Temporarily offline... \n"; } if (($qr=mysql_query($qs)) && mysql_num_rows($qr)){ if ($debug){ echo "create_account, username $username, uid $uid already exists, exiting.

\n"; } mysql_free_result($qr); return(FALSE); } # if ($qr){ mysql_free_result($qr); } $qs="INSERT INTO $member_table (username,password) VALUES ('$username',PASSWORD('$password'));"; if ($debug){ echo "create_account, qs=$qs

\n"; } if ($qr=mysql_query($qs)){ if ($debug){ echo "in create_account, qr=$qr

"; } $id=mysql_insert_id(); echo "in create account, inserted $username, got id=$id

\n"; return($id); } else{ if ($debug){ echo "error: ",mysql_error(); } } } # function create_account # # # BELOW ARE ALL SESSION FUNCTIONS. FIRST YOU NEED TO VALIDATE # # all of these functions currently check the REMOTE_ADDR # session_create inserts it into the table, and all other function # will check, and if it is different than the current address, # they will return false. session_create() may be given a flag # that will create a new session even if the ip address is different. # # session_create # # call session_create when a user logs in # sesslen is the length of the session in seconds, $force will # force creation of a new session even if the current session is # valid, and the ip address has changed. # # returns the sessid # returns false if a valid session already exists for this uid, # and $force is not set to true # returns false if the password is not valid # #UNIX_TIMESTAMP() - returns timestamp or converts date to timestamp #FROM_UNIXTIME() - converts timestamp to date # for now, lets play law of averages- replace into the table with # impunity- the only problem is that if somehow the new random sessid # (i.e. 1 in 2 billion chance of being the same) is the same as # the old one, the existing user with that sessid will be logged out function session_create($uid,$password,$ip,$sesslen,$force){ global $debug; $username=username_for_uid($uid,"zxmembers"); if ($debug){echo "In session_create: username=$username, uid=$uid, password=$password, REMOTE_ADDR=$ip

";} if (!valid_login($username,$password,"zxmembers")){ return(FALSE); } $newsessid=rand(); if (!$force){ # if a valid session already exists for the user, return false $qs="SELECT sessid FROM session WHERE uid=$uid AND UNIX_TIMESTAMP() < UNIX_TIMESTAMP(expires)"; if (($qr=mysql_query($qs)) && mysql_num_rows($qr)){ mysql_free_query($qr); return(FALSE); } } # if $qs="REPLACE INTO session values($uid,$newsessid,FROM_UNIXTIME(UNIX_TIMESTAMP() + $sesslen),\"$ip\")"; if ($debug){echo "qs=$qs

"; } if (($qr=mysql_query($qs))){ # && mysql_num_rows($qr)){ # echo "numrows=",mysql_num_rows($qr),"

"; if ($debug){echo "in session_create, qr=$qr

";} @mysql_free_result($qr); return($newsessid); } else{ return(FALSE); } } # session_create # any function that will access the users information should call # session_valid(sessid) # the user's uid and sessid are necessary to find out if the usre # is logged in and their session has not expired # returns the number of seconds until session expires # if the session is still valid, returns false otherwise (and deletes # the session from the table) function session_valid($uid,$sessid,$ip){ global $debug; $qs="SELECT UNIX_TIMESTAMP(expires)-UNIX_TIMESTAMP() AS secondsleft FROM session WHERE uid=$uid AND sessid=$sessid AND ip='$ip' AND UNIX_TIMESTAMP() < UNIX_TIMESTAMP(expires)"; if ($debug){echo "in session_valid, qs=$qs

";} $qr=mysql_query($qs); if ($qr && mysql_num_rows($qr)){ $a=mysql_fetch_array($qr); mysql_free_result($qr); return($a[secondsleft]); } else{ $qs="DELETE FROM session WHERE uid=$uid;"; if ($qr=mysql_query($qs)){ #mysql_free_result($qr); } return(FALSE); } # if ($qr) ... else } # function session_valid() # session_extend(uid,sessid,seconds); should be called to extend the # expiration time of a user's session. # returns FALSE if the session is already invalidated due to expired # time, invalid uid, or invalid uid/sessid combination # returns TRUE if succesfull function session_extend($uid, $sessid, $ip, $seconds){ if ($secsleft=session_valid($uid,$sessid,$ip)){ $qs="REPLACE INTO session values($uid,$sessid,FROM_UNIXTIME(UNIX_TIMESTAMP() + $seconds + $secsleft),'$ip')"; if (($qr=mysql_query($qs)) && mysql_num_rows($qr)){ mysql_free_result($qr); return(TRUE); } } # if return(FALSE); } # function session_extend # session_close($uid) closes any session belonging to respective # uid function session_close($uid){ $qs="DELETE FROM session WHERE uid=$uid;"; if ($qr=mysql_query($qs)){ @mysql_free_result($qr); } } # function session_close # session_close_expired(); # closes all expired sesssions (basically # cleans up the database table) function session_close_expired(){ $qs="DELETE FROM session WHERE UNIX_TIMESTAMP() >= UNIX_TIMESTAMP(expires);"; if ($qr=mysql_query($qs)){ mysql_free_result($qr); } } # function session_close_expired() # get_session_expire(sessid); # gets the current expiration date of a session # value returned is in unix time format (secs since jan 1,1970) # USE session_valid() INSTEAAD!@!!!!!!!!!!!!!!! #function get_session_expire($uid,$sessid){ #} # gets the number of seconds remaining in the given session # returns FALSE if the session has expired, and deletes the session # from the database. #function get_session_remaining($uid,$sessid){ #} function script_exit($exitcode){ global $connect_id; mysql_close($connect_id); exit($exitcode); } # function script_exit ?> "; echo "

ZX List Member Login

\n"; echo "$msg

\n"; echo <<< eoi


If you are a new member, click on the "New Member" button to create an account.

Return to zx page
eoi; } # function show_member_login function email_user_password(){ echo "
"; echo "

Forgotten Password

\n"; echo <<< eoi Please fill in your username and your email address. A new temporary password will be emailed to your email address. This must be the email address that you used when you created your account. If you can't remember your email address, please contact the administrator.
eoi; } # function email_User_password function confirm_lost_password($username,$email){ global $PHP_SELF, $REMOTE_ADDR; $qr=mysql_query("SELECT email,uid FROM zxmembers WHERE username=\"$username\""); $a=mysql_fetch_array($qr); if (empty($a[email]) || ($a[email] != $email)){ # email / password combo is invalid echo "sorry, that username/password combination is invalid.
\n"; echo "Click here to continue.

\n"; } else{ # email them a new password and update it in the database $pwd=temporary_password(); $qs="UPDATE zxmembers SET password=PASSWORD(\"$pwd\") WHERE uid=$a[uid]"; if (mysql_query($qs)){ mail($email,"Your temporary password for the ZX member page", "You (or someone from $REMOTE_ADDR) has requested that your password\n" . "on the ZX member page be changed.\n\n" . "Your temporary password is: $pwd\n" . "You may now login at http://www.motohaus.org/zx/members.php\n" . "You can also change your password from this page.\n" . "If you have any questions about this email, please contact\n" . "the webmaster at webmaster@motohaus.org.", "From: \"ZX Member Page\" "); echo "A temporary password has been emailed to you.

Click here to continue.

\n"; } else{ echo "There has been an error emailing you your password. Please contact the webmaster.

Click here to continue.

\n"; } # if (mysql_query ... else } # if (empty(email ... else } # function confirm_lost_password function change_password($uid){ echo "
"; echo "

Change Password

\n"; echo <<< eoi Please enter your old password and your new password. You must type your new password twice to confirm it.
Old Password
New Password
New Password (again)
eoi; } # function change_password function confirm_change_password($uid,$oldpassword,$newpassword1,$newpassword2){ global $PHP_SELF; $qs="SELECT PASSWORD('$oldpassword') AS oldpasswordcheck,password FROM zxmembers WHERE uid=$uid"; # echo "


"; $qr=mysql_query($qs); $a=mysql_fetch_array($qr); if ($a[oldpasswordcheck]!=$a[password] || $newpassword1 != $newpassword2){ echo "Sorry, those passwords don't match. ", "Click here ", "to try again.

\n"; } else{ $qs="UPDATE zxmembers SET password=PASSWORD('$newpassword1') WHERE uid=$uid"; $qr=mysql_query($qs); if ($qr){ echo "Your password has been changed. ", "Click here to continue."; } else{ echo "Sorry, an error occurred while changing your password. Please", "contact the webmaster.

\n"; } # if ($qr) .. else } } # function confirm_change_password function temporary_password(){ $b=""; for ($i=0;$i<4;$i++){ $b.=chr(rand(65,90)+32*rand(0,1)); } $a=sprintf("%s%04d",$b,rand(100,9999)); return($a); } # function temporary_password function show_new_member_login($msg){ echo "
"; echo "

ZX List Account Creation

\n"; echo "$msg

\n"; echo <<< eoi New Member Login

Confirm Password:
eoi; } # function show_new_member_login function show_main_menu(){ global $uid,$sessid,$REMOTE_ADDR,$debug; echo <<< eoi

ZX List Member Menu

View Personal Data
Edit Personal Data
Log Out
Change Password
eoi; } # function show_main_menu function update_member_data($frm){ if (!$frm[uid]){ return(FALSE); } $qs="UPDATE zxmembers " . "SET firstname='$frm[firstname]',lastname='$frm[lastname]'," . "email='$frm[email]',website='$frm[website]',zxpage='$frm[zxpage]'," . "city='$frm[city]',state='$frm[state]',zipcode='$frm[zipcode]'," . "country='$frm[country]'," . "gpslat='$frm[gpslat]',gpslong='$frm[gpslong]' " . "WHERE uid=$frm[uid]"; # "(uid,firstname,lastname,email,website,zxpage,city,state,country,zipcode,gpslat,gpslong) " . # "VALUES ('$frm[uid]','$frm[firstname]','$frm[lastname]','$frm[email]','$frm[website]','$frm[zxpage]','$frm[city]','$frm[state]','$frm[country]','$frm[zipcode]','$frm[gpslat]','$frm[gpslong]')"; if ($debug){ echo "in update_member_data, qs=$qs

"; } return($qr=mysql_query($qs)); } # function update_member_data # $frm is by reference because if $newbike is set, we set $frm[number]= # the new bike number so it can't insert the bike multiple times function update_bike_data(&$frm,$newbike,$deletebike){ if ($debug){ echo "in update_bike_data, \$frm[uid]=$frm[uid], \$frm[number]=$frm[number]

\n"; } if (! ($frm[uid] && ($frm[number] || $newbike))){ return(FALSE); } # check for blanks if ($frm[year]==''&&$frm[make]==''&&$frm[model]==''&&$frm[submodel]==''&&$frm[comments]==''&&$frm[bikecode]==''&&$frm[vin]==''){ return(FALSE); } if ($newbike){ unset($frm[number]); # check for dups $qs="SELECT uid FROM zxbikes WHERE year='$frm[year]' AND make='$frm[make]' AND model='$frm[model]' AND submodel='$frm[submodel]' AND comments='$frm[comments]' AND bikecode='$frm[bikecode]' AND vin='$frm[vin]'"; if (($qr=mysql_query($qs)) && mysql_num_rows($qr)){ # we're a dup return(FALSE); } } if ($deletebike){ $qs="DELETE FROM zxbikes WHERE number=$frm[number]"; } else{ $qs="REPLACE INTO zxbikes " . "(uid,year,make,model,submodel,comments,bikecode,vin,pic_url,number) VALUES " . "('$frm[uid]','$frm[year]','$frm[make]','$frm[model]','$frm[submodel]','$frm[comments]','$frm[bikecode]','$frm[vin]','$frm[pic_url]','$frm[number]')"; } # if ... else if ($debug){ echo "in update_bike_data, qs=$qs

"; } $qr=mysql_query($qs); $id=mysql_insert_id(); if ($debug){ echo "update_bike_data: insert qr=$qr, id=$id

\n"; } if ($id){ $frm[number]=$id; } return($qr); } # function update_bike_data function do_bike_info($number,$newbike){ global $uid,$sessid; if (!$number && !$newbike){ return(FALSE); } $qs="SELECT uid,number,year,make,model,submodel,comments,bikecode,vin FROM zxbikes WHERE number=$number"; if ($debug){ echo "do_bike_info: qs=$qs

\n"; } if ($qr=mysql_query($qs)){ $frm=mysql_fetch_array($qr); mysql_free_result($qr); } # # fix "" marks here so html doesn't eat them. # $frm[comments]=htmlspecialchars($frm[comments]); if ($newbike){ $frm[uid]=$uid; } echo << eoi; $makes=array(' ','Kawasaki','Aprilia','BMW','Ducati','Excelsior-Henderson','Harley','Honda','KTM','Laverda','Moto Guzzi','Suzuki','Victory','Yamaha'); echo "\n"; echo ''; echo "\n"; echo ''; echo "\n"; echo <<< eoi
Note: The Code is an aid for the search engine so people can find your bike when they search. This list should contain most common bikes- if it doesn't contain yours, please email me and let me know.
URL to picture of this bike (http:// .... )
eoi; } # do_bike_info function do_user_info($uid){ global $sessid; if ($uid){ $qs="SELECT uid,username,firstname,lastname,email,website,zxpage,city,state,country,zipcode,gpslat,gpslong FROM zxmembers WHERE uid=$uid"; if ($qr=mysql_query($qs)){ $frm=mysql_fetch_array($qr); } } ?>

Not-so-personal information
First NameLast Name 
Email AddressWebsite 
\n"; /* */ ?>  
GPS Lat.GPS Long. 

"; $qr=mysql_query($qs); while ($qr && $a=mysql_fetch_array($qr)){ echo "\n"; echo "\n"; } echo <<

eoi; } # do_user_info() function show_bike_info(){ ?> Bike Information YearMakeModelSubmodelCommentsVIN

Please read below and fill out the year of your bikes!

The below information will be used for exact bike-type matches while searching (so that differences in typing ZX10, ZX 10, ZX-10, etc., don't affect it. This information will not be displayed, it will just be used behind the scenes by the search engine, so please fill out the above blanks also- they will be what's displayed on your page.

Do you own any of the following?

ZX6: Year
ZX7: Year
ZX9: Year
ZX10: Year
ZX11: Year
ZX12: Year

Your pictures:

Would you like to have one or more pictures posted on your member page at the ZX web site?

Thanks! \n \n $title \n \n", "\n"; } # this script opens a connection to the mysql server at startup. # It closes the connection when it terminates. # # Any function that calls exit() must instead call script_exit() # so that the connection to the server is properly closed. # # START OF MAIN # # $REMOTE_ADDR define("LOAD",1); # seed with microseconds since last "whole" second srand((double)microtime()*1000000); $connect_id=mysql_connect("localhost","web","hello"); mysql_select_db("web"); # if the user is coming in with the uid and sessid parameters set, # check to see if their session is still valid if (($uid && $sessid) && !session_valid($uid,$sessid,$REMOTE_ADDR)){ show_member_login("Your session has expired. Please log in again."); script_exit(1); } else{ # session_extend($uid,$sessid,$REMOTE_ADDR,30*60); } # some actions might be global actions but stuck in a menu which # steals the "action" variable. In this case, we just assign the # globalaction variable and let it override the action variable. # Only use this in cases where you have a function you want to perform # from within various menus and will never conflict with another # function of a similar name # # Note that you only need to use the globalaction variable if this function # is nested in a menu that is using the action variable. If the function # is being used elsewhere but is not in a menu, just call it with the # action variable like usual. # if (!empty($globalaction)){ $action=$globalaction; } if ($debug){ echo "\$action=$action

\n"; } switch (strtolower($action)){ case "return to main login screen": case "login": if (!($uid=valid_login($username,$password,"zxmembers"))){ print_header("ZX List: Member Login"); show_member_login("Invalid username/password. Please try again. " . "If you've forgotten your password, " . "click here"); } else{ $sessid=session_create($uid,$password,$REMOTE_ADDR,60*60,1); print_header("ZX List: Member Menu"); show_main_menu(); } break; case "lost password": print_header("ZX List: Lost Password"); email_user_password(); break; case "confirm lost password": print_header("ZX List: Lost Password"); confirm_lost_password($frm[username],$frm[email]); break; case "change_password": print_header("ZX List: Change Password"); change_password($uid); break; case "confirm_change_password": print_header("ZX List: Change Password"); confirm_change_password($uid,$frm[oldpassword],$frm[newpassword1],$frm[newpassword2]); break; case "new member": print_header("ZX List: New Member Login"); show_new_member_login(); break; case "create account": if ($debug){ echo "in main loop, 'create account', password1=$password1,password2=$password2

\n"; } if ($password1==$password2){ if ($uid=create_account($username,$password1,"zxmembers")){ $sessid=session_create($uid,$password1,$REMOTE_ADDR,60*60,1); print_header("ZX List: Member Menu"); show_main_menu(); } else{ print_header("ZX List: New Member Login"); show_new_member_login("That user already exists. Please choose a different username."); } }else { print_header("ZX List: New Member Login"); show_new_member_login("Those passwords did not match. Please try again, making sure to type the password the same both times."); } break; case "editpersonalinfo": break; case "form": if ($debug){ echo "\$form=$form

\n"; } switch ($form){ case "user_info": if ($debug){ echo "\$formaction=$formaction

\n"; } switch (strtolower($formaction)){ case "update": update_member_data($frm); print_header("ZX List: Edit Member Information"); do_user_info($uid); break; case "add bike": $newbike=1; case "edit bike": if (!$bike_number && !$newbike){ print_header("ZX List: Edit Member Information"); do_user_info($uid); break; } print_header("ZX List: Edit Bike Information"); do_bike_info($bike_number,$newbike); break; default: break; } # switch break; case "bike_info": if ($debug){ echo "\$formaction=$formaction

\n"; } switch (strtolower($formaction)){ case "delete": $delete_bike=1; case "cancel": print_header("ZX List: Edit Member Information"); do_user_info($uid); break; case "update": update_bike_data($frm,$newbike,$delete_bike); if ($debug){ echo "bike_info:update, now going to do_user_info()

"; } print_header("ZX List: Edit Member Information"); do_user_info($uid); break; default: break; } # switch } # switch break; case "menu": switch ($menu){ case "mainmenu": switch ($menuaction){ case "show": print_header("ZX List: Member Menu"); show_main_menu(); break; case "viewpersonaldata": case "editpersonaldata": print_header("ZX List: Edit Member Information"); do_user_info($uid); break; case "editmotodata": break; case "logout": default: session_close($uid); print_header("ZX List: Member Login"); show_member_login(); break; } # switch $menuaction[$menu] break; default: } # switch ($menu) break; default: print_header("ZX List: Member Login"); show_member_login(); } # switch mysql_close($connect_id); ?>

Please email zx-admin@motohaus.org/a> with any bug reports. Thanks!