time = time(); $this->startSession(); } /** * startSession - Performs all the actions necessary to * initialize this session object. Tries to determine if the * the user has logged in already, and sets the variables * accordingly. Also takes advantage of this page load to * update the active visitors tables. */ function startSession(){ global $database; //The database connection session_start(); //Tell PHP to start the session /* Determine if user is logged in */ //MT commented 5/3/11 $this->logged_in = $this->checkLogin(); /** * Set guest value to users not logged in, and update * active guests table accordingly. */ if(!$this->logged_in){ $this->username = $_SESSION['username'] = GUEST_NAME; $this->userlevel = GUEST_LEVEL; $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time); //MT } /* Update users last active timestamp */ else{ $database->addActiveUser($this->username, $this->time); } /* Remove inactive visitors from database */ $database->removeInactiveUsers(); //MT $database->removeInactiveGuests(); //MT /* Set referrer page */ if(isset($_SESSION['url'])){ $this->referrer = $_SESSION['url']; }else{ $this->referrer = "/"; } if(isset($_SESSION['url'])){ if(strpos($_SESSION['url'], '.php')){ $this->referrerNoExt = str_replace(".php", "", $_SESSION['url']); } else { $this->referrerNoExt = $_SESSION['url']; } }else{ $this->referrerNoExt = "/"; } /* Set current url */ $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF']; } /** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */ function checkLogin(){ global $database; //The database connection /* Check if user has been remembered */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){ $this->username = $_SESSION['username'] = $_COOKIE['cookname']; $this->userid = $_SESSION['userid'] = $_COOKIE['cookid']; } /* Username and userid have been set and not guest */ if(isset($_SESSION['username']) && isset($_SESSION['userid']) && $_SESSION['username'] != GUEST_NAME){ /* Confirm that username and userid are valid */ if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){ unset($_SESSION['username']); unset($_SESSION['userid']); return false; } /* User is logged in, set class variables */ $this->userinfo = $database->getUserInfo($_SESSION['username']); $this->uID = $this->userinfo['uID']; $this->username = $this->userinfo['username']; $this->email = $this->userinfo['email']; $this->userid = $this->userinfo['userid']; $this->userlevel = $this->userinfo['userlevel']; $this->userlastloggedin = $this->userinfo['last_login']; return true; } /* User not logged in */ else{ return false; } } /** * login - The user has submitted his username and password * through the login form, this function checks the authenticity * of that information in the database and creates the session. * Effectively logging in the user if all goes well. */ function login($subuser, $subpass, $subremember){ global $database, $form; //The database and form object $simpleText="/^([A-Za-z0-9!\-\_])+$/D"; /* Username error checking */ $field = "user"; //Use field name for username if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "* Username empty"); } else{ /* Check if username is not alphanumeric */ if(!preg_match($simpleText, $subuser)){ $form->setError($field, "* Username invalid"); } } /* Password error checking */ $field = "pass"; //Use field name for password if(!$subpass){ $form->setError($field, "* Password empty"); } //print "Hello -> ".$form->num_errors; //exit; /* Return if form errors exist */ if($form->num_errors > 0){ return false; } /* Checks that username is in database and password is correct */ $subuser = stripslashes($subuser); $result = $database->confirmUserPass($subuser, md5($subpass)); /* Check error codes */ if($result == 1){ $field = "user"; $form->setError($field, "* Login invalid"); } else if($result == 2){ $field = "pass"; $form->setError("user", "* Login invalid"); } /* Return if form errors exist */ if($form->num_errors > 0){ return false; } /* Username and password correct, register session variables */ $this->userinfo = $database->getUserInfo($subuser); $this->username = $_SESSION['username'] = $this->userinfo['username']; $this->uID = $this->userinfo['uID']; $this->userid = $_SESSION['userid'] = $this->generateRandID(); $this->userlevel = $this->userinfo['userlevel']; /* Insert userid into database and update active users table */ $database->updateUserField($this->username, "userid", $this->userid); $database->addActiveUser($this->username, $this->time); // need to update last_active with the timestamp //$database->updateUserField($this->username, "last_login", time()); $database->updateLastLogin($this->uID); $database->removeActiveGuest($_SERVER['REMOTE_ADDR']); $_SESSION['show_welcome']=true; /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his username, * and one to hold his random value userid. It expires by the time * specified in constants.php. Now, next time he comes to our site, we will * log him in automatically, but only if he didn't log out before he left. */ if($subremember){ setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH); setcookie("cookid", $this->userid, time()+COOKIE_EXPIRE, COOKIE_PATH); } /* Login completed successfully */ return true; } /** * logout - Gets called when the user wants to be logged out of the * website. It deletes any cookies that were stored on the users * computer as a result of him wanting to be remembered, and also * unsets session variables and demotes his user level to guest. */ function logout(){ global $database; //The database connection /** * Delete cookies - the time must be in the past, * so just negate what you added when creating the * cookie. */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){ setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH); setcookie("cookid", "", time()-COOKIE_EXPIRE, COOKIE_PATH); } /* Unset PHP session variables */ unset($_SESSION['username']); unset($_SESSION['userid']); /* Reflect fact that user has logged out */ $this->logged_in = false; /** * Remove from active users table and add to * active guests tables. */ $database->removeActiveUser($this->username); $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time); /* Set user level to guest */ $this->username = GUEST_NAME; $this->userlevel = GUEST_LEVEL; } /** * register - Gets called when the user has just submitted the * registration form. Determines if there were any errors with * the entry fields, if so, it records the errors and returns * 1. If no errors were found, it registers the new user and * returns 0. Returns 2 if registration failed. */ function register($subuser, $subpass, $subemail){ global $database, $form, $mailer; //The database, form and mailer object /* Username error checking */ $field = "user"; //Use field name for username if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "* Username not entered"); } else{ /* Spruce up username, check length */ $subuser = stripslashes($subuser); if(strlen($subuser) < 5){ $form->setError($field, "* Username below 5 characters"); } else if(strlen($subuser) > 30){ $form->setError($field, "* Username above 30 characters"); } /* Check if username is not alphanumeric */ else if(!eregi("^([0-9a-z])+$", $subuser)){ $form->setError($field, "* Username not alphanumeric"); } /* Check if username is reserved */ else if(strcasecmp($subuser, GUEST_NAME) == 0){ $form->setError($field, "* Username reserved word"); } /* Check if username is already in use */ else if($database->usernameTaken($subuser)){ $form->setError($field, "* Username already in use"); } /* Check if username is banned */ else if($database->usernameBanned($subuser)){ $form->setError($field, "* Username banned"); } } /* Password error checking */ $field = "pass"; //Use field name for password if(!$subpass){ $form->setError($field, "* Password not entered"); } else{ /* Spruce up password and check length*/ $subpass = stripslashes($subpass); if(strlen($subpass) < 4){ $form->setError($field, "* Password too short"); } /* Check if password is not alphanumeric */ else if(!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))){ $form->setError($field, "* Password not alphanumeric"); } /** * Note: I trimmed the password only after I checked the length * because if you fill the password field up with spaces * it looks like a lot more characters than 4, so it looks * kind of stupid to report "password too short". */ } /* Email error checking */ $field = "email"; //Use field name for email if(!$subemail || strlen($subemail = trim($subemail)) == 0){ $form->setError($field, "* Email not entered"); } else{ /* Check if valid email address */ $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*" ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*" ."\.([a-z]{2,}){1}$"; if(!eregi($regex,$subemail)){ $form->setError($field, "* Email invalid"); } $subemail = stripslashes($subemail); } /* Errors exist, have user correct them */ if($form->num_errors > 0){ return 1; //Errors with form } /* No errors, add the new account to the */ else{ if($database->addNewUser($subuser, md5($subpass), $subemail)){ if(EMAIL_WELCOME){ $mailer->sendWelcome($subuser,$subemail,$subpass); } return 0; //New user added succesfully }else{ return 2; //Registration attempt failed } } } /** * editAccount - Attempts to edit the user's account information * including the password, which it first makes sure is correct * if entered, if so and the new password is in the right * format, the change is made. All other fields are changed * automatically. */ function editAccount($subcurpass, $subnewpass, $subemail){ global $database, $form; //The database and form object /* New password entered */ if($subnewpass){ /* Current Password error checking */ $field = "curpass"; //Use field name for current password if(!$subcurpass){ $form->setError($field, "* Current Password not entered"); } else{ /* Check if password too short or is not alphanumeric */ $subcurpass = stripslashes($subcurpass); if(strlen($subcurpass) < 4 || !eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))){ $form->setError($field, "* Current Password incorrect"); } /* Password entered is incorrect */ if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){ $form->setError($field, "* Current Password incorrect"); } } /* New Password error checking */ $field = "newpass"; //Use field name for new password /* Spruce up password and check length*/ $subpass = stripslashes($subnewpass); if(strlen($subnewpass) < 4){ $form->setError($field, "* New Password too short"); } /* Check if password is not alphanumeric */ else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))){ $form->setError($field, "* New Password not alphanumeric"); } } /* Change password attempted */ else if($subcurpass){ /* New Password error reporting */ $field = "newpass"; //Use field name for new password $form->setError($field, "* New Password not entered"); } /* Email error checking */ $field = "email"; //Use field name for email if($subemail && strlen($subemail = trim($subemail)) > 0){ /* Check if valid email address */ $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*" ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*" ."\.([a-z]{2,}){1}$"; if(!eregi($regex,$subemail)){ $form->setError($field, "* Email invalid"); } $subemail = stripslashes($subemail); } /* Errors exist, have user correct them */ if($form->num_errors > 0){ return false; //Errors with form } /* Update password since there were no errors */ if($subcurpass && $subnewpass){ $database->updateUserField($this->username,"password",md5($subnewpass)); } /* Change Email */ if($subemail){ $database->updateUserField($this->username,"email",$subemail); } /* Success! */ return true; } function validateContactUs($your_name, $your_phone,$your_email,$your_message) { global $form, $ajaxValidate; $field='your-name'; $ret=$ajaxValidate->checkName($your_name, false); if($ret){ $form->setError($field, "".ERROR_IMAGE." ".$ret); } $field='your-phone'; $ret=$ajaxValidate->checkPhone($your_phone, false); if($ret){ $form->setError($field, "".ERROR_IMAGE." ".$ret); } $field='your-email'; $ret=$ajaxValidate->checkEmail($your_email, false); if($ret){ $form->setError($field, "".ERROR_IMAGE." ".$ret); } $field='your-message'; $ret=$ajaxValidate->checkMessage($your_message, false); if($ret){ $form->setError($field, "".ERROR_IMAGE." ".$ret); } //print $form->num_errors; //exit; if($form->num_errors > 0) return false; return true; } function validateLeaveAReviewStep1($your_score, $your_name, $your_email, $your_suburb, $your_message) { global $form, $ajaxValidate; $field='rating'; $ret=$ajaxValidate->checkScore($your_score, false); if($ret){ $form->setError($field, "".ERROR_IMAGE." ".$ret); } $field='your-name'; $ret=$ajaxValidate->checkName($your_name, false); if($ret){ $form->setError($field, "".ERROR_IMAGE." ".$ret); } $field='your-email'; $ret=$ajaxValidate->checkEmail($your_email, false); if($ret){ $form->setError($field, "".ERROR_IMAGE." ".$ret); } $field='your-suburb'; $ret=$ajaxValidate->checkSuburb($your_suburb, false); if($ret){ $form->setError($field, "".ERROR_IMAGE." ".$ret); } $field='your-message'; $ret=$ajaxValidate->checkMessage($your_message, false); if($ret){ $form->setError($field, "".ERROR_IMAGE." ".$ret); } //print $form->num_errors; //exit; if($form->num_errors > 0) return false; return true; } function validateAccount($clickType, $updatedEmail, $currPassword, $currPassPass, $newPassword) { global $form, $session, $database; $field='clickType'; if((!$clickType)) { $form->setError($field, "* Please select what you would like to update
"); } //update email if($clickType=='email') { $field="updatedEmail"; if(!$updatedEmail) { $form->setError($field, "* Email address is empty
"); } else { if(strlen(trim($updatedEmail)) < EMAIL_MIN_SIZE) { $form->setError($field, "* Email address must be at least ".EMAIL_MIN_SIZE." characters
"); } else if(strlen(trim($updatedEmail)) > EMAIL_MAX_SIZE) { $form->setError($field, "* Email address must be less than ".EMAIL_MAX_SIZE." characters
"); } else if(!preg_match(EMAIL_REGEX, ($updatedEmail = trim($updatedEmail)))){ $form->setError($field, "* Email invalid (i.e example@domain.com)
"); } } $field="currPassword"; if(!$currPassword) { $form->setError($field, "* Password is empty
"); } else { if(strlen(trim($currPassword)) < PASSWORD_MIN_SIZE) { $form->setError($field, "* Password must be at least ".PASSWORD_MIN_SIZE." characters
"); } else if(strlen(trim($currPassword)) > PASSWORD_MAX_SIZE) { $form->setError($field, "*Password must be less than ".PASSWORD_MAX_SIZE." characters
"); } else { // check password exists in db $res=$database->confirmUserPass($session->username, md5($currPassword)); if($res!=0) { $form->setError($field, "* Password invalid
"); } } } } // eof clickType=email else { $field="currPassPass"; if(!$currPassPass) { $form->setError($field, "* Current password is empty
"); } else { if(strlen(trim($currPassPass)) < PASSWORD_MIN_SIZE) { $form->setError($field, "* Current password must be at least ".PASSWORD_MIN_SIZE." characters
"); } else if(strlen(trim($currPassPass)) > PASSWORD_MAX_SIZE) { $form->setError($field, "* Current password must be less than ".PASSWORD_MAX_SIZE." characters
"); } else{ // check password exists in db $res=$database->confirmUserPass($session->username, md5($currPassPass)); if($res!=0) { $form->setError($field, "* Password invalid
"); } } } $field="newPassword"; if(!$newPassword) { $form->setError($field, "* Password is empty
"); } else { if(strlen(trim($newPassword)) < PASSWORD_MIN_SIZE) { $form->setError($field, "* Password must be at least ".PASSWORD_MIN_SIZE." characters
"); } else if(strlen(trim($newPassword)) > PASSWORD_MAX_SIZE) { $form->setError($field, "*Password must be less than ".PASSWORD_MAX_SIZE." characters
"); } } } // eof clickType=email //update password if($form->num_errors > 0) return false; return true; }// eof validateAccount /** * isAdmin - Returns true if currently logged in user is * an administrator, false otherwise. */ function isAdmin(){ return ($this->userlevel == ADMIN_LEVEL || $this->username == ADMIN_NAME); } function sortMe($a, $b) { return $b['count'] - $a['count']; } /** * generateRandID - Generates a string made up of randomized * letters (lower and upper case) and digits and returns * the md5 hash of it to be used as a userid. */ function generateRandID(){ return md5($this->generateRandStr(16)); } /** * generateRandStr - Generates a string made up of randomized * letters (lower and upper case) and digits, the length * is a specified parameter. */ function generateRandStr($length){ $randstr = ""; for($i=0; $i<$length; $i++){ $randnum = mt_rand(0,61); if($randnum < 10){ $randstr .= chr($randnum+48); }else if($randnum < 36){ $randstr .= chr($randnum+55); }else{ $randstr .= chr($randnum+61); } } return $randstr; } }; /** * Initialize session object - This must be initialized before * the form object because the form uses session variables, * which cannot be accessed unless the session has started. */ $session = new Session; /* Initialize form object */ $form = new Form; ?>