exception_handler_website/classes/users.php

<?php
/**
This class is used to maintian the users table in the database
@author ricky barrette
@author Twenty Codes, LLC
*/
class users {

  var $host;
  var $username;
  var $password;
  var $table;
  
  /**
  * Contructor
  * @param String $host
  * @param String $username
  * @param String $password
  * @param String $db
  */
  public function users($host, $username, $password, $db){
  	$this->host = $host;
  	$this->username = $username;
  	$this->password = $password;
  	$this->table = $db;
  	$this->connect();
  }
  
  /**
  Chnages the password of a user
  */
  public function change_password($user, $old, $new){ 
    mysql_query("UPDATE users SET pass='$new' WHERE user='$user' AND pass='$old'");
	  $count=mysql_affected_rows();
	  if($count==1)
	    return true;
	  else
	    return false;
  }
  
  /**
	deletes a user by their username and hasded email
	*/
	public function delete_user($user, $email){
	  return mysql_query("DELETE FROM users WHERE user='$user' AND email='$email'")or die(mysql_error());
	}
  
  /**
  Display all users as links that remove them
  */
  public function display_users() {
  
  $entry_display .= <<<ENTRY_DISPLAY
    <h2>
    	Users:
    </h2>

ENTRY_DISPLAY;

    	/* Instantiate class */ 
require_once("pager.php"); 
$p = new Pager; 

/* Show many results per page? */ 
$limit = 5; 

/* Find the start depending on $_GET['page'] (declared if it's null) */ 
$start = $p->findStart($limit); 

/* Find the number of rows returned from a query; Note: Do NOT use a LIMIT clause in this query */ 
$count = mysql_num_rows(mysql_query("SELECT * FROM users")); 

/* Find the number of pages based on $count and $limit */ 
$pages = $p->findPages($count, $limit); 

/* Now we use the LIMIT clause to grab a range of rows */ 
$r = mysql_query("SELECT * FROM users ORDER BY user LIMIT ".$start.", ".$limit); 

/* Now get the page list and echo it */ 
$pagelist = $p->pageList($_GET['page'], $pages); 

    if ( $r !== false && mysql_num_rows($r) > 0 ) {
      while ( $a = mysql_fetch_assoc($r) ) {
        $user = stripslashes($a['user']);
        $email = stripslashes($a['email']);
        $username = $a['name'];
        $gravatar = 'http://www.gravatar.com/avatar/' . $email . '?s=48';

        $entry_display .= <<<ENTRY_DISPLAY
<img src="$gravatar" />   <b>$user</b> <a href="user_manager.php?user=$user&email=$email" onclick="return confirm('Are you sure You want to delete the user &lsquo; $user &rsquo; forever?');">Delete $user</a><br/>
ENTRY_DISPLAY;
      }
      $entry_display .= '<div align="center">'.$pagelist.'</div>'; 
      
    } 
    else {
      $entry_display .= <<<ENTRY_DISPLAY
    <p>
      No entries have been made on this page. 
    </p>

ENTRY_DISPLAY;
    }
    
    /*
    $entry_display .= <<<ADMIN_OPTION

    <p class="admin_link">
      <a href="{$_SERVER['PHP_SELF']}?new_comment=1">Add a New Entry</a>
    </p>

ADMIN_OPTION;
*/
    return $entry_display;
  }

  /**
  checks if a user/pass combo exists in the database
  @return true if user/pas combo exists
  @author ricky barrette
  */
   public function login($user, $pass) {
    $sql="select * from users where user='".mysql_real_escape_string($user)."' and pass='$pass';"; 
    
    $result=mysql_query($sql);
	  $count=mysql_num_rows($result);

    $a = mysql_fetch_assoc($result);

	  if($count==1){ // If there is a match.
	    $_SESSION["username"] = $user; // Creates a cookie saving the username
		  $_SESSION["loggedIn"] = true; // Creates a cookie saying the user is logged in
		  $_SESSION["access"] = $a['access'];
		  $_SESSION["email"] = $a['email'];
		
		  return true;
    }	else
		  return false;
  }

  /**
  inserts a new user into the database
  @author ricky barrette
  */
  public function new_user($user, $pass, $access, $email) {
    $sql="select * from users where user='".mysql_real_escape_string($user)."' and pass='$pass';"; 
    $result=mysql_query($sql);
	  $count=mysql_num_rows($result);
	  if($count==1) // If there is a match.
	    die("User/Email already exists");
    $user = mysql_real_escape_string(strip_tags($user));
    $email = md5(mysql_real_escape_string(strip_tags($email)));
    $sql = "INSERT INTO users (user, email, access, pass) VALUES('$user','$email','$access','$pass')";
    return mysql_query($sql) or die("Could not select database. " . mysql_error());
  }

  /**
  Connects to the database
  @author ricky barrette
  */
  public function connect() {
    $connection = mysql_connect($this->host,$this->username,$this->password) or die("Could not connect. " . mysql_error());
    mysql_select_db($this->table) or die("Could not select database. " . mysql_error());
    return $this->buildDB();
  }

  /**
  Builds the users table
  @author ricky barrette
  */
  private function buildDB() {
    $sql = <<<MySQL_QUERY
CREATE TABLE IF NOT EXISTS users (
id INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT,
user		TEXT,
email	TEXT,
access		TEXT,
pass		TEXT
)
MySQL_QUERY;
    $result =  mysql_query($sql);
    if($result){
      $sql="select * from users where user='admin'"; 
    
      $result = mysql_query($sql);
  	  $count=mysql_num_rows($result);

	    if(! $count==1)
        mysql_query("INSERT INTO users (user, email, access, pass) VALUES('admin', 'd41d8cd98f00b204e9800998ecf8427e', 'admin','d82494f05d6917ba02f7aaa29689ccb444bb73f20380876cb05d1f37537b7892')");
    }
    return $result;
  }

}
?>