public function testCheckUserExists()
{
//empty value
$this->assertEquals(checkUserExists(''), false);
// bad value
$this->assertEquals(checkUserExists("baduser"), false);
// good value
$this->assertEquals(checkUserExists("user_with_allPermissions"), true);
}
function checkUserPassword($username, $givenPassword)
{
$rep = false;
if (isset($username) && isset($givenPassword)) {
if (checkUserExists($username)) {
if (getPassword($username) == hashPassword($username, $givenPassword)) {
$rep = true;
}
}
}
return $rep;
}
function checkFields($category, $title, $owner, $affectedUser, $description)
{
$ret = false;
// check fields not empty
if (strlen($title) > 0) {
//check user exist
if (checkUserExists($affectedUser)) {
//check category exist
if ($category == "todo" || $category == "inprogress" || $category == "done") {
$ret = true;
}
}
}
return $ret;
}
function register($email, $username)
{
global $config;
$data = array();
$ranpass = '******' . rand(1, 999);
$pass_enc = md5($config['private_key'] . $ranpass);
// encrypt the password
if ($email and $username) {
if (checkUserExists($email)) {
return 'User exists!';
}
$q = "INSERT INTO users (user_name, user_email, user_password, user_status) VALUES ('{$username}', '{$email}', '{$pass_enc}', 1)";
mysql_query($q);
/*
// append cache
$data['user_id'] = mysql_insert_id();
$data['user_name'] = $username;
$data['user_fullname'] = '';
$data['user_pic'] = '';
$data['user_password'] = $pass_enc;
$data['user_coins'] = 0;
$data['user_betting'] = 0;
$data['user_email'] = $email;
$data['user_lastlogin'] = '';
$data['user_registered'] = date('Y-m-d h:i:s');
$data['user_isadmin'] => 0
$data['user_status'] => 1
$data['user_lang'] =>
$data['user_timezone'] = $config['time zone'];
$data['user_sex'] = '';
$data['user_bio'] = '';
$data['user_website'] = '';
$data['user_notify'] = '';
$data['user_sendmail'] = 0;
$data['user_remind'] = 0;
$data['user_gamedigest'] = 0;
$data['user_sitenews'] = 0;
$cachefile = $config['basedir'] . '/temp/all_users.txt';
if (file_exists($cachefile)) {
$cache = json_decode(file_get_contents($filename), true);
$cache[mysql_insert_id()] = $data;
unlink($cachefile);
file_put_contents($cachefile, json_encode($cache));
}
*/
sendUserEmail($email, $username, $ranpass);
return 'success';
}
}
<?php
include_once "loader.php";
$user_id = $_POST['userid'];
echo checkUserExists($user_id);
function checkUserExists($user_id)
{
global $mysqli;
$query = "select * from users where user_id = " . intval($user_id);
$result = $mysqli->query($query);
if ($result->num_rows > 0) {
return "true";
} else {
return "false";
}
}
<?php
//login_delegate.php
session_start();
//require "/home/amcisaor/secure/login_rpc.php";
require $_SERVER['DOCUMENT_ROOT'] . "/secure/login_rpc.php";
//print_r(session_id());
if ($_POST["action"] == "LOGIN") {
print_r(checkUserExists($_POST["Matric_NO"], $_POST["Password"]));
} elseif ($_POST["action"] == "CHECKLOGINSTATUS") {
print_r(checkLoginStatus());
} elseif ($_POST["action"] == "LOGOUT") {
print_r(signOutFromSession());
} elseif ($_POST["action"] == "UPDATEINFO") {
//REMINDER TO SUBMIT TO DB TO UPDATE
//REMINDER TO ESCAPE ALL CHARACTERS
print_r(updateUserInfo(dissoc($_POST, "action")));
}
//elseif($_POST["action"]=="READUSERNAME_EN"){
//print_r(returnUserNameEnglish());
//}elseif($_POST["action"]=="READUSERNAME_CH"){
//print_r(returnUserNameChinese());
//}
}
/*
* The following function checks to see if the user_id already exists. It builds a SQL query based off of the userID
* provided by the post from create_account.php. It returns the the result of the query to the calling function.
*/
function checkUserExists($user, $database)
{
$sql_query = "SELECT * FROM USER WHERE user_id='" . $user . "'";
$result = mysql_query($sql_query, $database);
if (!$result) {
echo mysql_errno($database) . ": " . mysql_error($database) . "\n";
echo $sql_query;
}
return $result;
}
$result = checkUserExists($user, $database);
/*
* the following only runs if there is no user returned by checkUserExists. It builds the strings/queries to insert
* the user into the USER table, creates an entry in the INVENTORY table, queries for the inventory_id of the inventory just
* created, and creates an entry in the HASACCESSTO table. It returns "Yes" if all is succesful.
*/
if (mysql_num_rows($result) == 0) {
// Generates the insert into USER table
$sql_query = 'INSERT INTO USER (user_id, name_first, name_last, password, phone_num) VALUES ("';
$sql_query .= mysql_real_escape_string($user) . '","' . mysql_real_escape_string($fname) . '","' . mysql_real_escape_string($lname);
$sql_query .= '","' . mysql_real_escape_string($pass) . '","' . mysql_real_escape_string($phone) . '")';
// Runs the insert query against the database creating the user. If unsuccessful, returns ERROR.
if (!mysql_query($sql_query) && $admin == 1) {
echo mysql_errno($database) . ": " . mysql_error($database) . "\n";
echo $sql_query;
echo "ERROR!";
<?php
include 'init.php';
if (!logged_in()) {
header('Location: index.php');
exit;
}
if (!isset($_GET["uid"]) || empty($_GET["uid"]) || checkUserExists($_GET["uid"]) === false) {
header("Location: pagenotfound.php");
exit;
}
$uid = $_GET["uid"];
$getInfo = getUserInfo($uid);
foreach ($getInfo as $info) {
$afirstname = $info["firstname"];
$alastname = $info["lastname"];
$ausername = $info["username"];
$apriviledge = $info["priviledge"];
$adatereg = date('F j, Y', strtotime($info['dateregistered']));
$atimereg = date('h:i A T', strtotime($info['dateregistered']));
$adatecurr = date('F j, Y', strtotime($info['lastlogin']));
$atimecurr = date('h:i A T', strtotime($info['lastlogin']));
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Account Information of <?php
echo $afirstname;
?>
<?php
