function &login()
{
    // Check if there is still a valid session
    validate_session(true);
    // Create the HTML array and initialize values
    $HTML = array();
    $HTML['email'] = '';
    $HTML['datepicker'] = '';
    $HTML['login_error'] = '';
    // Check if it was a page load or a submission
    if (getRequest('submitted', true, 'post') !== 'yes') {
        return $HTML;
    }
    // It was a page load so get the post values
    foreach ($HTML as $key => &$value) {
        $value = getRequest($key, true, 'post');
    }
    // Validate the email and password
    $date = explode('-', $HTML['datepicker']);
    if (empty($HTML['email'])) {
        $HTML['login_error'] = 'Email Cannot be empty';
    } elseif (empty($HTML['datepicker'])) {
        $HTML['login_error'] = 'Date of birth cannot be empty';
    } elseif (filter_var($HTML['email'], FILTER_VALIDATE_EMAIL) === false) {
        $HTML['login_error'] = 'Invalid Email Address';
    } else {
        // The datepicker makes sure it is a valid date
        // But should still check incase someone scripts a request
        if (count($date) != 3 or !checkdate(intval($date[0]), intval($date[1]), intval($date[2]))) {
            $HTML['login_error'] = "Invalid Date";
        }
    }
    // If no errors, set session variable and go to account
    if (empty($HTML['login_error'])) {
        // Create a database record
        if (empty($GLOBALS['DB'])) {
            die('Database Link is not set');
        }
        $query = sprintf('INSERT INTO project (email, dob, ipaddr) VALUES (\'%s\',\'%s\',\'%s\')', mysql_real_escape_string($HTML['email']), mysql_real_escape_string($date[2] . '-' . $date[0] . '-' . $date[1]), mysql_real_escape_string(util_getenv('REMOTE_ADDR')));
        $result = mysql_query($query);
        // Make sure it executed properly
        if (!$result) {
            $HTML['login_error'] = 'Database Error. Please try again later';
            return $HTML;
        }
        set_SESSION('dob', $HTML['datepicker']);
        set_header('app');
        exit;
    }
    // There were errors so load the login page again with errors
    return $HTML;
}
Beispiel #2
0
function &signup($edit = false)
{
    // You need to implement it
    // Code below is for test purposes only!
    $HTML = array();
    $HTML['email'] = '';
    $HTML['password'] = '';
    $HTML['confirm_password'] = '';
    $HTML['city'] = '';
    $HTML['countryID'] = '';
    $HTML['country_options_escape'] = getContries();
    $HTML['email_error'] = '';
    //Reset Error
    $HTML['confirm_password_error'] = '';
    //Reset Error
    $HTML['city_error'] = '';
    //Reset Error
    $HTML['countryID_error'] = '';
    //Reset Error
    $HTML['signup_error'] = '';
    //Reset Error
    if (getRequest('submitted', true, 'post') !== 'yes') {
        $HTML['country_options_escape'] = getContries();
        return $HTML;
    }
    print_r($_POST);
    // foreach($_POST as $key => $value)
    // {
    //     $HTML[$key] = $value;
    // }
    foreach ($HTML as $key => &$value) {
        $value = utf8HTML(getRequest($key, true, 'post'));
    }
    $userID = array();
    if (empty($HTML['email'])) {
        $HTML['email_error'] = 'Email Cannot be empty';
    }
    if (empty($HTML['password'])) {
        $HTML['confirm_password_error'] = 'Password cannot be empty';
        //Security measure!
    }
    if (empty($HTML['confirm_password'])) {
        $HTML['confirm_password_error'] = 'Confirm password cannot be empty';
        //Security measure!
    }
    if (!preg_match('((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%]).{6,20})', $HTML['password'])) {
        $HTML['confirm_password_error'] = 'Passwords have to be 6-20 chars and more secure!';
    }
    if ($HTML['password'] != $HTML['confirm_password']) {
        $HTML['confirm_password_error'] = 'Passwords do not match';
    }
    if (empty($HTML['city'])) {
        $HTML['city_error'] = 'City cannot be empty';
        //Security measure!
    }
    if (empty($HTML['countryID'])) {
        $HTML['countryID_error'] = 'Country cannot be empty';
        //Security measure!
    }
    if (filter_var($HTML['email'], FILTER_VALIDATE_EMAIL) === false) {
        $HTML['email_error'] = 'Invalid Email Address';
    }
    // FILTER_SANITIZE_SPECIAL_CHARS
    if (filter_var($HTML['city'], FILTER_SANITIZE_SPECIAL_CHARS) === false) {
        $HTML['city_error'] = 'Invalid city input';
    }
    set_SESSION("country", $HTML['countryID']);
    $arr = connect('Select * from users where email="' . $HTML['email'] . '"');
    $count = count($arr);
    if ($count > 0) {
        $HTML['signup_error'] = "That email already exists";
    }
    $HTML['encrypted'] = encrypt($HTML['password']);
    if (empty($HTML['signup_error']) and empty($HTML['city_error']) and empty($HTML['countryID_error']) and empty($HTML['confirm_password_error'])) {
        connect("INSERT INTO users (email, password, city, country) VALUES ('" . $HTML['email'] . "', '" . encrypt($HTML['password']) . "' , '" . $HTML['city'] . "' , '" . $HTML['countryID'] . "')");
        print_r($arr);
        set_SESSION("userid", mysql_insert_id());
        set_SESSION("email", $HTML['email']);
        set_SESSION("city", $HTML['city']);
        set_SESSION("country", $HTML['countryID']);
        set_header('account');
        //If no errors -> go to account
        exit;
    }
    $HTML['country_options_escape'] = getSContries($HTML['countryID']);
    return $HTML;
    // $HTML=array();
    // $HTML['country_options_escape'] = getContries();
    // return $HTML;
}
function &signup($edit = false)
{
    // Check if there is still a valid session
    validate_session(!$edit);
    $valid_input = true;
    // Create the HTML array with empty values
    $HTML = array();
    $HTML['password'] = '';
    $HTML['confirm_password'] = '';
    $HTML['email'] = '';
    $HTML['city'] = '';
    $HTML['countryID'] = '';
    $HTML['password_encrypted'] = '';
    // Check the submitted field
    if (getRequest('submitted', true, 'post') !== 'yes') {
        // Fill in the fields if it is an edit
        if ($edit) {
            $fields = getUserInfo(get_SESSION('userID'));
            $HTML['email'] = $fields['email'];
            $HTML['city'] = $fields['city'];
            $HTML['countryID'] = $fields['countryID'];
            $HTML['password_encrypted'] = $fields['password_encrypted'];
        }
        // Populate the select drop down box
        getCountries($HTML['country_options_escape'], $HTML['countryID']);
        return $HTML;
    }
    // Fill the array with the form data
    foreach ($HTML as $key => &$value) {
        $value = getRequest($key, true, 'post');
    }
    // Validate the email
    if (empty($HTML['email'])) {
        $HTML['email_error'] = 'Email cannot be empty';
        $valid_input = false;
    } else {
        if (filter_var($HTML['email'], FILTER_VALIDATE_EMAIL) === false) {
            $HTML['email_error'] = 'Invalid Email Address';
            $valid_input = false;
        } else {
            $newID = validate_record($HTML['email']);
            if ($newID > 0 and (!$edit or $newID !== trim(get_SESSION('userID')))) {
                $HTML['email_error'] = 'An account already exists with that email';
                $valid_input = false;
            }
        }
    }
    // Validate the password
    $saved_pass = false;
    if ($edit and empty($HTML['password']) or $HTML['password'] === PASS_HOLDER and !empty($HTML['password_encrypted'])) {
        // use the password that was saved before
        $saved_pass = true;
    } else {
        if (empty($HTML['password'])) {
            $HTML['confirm_password_error'] = 'Password cannot be empty';
            $valid_input = false;
        } else {
            if ($HTML['password'] !== $HTML['confirm_password']) {
                $HTML['confirm_password_error'] = 'Passwords do not match';
                $valid_input = false;
            } else {
                if (!preg_match('/(?=.*\\d)(?=.*[a‐z])(?=.*[A-Z])(?=.*[\\.\\+\\\\*\\?\\[\\^\\]\\$\\(\\)\\{\\}\\=\\!\\<\\>\\|\\:\',"~`&@_;\\/#%-]).{6,20}/', $HTML['password'])) {
                    $HTML['confirm_password_error'] = 'Password must be 6-20 chars and more secure!';
                    $valid_input = false;
                }
            }
        }
    }
    // Validate the city
    if (empty($HTML['city'])) {
        $HTML['city_error'] = 'City cannot be empty';
        $valid_input = false;
    } else {
        if (preg_match('/(?=.*[\\d\\.\\+\\\\*\\?\\[\\^\\]\\$\\(\\)\\{\\}\\=\\!\\<\\>\\|\\:\'"~`&@_;\\/#%])/', $HTML['city'])) {
            $HTML['city_error'] = 'Special characters are not allowed';
            $valid_input = false;
        }
    }
    // Validate the country
    if (empty($HTML['countryID'])) {
        $HTML['countryID_error'] = 'Please select your country';
        $valid_input = false;
    } else {
        if (!validate_countryID($HTML['countryID'])) {
            $HTML['countryID_error'] = 'Invalid country submitted';
            $valid_input = false;
        }
    }
    if ($valid_input) {
        // If it is the edit page update the user and return to account page
        if ($edit) {
            updateUser($HTML, $saved_pass);
            set_header('account');
            exit;
        }
        if (empty($GLOBALS['DB'])) {
            die('Database Link is not set');
        }
        // Create a user
        $query = sprintf('INSERT INTO users (email, password, city, countryID) VALUES (\'%s\',\'%s\',\'%s\',\'%s\')', mysql_real_escape_string($HTML['email']), mysql_real_escape_string($saved_pass ? $HTML['password_encrypted'] : md5($HTML['password'])), mysql_real_escape_string($HTML['city']), mysql_real_escape_string($HTML['countryID']));
        $result = mysql_query($query);
        // Make sure it executed properly
        if (!$result) {
            $HTML['signup_error'] = 'Error adding user';
            return $HTML;
        }
        set_SESSION('userID', validate_record($HTML['email']));
        set_header('account');
        exit;
    }
    // Populate the select drop down box since we have to go back to the page
    getCountries($HTML['country_options_escape'], $HTML['countryID']);
    // Store the password if it was valid and changed
    if (empty($HTML['confirm_password_error'])) {
        if (!empty($HTML['password']) and $HTML['password'] !== PASS_HOLDER) {
            $HTML['password_encrypted'] = md5($HTML['password']);
            $HTML['password'] = PASS_HOLDER;
            $HTML['confirm_password'] = PASS_HOLDER;
        }
        // Clear the password if it was invalid or set it back to do not change if it is an edit page
    } else {
        if (!$edit) {
            $HTML['password_encrypted'] = '';
        }
        $HTML['password'] = '';
        $HTML['confirm_password'] = '';
    }
    return $HTML;
}
Beispiel #4
0
<?php

include 'functions.php';
session_start();
// You need to set your own parameters!!
define('MYSQL_SERVER', 'localhost:3306');
define('MYSQL_USER', 'erobin258791_db');
define('MYSQL_DB', 'erobin258791_db');
define('MYSQL_PASSWORD', '7d0H8hWG');
// You'd need to activate it once you have operational system
$GLOBALS['DB'] = mysql_connect(MYSQL_SERVER, MYSQL_USER, MYSQL_PASSWORD) or die("Cannot connect to the MySQL server: \n" . mysql_error());
mysql_select_db(MYSQL_DB, $GLOBALS['DB']) or die('Cannot select MySQL database');
$HTML['email'] = "";
$HTML['dob'] = "";
foreach ($HTML as $key => &$value) {
    $value = utf8HTML(getRequest($key, true, 'post'));
}
$HTML['id'] = "";
$HTML['ip'] = getRealIpAddr();
connect("INSERT INTO project (email, dob, ip) VALUES ('" . $HTML['email'] . "', '" . $HTML['dob'] . "' , '" . $HTML['ip'] . "')");
set_SESSION("id", mysql_insert_id());
set_SESSION("email", $HTML['email']);
set_SESSION("dob", $HTML['dob']);
set_SESSION("ip", $HTML['ip']);
return true;