Created
November 11, 2011 23:40
-
-
Save ReneeVandervelde/1359678 to your computer and use it in GitHub Desktop.
Xplane/User class
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
class User extends SQLObject { | |
static function structure(){ | |
self::field("name","varchar(32)"); | |
self::field("email","varchar(127)"); | |
self::field("verified","varchar(64)"); | |
} | |
public static function generateHash($plainText, $salt = null){ | |
if ($salt === null){ | |
$salt = substr(md5(uniqid(rand(), true)), 0, 9); | |
return array( | |
$salt, | |
sha1($salt . $plainText) | |
); | |
} else { | |
$salt = substr($salt, 0, 9); | |
return sha1($salt . $plainText); | |
} | |
} | |
private function getSalt($email){ | |
$result = X::$db->query("SELECT `salt` FROM `User` WHERE `email`='".mysql_real_escape_string($email)."'"); | |
$arr = mysql_fetch_array($result); | |
$salt = $arr['salt']; | |
return $salt; | |
} | |
public function login($email,$password){ | |
$salt = self::getSalt($email); | |
$passHash = self::generateHash($password,$salt); | |
$result = X::$db->query(" | |
SELECT | |
`id` | |
FROM | |
`User` | |
WHERE | |
`email`='".mysql_real_escape_string($email)."' | |
AND | |
`password`='".mysql_real_escape_string($passHash)."' | |
"); | |
if(mysql_num_rows($result) > 0){ | |
$arr = mysql_fetch_array($result); | |
$id = $arr['id']; | |
$_SESSION['uid'] = $id; | |
return $id; | |
} | |
return false; | |
} | |
public function register($name,$email,$password){ | |
//Check for duplicate email | |
$result = X::$db->query("SELECT 1 FROM `User` WHERE `email`='".mysql_real_escape_string($email)."'"); | |
if(mysql_num_rows($result) > 0){ | |
new Alert("That Email already exists!",Alert::USER_ERROR); | |
return false; | |
} | |
//mine some salt | |
$hash = self::generateHash($password); | |
$salt = $hash[0]; | |
$passHash = $hash[1]; | |
//generate verify code | |
$verification = substr(md5(uniqid(rand(), true)), 0, 24); | |
//insert manually into the DB | |
X::$db->query(" | |
INSERT INTO | |
`User` | |
(name,email,password,salt,verified) | |
VALUES( | |
'".mysql_real_escape_string($name)."', | |
'".mysql_real_escape_string($email)."', | |
'".mysql_real_escape_string($passHash)."', | |
'".mysql_real_escape_string($salt)."', | |
'".mysql_real_escape_string($verification)."' | |
) | |
"); | |
//log that user in immediately | |
$id = mysql_insert_id(X::$db->db); | |
$_SESSION['uid'] = $id; | |
//send out verification email | |
$message = " | |
Hello $name, Please click <a href='".BASEURL."User/verify/$verification'>here</a> to confirm your email address. | |
"; | |
$headers = 'MIME-Version: 1.0' . "\r\n"; | |
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; | |
$headers .= "To: $name <$email>" . "\r\n"; | |
$headers .= 'From: NOREPLY <NOREPLY>' . "\r\n"; | |
// Mail it | |
mail($email, "Confirm your email address", $message, $headers); | |
return true; | |
} | |
public function logout(){ | |
unset($_SESSION['uid']); | |
} | |
public function user_is_verified($id){ | |
if($id){ | |
$result = X::$db->query("SELECT `verified` FROM `User` WHERE `id`='".mysql_real_escape_string($id)."'"); | |
$arr = mysql_fetch_array($result); | |
$verified = $arr['verified']; | |
if($verified){ | |
return false; | |
} | |
return true; | |
} else { | |
if(!$this->verified) | |
return true; | |
else | |
return false; | |
} | |
} | |
public function verify_user($code){ | |
$result = X::$db->query("SELECT 1 FROM `User` WHERE `verified`='".mysql_real_escape_string($code)."'"); | |
if(mysql_num_rows($result)) | |
X::$db->query("UPDATE `User` SET `verified`='' WHERE `verified`='".mysql_real_escape_string($code)."'"); | |
else | |
return false; | |
return true; | |
} | |
public function loginLink(){ | |
if($_SESSION['uid']){ | |
return "<a href='".BASEURL."User/logout'>Log Out</a>"; | |
} else { | |
return "<a href='".BASEURL."User/login'>Log In</a>"; | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CREATE TABLE IF NOT EXISTS `User` ( | |
`id` int(10) unsigned NOT NULL AUTO_INCREMENT, | |
`name` varchar(32) NOT NULL, | |
`email` varchar(127) NOT NULL, | |
`password` varchar(255) NOT NULL, | |
`salt` varchar(255) NOT NULL, | |
`verified` varchar(255) NOT NULL, | |
`created` timestamp NULL DEFAULT CURRENT_TIMESTAMP, | |
`updated` timestamp NULL DEFAULT NULL, | |
PRIMARY KEY (`id`) | |
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=9 ; | |
-- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This file requires some custom SQL unlike other SQLObjects of it's type. This is due to the fact that I don't want the user's password or the salt for it being loaded into any variable ever.