public function register($username, $password) { if (preg_match('/^[A-Za-z0-9_.]{3,16}$/', $username)) { if (strlen($password) > 3) { $db = MySQL_Database::instance(); $test_username_sql = "SELECT COUNT(user_id) FROM " . MYSQL_PREFIX . "users WHERE username LIKE :username"; $test_username = $db->prepare($test_username_sql); $test_username->execute(array(':username' => $username)); if (!$test_username->fetchColumn()) { // hash the password $password = md5($password); $pw_str = substr($password, 0, 8); $password = $pw_str . md5($pw_str . $password); $register_sql = "INSERT INTO " . MYSQL_PREFIX . "users\n (username, password, last_known_ip)\n VALUES(:username, :password, :ip)"; $register = $db->prepare($register_sql); $is_registered = $register->execute(array(':username' => $username, ':password' => $password, ':ip' => ip2long($_SERVER['REMOTE_ADDR']))); if ($is_registered) { return array('r' => 'registered'); } else { return array('r' => 'error', 'e' => 'unknown'); } } else { return array('r' => 'error', 'e' => 'username taken'); } } else { return array('r' => 'error', 'e' => 'invalid password'); } } else { return array('r' => 'error', 'e' => 'invalid username'); } }
public static function find($friend, $user = 0) { if (!$user && (isset($this) && !$this->user)) { return false; } if (!self::$db) { self::$db = MySQL_Database::instance(); } if ($this->user && !$user) { $user = $this->user; } $friend_find_sql = "SELECT users.username as u, status.status as s, groups.name as g FROM " . MYSQL_PREFIX . "friends as friends\n LEFT JOIN " . MYSQL_PREFIX . "users as users ON friends.friend_id = users.user_id\n LEFT JOIN " . MYSQL_PREFIX . "status as status ON users.user_id = status.user_id\n LEFT JOIN " . MYSQL_PREFIX . "groups as groups ON friends.group_id = groups.group_id "; if (is_int($friend)) { $friend_find_sql .= "WHERE friends.friend_id = :friend"; } else { $friend_find_sql .= "WHERE users.username = :friend"; } $friend_find_sql .= " AND friends.user_id = :user LIMIT 1"; $friend_find = self::$db->prepare($friend_find_sql); $friend_find->execute(array('friend' => $friend, 'user' => $user)); if ($friend_find->rowCount()) { return $friend_find->fetch(PDO::FETCH_ASSOC); } else { return false; } }