public function login($username, $password)
{
$username = strip_tags($username);
$username = stripslashes($username);
$username = mysql_real_escape_string($username);
$passHash = md5($password);
// Applies MD5 encoded hash to the password
$connection = new MySQLConnection();
$connection->connect();
$sql = "SELECT * FROM mymembers WHERE my_username = '******' AND my_password = '******' LIMIT 1";
$query = mysql_query($sql);
if ($query) {
$count = mysql_num_rows($query);
} else {
die(mysql_error());
}
if ($count > 0) {
while ($row = mysql_fetch_array($query)) {
$_SESSION['username'] = $username;
$_SESSION['pw'] = $password;
$uid = $row['uid'];
session_name($username . $uid);
setcookie(session_name(), '', time() + 42000, '/');
$connection->close();
die("login=1");
}
die("login=0&error=Invalid username or password");
} else {
$connection->close();
die("login=0&error=Invalid username or password");
}
}
public function change($newMessage)
{
$newMessage = strip_tags($newMessage);
$newMessage = stripslashes($newMessage);
$newMessage = mysql_real_escape_string($newMessage);
//$newMessage = eregi_replace( "`", "", $newMessage );
$connection = new MySQLConnection();
$connection->connect();
$uid = $this->uid;
$sql = "UPDATE mymembers SET status_message = '{$newMessage}' WHERE uid = {$uid}";
$query = mysql_query($sql);
$connection->close();
if ($query) {
echo "result=1";
} else {
die("result=0");
}
}
public function grab()
{
$connection = new MySQLConnection();
$connection->connect();
$uid = $this->uid;
$sql = "SELECT * FROM mymembers WHERE uid = {$uid} LIMIT 1";
$query = mysql_query($sql);
if ($query) {
while ($row = mysql_fetch_array($query)) {
$xml = "<user id='{$uid}'>\n";
$xml .= "\t<firstName>" . $row['first_name'] . "</firstName>\n";
$xml .= "\t<lastName>" . $row['last_name'] . "</lastName>\n";
$xml .= "\t<email>" . $row['email'] . "</email>\n";
$xml .= "\t<country>" . $row['country'] . "</country>\n";
$xml .= "\t<statusMessage>" . $row['status_message'] . "</statusMessage>\n";
$xml .= "</user>";
$this->xml = $xml;
}
} else {
die("<error>Failed to grab user data.</error>");
}
}
<?php
require_once "classes/MySQLConnection.php";
if (isset($_POST['username'])) {
$connection = new MySQLConnection();
$connection->connect();
$username = $_POST['username'];
$sql = "SELECT * FROM mymembers WHERE my_username = '******' LIMIT 1";
$query = mysql_query($sql);
while ($row = mysql_fetch_array($query)) {
$uid = $row['uid'];
$xml = '<user id="' . $uid . '">' . "\n";
$xml .= "\t<firstName>" . $row['first_name'] . "</firstName>\n";
$xml .= "\t<lastName>" . $row['last_name'] . "</lastName>\n";
$xml .= "\t<country>" . $row['country'] . "</country>\n";
$xml .= "\t<statusMessage>" . $row['status_message'] . "</statusMessage>\n";
$xml .= "</user>\n";
}
echo $xml;
$connection->close();
exit;
}
?>
}
public static function error()
{
return "#" . mysqli_errno(MySQLConnection::$db_connection) . " - " . mysqli_error(MySQLConnection::$db_connection);
}
public static function get_numb_queries()
{
return MySQLConnection::$numb_queries;
}
public static function autocommit($state)
{
if (is_bool($state)) {
return mysqli_autocommit(MySQLConnection::$db_connection, $state);
}
}
public static function commit()
{
return mysqli_commit(MySQLConnection::$db_connection);
}
public static function close()
{
////
// Make sure a database connection has been established before attemping to close
////
if (!empty(MySQLConnection::$db_connection)) {
return @mysqli_close(MySQLConnection::$db_connection);
}
}
}
MySQLConnection::connect();
