Hello,
Im having trouble trying to get my script to create a folder with the name of the username they signed up with.
Here is my code -
<?php
require('./inc/config.php');
class Login {
protected $conn;
public function __construct() {
$this->conn = new mysqli(DB_HOST,DB_USER,DB_PASS,DB_NAME)
or die('I\'m sorry but the server has died. Please check your database credentials.');
}
/**
* This method checks the username and password from the login
* and returns either a success message or error message
*/
public function checkUserLogin($username, $password) {
// Set up our SQL statement
$sql = 'SELECT member_username, member_admin, member_redirect FROM members WHERE member_username = ? AND member_password = ?';
// Check their login attempts
if (isset($_SESSION['attempts']) && $_SESSION['attempts'] >= NUMBER_OF_ATTEMPTS) {
$message['error'] = true;
$message['message'] = "Too many failed login attempts, come back later!";
return json_encode($message);
} else {
if ($stmt = $this->conn->prepare($sql)) {
// A nice and secure way to query the database
$stmt->bind_param('ss',$username,$password);
$stmt->execute();
$stmt->bind_result($username, $admin, $redir);
if($stmt->fetch()) {
// Set some sessions
$_SESSION['member_logged_in'] = true;
$_SESSION['member_username'] = $username;
// If member_admin = 0 then they are standard user
$_SESSION['member_admin'] = $admin;
// Reset login attempts
$_SESSION['attempts'] = 0;
// Ok so they have logged in
$message['error'] = false;
$message['message'] = "Welcome $username, you are now logged in!<br>Click <a href='$redir'>here</a> to continue.";
$message['redirect'] = $redir;
return json_encode($message);
} else {
// Create a session and rack the attempts up so we can lock them out
@$_SESSION['attempts'] = $_SESSION['attempts'] + 1;
// Ok they supplied incorrect details so scare them away
$message['error'] = true;
$message['message'] = "You have entered an incorrect username/password.";
return json_encode($message);
}
}
}
}
/**
* Counts the number of members.
*/
public function countMembers() {
$sql = "SELECT `member_id` FROM `members`";
$stmt = $this->conn->query($sql);
if ($stmt) {
$count = $stmt->num_rows;
$stmt->close();
return $count;
}
}
public function getAllUsers() {
$query = "SELECT * FROM `members`";
$result = $this->conn->query($query);
$rows = array();
while ($row = $result->fetch_row()) {
$rows[] = $row;
}
$result->close();
return $rows;
}
/**
* Register the user to the site
*/
public function registerUser($username,$password,$email,$captcha,$userPassword) {
// Do some checks to make sure everything is valid before we insert it into the database
if ($captcha != $_SESSION['answer']) {
$error = true;
$message['error'] = true;
$message['message'] = "Invalid captcha, please try again!";
return json_encode($message);
}
if (strlen($password) < 3) {
$error = true;
$message['error'] = true;
$message['message'] = "Please use a longer password to ensure security!";
return json_encode($message);
}
if (!$this->validateEmailAddress($email)) {
$error = true;
$message['error'] = true;
$message['message'] = "You have supplied an invalid email address!";
return json_encode($message);
}
if (!isset($error)) {
// Check to see if the username exists
$sql = "SELECT member_username FROM members WHERE member_username = '$username' LIMIT 1";
$stmt = $this->conn->query($sql);
$count = $stmt->num_rows;
$stmt->close();
if($count >= 1) {
$message['error'] = true;
$message['message'] = "I'm sorry but $username has been taken!";
return json_encode($message);
}
$sql = "SELECT member_email FROM members WHERE member_email = '$email' LIMIT 1";
$stmt = $this->conn->query($sql);
$count = $stmt->num_rows;
$stmt->close();
if($count >= 1) {
$message['error'] = true;
$message['message'] = "I'm sorry but $email is already in use!";
return json_encode($message);
} else {
// Ok insert member into the database
$sql = "INSERT INTO members (member_username,
member_password,
member_admin,
member_email,
member_forgot) VALUES (?,?,?,?,?)";
// Set the admin default to 0
$admin = 0;
// Generate a secret code incase the user forgets password
$secret = md5(mt_rand(111111,999999));
if ($stmt = $this->conn->prepare($sql)) {
$stmt->bind_param('ssiss',$username,$password,$admin,$email,$secret);
$stmt->execute();
$stmt->close();
require_once('Email.php');
$Email = new Email;
if ($mail = $Email->registerSuccess($email,$username,$userPassword)) {
$message['error'] = false;
$message['message'] = "Welcome $username, you have successfully signed up!";
return json_encode($message);
}
} else {
$message['error'] = true;
$message['message'] = "Hmm, a weird error occurred, please try again!";
return json_encode($message);
}
}
}
}
/**
* Called if the user forgets password
*/
public function forgotPassword($email) {
if (!$this->validateEmailAddress($email)) {
$error = true;
$message['error'] = true;
$message['message'] = "Please enter a valid email!";
return json_encode($message);
}
if (!isset($error)) {
$sql = "SELECT member_email FROM members WHERE member_email = '$email' LIMIT 1";
if ($stmt = $this->conn->query($sql)) {
$count = $stmt->num_rows;
if($count >= 1) {
// Continue with the emailing of reset details as the email exists
$sql = "SELECT member_email,member_forgot FROM members WHERE member_email = ? LIMIT 1";
if ($stmt = $this->conn->prepare($sql)) {
$stmt->bind_param('s',$email);
$stmt->execute();
$stmt->bind_result($email,$code);
$stmt->fetch();
$stmt->close();
require_once 'Email.php';
$Email = new Email;
if ($send = $Email->sendForgotPassword($email,$code)) {
$message['error'] = false;
$message['message'] = "Thanks, your password reset instructions have been sent to you!";
return json_encode($message);
} else {
$message['error'] = true;
$message['message'] = "Hmm, a weird error occurred, please try again!";
return json_encode($message);
}
}
} else {
// The email doesnt exist
$message['error'] = true;
$message['message'] = "I'm sorry but that email address doesn't exist!";
return json_encode($message);
}
}
}
}
/**
* Validate email address
*/
public function validateEmailAddress($email) {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
return false;
} else {
return true;
}
}
/**
* This method checks to see if a user is logged in
*/
public function verify($admin = false) {
if ($admin) {
// Check to see if they are an admin.
if (isset($_SESSION['member_logged_in']) && isset($_SESSION['member_admin'])) {
if ($_SESSION['member_admin'] == 1) {
return true;
} else {
header("Location: login.php");
exit();
}
} else {
header("Location: login.php");
exit();
}
} else {
if(isset($_SESSION['member_logged_in'])) {
return true;
} else {
header("Location: login.php");
exit();
}
}
}
/**
* Log the user out.
**/
public function logUserOut() {
if (isset($_SESSION['member_logged_in'])) {
if(session_destroy()) {
header("Location: login.php");
exit();
}
}
}
/**
* Generates a sum for the user to ensure they are human
*/
public function mathCaptcha() {
$sum1 = mt_rand(1,9);
$sum2 = mt_rand(1,9);
$sum3 = $sum1 + $sum2;
$_SESSION['answer'] = $sum3;
return $sum1 . ' + ' . $sum2 . ' = ';
}
public function validateResetInfo($email,$code) {
$email = strip_tags($email);
$code = strip_tags($code);
$sql = "SELECT member_email,member_forgot FROM members WHERE member_email = '$email' AND member_forgot = '$code' LIMIT 1";
if ($stmt = $this->conn->query($sql)) {
$count = $stmt->num_rows;
if ($count >= 1) {
return true;
} else {
return false;
}
}
}
/**
* Change users password
*/
public function changeUserPassword($email, $newPass, $newPass2, $code) {
if ($newPass != $newPass2) {
$error = true;
$message['error'] = true;
$message['message'] = "I'm sorry but those passwords don't match!";
return json_encode($message);
}
if (strlen($newPass < 4)) {
$error = true;
$message['error'] = true;
$message['message'] = "I'm sorry but that password is too short!";
return json_encode($message);
}
if (!$this->validateResetInfo($email, $code)) {
$error = true;
$message['error'] = true;
$message['message'] = "Hmm, seems as though the email doesn't match the reset code... Bailing out!";
return json_encode($message);
}
if (!isset($error)) {
// Ok no errors so change the users password
$sql = "UPDATE members SET member_password = ? WHERE member_email = '$email' LIMIT 1";
if($stmt = $this->conn->prepare($sql)) {
$stmt->bind_param('s',$newPass);
$stmt->execute();
$stmt->close();
$message['error'] = false;
$message['message'] = "Thanks your password has been changed!";
return json_encode($message);
}
}
}
}
?>
Any help would be appreciated.
Thanks,
Ashley
