host = $host; $this->username = $username; $this->password = $password; $this->table = $db; $this->connect(); } /** Chnages the password of a user */ public function change_password($user, $old, $new){ mysql_query("UPDATE users SET pass='$new' WHERE user='$user' AND pass='$old'"); $count=mysql_affected_rows(); if($count==1) return true; else return false; } /** deletes a user by their username and hasded email */ public function delete_user($user, $email){ return mysql_query("DELETE FROM users WHERE user='$user' AND email='$email'")or die(mysql_error()); } /** Display all users as links that remove them */ public function display_users() { $entry_display .= << Users: ENTRY_DISPLAY; /* Instantiate class */ require_once("pager.php"); $p = new Pager; /* Show many results per page? */ $limit = 5; /* Find the start depending on $_GET['page'] (declared if it's null) */ $start = $p->findStart($limit); /* Find the number of rows returned from a query; Note: Do NOT use a LIMIT clause in this query */ $count = mysql_num_rows(mysql_query("SELECT * FROM users")); /* Find the number of pages based on $count and $limit */ $pages = $p->findPages($count, $limit); /* Now we use the LIMIT clause to grab a range of rows */ $r = mysql_query("SELECT * FROM users ORDER BY user LIMIT ".$start.", ".$limit); /* Now get the page list and echo it */ $pagelist = $p->pageList($_GET['page'], $pages); if ( $r !== false && mysql_num_rows($r) > 0 ) { while ( $a = mysql_fetch_assoc($r) ) { $user = stripslashes($a['user']); $email = stripslashes($a['email']); $username = $a['name']; $gravatar = 'http://www.gravatar.com/avatar/' . $email . '?s=48'; $entry_display .= << $user Delete $user
ENTRY_DISPLAY; } $entry_display .= '

'.$pagelist.'

'; } else { $entry_display .= << No entries have been made on this page.

ENTRY_DISPLAY; } /* $entry_display .= << Add a New Entry

ADMIN_OPTION; */ return $entry_display; } /** checks if a user/pass combo exists in the database @return true if user/pas combo exists @author ricky barrette */ public function login($user, $pass) { $sql="select * from users where user='".mysql_real_escape_string($user)."' and pass='$pass';"; $result=mysql_query($sql); $count=mysql_num_rows($result); $a = mysql_fetch_assoc($result); if($count==1){ // If there is a match. $_SESSION["username"] = $user; // Creates a cookie saving the username $_SESSION["loggedIn"] = true; // Creates a cookie saying the user is logged in $_SESSION["access"] = $a['access']; $_SESSION["email"] = $a['email']; return true; } else return false; } /** inserts a new user into the database @author ricky barrette */ public function new_user($user, $pass, $access, $email) { $sql="select * from users where user='".mysql_real_escape_string($user)."' and pass='$pass';"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1) // If there is a match. die("User/Email already exists"); $user = mysql_real_escape_string(strip_tags($user)); $email = md5(mysql_real_escape_string(strip_tags($email))); $sql = "INSERT INTO users (user, email, access, pass) VALUES('$user','$email','$access','$pass')"; return mysql_query($sql) or die("Could not select database. " . mysql_error()); } /** Connects to the database @author ricky barrette */ public function connect() { $connection = mysql_connect($this->host,$this->username,$this->password) or die("Could not connect. " . mysql_error()); mysql_select_db($this->table) or die("Could not select database. " . mysql_error()); return $this->buildDB(); } /** Builds the users table @author ricky barrette */ private function buildDB() { $sql = <<