xifyhosting
Active Member
Hello,
Before you look at the source I would like to say a huge thank you to Bennett's (http://btreptow.com/) who is one of my developer/beta tester for Graft Development. He has imputed allot of his own work into script, and i cannot take credit for the input he has put into this himself. Secondly I would like to thank Brad for help testing the script at each stage.
config.inc.php
user.inc.php
signup.php
logout.php
index.php
design.home.inc.php
design.login.inc.php
design.signup.inc.php
The design.top.inc.php and design.bottom.inc.php is the html code of the website for all the pages.
Lastly some tips this is what i use for my .htaccess
I hope this can come in handy for a few people. If you find any security issues please tell me and i'll fix them.
Regards,
Jordan
Before you look at the source I would like to say a huge thank you to Bennett's (http://btreptow.com/) who is one of my developer/beta tester for Graft Development. He has imputed allot of his own work into script, and i cannot take credit for the input he has put into this himself. Secondly I would like to thank Brad for help testing the script at each stage.
config.inc.php
PHP:
<?php
define("MYSQL_HOST","localhost");
define("MYSQL_USER","username");
define("MYSQL_PASSWORD","password");
define("MYSQL_DATABASE","db_name");
define("CURRENT_DESIGN","default");
try {
$dbh = new PDO("mysql:host="MYSQL_HOST.";dbname=".MYSQL_DATABASE,MYSQL_USER,MYSQL_PASSWORD);
} catch(PDOException $e){
echo $e->getMessage();
}
?>user.inc.php
PHP:
<?php
class user {
public $uid = "";
public $userinfo;
public function __construct($id = null)
{
if(null !== $id)
{
$this->getUserInfo($id);
$this->uid = $id;
}
}
public function __destruct(){
}
public function getUserInfo($id){
global $dbh;
$st = $dbh->prepare("SELECT * FROM `users` WHERE `id` = :id LIMIT 1");
$st->execute(array(":id" => $id));
$this->userinfo = $st->fetch(PDO::FETCH_OBJ);
}
public function login($email,$password){
global $dbh;
$st = $dbh->prepare("SELECT * FROM `users` WHERE `email` = :email AND `password` = :password LIMIT 1");
$st->execute(array(":email" => $email,":password" => $password));
$result = $st->fetch(PDO::FETCH_OBJ);
if ($result > 0) {
$id = $result->id;
$this->uid = $id;
return $id;
}
else {
return "Login error";
}
}
public function signup($fname,$lname,$email,$password,$ip){
global $dbh;
$st = $dbh->prepare("SELECT count(*) FROM `users` WHERE `email` = :email LIMIT 1");
$st->execute(array(":email" => $email));
$Data = $st->fetchColumn();
if ($Data > 0) {
return "Error on email";
} else {
try {
$st = $dbh->prepare("INSERT INTO users (email, password, firstname, lastname, ip) value (:email, :password, :firstname, :lastname, :ip)");
$st->execute(array(":email" => $email, ":password" => $password, ":firstname" => $fname, ":lastname" => $lname, ":ip" => $ip));
} catch (PDOException $err) {
return "Error " . $err->getMessage();
}
$st = $dbh->prepare("SELECT * FROM `users` WHERE `email` = :email AND `password` = :password LIMIT 1");
$st->execute(array(":email" => $email,":password" => $password));
$result = $st->fetch(PDO::FETCH_OBJ);
if ($result > 0) {
$id = $result->id;
$this->uid = $id;
return $id;
}
}
}
}
?>signup.php
PHP:
<?php
session_start();
include("include/config.inc.php");
include("include/classes/user.inc.php");
if (isset($_POST['submit'])) {
$fname = htmlentities($_POST['fname']);
$lname = htmlentities($_POST['lname']);
$email = $_POST['email'];
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error = "This email address is not valid, sorry. Alternative this field could been left blank.";
} Else {
if(!filter_var($fname, FILTER_SANITIZE_STRIPPED)) {
$error = "This first name has been blocked by our filter, you cannot use miscellaneous characters. Alternative this field could been left blank.";
} Else {
if(!filter_var($lname, FILTER_SANITIZE_STRIPPED)) {
$error = "This last name has been blocked by our filter, you cannot use miscellaneous characters. Alternative this field could been left blank.";
} Else {
$pass = htmlentities($_POST['password']);
$password = md5($pass);
$ip = $_SERVER['REMOTE_ADDR'];
$user = New user;
$signup = $user->signup($fname,$lname,$email,$password,$ip);
if ($signup == "Error on email") {
$error = "This email address is already in use, sorry";
} Else {
$_SESSION['id']= $signup;
}}}}
}
$design = "include/designs/".CURRENT_DESIGN."/";
include($design."design.top.inc.php");
// Start of content
if(isset($_SESSION['id'])) {
echo "<meta http-equiv='Refresh' content='0; url=https://website.com/'>
";
} else {
include($design."design.signup.inc.php");
}
// end of content
include($design."design.bottom.inc.php");
?>logout.php
PHP:
<?php
session_start();
session_destroy();
include("include/config.inc.php");
include("include/classes/user.inc.php");
$design = "include/designs/".CURRENT_DESIGN."/";
include($design."design.top.inc.php");
include($design."design.login.inc.php");
// end of content
include($design."design.bottom.inc.php");
?>index.php
PHP:
<?php
session_start();
include("include/config.inc.php");
include("include/classes/user.inc.php");
if (isset($_POST['submit'])) {
$email = htmlentities($_POST['email']);
$pass = htmlentities($_POST['password']);
$password = md5($pass);
$user = New user;
$login = $user->login($email,$password);
if ($login == "Login error") {
echo "wrong information";
} Else {
$_SESSION['id']= $login;
}}
$design = "include/designs/".CURRENT_DESIGN."/";
include($design."design.top.inc.php");
// Start of content
if(isset($_SESSION['id'])) {
include($design."design.home.inc.php");
} else {
include($design."design.login.inc.php");
}
// end of content
include($design."design.bottom.inc.php");
?>design.home.inc.php
PHP:
<?
$user = New user($_SESSION['id']);
$result = $user->userinfo;
echo $result->email."<br />";
echo $result->firstname."<br />";
echo $result->lastname."<br />";
echo $result->msn."<br />";
echo $result->aim."<br />";
echo $result->skype."<br />";
unset($user);
?>design.login.inc.php
PHP:
<div id="login_holder">
<div class="login">
<span class="title"><span>Login</span></span>
<div class="content">
<form action="" method="post">
E-mail: <input type="email" name="email" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" />
</form>
</div>
</div>
</div>design.signup.inc.php
PHP:
<div id="login_holder">
<div class="login">
<span class="title"><span>Signup</span></span>
<div class="content">
<? if ($error == "") {
} else {
echo $error;
}
?>
<form action="" method="post">
Firstname: <input type="text" name="fname" /><br />
Lastname: <input type="text" name="lname" /><br />
E-mail: <input type="email" name="email" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" name="submit" />
</form>
</div>
</div>
</div>The design.top.inc.php and design.bottom.inc.php is the html code of the website for all the pages.
Lastly some tips this is what i use for my .htaccess
Code:
#Start write engine
RewriteEngine on
#page 404 Page not found
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ 404.php
#Hide index
Options -IndexesI hope this can come in handy for a few people. If you find any security issues please tell me and i'll fix them.
Regards,
Jordan
