<?
/*
	this functions checks if there are any existing cookies set at last login 
	returns 0 if no cookies were found and 1 otherwise
*/
function lookup_cookies(){
	
		if( empty($_COOKIE[COOKIE_NAME]) || empty($_COOKIE[COOKIE_KEY]) )
			return 0;
	return 1;
}

/*
	this functions checks if there are any existing session variables set at last login
	returns 0 if no sessions were found and 1 otherwise
*/
function lookup_sessions(){

		if( empty($_SESSION[COOKIE_NAME]) || empty($_SESSION[COOKIE_KEY]))
			return 0;
	return 1;
}

/*
	this function checks if the current user is logged in.
*/
function is_user_logged_in(){

	if( lookup_cookies() ){
		// this means that cookies were found. Check if they are valid

		if( !check_user_login_info($_COOKIE[COOKIE_NAME], $_COOKIE[COOKIE_KEY]) )
		{	
			logout();
			return 0;
		}
		else {
			if( !lookup_sessions()){
				// this means that the user has just re-visited the site and at last login, he choosed to be remembered. 
				//	the details stored are correct so all we have to do is register some sessions and report that he is logged in;
				session_register(COOKIE_NAME, COOKIE_KEY);
				$_SESSION[COOKIE_NAME] = $_COOKIE[COOKIE_NAME];
				$_SESSION[COOKIE_KEY] = $_COOKIE[COOKIE_KEY];
			}
			elseif( strcmp($_COOKIE[COOKIE_NAME], $_SESSION[COOKIE_NAME])  || strcmp($_COOKIE[COOKIE_KEY], $_SESSION[COOKIE_KEY]) ) // Sessions don't match with Cookies
				return 0;
		  return 1;
		}
	}		
	if( lookup_sessions() ){
		if( !check_user_login_info($_SESSION[COOKIE_NAME], $_SESSION[COOKIE_KEY]) )
			return 0;
	return 1;
	}
return 0;
}

/*
	this function verifies if the email and double-hashed password(key) exist in DB and match
*/
function check_user_login_info($username, $user_key){

	global $conn_id;
	// update 1.2 - start
	if( strlen($user_key) != 32 )
		return 0; 
	if( empty($conn_id) ) {
		$conn_id = db_connect();	//	this function, db_connect(); is defined in 'include/functions.php';
	}
	$buffer = str_replace(" ", "", $username);
	if( !ctype_alnum($buffer) )
		return 0;
	// // update 1.2 end
	$sql = "SELECT username, password FROM pm_users WHERE username= '".$username."'";
	$result = @mysql_query($sql);
	if( !$result ) 
		return 0;
	$rows = @mysql_num_rows($result) ;
	if( $rows == 0 )
		return 0;
	$row = @mysql_fetch_assoc($result);
	@mysql_free_result($result);
	
	// check if passwords match
	if( strcmp($user_key, md5($row['password'])) )
		return 0;
return 1;
}

/*
	this function verifies if the email and single-hashed password exist in DB and match; similar to check_user_login_info();
*/
function confirm_login( $username, $pass, $hashed = false ){

	global $conn_id;
	
	$buffer = str_replace(" ", "", $username);
	if( !ctype_alnum($buffer) )
		return 0;

	if( empty($conn_id) ) {
		$conn_id = db_connect();	//	this function, db_connect() is defined in 'include/functions.php';
	}
	$sql = "SELECT id, username, password, power FROM pm_users WHERE username= '".$username."'";
	$result = @mysql_query($sql);
	if( !$result ) 
		return 0;
	$rows = @mysql_num_rows($result) ;
	if( $rows == 0 )
		return 0;
	$row = @mysql_fetch_assoc($result);
	@mysql_free_result($result);
	$password = ($hashed) ? $pass : md5($pass);	
	
	// check if passwords match
	if( strcmp($password, $row['password']) ) 
 		return 0;
	
return 1;
}

function is_user_account_active($user_id, $username)
{
	if($user_id != '')
	{
		$sql = "SELECT power FROM pm_users WHERE id = '".$user_id."'";
	}
	elseif($username != '')
	{
		$sql = "SELECT power FROM pm_users WHERE username = '".secure_sql($username)."'";
	}
	$result = @mysql_query($sql);
	$row = @mysql_fetch_assoc($result);
	@mysql_free_result($result);
	
	if( $row['power'] == U_INACTIVE )
		return 0;
	return 1;
}
/*
	this function sets the $_SESSION variables and $_COOKIES, if required
*/
function log_user_in($username, $pass, $remember = false, $hashed = false){
	global $conn_id;


	if( empty($conn_id) ) {
		$conn_id = db_connect();	//	this function, db_connect() is defined in 'include/functions.php';
	}
	// do another safety check
	if(!confirm_login($username, $pass, false))
		return 0;
	$key = ($hashed) ? md5($pass) : md5(md5($pass));
	if($remember == 1){
		// set cookies
		setcookie(COOKIE_NAME, $username, time()+COOKIE_TIME, COOKIE_PATH);
		setcookie(COOKIE_KEY, $key, time()+COOKIE_TIME, COOKIE_PATH);
	}
	//register and set sessions
		session_register(COOKIE_NAME, COOKIE_KEY);
		$_SESSION[COOKIE_NAME] = $username;
		$_SESSION[COOKIE_KEY] = $key;
	// update database;
	$sql = "UPDATE pm_users SET last_signin  = '".time()."' WHERE username= '".$username."'";
	$result = @mysql_query($sql, $conn_id);
return 1;
}

/*
	this function logs the current user out
*/
function logout(){

	//	this function kills cookies and destroys session varibles; ( LOGOUT )
	setcookie(COOKIE_NAME, ' ', time()-COOKIE_TIME, COOKIE_PATH);
	setcookie(COOKIE_KEY, ' ',  time()-COOKIE_TIME, COOKIE_PATH);

	$_SESSION = array();
	@session_destroy();
	return 1;
}

/*
	this function returns the path to last page visited by the user OR false if there is no http_referer.
*/
function get_last_referer() {

	if( !empty($_SERVER['HTTP_REFERER']))
	{
		$referer = strip_tags($_SERVER['HTTP_REFERER']);
		$referer = str_replace( array("<",">", "'", '"'), "", $referer);
		$referer = preg_replace('|https?://[^/]+|i', '', $referer );	
		return $referer;
	}

return false;
}

/*
	this function checks if the current user is logged in.
*/
function reset_password($email_address = ''){
	global $conn_id;
	if( empty($conn_id) ) {
		$conn_id = db_connect();
	}
	if(empty($email_address) || $email_address == '')
		return 0;
	$new_pass = generate_unique_id();
	$activation_key = generate_activation_key();
	
	$new_md5 = md5($new_pass);
	$sql = "UPDATE pm_users SET new_password = '".$new_md5."', activation_key = '".$activation_key."' WHERE email= '".$email_address."'";
	$result = @mysql_query($sql, $conn_id);
	if( !$result ) 
		return 0;
		
	return array("pass" => $new_pass, "key" => $activation_key);
}
/*
	this function returns an array with the user's information FROM pm_users Table
*/
function fetch_user_info($username){

	global $conn_id;

	$buffer = str_replace(" ", "", $username);
	if( !ctype_alnum($buffer) )
	return 0;
	
	if( empty($conn_id) ) {
		$conn_id = db_connect();	//	this function, db_connect() is defined in 'include/functions.php';
	}
		
	$user = array();
	$sql = "SELECT * FROM pm_users WHERE username= '".$username."'";
	$result = @mysql_query($sql, $conn_id);
	if( !$result ) 
		return false;
	$count = @mysql_num_rows($result);
	if( !$count )
		return false;
	
	$row = @mysql_fetch_assoc($result);
	@mysql_free_result($result);
	foreach($row as $k => $v){
		$user[$k] = stripslashes($v);
	}
	@mysql_query("UPDATE pm_users SET last_signin = '".time()."' WHERE username = '".$username."'");
	return $user;
}


function fetch_user_advanced($unique_id = '') {

	global $conn_id;
	if( empty($conn_id) ) {
		$conn_id = db_connect();	//	this function, db_connect() is defined in 'include/functions.php';
	}
	
	$user = array();
	if(empty($unique_id))
		return false;

	$sql = "SELECT * FROM pm_users WHERE  id= '".$unique_id."'";
	$result = @mysql_query($sql, $conn_id);
	if( !$result )
		return false;
	$count = @mysql_num_rows($result);
	if( !$count )
		return false;
	
	$row = @mysql_fetch_assoc($result);
	@mysql_free_result($result);
	
	foreach($row as $k => $v){
		$user[$k] = stripslashes($v);
	}
return $user;
}

function generate_unique_id(){
	return substr(md5(uniqid(time(), true)), 0, 7);
}

function username_to_id($username)
{
	if(!$username) return false;
	$username = trim($username);
	$username = secure_sql($username);
	$sql = "SELECT id FROM pm_users where username LIKE '".$username."'";
	$result = mysql_query($sql);
	if(!$result)
		return 0;
	$total = mysql_num_rows($result);
	if($total > 0)
	{
		$r = mysql_fetch_assoc($result);
		mysql_free_result($result);
		return $r['id'];
	}
	return 0;
}

function banlist($user_id)
{
	$sql = "SELECT * FROM pm_banlist WHERE user_id = '".$user_id."'";
	$result = mysql_query($sql) or die(mysql_error());
	if(!$result)
		return false;
	$ban = array();
	if(mysql_num_rows($result) > 0)
		$ban = mysql_fetch_assoc($result);
	return $ban;
}

?>