SessionId . "'"; if ( ($result = mysql_query($query))) { $this->LoginStatus = 3; $this->Message = "Thank You for Logging Out"; } else { $this->LoginStatus = 3; $this->Message = "We could not log you out. Your session was not found."; } $cookiepath = "/"; $cookiedomain = ".cubeone.co.uk"; $cookiename = "cubeone_sessionid"; setcookie($cookiename, "", 0, $cookiepath, $cookiedomain, 0); $this->SessionId = ""; } function UserExists($LoginName) { $query = "select Password from cubeUsers where Email = '$LoginName'"; if ( ($result = mysql_query($query)) && mysql_num_rows($result) ) { return true; } else { return false; } } function generateCode($length=6) { $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPRQSTUVWXYZ0123456789"; $code = ""; while (strlen($code) < $length) { $code .= $chars[mt_rand(0,strlen($chars))]; } return $code; } function PasswordReset($VerificationId) { if (trim($VerificationId) == "") { $this->Message = "No Verification Id Found"; $this->LoginStatus = 8; return false; } else { $Password = $this->generateCode(8); $query = "select Email from cubeUsers where VerificationId = '$VerificationId'"; if ( ($result = mysql_query($query)) && mysql_num_rows($result) ) { $line = mysql_fetch_array($result); $mailto = $line['Email']; $mailsubject = "CubeOne: New Password"; $mailbody = " Hello,\n\n This is the CubeOne Client Mailer.\n \n Thank you for verifying your request to generate a new Password.\n\n We have generated a random password for you as follows:\n\n New Password: " . $Password . "\n\n We recommend logging into the CubeOne Client Area as soon as \n possible and changing your password to something more memorable.\n \n Thank you,\n CubeOne\n \n\n"; $mailheaders = 'From: support@cubeone.co.uk' . "\r\n" . 'Reply-To: support@cubeone.co.uk' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); $query = "update cubeUsers set VerificationId = '', Password = '" . md5($Password) . "' where VerificationId = '" . $VerificationId . "'"; if ($result = mysql_query($query)) { mail($mailto, $mailsubject, $mailbody, $mailheaders); $this->Message = "We Have Successfully Reset Your Password"; $this->LoginStatus = 8; return true; } else { $this->Message = "We Were Unable to Reset Your Password"; $this->LoginStatus = 8; return false; } } else { $this->Message = "Could Not Find Specified VerificationId"; $this->LoginStatus = 8; return false; } } } function PasswordResetVerify($LoginName) { // Create an Id... $mytime = time(); $startTime = date("Y-m-d H:i:s",$mytime); $endTime = date("Y-m-d H:i:s",mktime((date("H")+3))); $randid = (rand(rand(10,50),rand(60,90)) + rand(200,700)); $verificationid = md5("$mytime$randid$LoginName"); $mailto = $LoginName; $mailsubject = "CubeOne: Reset Password - Verification Needed"; $mailbody = " Hello,\n\n This is the CubeOne Client Mailer.\n \n Someone (possibly you) with your email address, has requested that \n your password is changed.\n\n We take your security seriously and so in order to prevent malicious \n password resetting, we are sending you this email to confirm that \n you wish your password to be reset.\n\n We have sent you a unique reference and a unique link for you to follow \n if you wish to reset your password. Follow this link, and we will create \n a brand new shiny password for you.\n\n http://www.cubeone.co.uk/forgotten.php?a=reset&v=" . $verificationid . " \n\n Thank you,\n CubeOne\n \n\n"; $mailheaders = 'From: support@cubeone.co.uk' . "\r\n" . 'Reply-To: support@cubeone.co.uk' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); $query = "update cubeUsers set VerificationId = '" . $verificationid . "' where Email = '$LoginName'"; if ($result = mysql_query($query)) { mail($mailto, $mailsubject, $mailbody, $mailheaders); return true; } else { return false; } } function Login($LoginName, $LoginPassword) { // Login and set session info $LoginName = strtolower($LoginName); $query = "select Password from cubeUsers where Email = '$LoginName'"; if ( ($result = mysql_query($query)) && mysql_num_rows($result) ) { $line = mysql_fetch_array($result); // Should MD5 this ideally.... if (md5($LoginPassword) == $line['Password']) { $this->LoginStatus = 0; $this->Message=""; $mytime = time(); $startTime = date("Y-m-d H:i:s",$mytime); $endTime = date("Y-m-d H:i:s",mktime((date("H")+3))); $randid = (rand(rand(10,50),rand(60,90)) + rand(200,700)); $sessionid = md5("$mytime$randid$LoginName"); $query = "update cubeUsers set SessionId='$sessionid', SessionStart='$startTime', SessionEnd='$endTime' where Email='$LoginName'"; $result = mysql_query($query); $cookiepath = "/"; $cookiedomain = ".cubeone.co.uk"; $cookiename = "cubeone_sessionid"; setcookie($cookiename, $sessionid, time()+((60*60)*3), $cookiepath, $cookiedomain, 0); $this->SessionId = $sessionid; } else { $this->LoginStatus = 1; $this->Message="The Password you have entered does not match what we have stored. Please check and try again."; } } else { $this->LoginStatus = 2; $this->Message="We could not find your User Name. Please check and try again."; } } } ?>Forename = ""; $this->Surname = ""; $this->Email = ""; $this->MD5Password = ""; $this->SalutationId = 0; $this->Status = 1; $this->Message = "Initialised... Waiting for usage..."; } function UpdateEmail($VerificationId) { if ($VerificationId == "") { $this->Status = 1; $this->Message = "Email Address Could Not be Validated"; return false; } else { $query = "update cubeUsers set VerificationId = '', Email = VerificationEmail, VerificationEmail = '' where VerificationId = '" . $VerificationId . "'"; if ($result = mysql_query($query)) { $this->Status = 0; $this->Message = "Email Address Validated. Thank You."; return true; } else { $this->Status = 1; $this->Message = "Email Address Could Not be Validated"; return false; } } } function GetUser($SessionId) { $query = "select Id, Email, Password, SalutationId, Forenames, Surname from cubeUsers where SessionId='$SessionId'"; if ( ($result = mysql_query($query)) && mysql_num_rows($result) ) { $line = mysql_fetch_array($result); $this->Forename = $line['Forenames']; $this->Surname = $line['Surname']; $this->MD5Password = $line['Password']; $this->SalutationId = $line['SalutationId']; $this->Email = $line['Email']; $this->Status = 0; $this->Message = ""; } else { $this->Status = 1; $this->Message = "Could not find SessionId"; } } function ValidateEmail($Email) { if (strtolower($Email) == $this->Email) { return true; } else { $query = "select * from cubeUsers where Email = '" . strtolower($Email) . "'"; if ( ($result = mysql_query($query)) && mysql_num_rows($result) ) { return false; } else { return true; } } } function ValidatePassword($Password, $ConfirmPassword) { if (($Password != "") || ($ConfirmPassword != "")) { if ($Password == $ConfirmPassword) { return true; } else { return false; } } else { return true; } } function Update($Session, $Email, $Password, $Forename, $Lastname) { $setstring = ""; if (strtolower($Email) != $this->Email) { if (trim($setstring) != "") { $setstring = $setstring . ", "; } $mytime = time(); $startTime = date("Y-m-d H:i:s",$mytime); $endTime = date("Y-m-d H:i:s",mktime((date("H")+3))); $randid = (rand(rand(10,50),rand(60,90)) + rand(200,700)); $verificationid = md5("$mytime$randid$LoginName"); $setstring = $setstring . "VerificationEmail = '" . strtolower($Email) . "', VerificationId = '" . $verificationid . "'"; } if ($Forename != $this->Forename) { if (trim($setstring) != "") { $setstring = $setstring . ", "; } $setstring = $setstring . "Forenames = '" . $Forename . "'"; } if ($Lastname != $this->Surname) { if (trim($setstring) != "") { $setstring = $setstring . ", "; } $setstring = $setstring . "Surname = '" . $Lastname . "'"; } if ((md5($Password) != $this->Password) && ($Password != "")) { if (trim($setstring) != "") { $setstring = $setstring . ", "; } $setstring = $setstring . "Password = '" . md5($Password) . "'"; } if (trim($setstring) != "") { $query = "update cubeUsers set " . $setstring . " where SessionId = '" . $Session . "'"; //echo "\n
$query
\n"; if ($result = mysql_query($query)) { if (strtolower($Email) != $this->Email) { $mailto = $Email; $mailsubject = "CubeOne: Change Email - Verification Needed"; $mailbody = " Hello, This is the CubeOne Client Mailer. Someone (possibly you) has asked that their CubeOne Email Address for Login, be set to this address. We take security very seriously, and to prevent inappropriate use of other peoples email addresses, we wanted to give you the opportunity to verify that you are the legal owner of this email address. Below we have provided you with a link with a unique reference code. If you are the CubeOne user and legal owner of this email address, please follow the link below to activate your email address: http://www.cubeone.co.uk/change.php?a=verify&v=" . $verificationid . " Thank you, CubeOne \n\n"; $mailheaders = 'From: support@cubeone.co.uk' . "\r\n" . 'Reply-To: support@cubeone.co.uk' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); mail($mailto, $mailsubject, $mailbody, $mailheaders); $this->Status = 0; $this->Message = "We've sent an email to your new address. Please confirm by clicking on the link contained within"; } else { $this->Status = 0; $this->Message = "All updates applied successfully."; } return true; } else { $this->Status = 1; $this->Message = "We were unable to update the database."; return false; } } else { $this->Status = 0; $this->Message = "We could not detect any changes that needed to be made. No updates performed."; return false; } } } class Session { var $SessionStatus; var $Message; var $LoginName; var $Fullname; function epoch($timestamp) { $hour = substr($timestamp,11,2); $minute = substr($timestamp,14,2); $second = substr($timestamp,17,2); $day = substr($timestamp,8,2); $year = substr($timestamp,0,4); $month = substr($timestamp,5,2); return mktime($hour, $minute, $second, $month, $day, $year); } function Session() { $this->Message = ""; $this->SessionStatus=5; } function ValidateSession($SessionId) { if (trim($SessionId) == "") { $this->Message="No Session Id Specified"; $this->SessionStatus=7; } else { $query = "select Forenames, SessionId, SessionEnd, Email from cubeUsers where SessionId='$SessionId'"; if ( ($result = mysql_query($query)) && mysql_num_rows($result) ) { $line = mysql_fetch_array($result); $storedsession = $line['SessionId']; $this->Fullname = $line['Forenames']; if ($storedsession == $SessionId) { $this->LoginName = $line['Email']; $endtime = $this->epoch($line['SessionEnd']); if ($endtime < time()) { $this->SessionStatus=4; $this->Message="Your session has expired. Please login again."; } else { $this->SessionStatus=0; $this->Message=""; $endTime = date("Y-m-d H:i:s",mktime((date("H")+3))); $query = "update cubeUsers set SessionEnd='$endTime' where SessionId='$SessionId'"; $result = mysql_query($query); } } else { // Nomatch $this->SessionStatus=6; $this->Message="We cannot find your session information on file. Please login again."; } } else { // Nomatch $this->SessionStatus=6; $this->Message="We cannot find your session information on file. Please login again."; } } } function DestroySession($SessionId) { $query = "update cubeUsers set SessionId = '' where SessionId='$SessionId'"; $result = mysql_query($query); } } ?>