codice:################################################################################ #------------------------------------------------------------------------------# # logout #------------------------------------------------------------------------------# ################################################################################ function Logout($user) { $cookie = explode("|", base64_decode($user)); $result = mysql_query("SELECT password FROM ".$prefix."_users WHERE username='$cookie[1]'"); $row = mysql_fetch_array($result); $pass = $row['password']; if ($cookie[2] == $pass && $pass != "") { return $cookie; } else { unset($user); unset($cookie); } setcookie("user"); $user = ""; header("Location: users.php"); } ################################################################################ #------------------------------------------------------------------------------# # Register #------------------------------------------------------------------------------# ################################################################################ function Register(){ include("header.php"); register_form(); include("footer.php"); } function register_form(){ global $username, $password, $email, $fullname, $user_taken_err, $email_taken_err; echo "<center><font class=\"title\">Form di registrazione</font></center> \n"; echo "<center>I campi con l'asterisco (*) sono obbligatori. <form name=\"RegisterForm\" method=\"POST\" action=\"users.php\" onsubmit='return CheckRegisterForm(RegisterForm)'> <table align=\"center\" border=\"1\" width=\"400\" id=\"table1\" cellpadding=\"2\" bordercolor=\"#C0C0C0\"> <tr> <td width=\"100\" align=\"right\">Username:</td> <td><input type=\"text\" name=\"username\" size=\"18\" value=\"$username\"> * $user_taken_err</td> </tr> <tr> <td align=\"right\">Password:</td> <td><input type=\"password\" name=\"password\" size=\"18\" value=\"$password\"> *</td> </tr> <tr> <td align=\"right\">Email:</td> <td><input type=\"text\" name=\"email\" size=\"27\" value=\"$email\"> * $email_taken_err</td> </tr> <tr> <td align=\"right\">Nome completo:</td> <td><input type=\"text\" name=\"fullname\" size=\"27\" value=\"$fullname\"></td> </tr> <tr> <td></td> <td> <input type=\"hidden\" name=\"maa\" value=\"do_Register\"> <input type=\"submit\" value=\"Registra\"></td> </tr> </table></form>"; } function do_Register(){ global $db, $prefix, $username, $password, $email, $fullname, $user_taken_err, $email_taken_err; global $site_name, $site_email, $site_url; $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $email = mysql_real_escape_string($_POST['email']); $fullname = mysql_real_escape_string($_POST['fullname']); //this function will check fields incase of javascript not working. if((!$username) || (!$password) || (!$email)){ if(trim(empty($username))){ } if(empty($password)){ } if(trim(empty($email))){ } //print the error message and load the form. include("header.php"); echo "<center><font class=\"error\">Errore: Controlla se hai inserito tutti i dati.</font></center>\n"; register_form(); include("footer.php"); exit(); } /*--nothing empty? lets do the register-------------------------------------------------------------*/ $sql_email_check = mysql_query("SELECT email FROM ".$prefix."_users WHERE email='$email'"); $sql_username_check = mysql_query("SELECT username FROM ".$prefix."_users WHERE username='$username'"); $email_check = mysql_num_rows($sql_email_check); $username_check = mysql_num_rows($sql_username_check); if(($email_check > 0) || ($username_check > 0)){ //define error message for usage in multi plces. $exist_msg= "<font class=\"error\">(Già registrato!.)</font>"; if($email_check > 0){ $email_taken_err = $exist_msg; unset($email); } if($username_check > 0){ $user_taken_err = $exist_msg; unset($username); } //if the username or email already been taken load the form and print errors. include("header.php"); register_form(); include("footer.php"); exit(); } $md5_password = md5($password); $result = mysql_query("INSERT INTO ".$prefix."_users ( username,password,email,fullname) VALUES('$username','$md5_password','$email','$fullname')") or die ("Error in registration sql:". mysql_error()); $subject = "I tuoi dati di accesso su $site_name"; $message = " Benvenuti su $site_name Conserva questa mail perchè contiene i tuoi dati di accesso. Le informazione del tuo account sono le seguenti: ---------------------------- Username: $username Password: $password ---------------------------- Il tuo account è ora attivo. Puoi usarlo per accedere al nostro sito: $site_url Ti preghiamo di non dimenticare la password poichè nel nostro database degli utenti risulta criptata e quindi non possiamo comunicartela. Se dovessi dimenticarla puoi chiederne una nuova, tramite il form dedicato; in questo caso al termine della procedura ti sarà inviata tramite e-mail. Grazie per esserti registrato. -- - $site_name $site_url Questa mail è stata generata automaticamente dal nostro database. Ti preghiamo di non rispondere alla suddetta poichè non ci giungerà nessun tuo messaggio"; if(!mail($email,$subject,$message, "FROM: $site_name <$site_email>")){ die ("Impossibile inviare la e-mail di registrazione. Si prega di contattare lo staff ($site_email)"); }else{ include("header.php"); echo "registrazione effettuata!"; login_form(); include("footer.php"); } } ################################################################################ #------------------------------------------------------------------------------# # Forgot Password #------------------------------------------------------------------------------# ################################################################################ function Forgot_pwd_form(){ global $error_msg; echo "<center><font class=\"title\">Mandami una nuova password</font> <form method='POST' action='users.php'> <table border='0' cellpadding='4'> <tr> <td bgcolor='#E2E2E2'>Username:</td> <td bgcolor='#E2E2E2'><input type='text' name='username' size='11'></td> </tr> <tr> <td bgcolor='#E2E2E2'>Email:</td> <td bgcolor='#E2E2E2'><input type='text' name='email' size='11'></td> </tr> <tr> <td></td> <td> <input type='hidden' name='maa' value='do_Forgot_pwd'> <input type='submit' value='Send password'></p> </td> </tr> </table><center>$error_msg</center> </form>"; } function Forgot_pwd(){ global $user, $prefix, $db; include("header.php"); Forgot_pwd_form(); include("footer.php"); } function do_Forgot_pwd(){ global $user, $prefix, $db, $email, $username, $error_msg, $site_name ,$site_email, $site_url; $username = mysql_real_escape_string($_POST['username']); $email = mysql_real_escape_string($_POST['email']); $result = mysql_query("SELECT * FROM ".$prefix."_users WHERE username='$username' AND email='$email'"); $check = mysql_num_rows($result); if($check == 1){ function new_pwd() { $chars = "abchefghjkmnpqrstuvwxyz0123456789"; srand((double)microtime()*1000000); $i = 0; while ($i <= 7) { $num = rand() % 33; $tmp = substr($chars, $num, 1); $pwd = $pwd . $tmp; $i++; } return $pwd; } $new_pwd = new_pwd(); $md5_password = md5($new_pwd); $sql = mysql_query("UPDATE ".$prefix."_users SET password='$md5_password' WHERE email='$email'"); $subject = "New password"; $message = " Salve $username, Hai ricevuto questa e-mail perchè hai richiesto una nuova password per il tuo account su $site_name. Qui sotto trovi le credenziali di accesso. -------------------------- Username: $username Password: $new_pwd -------------------------- Puoi effettuare il login da qui: $site_url Puoi tranquillamente modificare la password tramite la pagina dedicata al tuo account. Per ogni problema rivolgiti al webmaster. -- -Grazie $site_name Questa mail è stata generata automaticamente dal nostro database. Ti preghiamo di non rispondere alla suddetta poichè non ci giungerà nessun tuo messaggio"; mail($email,$subject,$message, "FROM: $site_name <$site_email>"); include("header.php"); echo "La tua nuova password ti è stata mandata via mail."; echo " attendere prego..."; include("footer.php"); }else{ include("header.php"); Forgot_pwd_form(); echo "<center><font class=\"error\">Errore: username/email errati</font></center> "; include("footer.php"); } } ################################################################################ #------------------------------------------------------------------------------# # a switch for switching between functions #------------------------------------------------------------------------------# ################################################################################ switch ($maa){ case "Forgot_pwd": Forgot_pwd(); break; case "do_Forgot_pwd": do_Forgot_pwd(); break; case "Register": Register(); break; case "do_Register": do_Register(); break; case "Logout": Logout($user); break; case "Login": Login(); break; case "do_login": do_login(); break; Default: index($user); Break; } ?>
Rispondi quotando