3
* Little Software Stats
5
* An open source program that allows developers to keep track of how their software is being used
7
* @package Little Software Stats
9
* @copyright Copyright (c) 2011, Little Apps
10
* @license http://www.gnu.org/licenses/gpl.html GNU General Public License v3
11
* @link http://little-apps.org
18
* Manage access to Little Software Stats
20
* @package Little Software Stats
24
// Connection to database
28
* Constructor for SecureLogin class
29
* @param MySQL $sMySQL Connection to database
31
function __construct($sMySQL) {
33
$this->sMySQL = $sMySQL;
35
if(!isset($_SESSION['ValidUser']))
36
$_SESSION['ValidUser'] = 0;
40
* Checks if user is logged in
42
* @return bool Returns true if user is logged in
44
public function CheckUser() {
45
if(isset($_SESSION['UserName']) && $_SESSION['ValidUser'] == 1)
52
* Tries to login user using username and password
54
* @param string $sUser Username
55
* @param string $sPass Password (plain text)
56
* @return string Returns error if username/password is invalid
58
public function LoginUser($sUser, $sPass) {
59
if ($sUser == "" || $sPass == "")
60
return "Username and/or password cannot be empty";
62
if (!$this->sMySQL->Select("Users", array("UserName" => trim($sUser), "UserPass" => md5(trim($sPass))), "", "0,1"))
63
return "Unable to query database, error:" . $sMySQL->sLastError;
65
if ($this->sMySQL->iRecords == 1) {
66
// Clear activation key if its been set
67
if ($this->sMySQL->aArrayedResult['ActivateKey'] != "")
68
$this->sMySQL->Update("Users", array("ActivateKey" => ""), array("UserName" => trim($sUser)));
70
session_regenerate_id();
71
$_SESSION['ValidUser'] = 1;
72
$_SESSION['UserName'] = $sUser;
76
$_SESSION['ValidUser'] = 0;
78
return "Username and/or password is invalid";
83
* Registers user into database
84
* @param string $sUser Username
85
* @param string $sPass1 Password (plain text)
86
* @param string $sPass2 Repeat password
87
* @param string $sEmail E-mail address
88
* @return string Returns error if username, password, or email is invalid
90
public function RegisterUser($sUser,$sPass1,$sPass2,$sEmail) {
91
// Check valid username
92
if (!preg_match("/^[a-z\d_]{5,20}$/i", $sUser)) {
93
if (strlen($sUser) < 5) return "Username must be at least 5 characters";
94
else if (strlen($sUser) > 20) return "Username cannot be more then 20 characters";
95
else return "Username can only contain alpha-numeric characters (a-z, A-Z, 0-9) and underscores";
98
// Check valid email address
99
if (!filter_var($sEmail, FILTER_VALIDATE_EMAIL))
100
return "E-mail address is invalid";
103
if (trim($sPass1) != trim($sPass2)) return "Passwords must be identical";
104
else if (strlen(trim($sPass1)) < 6) return "Password must be longer than 6 characters";
106
// Check if username already exists
107
if (!$this->sMySQL->Select("Users", array("UserName" => $sUser), "", "0,1"))
108
return "Unable to query database, error:" . $sMySQL->sLastError;
109
if ($this->sMySQL->iRecords == 1)
110
return "Another user has already registered that username";
112
// Check if email already exists
113
if (!$this->sMySQL->Select("Users", array("UserEmail" => $sEmail), "", "0,1"))
114
return "Unable to query database, error:" . $sMySQL->sLastError;
115
if ($this->sMySQL->iRecords == 1)
116
return "Another user has already registered with that e-mail address";
118
// Add username to table
119
if (!$this->sMySQL->Insert(array("UserName" => $sUser, "UserPass" => md5(trim($sPass1)), "UserEmail" => $sEmail) ,"Users"))
120
return "Unable to query database, error:" . $sMySQL->sLastError;
126
* Sends e-mail to user with link to reset password
128
* @param string $sEmail E-mail address
129
* @return string Returns error if e-mail address is not found or unable to send e-mail
131
public function ForgotPassword($sEmail) {
132
if (!$this->sMySQL->Select("Users", array("UserEmail" => $sEmail), "", "0,1"))
133
return "Unable to query database, error:" . $sMySQL->sLastError;
135
if ($this->sMySQL->iRecords == 0)
136
return "E-mail address does not exist\n";
138
$sRandKey = $this->MakeRandomPassword(20);
140
if (!$this->sMySQL->Update("Users", array("ActivateKey" => $sRandKey), array("UserEmail" => $sEmail)))
141
return "Unable to query database, error:" . $sMySQL->sLastError;
143
$sSiteName = strtolower($_SERVER['SERVER_NAME']);
144
if (substr( $sSiteName, 0, 4 ) == 'www.' )
145
$sSiteName = substr( $sSiteName, 4 );
147
$sSubject = "Your password at $sSiteName";
148
$sMessage = "Someone requested that the password be reset for the following account:\r\n\r\n";
149
$sMessage .= "Username: ".$this->sMySQL->aArrayedResult['UserName']."\r\n\r\n";
150
$sMessage .= SITE_URL . "\r\n\r\n";
151
$sMessage .= "If this was a mistake, just ignore this email and nothing will happen.\r\n\r\n";
152
$sMessage .= "To reset your password, visit the following address:\r\n\r\n";
153
$sMessage .= "<". SITE_URL . "/login.php?action=resetPwd&key=$sRandKey&login=".rawurlencode($this->sMySQL->aArrayedResult['UserName']).">\r\n\r\n";
154
$sMessage .= "This is an automated response, please do not reply!\n";
156
if (!SendMail($sEmail, $sSubject, $sMessage))
157
return "Unable to send password reset e-mail";
163
* Changes password using key sent to e-mail address
165
* @param string $sUser Username
166
* @param string $sPass New password (plain text)
167
* @param string $sPass2 New password (again)
168
* @param string $sKey Key sent to e-mail address
169
* @return string Returns error if unable to change password
171
public function ChangePassword($sUser, $sPass, $sPass2, $sKey) {
172
if (!$this->sMySQL->Select("Users", array("UserName" => $sUser), "", "0,1"))
173
return "Unable to query database, error:" . $sMySQL->sLastError;
174
if ($this->sMySQL->iRecords == 0)
175
return "Username does not exist";
177
if (!$this->sMySQL->Select("Users", array("UserName" => $sUser, "ActivateKey" => $sKey), "", "0,1"))
178
return "Unable to query database, error:" . $sMySQL->sLastError;
179
if ($this->sMySQL->iRecords == 0)
180
return "Activation key does not exist";
183
if (trim($sPass) != trim($sPass2))
184
return "Passwords must be identical";
185
else if (strlen(trim($sPass)) < 6)
186
return "Password must be longer then 6 characters";
188
if (!$this->sMySQL->Update("Users", array("ActivateKey" => "", "UserPass" => md5(trim($sPass))), array("UserName" => $sUser)))
189
return "Unable to query database, error:" . $sMySQL->sLastError;
191
// Notify user of password change
192
$sSubject = "Your account at $sSiteName";
193
$sMessage = "Password has been changed for user: $sUser \r\n";
194
$sMessage .= "This is an automated response, please do not reply!";
196
if (!SendMail($this->sMySQL->aArrayedResult['UserEmail'], $sSubject, $sMessage))
197
return "Unable to send password notification e-mail";
205
* Generates a random password
207
* @param int $nLength Length of password
208
* @return string Generated password
210
private function MakeRandomPassword($nLength) {
211
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
212
srand((double)microtime()*1000000);
214
while ($i <= $nLength) {
216
$tmp = substr($salt, $num, 1);
217
$pass = $pass . $tmp;
227
public function LogoutUser(){
228
// Unset all variables
229
unset($_SESSION['ValidUser']);
230
unset($_SESSION['UserName']);
232
// Destroy the session
b'\\ No newline at end of file'