Report abuse 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

<?php

	/**
	 *By Red3v0lution
	 *Object-Oriented Content Management System
	 *PHP 5.2.9-1 && MySQL Database 5.1.32
	 *April 21, 2009
	 **/
	 
	/**
	Usage:
	___________________________________________________________________
	|new login($username, $password);                  	              |
	|_________________________________________________________________|
	|It will automatically log the user in if credentials are correct |
	|_________________________________________________________________|
     **/
	 
class login
{
	//User variables
	private $username;
	private $password;
	
	//Storage Variable
	private $return;
	
	//Class Methods
	private function checkLogin()
	{
		if ($_SESSION['logged_in'] == 1)
		{
			if ($_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT'])
			{
				$this->return = "You trying to hijack someone's session? This session is destroyed.";
				$_SESSION = array();
				session_destroy();
				return 0;
			}
			else
			{
			$this->return = "You are already logged in.";
			return 0;
			}
		}
		else
		{
			return 1;
		}
	}
	
	private function clean()
	{
		$this->username = trim($this->username);
		$this->password = md5($this->password);
		return 1;
	}
	
	private function validate()
	{
		$result = mysql_query("SELECT * from users WHERE username = '$this->username' AND password = '$this->password' LIMIT 1;") OR die('Incorrectly formatted query.');
		if ($row = mysql_fetch_assoc($result))
		{
			if ($row['banned'] != 1 || $row['access'] == 0)
			{
			session_regenerate_id();
			$_SESSION['logged_in'] = 1;
			$_SESSION['username'] = $row['username'];
			$_SESSION['access'] = $row['access'];
			$_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
			return 1;
			}
			else
			{
				$this->return = 'This account has been banned by an administrator.';
				return 0;
			}
		}
		else
		{
			$this->return = "Username or password incorrect. Please try again.";
			return 0;
		}
	}
	
	public function __construct($username, $password)
	{
	$this->username = $username;
	$this->password = $password;
	
	$this->checkLogin() OR die($this->return);
	
	require_once 'connect.php';
		
	$this->clean() OR die('Supplied input could not be cleaned.');
	$this->validate() OR die($this->return);

	}
}

?>