<?
class auth {

    // default constructor
    function auth() {
        if( isset( $_POST['username'] ) && isset( $_POST['password'] ) )
        {   $this->mysql_bind(); }
        else if ( isset( $_GET['logout'] ) ) {
            $this->user_logout();
        }
    }

    // is the user authorized already
    function is_authorized() {
        return $_SESSION['authorized'];
    }

    // is the account currently activated
    function is_activated() {
        return $_SESSION['active_account'];
    }

    // bind to the mysql server
    function mysql_bind() {
        $username = $_POST['username'];
        $password = $_POST['password'];
        $query = "SELECT username, activation_hash FROM auth_users " .
                 "WHERE username = '" . $username . "' AND password =MD5('" . $password . "')";
        $result = mysql_query( $query );
        $user_data = mysql_fetch_assoc( $result );

        // if the account exists in the system
        if( mysql_num_rows( $result ) == 1 ) {
            $_SESSION['authorized'] = true;
            $_SESSION['username']   = $username;

            // check to see whether or not the account is active
            if( ! isset( $user_data['activation_hash'] ) ) {
                $_SESSION['active_account'] = false; // if an activation hash is present, the account is not active
            } else {
                $_SESSION['active_account'] = true;  // if no activation hash present, the account is active
            }

        // if the account is not in the system
        } else {
            $_SESSION['authorized'] = false;
        }
    }

    // create a new barterjunk user
    function user_create($username,$email,$password) {

        if( $this->is_username_available($username) == false ) {
            return false;
        }

        // create an activation hash
        $activation_hash = md5( $username . $password . time() );

        // add the username, password, email and activation hash to the user's table
        $query = "INSERT INTO auth_users (username,password,email,activation_hash) " .
                 "VALUES ('" . $username . "'," .
                           "MD5('" . $password . "')," .
                           "'" . $email . "'," .
                           "'" . $activation_hash . "' )";
        mysql_query( $query );

        $this->user_activation_message( $username );

        return true;
    }

    function user_activation_message($username) {

        // get the activation hash for this account
        $query = "SELECT activation_hash, email FROM auth_users WHERE username = '" . $username . "'";
        $result = mysql_query( $query );
        $user_data = mysql_fetch_assoc( $result );

        // send a message to the user's email account with a verification link
        $subject = 'BarterJunk.com account activation for ' . $username;
   
        // header of the verification email message
        $header  = 'From: AccountActivation@barterjunk.com' . "\r\n" .
                   'Reply-To: webmaster@barterjunk.com' . "\r\n" .
                   'X-Mailer: PHP/' . phpversion();
   
        // text of the verification email message
        $verification_message =
        "{$username},\n\n" .
        "Please visit the link below to activate your new BarterJunk.com account.\n\n" .
        "http://www.barterjunk.com/?activation_code=" . $user_data['activation_hash'] . "\n";
   
        // send the message
        mail( $user_data['email'], $subject, $verification_message, $header );
    }

    // activate a locked account
    function user_activation($activation_hash) {
        // check to see that the activation hash is valid
        $query = "SELECT username FROM auth_users WHERE activation_hash='" . $activation_hash . "'";
        $result = mysql_query( $query );

        // if the hash is invalid, terminate
        if( mysql_num_rows( $result ) != 1 ) {
            return false;
        }

        // if the hash is valid, remove the activation hash from the system
        $user_data = mysql_fetch_assoc( $result );
        $query = "UPDATE auth_users SET activation_hash=NULL WHERE activation_hash = '" . $activation_hash . "'";
        mysql_query( $query  );
        // get the username previously associated with this activation hash, return it
        return $user_data['username'];
    }

    // change a user's password
    function user_password_change($username,$password_old,$password_new) {
        $query = "SELECT username FROM auth_users " .
                 "WHERE username = '" . $username . "' AND password = MD5('" . $password_old . "')";
        $result = mysql_query( $query );
        if( mysql_num_rows( $result ) != 1 ) {
            return false;
        }
        $query = "UPDATE auth_users " .
                 "SET password = MD5('" . $password_new . "') " .
                 "WHERE username = '" . $username . "'";
        mysql_query( $query );
    }
   
    // logout of the current session
    function user_logout() {
        $_SESSION['authorized'] = false;
    }

    // is the requested username available?
    function is_username_available( $username ) {
        if( $username == '' ) {
            return false;
        }
        $query = "SELECT username FROM auth_users WHERE username='" . $username . "'";
        $result = mysql_query( $query );
        if( mysql_num_rows( $result ) == 0 ) {
            return true;
        } else {
            return false;
        }
    }
}

// create the auth object
$auth = new auth();
?>
 

session_start();
require_once('auth.php');

if ( $auth->is_authorized() == true && $auth->is_activated() == true) {
    require('templates/authorized.php');
}
else if ( $auth->is_authorized() == true && $auth->is_activated() == false ) {
    require('templates/activation_needed.php');
} else {
    require('templates/unauthorized.php');
}
 

session_start();
require_once('auth.php');
user_password_change
($_GET['username'],$_GET['password_old'],$_GET['password_new'])