«
一个用于网站用户管理的函数库

时间:2008-5-31    作者:Deri    分类: 分享 

   <p>  <code><?php<br />$hidden_hash_var='your_password_here';<br />$LOGGED_IN=false;<br />//clear it out in case someone sets it in the URL or something<br />unset($LOGGED_IN);<br />/*<br />create table user (<br />user_id int not null auto_increment primary key,<br />user_name text,<br />real_name text,<br />email text,<br />password text,<br />remote_addr text,<br />confirm_hash text,<br />is_confirmed int not null default 0<br />);<br />*/<br />function user_isloggedin() {<br />global $user_name,$id_hash,$hidden_hash_var,$LOGGED_IN;<br />//have we already run the hash checks?<br />//If so, return the pre-set var<br />if (isset($LOGGED_IN)) {<br />return $LOGGED_IN;<br />}<br />if ($user_name && $id_hash) {<br />$hash=md5($user_name.$hidden_hash_var);<br />if ($hash == $id_hash) {<br />$LOGGED_IN=true;<br />return true;<br />} else {<br />$LOGGED_IN=false;<br />return false;<br />}<br />} else {<br />$LOGGED_IN=false;<br />return false;<br />}<br />}<br />function user_login($user_name,$password) {<br />global $feedback;<br />if (!$user_name || !$password) {<br />$feedback .= ' ERROR - Missing user name or password ';<br />return false;<br />} else {<br />$user_name=strtolower($user_name);<br />$password=strtolower($password);<br />$sql="SELECT * FROM user WHERE user_name='$user_name' AND password='". md5($password) ."'";<br />$result=db_query($sql);<br />if (!$result || db_numrows($result) < 1){<br />$feedback .= ' ERROR - User not found or password incorrect ';<br />return false;<br />} else {<br />if (db_result($result,0,'is_confirmed') == '1') {<br />user_set_tokens($user_name);<br />$feedback .= ' SUCCESS - You Are Now Logged In ';<br />return true;<br />} else {<br />$feedback .= ' ERROR - You haven\'t Confirmed Your Account Yet ';<br />return false;<br />}<br />}<br />}<br />}<br />function user_logout() {<br />setcookie('user_name','',(time()+2592000),'/','',0);<br />setcookie('id_hash','',(time()+2592000),'/','',0);<br />}<br />function user_set_tokens($user_name_in) {<br />global $hidden_hash_var,$user_name,$id_hash;<br />if (!$user_name_in) {<br />$feedback .= ' ERROR - User Name Missing When Setting Tokens ';<br />return false;<br />}<br />$user_name=strtolower($user_name_in);<br />$id_hash= md5($user_name.$hidden_hash_var);<br />setcookie('user_name',$user_name,(time()+2592000),'/','',0);<br />setcookie('id_hash',$id_hash,(time()+2592000),'/','',0);<br />}<br />function user_confirm($hash,$email) {<br />/*<br />Call this function on the user confirmation page,<br />which they arrive at when the click the link in the<br />account confirmation email<br />*/<br />global $feedback,$hidden_hash_var;<br />//verify that they didn't tamper with the email address<br />$new_hash=md5($email.$hidden_hash_var);<br />if ($new_hash && ($new_hash==$hash)) {<br />//find this record in the db<br />$sql="SELECT * FROM user WHERE confirm_hash='$hash'";<br />$result=db_query($sql);<br />if (!$result || db_numrows($result) < 1) {<br />$feedback .= ' ERROR - Hash Not Found ';<br />return false;<br />} else {<br />//confirm the email and set account to active<br />$feedback .= ' User Account Updated - You Are Now Logged In ';<br />user_set_tokens(db_result($result,0,'user_name'));<br />$sql="UPDATE user SET email='$email',is_confirmed='1' WHERE confirm_hash='$hash'";<br />$result=db_query($sql);<br />return true;<br />}<br />} else {<br />$feedback .= ' HASH INVALID - UPDATE FAILED ';<br />return false;<br />}<br />}<br />function user_change_password ($new_password1,$new_password2,$change_user_name,$old_password) {<br />global $feedback;<br />//new passwords present and match?<br />if ($new_password1 && ($new_password1==$new_password2)) {<br />//is this password long enough?<br />if (account_pwvalid($new_password1)) {<br />//all vars are present?<br />if ($change_user_name && $old_password) {<br />//lower case everything<br />$change_user_name=strtolower($change_user_name);<br />$old_password=strtolower($old_password);<br />$new_password1=strtolower($new_password1);<br />$sql="SELECT * FROM user WHERE user_name='$change_user_name' AND password='". md5($old_password) ."'";<br />$result=db_query($sql);<br />if (!$result || db_numrows($result) < 1) {<br />$feedback .= ' User not found or bad password '.db_error();<br />return false;<br />} else {<br />$sql="UPDATE user SET password='". md5($new_password1). "' ".<br />"WHERE user_name='$change_user_name' AND password='". md5($old_password). "'";<br />$result=db_query($sql);<br />if (!$result || db_affected_rows($result) < 1) {<br />$feedback .= ' NOTHING Changed '.db_error();<br />return false;<br />} else {<br />$feedback .= ' Password Changed ';<br />return true;<br />}<br />}<br />} else {<br />$feedback .= ' Must Provide User Name And Old Password ';<br />return false;<br />}<br />} else {<br />$feedback .= ' New Passwords Doesn\'t Meet Criteria ';<br />return false;<br />}<br />} else {<br />return false;<br />$feedback .= ' New Passwords Must Match ';<br />}<br />}<br />function user_lost_password ($email,$user_name) {<br />global $feedback,$hidden_hash_var;<br />if ($email && $user_name) {<br />$user_name=strtolower($user_name);<br />$sql="SELECT * FROM user WHERE user_name='$user_name' AND email='$email'";<br />$result=db_query($sql);<br />if (!$result || db_numrows($result) < 1) {<br />//no matching user found<br />$feedback .= ' ERROR - Incorrect User Name Or Email Address ';<br />return false;<br />} else {<br />//create a secure, new password<br />$new_pass=strtolower(substr(md5(time().$user_name.$hidden_hash_var),1,14));<br />//update the database to include the new password<br />$sql="UPDATE user SET password='". md5($new_pass) ."' WHERE user_name='$user_name'";<br />$result=db_query($sql);<br />//send a simple email with the new password<br />mail ($email,'Password Reset','Your Password '.<br />'has been reset to: '.$new_pass,'From: noreply@company.com');<br />$feedback .= ' Your new password has been emailed to you. ';<br />return true;<br />}<br />} else {<br />$feedback .= ' ERROR - User Name and Email Address Are Required ';<br />return false;<br />}<br />}<br />function user_change_email ($password1,$new_email,$user_name) {<br />global $feedback,$hidden_hash_var;<br />if (validate_email($new_email)) {<br />$hash=md5($new_email.$hidden_hash_var);<br />//change the confirm hash in the db but not the email -<br />//send out a new confirm email with a new hash<br />$user_name=strtolower($user_name);<br />$password1=strtolower($password1);<br />$sql="UPDATE user SET confirm_hash='$hash' WHERE user_name='$user_name' AND password='". md5($password1) ."'";<br />$result=db_query($sql);<br />if (!$result || db_affected_rows($result) < 1) {<br />$feedback .= ' ERROR - Incorrect User Name Or Password ';<br />return false;<br />} else {<br />$feedback .= ' Confirmation Sent ';<br />user_send_confirm_email($new_email,$hash);<br />return true;<br />}<br />} else {<br />$feedback .= ' New Email Address Appears Invalid ';<br />return false;<br />}<br />}<br />function user_send_confirm_email($email,$hash) {<br />/*<br />Used in the initial registration function<br />as well as the change email address function<br />*/<br />$message = "Thank You For Registering at PHPBuilder.com".<br />"\nSimply follow this link to confirm your registration: ".<br />"\n\nhttp://www.phpbuilder.com/account/confirm.php?hash=$hash&email=". urlencode($email).<br />"\n\nOnce you confirm, you can use the services on PHPBuilder.";<br />mail ($email,'PHPBuilder Registration Confirmation',$message,'From: noreply@phpbuilder.com');<br />}<br />function user_register($user_name,$password1,$password2,$email,$real_name) {<br />global $feedback,$hidden_hash_var;<br />//all vars present and passwords match?<br />if ($user_name && $password1 && $password1==$password2 && $email && validate_email($email)) {<br />//password and name are valid?<br />if (account_namevalid($user_name) && account_pwvalid($password1)) {<br />$user_name=strtolower($user_name);<br />$password1=strtolower($password1);<br />//does the name exist in the database?<br />$sql="SELECT * FROM user WHERE user_name='$user_name'";<br />$result=db_query($sql);<br />if ($result && db_numrows($result) > 0) {<br />$feedback .= ' ERROR - USER NAME EXISTS ';<br />return false;<br />} else {<br />//create a new hash to insert into the db and the confirmation email<br />$hash=md5($email.$hidden_hash_var);<br />$sql="INSERT INTO user (user_name,real_name,password,email,remote_addr,confirm_hash,is_confirmed) ".<br />"VALUES ('$user_name','$real_name','". md5($password1) ."','$email','$GLOBALS[REMOTE_ADDR]','$hash','0')";<br />$result=db_query($sql);<br />if (!$result) {<br />$feedback .= ' ERROR - '.db_error();<br />return false;<br />} else {<br />//send the confirm email<br />user_send_confirm_email($email,$hash);<br />$feedback .= ' Successfully Registered. You Should Have a Confirmation Email Waiting ';<br />return true;<br />}<br />}<br />} else {<br />$feedback .= ' Account Name or Password Invalid ';<br />return false;<br />}<br />} else {<br />$feedback .= ' ERROR - Must Fill In User Name, Matching Passwords, And Provide Valid Email Address ';<br />return false;<br />}<br />}<br />function user_getid() {<br />global $G_USER_RESULT;<br />//see if we have already fetched this user from the db, if not, fetch it<br />if (!$G_USER_RESULT) {<br />$G_USER_RESULT=db_query("SELECT * FROM user WHERE user_name='" . user_getname() . "'");<br />}<br />if ($G_USER_RESULT && db_numrows($G_USER_RESULT) > 0) {<br />return db_result($G_USER_RESULT,0,'user_id');<br />} else {<br />return false;<br />}<br />}<br />function user_getrealname() {<br />global $G_USER_RESULT;<br />//see if we have already fetched this user from the db, if not, fetch it<br />if (!$G_USER_RESULT) {<br />$G_USER_RESULT=db_query("SELECT * FROM user WHERE user_name='" . user_getname() . "'");<br />}<br />if ($G_USER_RESULT && db_numrows($G_USER_RESULT) > 0) {<br />return db_result($G_USER_RESULT,0,'real_name');<br />} else {<br />return false;<br />}<br />}<br />function user_getemail() {<br />global $G_USER_RESULT;<br />//see if we have already fetched this user from the db, if not, fetch it<br />if (!$G_USER_RESULT) {<br />$G_USER_RESULT=db_query("SELECT * FROM user WHERE user_name='" . user_getname() . "'");<br />}<br />if ($G_USER_RESULT && db_numrows($G_USER_RESULT) > 0) {<br />return db_result($G_USER_RESULT,0,'email');<br />} else {<br />return false;<br />}<br />}<br />function user_getname() {<br />if (user_isloggedin()) {<br />return $GLOBALS['user_name'];<br />} else {<br />//look up the user some day when we need it<br />return ' ERROR - Not Logged In ';<br />}<br />}<br />function account_pwvalid($pw) {<br />global $feedback;<br />if (strlen($pw) < 6) {<br />$feedback .= " Password must be at least 6 characters. ";<br />return false;<br />}<br />return true;<br />}<br />function account_namevalid($name) {<br />global $feedback;<br />// no spaces<br />if (strrpos($name,' ') > 0) {<br />$feedback .= " There cannot be any spaces in the login name. ";<br />return false;<br />}<br />// must have at least one character<br />if (strspn($name,"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") == 0) {<br />$feedback .= "There must be at least one character.";<br />return false;<br />}<br />// must contain all legal characters<br />if (strspn($name,"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_")<br />!= strlen($name)) {<br />$feedback .= " Illegal character in name. ";<br />return false;<br />}<br />// min and max length<br />if (strlen($name) < 5) {<br />$feedback .= " Name is too short. It must be at least 5 characters. ";<br />return false;<br />}<br />if (strlen($name) > 15) {<br />$feedback .= "Name is too long. It must be less than 15 characters.";<br />return false;<br />}<br />// illegal names<br />if (eregi("^((root)|(bin)|(daemon)|(adm)|(lp)|(sync)|(shutdown)|(halt)|(mail)|(news)"<br />. "|(uucp)|(operator)|(games)|(mysql)|(httpd)|(nobody)|(dummy)"<br />. "|(www)|(cvs)|(shell)|(ftp)|(irc)|(debian)|(ns)|(download))$",$name)) {<br />$feedback .= "Name is reserved.";<br />return 0;<br />}<br />if (eregi("^(anoncvs_)",$name)) {<br />$feedback .= "Name is reserved for CVS.";<br />return false;<br />}<br />return true;<br />}<br />function validate_email ($address) {<br />return (ereg('^-!}<br />?></code></p>