resetkey FROM users WHERE username=?");
$query->bind_param("s", $username);
$query->bind_result($db_key);
$query->execute();
$query->store_result();
$count = $query->num_rows;
$query->fetch();
$query->close();

if($count == 0)
{
$this->LogActivity("UNKNOWN", "AUTH_CHECKRESETKEY_FAIL", "Username doesn't exist ({$username})");

$this->addattempt($_SERVER['REMOTE_ADDR']);

$this->errormsg[] = $lang[$loc]['auth']['checkresetkey_username_incorrect'];

$attcount = $attcount + 1;
$remaincount = $auth_conf['max_attempts'] - $attcount;

$this->errormsg[] = sprintf($lang[$loc]['auth']['checkresetkey_attempts_remaining'], $remaincount);

return false;
}
else
{
if($key == $db_key)
{
return true;
}
else
{
$this->LogActivity($username, "AUTH_CHECKRESETKEY_FAIL", "Key provided is different to DB key ( DB : {$db_key} / Given : {$key} )");

$this->addattempt($_SERVER['REMOTE_ADDR']);

$this->errormsg[] = $lang[$loc]['auth']['checkresetkey_key_incorrect'];

$attcount = $attcount + 1;
$remaincount = $auth_conf['max_attempts'] - $attcount;

$this->errormsg[] = sprintf($lang[$loc]['auth']['checkresetkey_attempts_remaining'], $remaincount);

return false;
}
}
}
}
}


/*
* Deletes a user's account. Requires user's password
* @param string $username
* @param string $password
* @return boolean
*/


function deleteaccount($username, $password)
{
include("config.php");
include("lang.php");

if(strlen($username) == 0) { $this->errormsg[] = $lang[$loc]['auth']['deleteaccount_username_empty']; }
elseif(strlen($username) > 30) { $this->errormsg[] = $lang[$loc]['auth']['deleteaccount_username_long']; }
elseif(strlen($username) < 3) { $this->errormsg[] = $lang[$loc]['auth']['deleteaccount_username_short']; }
if(strlen($password) == 0) { $this->errormsg[] = $lang[$loc]['auth']['deleteaccount_password_empty']; }
elseif(strlen($password) > 30) { $this->errormsg[] = $lang[$loc]['auth']['deleteaccount_password_long']; }
elseif(strlen($password) < 5) { $this->errormsg[] = $lang[$loc]['auth']['deleteaccount_password_short']; }

if(count($this->errormsg) == 0)
{
$password = $this->hashpass($password);

$query = $this->mysqli->prepare("SELECT password FROM users WHERE username=?");
$query->bind_param("s", $username);
$query->bind_result($db_password);
$query->execute();
$query->store_result();
$count = $query->num_rows;
$query->fetch();
$query->close();

if($count == 0)
{
$this->LogActivity("UNKNOWN", "AUTH_DELETEACCOUNT_FAIL", "Username Incorrect ({$username})");

$this->errormsg[] = $lang[$loc]['auth']['deleteaccount_username_incorrect'];

return false;
}
else
{
if($password == $db_password)
{
$query = $this->mysqli->prepare("DELETE FROM users WHERE username=?");
$query->bind_param("s", $username);
$query->execute();
$query->close();

$query = $this->mysqli->prepare("DELETE FROM sessions WHERE username=?");
$query->bind_param("s", $username);
$query->execute();
$query->close();

$this->LogActivity($username, "AUTH_DELETEACCOUNT_SUCCESS", "Account deleted - Sessions deleted");

$this->successmsg[] = $lang[$loc]['auth']['deleteaccount_success'];

return true;
}
else
{
$this->LogActivity($username, "AUTH_DELETEACCOUNT_FAIL", "Password incorrect ( DB : {$db_password} / Given : {$password} )");

$this->errormsg[] = $lang[$loc]['auth']['deleteaccount_password_incorrect'];

return false;
}
}
}

else
{
return false;
}
}


/*
* Adds a new attempt to database based on user's IP
* @param string $ip
*/


function addattempt($ip)
{
include("config.php");

$query = $this->mysqli->prepare("SELECT count FROM attempts WHERE ip = ?");
$query->bind_param("s", $ip);
$query->bind_result($attempt_count);
$query->execute();
$query->store_result();
$count = $query->num_rows;
$query->fetch();
$query->close();

if($count == 0)
{
// No record of this IP in attempts table already exists, create new

$attempt_expiredate = date("Y-m-d H:i:s", strtotime($auth_conf['security_duration']));
$attempt_count = 1;

$query = $this->mysqli->prepare("INSERT INTO attempts (ip, count, expiredate) VALUES (?, ?, ?)");
$query->bind_param("sis", $ip, $attempt_count, $attempt_expiredate);
$query->execute();
$query->close();
}
else
{
// IP Already exists in attempts table, add 1 to current count

$attempt_expiredate = date("Y-m-d H:i:s", strtotime($auth_conf['security_duration']));
$attempt_count = $attempt_count + 1;

$query = $this->mysqli->prepare("UPDATE attempts SET count=?, expiredate=? WHERE ip=?");
$query->bind_param("iss", $attempt_count, $attempt_expiredate, $ip);
$query->execute();
$query->close();
}
}


/*
* Provides amount of attempts already in database based on user's IP
* @param string $ip
* @return int $attempt_count
*/


function getattempt($ip)
{
$query = $this->mysqli->prepare("SELECT count FROM attempts WHERE ip = ?");
$query->bind_param("s", $ip);
$query->bind_result($attempt_count);
$query->execute();
$query->store_result();
$count = $query->num_rows;
$query->fetch();
$query->close();

if($count == 0)
{
$attempt_count = 0;
}

return $attempt_count;
}

/*
* Function used to remove expired attempt logs from database (Recommended as Cron Job)
*/


function expireattempt()
{
$query = $this->mysqli->prepare("SELECT ip, expiredate FROM attempts");
$query->bind_result($ip, $expiredate);
$query->execute();
$query->store_result();
$count = $query->num_rows;

$curr_time = strtotime(date("Y-m-d H:i:s"));

if($count != 0)
{
while($query->fetch())
{
$attempt_expiredate = strtotime($expiredate);

if($attempt_expiredate <= $curr_time)
{
$query2 = $this->mysqli->prepare("DELETE FROM attempts WHERE ip = ?");
$query2->bind_param("s", $ip);
$query2->execute();
$query2->close();
}
}
}
}


/*
* Logs users actions on the site to database for future viewing
* @param string $username
* @param string $action
* @param string $additionalinfo
* @return boolean
*/


function LogActivity($username, $action, $additionalinfo = "none")
{
include("config.php");
include("lang.php");

if(strlen($username) == 0) { $username = "GUEST"; }
elseif(strlen($username) < 3) { $this->errormsg[] = $lang[$loc]['auth']['logactivity_username_short']; return false; }
elseif(strlen($username) > 30) { $this->errormsg[] = $lang[$loc]['auth']['logactivity_username_long']; return false; }

if(strlen($action) == 0) { $this->errormsg[] = $lang[$loc]['auth']['logactivity_action_empty']; return false; }
elseif(strlen($action) < 3) { $this->errormsg[] = $lang[$loc]['auth']['logactivity_action_short']; return false; }
elseif(strlen($action) > 100) { $this->errormsg[] = $lang[$loc]['auth']['logactivity_action_long']; return false; }

if(strlen($additionalinfo) == 0) { $additionalinfo = "none"; }
elseif(strlen($additionalinfo) > 500) { $this->errormsg[] = $lang[$loc]['auth']['logactivity_addinfo_long']; return false; }

if(count($this->errormsg) == 0)
{
$ip = $_SERVER['REMOTE_ADDR'];
$date = date("Y-m-d H:i:s");

$query = $this->mysqli->prepare("INSERT INTO activitylog (date, username, action, additionalinfo, ip) VALUES (?, ?, ?, ?, ?)");
$query->bind_param("sssss", $date, $username, $action, $additionalinfo, $ip);
$query->execute();
$query->close();

return true;
}
}


/*
* Hash user's password with SHA512, base64_encode, ROT13 and salts !
* @param string $password
* @return string $password
*/


function hashpass($password)
{
include("config.php");

$password = hash("SHA512", base64_encode(str_rot13(hash("SHA512", str_rot13($auth_conf['salt_1'] . $password . $auth_conf['salt_2'])))));
return $password;[/more]
}
}


_____________
Не тот велик, кто не падал, а тот кто падал и поднимался.
AlmazDelDiablo
Давно уже понял, что хранить свои наработки в виде кода вне какого-то проекта — бессмысленно, так как через недели две код кажется убогим и кривым, всё пишется заново. Максимум, что можно сохранять, на мой взгляд, — это алгоритмы в псевдокоде/блок-схемах/простом тексте.

_____________
Блог | VK | GitHub | Twitch
Invis1ble
ТС, открой для себя репозитории.
Например: раз, два

_____________

Профессиональная разработка на заказ

Я на GitHub | второй профиль

kristall
И антипримеры: http://www.govnokod.ru

_____________
echo '<pre>',print_r($var, 1);die;

root@server# make love && war
Быстрый ответ:

 Графические смайлики |  Показывать подпись
Здесь расположена полная версия этой страницы.
Invision Power Board © 2001-2025 Invision Power Services, Inc.