My Code:
User.php
<?php
function activate($email, $email_code){
$email = mysql_real_escape_string($email);
$email_code = mysql_real_escape_string($email_code);
if(mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email' AND `email_code` = '$email_code' AND 'active' = 0"), 0) == 1) {
mysql_query("UPDATE `users` SET 'active' = 1 WHERE `email` = '$email'");
return true;
} else{
return false;
}
}
function change_password($user_id, $password) {
$user_id =(int)$user_id;
$password =md5($password);
mysql_query("UPDATE `users` SET `password` = '$password' WHERE `user_id` = $user_id");
}
function register_user($register_data) {
array_walk($register_data, 'array_sanitize');
$register_data['password'] = md5($register_data['password']);
$fields = '`' . implode('`, `', array_keys($register_data)) . '`';
$data = '\'' . implode('\', \'', $register_data) . '\'';
mysql_query("INSERT INTO users($fields) VALUES ($data) ");
email($register_data['email'], 'Activate Your account',
" Hello " .$register_data['first_name'] . ", \n\nYou need to activate your
account, so use the link
below: \n\n http://www.aiprmart.com/priya/priya/activate.php?email=" .
$register_data['email'] . "&email_code=" .$register_data['email_code']."
\n\n~ aiprmart ");
}
function user_count(){
$query = "SELECT COUNT(`user_id`) FROM `users` WHERE `active` = 1";
$result = mysql_query($query) or die($query."<br/><br/>".mysql_error());
return mysql_result($result, 0);
}
function user_data($user_id) {
$data = array();
$user_id = (int)$user_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if($func_num_args > 1)
{
unset($func_get_args[0]);
$fields = '`' . implode('`, `', $func_get_args) . '`';
$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `users` WHERE `user_id` = $user_id"));
return $data;
}
}
function user_exists($username) {
$username = sanitize($username);
$query= mysql_query("SELECT COUNT(`user_id`) FROM `users` where `username` = '$username'");
return (mysql_result($query, 0) == 1) ? true : false;
}
function email_exists($email) {
$email = sanitize($email);
$query="SELECT COUNT(`user_id`) FROM `users` where 'email' = '$email'";
$result= mysql_query($query) or die($query."<br/><br/>".mysql_error());
return (mysql_result($result, 0) == 1) ? true : false;
}
function user_active($username) {
$username = sanitize($username);
$query= mysql_query("SELECT COUNT(`user_id`) FROM `users` where 'username' = '$username' AND 'active' = 1 ");
return (mysql_result($rquery, 0) == 1) ? true : false;
}
function user_id_from_username($username){
$username = sanitize($username);
$query=mysql_query("SELECT user_id' FROM `users` where 'username' = '$username' ");
return (mysql_result($query, 0) == 1) ? true : false;
}
function logged_in()
{
return (isset($_SESSION['user_id'])) ? true : false;
}
function login($username, $password){
$user_id = $user_id_from_username($username);
$username = sanitize($username);
$password = md5($password);
$query= mysql_query("SELECT COUNT('user_id') FROM `users` where 'username' = '$username' AND 'password' = '$password'");
return (mysql_result($query, 0) == 1) ? $user_id : false;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
if (isset($_POST['login'])) { //user logging in
require 'login.php';
}
elseif (isset($_POST['register'])) { //user registering
require 'register.php';
}
}
echo 'I m F9';
?>
general.php
<?php
function email($to, $subject, $body) {
mail($to, $subject, $body, 'From: info@aiprmart.com');
}
function logged_in_redirect() {
if(logged_in() === true) {
header('Location: index.php');
exit();
}
}
function protect_page() {
if (logged_in() === false) {
header('Location: protected.php');
exit();
}
}
function array_sanitize(&$item) {
$item = mysql_real_escape_string($item);
}
function sanitize($data) {
return mysql_real_escape_string($data);
}
function output_errors($errors) {
return '<ul><li>' . implode('</li><li>', $errors) . '</li></ul>';
}
echo 'How r You';
?>
init.php
<?php
session_start();
//error_reporting(0);
require "database/connect.php";
require "functions/general.php";
require "functions/users.php";
if(isset($_SESSION['user_id']))
{
$session_user_id = $_SESSION['user_id'];
$user_data = user_data($_SESSION_user_id, 'user_id', 'first_name', 'last_name', 'email');
if (user_active($user_data['username']) === false) {
session_destroy();
header('Location: index.php');
exit();
}
}
$errors = array();
?>
login.php
<?php
include 'core/init.php';
logged_in_redirect();
if (empty($_post) === false) {
$username = $_post['username'];
$password = $_post['password'];
if (empty($username) === true || empty($password) === true) {
$errors[] = 'You need to enter a username and password';
}
else if(user_exists($username) === false) {
$errors[] = 'We can\'t find that username. Have you registered?';
}
else if(user_active($username) === false) {
$errors[] = 'You haven\'t activated your account: ';
}
else if (strlen($password) > 8) {
$errors[]= 'Password too long';
}
else{
$login = login($username, $password);
if($login === false) {
$errors[] = 'That username/password combination is incorrect';
} else{
$_SESSION['user_id'] = $login;
header('Location: index.php');
exit();
}
}
}
else {
$errors[] = 'No data received';
}
include 'includes/header.php';
if (empty($errors) === false) {
?>
<h2>We tried to log you in, but....</h2>
<?php
echo output_errors($errors);
}
include 'includes/footer.php';
?>