-
Notifications
You must be signed in to change notification settings - Fork 0
/
session.php
267 lines (252 loc) · 8.97 KB
/
session.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
<?php
require 'sendEmail.php';
$configs = include('config.php');
/**
* This connects use to the server and then to the required database
*
* @return It returns the connection to the server.
*/
function connect()
{
$con = mysqli_connect($GLOBALS['configs']['host'], $GLOBALS['configs']['user'], $GLOBALS['configs']['pass']);
if (mysqli_connect_errno()) {
die('Could not connect: ' . mysqli_connect_errno());
}
mysqli_select_db($con, $GLOBALS['configs']['database']);
return $con;
}
/**
* This tells us if the given username is a user in the database
*
* @param $user string This is the name of the username we are checking for
* @return int It returns 1 if the user exists and 0 if they don't.
*/
function check_user($user)
{
$con = connect();
$user = mysqli_real_escape_string($con, $user);
$get_user = "SELECT user_id FROM user_accounts WHERE user_accounts.user_name = '$user'";
$result = mysqli_query($con, $get_user);
$ret_val = (mysqli_num_rows($result) > 0);
mysqli_close($con);
return $ret_val;
}
/**
* This tells us if the given email is already associated to an user account
*
* @param $email string This is the name of the email we are checking for
* @return String It returns the email if it exists or then it is NULL.
*/
function check_email($email)
{
$con = connect();
$email = mysqli_real_escape_string($con, $email);
$get_email = "SELECT * FROM user_accounts WHERE user_accounts.email = '$email'";
if ($result = mysqli_query($con, $get_email)) {
if (mysqli_num_rows($result) > 0 && $data = mysqli_fetch_assoc($result))
{
$ret_email = $data['email'];
}
mysqli_free_result($result);
}
mysqli_close($con);
return $ret_email;
}
/**
* This gives us the email for the given user
*
* @param $user string This is user for whom we want the email
* @return String It returns the email of the given user.
*/
function get_email($user)
{
$con = connect();
$user = mysqli_real_escape_string($con, $user);
$get_email = "SELECT * FROM user_accounts WHERE user_accounts.user_name = '$user'";
if ($result = mysqli_query($con, $get_email)) {
if (mysqli_num_rows($result) > 0)
{
if ($data = mysqli_fetch_assoc($result))
$email = $data['email'];
}
mysqli_free_result($result);
}
mysqli_close($con);
return $email;
}
/**
* This adds a user to the database with the given information
*
* @param $user string This is the name of the user we are adding
*/
function add_user($user)
{
$con = connect();
$user = mysqli_real_escape_string($con, $user);
$get_user = "SELECT * FROM email_verify WHERE email_verify.user_name = '$user'";
if ($result = mysqli_query($con, $get_user)) {
if (mysqli_num_rows($result) > 0 && $data = mysqli_fetch_assoc($result))
{
$account = $data;
}
mysqli_free_result($result);
}
$email = $account['email'];
$pass = $account['password'];
$insert_user = "INSERT INTO user_accounts (user_name, password, email) VALUES ('$user', '$pass', '$email')";
mysqli_query($con, $insert_user);
mysqli_close($con);
}
/**
* This adds an email to the database to which it will send an email at the given time
*
* @param $user string This is the user who wants to send the email
* @param $email string This is the email address that we are sending an email to
* @param $subject string This is the email subject of the user we are adding
* @param $message string This is the email message of the user we are adding
* @param $time string This is the time the email will be sent
*/
function add_email($user, $email, $subject, $message, $time)
{
$con = connect();
$user = mysqli_real_escape_string($con, $user);
$subject = mysqli_real_escape_string($con, $subject);
$email = mysqli_real_escape_string($con, $email);
$message = mysqli_real_escape_string($con, $message);
$time = mysqli_real_escape_string($con, $time);
$insert_message = "INSERT INTO future_emails (user_name, email, subject, message, time) VALUES ('$user', '$email', '$subject', '$message', '$time')";
mysqli_query($con, $insert_message);
mysqli_close($con);
}
/**
* This deletes an email to the database to which it will send an email at the given time
*
* @param $email_id string This is the id of the email we are deleting
*/
function remove_email($email_id)
{
$con = connect();
$email_id = mysqli_real_escape_string($con, $email_id);
$remove_message = "DELETE FROM future_emails WHERE future_emails.email_id = '$email_id'";
mysqli_query($con, $remove_message);
mysqli_close($con);
}
/**
* This adds a verification to the database, so the user can confirm the email
*
* @param $user string This is the name of the user we are adding
* @param $pass string This is the password of the user we are adding
* @param $email string This is the email of the user we are adding
*/
function add_verify($user, $pass, $email)
{
$con = connect();
$user = mysqli_real_escape_string($con, $user);
$email = mysqli_real_escape_string($con, $email);
$pass = mysqli_real_escape_string($con, $pass);
$pass = password_hash($pass, PASSWORD_BCRYPT, $GLOBALS['configs']['options']);
$hash = password_hash($user, PASSWORD_BCRYPT, $GLOBALS['configs']['options']);
$insert_user = "INSERT INTO email_verify (user_name, hash, password, email) VALUES ('$user', '$hash', '$pass', '$email')";
$result = mysqli_query($con, $insert_user);
mysqli_close($con);
send_conf($user, $email, $hash);
}
/**
* This changes the user's password
*
* @param $user string This is the name of the user we are changing
* @param $pass string This is the password of the user we are adding
*/
function change_pass($user, $pass)
{
$con = connect();
$user = mysqli_real_escape_string($con, $user);
$pass = mysqli_real_escape_string($con, $pass);
$pass = password_hash($pass, PASSWORD_BCRYPT, $GLOBALS['configs']['options']);
$update_pass = "UPDATE user_accounts SET user_accounts.password = '$pass' WHERE user_accounts.user_name ='$user'";
$result = mysqli_query($con, $update_pass);
mysqli_close($con);
}
/**
* This changes the user's username
*
* @param $old_user string This is the name of the user we are changing
* @param $new_user string This is the new username we want
*/
function change_user($old_user, $new_user)
{
$con = connect();
$old_user= mysqli_real_escape_string($con, $old_user);
$new_user= mysqli_real_escape_string($con, $new_user);
$update_user = "UPDATE user_accounts SET user_accounts.user_name = '$new_user' WHERE user_accounts.user_name ='$old_user'";
$result = mysqli_query($con, $update_user);
mysqli_close($con);
}
/**
* This deletes the verification entry we had because the user has been verified
*
* @param $user string This is the name of the user we are removing
* @param $hash string This is the hash of the user we are removing
*/
function delete_verify($user, $hash)
{
$con = connect();
$user = mysqli_real_escape_string($con, $user);
$hash = mysqli_real_escape_string($con, $hash);
$delete_user = "DELETE FROM email_verify WHERE email_verify.user_name = '$user' AND email_verify.hash = '$hash'";
$result = mysqli_query($con, $delete_user);
mysqli_close($con);
}
/**
* This tells us if the given username and password match one account in the database
*
* @param $user string This is the name of the username we are checking for
* @param $pass string This is the password we are checking for
* @return int It returns 1 if the account exists and 0 if they don't.
*/
function valid_cred($user, $pass)
{
$con = connect();
$user = mysqli_real_escape_string($con, $user);
$pass = mysqli_real_escape_string($con, $pass);
$login = FALSE;
$get_user = "SELECT * FROM user_accounts WHERE user_accounts.user_name = '$user'";
if ($result = mysqli_query($con, $get_user)) {
if (mysqli_num_rows($result) > 0 && $data = mysqli_fetch_assoc($result))
{
$hash = $data['password'];
if (password_verify($pass, $hash)) {
$login = TRUE;
}
}
mysqli_free_result($result);
}
mysqli_close($con);
return $login;
}
/**
* This tells us if the given username and password match one account in the database
*
* @param $user string This is the name of the username we are checking for
* @param $email string This is the email of the username we are checking for
* @param $hash string This is the hash of the username we are checking for
* @return Array It returns the entry that has the given values.
*/
function check_conf($user, $email, $hash)
{
$con = connect();
$user = mysqli_real_escape_string($con, $user);
$email = mysqli_real_escape_string($con, $email);
$hash = mysqli_real_escape_string($con, $hash);
$get_info = "SELECT * FROM email_verify WHERE email_verify.user_name = '$user' AND email_verify.email = '$email' AND email_verify.hash = '$hash'";
if ($result = mysqli_query($con, $get_info)) {
if (mysqli_num_rows($result) > 0 && $data = mysqli_fetch_assoc($result))
{
$account = $data;
}
mysqli_free_result($result);
}
mysqli_close($con);
return $account;
}
?>