Simple use of PHP user authentication and tag recommendations

<?php
require_once(&#39;output_fns.php&#39;);
require_once(&#39;db_fns.php&#39;);
require_once(&#39;data_valid_fns.php&#39;);
require_once(&#39;url_fns.php&#39;);
require_once(&#39;user_auth_fns.php&#39;);
?>

<?php
// Test that each variable has a value
function filled_out($form_vars) {
foreach ($form_vars as $key => $value) {
if ((!isset($key)) || ($value == &#39;&#39;)) {
return false;
} 
} 
return true;
}
// Valid email
function valid_email($address) {
if (ereg(&#39;^[a-zA-Z0-9_\.\-]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9\-\.]+$&#39;, $address)) {
return true;
}else {
return false;
}
}
?>

<?php
//Conncet to db 
function db_connect() {
$db = new mysqli(&#39;127.0.0.1&#39;, &#39;bm_user&#39;, &#39;password&#39;, &#39;bookmarks&#39;);
if (!$db) {
throw new Exception("Could not connect to database server", 1);
}else {
return $db;
}
}
?>

<?php
require_once(&#39;db_fns.php&#39;);
// register 
function register($username, $email, $password) {
$conn = db_connect();
$results = $conn -> query("select * from user where username = &#39;".$username."&#39;");
if (!$results) {
throw new Exception("Could not execute query", 1);
}
if ($results -> num_rows > 0) {
throw new Exception("That username is taken - go back and choose another one.", 1);
} 
$results = $conn -> query("insert into user values (&#39;".$username."&#39;, sha1(&#39;".$email."&#39;), &#39;".$password."&#39;)");
if (!$results) {
throw new Exception(&#39;Could not register you in database - please try again later.&#39;);
}
return true;
}
// Log in 
function login($username, $password) {
$conn = db_connect();
$results = $conn -> query("select * from user where username = &#39;".$username."&#39; and passwd = sha1(&#39;".$password."&#39;)");
if (!$results) {
throw new Exception(&#39;Could not log you in.&#39;);
}
if ($results -> num_rows > 0) {
return true;
}else {
throw new Exception(&#39;Could not log you in.&#39;);
}
}
// Check valid user 
function check_valid_user() {
if (isset($_SESSION[&#39;valid_user&#39;])) {
echo "Logged in as ".$_SESSION[&#39;valid_user&#39;].".<br />";
}else {
do_html_header(&#39;Problem:&#39;);
echo "You are not logged in.<br />";
do_html_url(&#39;login.php&#39;, &#39;Login&#39;);
do_html_foot();
exit;
}
}
// change password 
function change_password($username, $old_password, $new_password) {
login($username, $old_password);
$conn = db_connect();

$result = $conn -> query("update user set passwd = sha1(&#39;".$new_password."&#39;) where username = &#39;".$username."&#39;");
if (!$result) {
throw new Exception(&#39;Password could not be changed.&#39;);
} else {
return true; // changed successfully
}
}
function get_random_word($min_length, $max_length) {
// grab a random word from dictionary between the two lengths
// and return it
// generate a random word
$word = &#39;&#39;;
// remember to change this path to suit your system
$dictionary = &#39;/usr/dict/words&#39;; // the ispell dictionary
$fp = @fopen($dictionary, &#39;r&#39;);
if(!$fp) {
return false;
}
$size = filesize($dictionary);
// go to a random location in dictionary
$rand_location = rand(0, $size);
fseek($fp, $rand_location);
// get the next whole word of the right length in the file
while ((strlen($word) < $min_length) || (strlen($word)>$max_length) || (strstr($word, "&#39;"))) {
if (feof($fp)) {
fseek($fp, 0); // if at end, go to start
}
$word = fgets($fp, 80); // skip first word as it could be partial
$word = fgets($fp, 80); // the potential password
}
$word = trim($word); // trim the trailing \n from fgets
return $word;
}
function reset_password($username) {
// set password for username to a random value
// return the new password or false on failure
// get a random dictionary word b/w 6 and 13 chars in length
$new_password = get_random_word(6, 13);

if($new_password == false) {
throw new Exception(&#39;Could not generate new password.&#39;);
}
// add a number between 0 and 999 to it
// to make it a slightly better password
$rand_number = rand(0, 999);
$new_password .= $rand_number;
// set user&#39;s password to this in database or return false
$conn = db_connect();
$result = $conn->query("update user
set passwd = sha1(&#39;".$new_password."&#39;)
where username = &#39;".$username."&#39;");
if (!$result) {
throw new Exception(&#39;Could not change password.&#39;); // not changed
} else {
return $new_password; // changed successfully
}
}
function notify_password($username, $password) {
// notify the user that their password has been changed
$conn = db_connect();
$result = $conn->query("select email from user
where username=&#39;".$username."&#39;");
if (!$result) {
throw new Exception(&#39;Could not find email address.&#39;);
} else if ($result->num_rows == 0) {
throw new Exception(&#39;Could not find email address.&#39;);
// username not in db
} else {
$row = $result->fetch_object();
$email = $row->email;
$from = "From: support@phpbookmark \r\n";
$mesg = "Your PHPBookmark password has been changed to ".$password."\r\n"
."Please change it next time you log in.\r\n";
if (mail($email, &#39;PHPBookmark login information&#39;, $mesg, $from)) {
return true;
} else {
throw new Exception(&#39;Could not send email.&#39;);
}
}
}
?>

<?php
require_once(&#39;db_fns.php&#39;);
// Get user urls
function get_user_urls($username) {
$conn = db_connect();
$results = $conn -> query("select bm_URL 
from bookmark 
where username = &#39;" . $username . "&#39;");
if (!$results) {
return false;
}
$url_array = array();
for ($i = 1;$row = $results -> fetch_row();++$i) {
$url_array[$i] = $row[0];
}
return $url_array;
}
// Add url to db
function add_bm($new_url) {
echo "Attempting to add ".htmlspecialchars($new_url)."<br />";
$valid_user = $_SESSION[&#39;valid_user&#39;];
$conn = db_connect();
$results = $conn -> query(" select * from bookmark 
where username = &#39;".$valid_user."&#39; 
and bm_URL = &#39;".$new_url."&#39;");
if ($results && ($results -> num_rows > 0)) {
throw new Exception("Bookmark already exists.", 1); 
}
$insert_result = $conn -> query("insert into bookmark values (&#39;".$valid_user."&#39;, &#39;".addslashes($new_url)."&#39;)");
if (!$insert_result) {
throw new Exception("Bookmark could not be inserted.", 1); 
}
return true;
}
// Delete url 
function delete_bm($user, $url) {
$conn = db_connect();
$results = $conn -> query(" delete from bookmark 
where username = &#39;".$user."&#39; 
and bm_URL = &#39;".$url."&#39;");
if (!$results) {
throw new Exception("Bookmark could not be deleted.", 1); 
}
return true; 
}
function recommend_urls($valid_user, $popularity = 1) {
$conn = db_connect();
// $query = "select bm_URL
// from bookmark
// where username in
// (select distinct(b2.username)
// from bookmark b1, bookmark b2
// where b1.username=&#39;".$valid_user."&#39;
// and b1.username != b2.username
// and b1.bm_URL = b2.bm_URL)
// and bm_URL not in
// (select bm_URL
// from bookmark
// where username=&#39;".$valid_user."&#39;)
// group by bm_url
// having count(bm_url)>".$popularity;
$query = "select bm_URL
from bookmark
where username in
(select distinct(b2.username)
from bookmark b1, bookmark b2
where b1.username=&#39;".$valid_user."&#39;
and b1.username != b2.username
and b1.bm_URL = b2.bm_URL)
and bm_URL not in
(select bm_URL
from bookmark
where username=&#39;".$valid_user."&#39;)
group by bm_url
having count(bm_url)>".$popularity;
if (!($result = $conn->query($query))) {
throw new Exception(&#39;Could not find any bookmarks to recommend.&#39;);
}
if ($result->num_rows==0) {
throw new Exception(&#39;Could not find any bookmarks to recommend.&#39;);
}
$urls = array();
// build an array of the relevant urls
for ($count=0; $row = $result->fetch_object(); $count++) {
$urls[$count] = $row->bm_URL;
}
return $urls;
}
?>

<?php
function do_html_header($title) {
// print an HTML header
?>
<html>
<head>
<title><?php echo $title;?></title>
<style>
body { font-family: Arial, Helvetica, sans-serif; font-size: 13px }
li, td { font-family: Arial, Helvetica, sans-serif; font-size: 13px }
hr { color: #3333cc; width=300; text-align=left}
a { color: #000000 }
</style>
</head>
<body>
<img src="005.png" alt="PHPbookmark logo" border="0"
align="left" valign="bottom" height="55" width="57" />
<h1>PHPbookmark</h1>
<hr />
<?php
if($title) {
do_html_heading($title);
}
}
function do_html_footer() {
// print an HTML footer
?>
</body>
</html>
<?php
}
function do_html_heading($heading) {
// print heading
?>
<h2><?php echo $heading;?></h2>
<?php
}
function do_html_URL($url, $name) {
// output URL as link and br
?>
<br /><a href="<?php echo $url;?>"><?php echo $name;?></a><br />
<?php
}
function display_site_info() {
// display some marketing info
?>
<ul>
<li>Store your bookmarks online with us!</li>
<li>See what other users use!</li>
<li>Share your favorite links with others!</li>
</ul>
<?php
}
function display_login_form() {
?>
<p><a href="register_form.php">Not a member?</a></p>
<form method="post" action="member.php">
<table bgcolor="#cccccc">
<tr>
<td colspan="2">Members log in here:</td>
<tr>
<td>Username:</td>
<td><input type="text" name="username"/></td></tr>
<tr>
<td>Password:</td>
<td><input type="password" name="passwd"/></td></tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Log in"/></td></tr>
<tr>
<td colspan="2"><a href="forgot_form.php">Forgot your password?</a></td>
</tr>
</table></form>
<?php
}
function display_registration_form() {
?>
<form method="post" action="register_new.php">
<table bgcolor="#cccccc">
<tr>
<td>Email address:</td>
<td><input type="text" name="email" size="30" maxlength="100"/></td></tr>
<tr>
<td>Preferred username <br />(max 16 chars):</td>
<td valign="top"><input type="text" name="username"
size="16" maxlength="16"/></td></tr>
<tr>
<td>Password <br />(between 6 and 16 chars):</td>
<td valign="top"><input type="password" name="passwd"
size="16" maxlength="16"/></td></tr>
<tr>
<td>Confirm password:</td>
<td><input type="password" name="passwd2" size="16" maxlength="16"/></td></tr>
<tr>
<td colspan=2 align="center">
<input type="submit" value="Register"></td></tr>
</table></form>
<?php
}
function display_user_urls($url_array) {
// display the table of URLs
// set global variable, so we can test later if this is on the page
global $bm_table;
$bm_table = true;
?>
<br />
<form name="bm_table" action="delete_bms.php" method="post">
<table width="300" cellpadding="2" cellspacing="0">
<?php
$color = "#cccccc";
echo "<tr bgcolor=\"".$color."\"><td><strong>Bookmark</strong></td>";
echo "<td><strong>Delete?</strong></td></tr>";
if ((is_array($url_array)) && (count($url_array) > 0)) {
foreach ($url_array as $url) {
if ($color == "#cccccc") {
$color = "#ffffff";
} else {
$color = "#cccccc";
}
//remember to call htmlspecialchars() when we are displaying user data
echo "<tr bgcolor=\"".$color."\"><td><a href=\"".$url."\">".htmlspecialchars($url)."</a></td>
<td><input type=\"checkbox\" name=\"del_me[]\"
value=\"".$url."\"/></td>
</tr>";
}
} else {
echo "<tr><td>No bookmarks on record</td></tr>";
}
?>
</table>
</form>
<?php
}
function display_user_menu() {
// display the menu options on this page
?>
<hr />
<a href="member.php">Home</a>  | 
<a href="add_bm_form.php">Add BM</a>  | 
<?php
// only offer the delete option if bookmark table is on this page
global $bm_table;
if ($bm_table == true) {
echo "<a href=\"#\" onClick=\"bm_table.submit();\">Delete BM</a>  | ";
} else {
echo "<span style=\"color: #cccccc\">Delete BM</span>  | ";
}
?>
<a href="change_passwd_form.php">Change password</a>
<br />
<a href="recommend.php">Recommend URLs to me</a>  | 
<a href="logout.php">Logout</a>
<hr />
<?php
}
function display_add_bm_form() {
// display the form for people to ener a new bookmark in
?>
<form name="bm_table" action="add_bms.php" method="post">
<table width="250" cellpadding="2" cellspacing="0" bgcolor="#cccccc">
<tr><td>New BM:</td>
<td><input type="text" name="new_url" value="http://"
size="30" maxlength="255"/></td></tr>
<tr><td colspan="2" align="center">
<input type="submit" value="Add bookmark"/></td></tr>
</table>
</form>
<?php
}
function display_password_form() {
// display html change password form
?>
<br />
<form action="change_passwd.php" method="post">
<table width="250" cellpadding="2" cellspacing="0" bgcolor="#cccccc">
<tr><td>Old password:</td>
<td><input type="password" name="old_passwd"
size="16" maxlength="16"/></td>
</tr>
<tr><td>New password:</td>
<td><input type="password" name="new_passwd"
size="16" maxlength="16"/></td>
</tr>
<tr><td>Repeat new password:</td>
<td><input type="password" name="new_passwd2"
size="16" maxlength="16"/></td>
</tr>
<tr><td colspan="2" align="center">
<input type="submit" value="Change password"/>
</td></tr>
</table>
<br />
<?php
}
function display_forgot_form() {
// display HTML form to reset and email password
?>
<br />
<form action="forgot_passwd.php" method="post">
<table width="250" cellpadding="2" cellspacing="0" bgcolor="#cccccc">
<tr><td>Enter your username</td>
<td><input type="text" name="username" size="16" maxlength="16"/></td>
</tr>
<tr><td colspan=2 align="center">
<input type="submit" value="Change password"/>
</td></tr>
</table>
<br />
<?php
}
function display_recommended_urls($url_array) {
// similar output to display_user_urls
// instead of displaying the users bookmarks, display recomendation
?>
<br />
<table width="300" cellpadding="2" cellspacing="0">
<?php
$color = "#cccccc";
echo "<tr bgcolor=\"".$color."\">
<td><strong>Recommendations</strong></td></tr>";
if ((is_array($url_array)) && (count($url_array)>0)) {
foreach ($url_array as $url) {
if ($color == "#cccccc") {
$color = "#ffffff";
} else {
$color = "#cccccc";
}
echo "<tr bgcolor=\"".$color."\">
<td><a href=\"".$url."\">".htmlspecialchars($url)."</a></td></tr>";
}
} else {
echo "<tr><td>No recommendations for you today.</td></tr>";
}
?>
</table>
<?php
}
?>
login.php
<?php
require_once(&#39;bookmark_fns.php&#39;);
do_html_header(&#39;&#39;);
display_site_info();
display_login_form();
do_html_footer();
?>
logout.php
<?php

// start session
session_start();
$old_user = $_SESSION['valid_user'];
unset($_SESSION['valid_user']);
$result_dest = session_destroy();
do_html_header('Logging out');
if (!empty($old_user)) {
if ($result_dest) {
echo &#39;Logged out.<br />&#39;;
do_html_url(&#39;login.php&#39;, &#39;Login&#39;);
}else {
echo &#39;Could not log you out.<br />&#39;;
}
}else {
echo &#39;You are not logged in ,so have not been logged out.<br />&#39;;
do_html_url(&#39;login.php&#39;, &#39;Login&#39;);
}
do_html_footer();
?>

<?php
require_once(&#39;bookmark_fns.php&#39;);
do_html_header(&#39;User Registration&#39;);
display_registration_form();
do_html_footer();
?>
register_new.php
<?php
require_once(&#39;bookmark_fns.php&#39;);
// vars
$email = $_POST[&#39;email&#39;];
$username = $_POST[&#39;username&#39;];
$passwd = $_POST[&#39;passwd&#39;];
$passwd2 = $_POST[&#39;passwd2&#39;];
// start session
session_start();
// valid data 
try {
if (!filled_out($_POST)) {
throw new Exception("You have not filled the form out correctly - please go back and try again.", 1);
}
if (!valid_email($email)) { 
throw new Exception("That is not a valid email address - please go back and try again.", 1);
}
if ($passwd != $passwd2) { 
throw new Exception("The passwords you entered do not match - please go back and try again.", 1);
}
if ((strlen($passwd) < 6) || (strlen($passwd) > 16)) { 
throw new Exception("Your password must be between 6 and 16 characters - please go back and try again.", 1);
}
register($username, $passwd, $email);
$_SESSION[&#39;valid_user&#39;] = $username;
do_html_header(&#39;Rigistration successful&#39;);
do_html_url(&#39;member.php&#39;, &#39;Go to members page&#39;);
do_html_footer();
} catch (Exception $e) {
do_html_header(&#39;Problem: &#39;);
echo $e -> getMessage();
do_html_footer();
exit();
}
?>

<?php
require_once(&#39;bookmark_fns.php&#39;);
do_html_header(&#39;Reset password&#39;);
display_forgot_form();
do_html_footer();
?>
forgot_passwd.php
<?php
require_once(&#39;bookmark_fns.php&#39;);
do_html_header(&#39;Resetting password&#39;);
$username = $_POST[&#39;username&#39;];
try {
// get random password 
$password = reset_password($username);
notify_password($username, $password);
echo "Your new password has been emailed to you.<br />";
}catch(Exception $e){
echo "Your password could not be reset - please try again later.";
}
do_html_url(&#39;login.php&#39;, &#39;Login&#39;);
do_html_footer();
?>
change_passwd_form.php
<?php
require_once(&#39;bookmark_fns.php&#39;);
session_start();
do_html_header(&#39;Change password&#39;);
check_valid_user();
display_password_form();
display_user_menu(); 
do_html_footer();
?>
change_passed.php
<?php
require_once(&#39;bookmark_fns.php&#39;);
session_start();
do_html_header(&#39;Changing password&#39;);
$old_passwd = $_POST[&#39;old_passwd&#39;];
$new_passwd = $_POST[&#39;new_passwd&#39;];
$new_passwd2 = $_POST[&#39;new_passwd2&#39;];
try {
check_valid_user();
if (!filled_out($_POST)) {
throw new Exception("You have not filled the form out correctly - please go back and try again.", 1);
}
if ($new_passwd != $new_passwd2) { 
throw new Exception("The passwords you entered do not match - please go back and try again.", 1);
}
if ((strlen($new_passwd) < 6) || (strlen($new_passwd) > 16)) { 
throw new Exception("Your password must be between 6 and 16 characters - please go back and try again.", 1);
}
change_password($_SESSION[&#39;valid_user&#39;], $old_passwd, $new_passwd2);
echo &#39;Password changed.&#39;;
}catch(Exception $e) {
echo $e -> getMessage();
}
display_user_menu(); 
do_html_footer();
?>
add_bm_form.php
<?php
// include function files for this application
require_once(&#39;bookmark_fns.php&#39;);
session_start();
// start output html
do_html_header(&#39;Add Bookmarks&#39;);
check_valid_user();
display_add_bm_form();
display_user_menu();
do_html_footer();
?>

<?php
require_once(&#39;bookmark_fns.php&#39;);
session_start();
$new_url = $_POST[&#39;new_url&#39;];
do_html_header(&#39;Adding bookmarks&#39;);
try {
check_valid_user();
if (!filled_out($_POST)) {
throw new Exception(&#39;Form not completely filled out.&#39;);
} 
if (strstr($new_url, &#39;http://&#39;) === false) {
$new_url = &#39;http://&#39;.$new_url;
} 
// check url is valid
if (!@fopen($new_url, &#39;r&#39;)) {
throw new Exception(&#39;Not a valid URL.&#39;);
} 
add_bm($new_url);
echo "Bookmark added";
if ($mks = get_user_urls($_SESSION[&#39;valid_user&#39;])) {
display_user_urls($mks);
}
}catch(Exception $e) {
echo $e -> getMessage();
}
display_user_menu();
do_html_footer();
?>

<?php
require_once(&#39;bookmark_fns.php&#39;);
session_start();
$del_me = $_POST[&#39;del_me&#39;];
$valid_user = $_SESSION[&#39;valid_user&#39;];
do_html_header(&#39;Deleting bookmarks&#39;);
check_valid_user();
if (!filled_out($_POST)) {
echo "<p>You have not chosen any bookmarks to delete.<br />
Please try again.</p>";
display_user_menu();
do_html_footer();
exit;
}else {
if (count($del_me) > 0) {
foreach ($del_me as $url) {
if (delete_bm($valid_user, $url)) {
echo "Deleted ".htmlspecialchars($url)."<br />";
}else {
echo "Could not deleted ".htmlspecialchars($url)."<br />";
}
}
}else {
echo "No bookmarks selected for deletion.";
}
}
if ($mks = get_user_urls($_SESSION[&#39;valid_user&#39;])) {
display_user_urls($mks);
}
display_user_menu();
do_html_footer();
?>

<?php
require_once(&#39;bookmark_fns.php&#39;);

session_start();
do_html_header(&#39;Recommending URLS&#39;);
try {
check_valid_user();
$urls = recommend_urls($_SESSION[&#39;valid_user&#39;], 1);
display_recommended_urls($urls);
}catch(Exception $e) {
echo $e -> getMessage();
}
display_user_menu();
do_html_footer();
?>

<?php
require_once(&#39;bookmark_fns.php&#39;);
session_start();
@$username = $_POST[&#39;username&#39;];
@$passwd = $_POST[&#39;passwd&#39;];
if ($username && $passwd) {
try {
// Log in 
login($username, $passwd);
$_SESSION[&#39;valid_user&#39;] = $username;
}catch(Exception $e) {
do_html_header(&#39;Problem: &#39;);
echo "You could not be logged in. You must be logged in to view this page.";
do_html_url(&#39;login.php&#39;, &#39;Login&#39;);
do_html_footer();
exit;
}
}
do_html_header(&#39;Home&#39;);
check_valid_user();
if ($url_array = get_user_urls($_SESSION[&#39;valid_user&#39;])) {
display_user_urls($url_array);
}
display_user_menu();
do_html_footer();
?>