function sign_up($ObjectPDO, $params)
{
require_once $_SERVER['DOCUMENT_ROOT'] . "/reou/includes/const.php";
require_once D_ROOT . "/reou/helpers/users_helper.php";
// TODO - On the sign up page if one of the fields has no name value then you get an error. Correct that.
// If already signed then take to courses page
if (userSignedIn()) {
header("Location:" . course_route('course_category'));
die;
}
if ($_SERVER['REQUEST_METHOD'] == "POST") {
// Check Honeypot Field ( for spam stop comparing yourself to others. This is you right now.)
$_POST = check_honeypot_fields($_POST);
$params = $_POST;
$user = new User($ObjectPDO);
try {
if ($user->create_user($params)) {
header("Location:" . course_route('course_category'));
sign_in($ObjectPDO, $params);
} else {
header("Location:" . $_SERVER['REQUEST_URI']);
die;
}
} catch (Exception $e) {
// This needs to be an error message
echo $e->getMessage();
die("There was a porblem creating the user check sigup.php");
}
// header("location: ../views/courses/course_category.php");
}
}
function process_form()
{
$page = isset($_POST["page"]) ? $_POST["page"] : "";
$processed = true;
switch ($page) {
case FORM_LOGIN:
require 'inc/process/login.php';
sign_in();
break;
case FORM_CUSTOMER_NEW:
require 'inc/process/customer.php';
customer_add();
break;
case FORM_CUSTOMER_EDIT:
require 'inc/process/customer.php';
customer_edit();
break;
case FORM_PURCHASE_NEW:
require 'inc/process/purchase.php';
purchase_add();
break;
case FORM_PURCHASE_EDIT:
require 'inc/process/purchase.php';
purchase_edit();
break;
case "sell_new":
require 'inc/process/sell.php';
sell_add();
break;
case "sell_edit":
require 'inc/process/sell.php';
sell_edit();
break;
case "store_edit":
require 'inc/process/store.php';
store_edit();
break;
case "user_new":
require 'inc/process/user.php';
user_add();
break;
case "user_edit":
require 'inc/process/user.php';
user_edit();
break;
case FORM_LOT_NEW:
require 'inc/process/lot.php';
lot_add();
break;
default:
$processed = false;
}
return $processed;
}
<?php session_start(); include 'sql_calls.php'; // Set variables from html page $email_in = $_POST['email_in']; $password3 = $_POST['password3']; sign_in($email_in, $password3);
/**
* Basic page to manage user sign in.
*/
require_once 'config.php';
$form_data = array('email' => null, 'password' => null);
function sign_in($email, $password, $connection)
{
$hashed_pw = md5($password);
$sql = "SELECT * FROM `users` WHERE `email` = '{$email}' AND `password` = '{$hashed_pw}'";
$result = $connection->query($sql);
return $result->num_rows === 1 ? $result->fetch_object() : null;
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$form_error = array();
$form_data['email'] = $_POST['email'];
$user = sign_in($_POST['email'], $_POST['password'], $connection);
if ($user) {
$_SESSION['user_email'] = $user->email;
$_SESSION['user_fname'] = $user->first_name;
$_SESSION['user_lname'] = $user->last_name;
header('Location: index.php');
} else {
$form_error['email'] = "Invalid email or password";
}
}
require 'template/header.php';
require 'template/navigation.php';
?>
<div class="container">
<div class="row">
<div class="col-md-12">
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . "/reou/includes/const.php";
require_once D_ROOT . "/reou/controllers/users_controller.php";
# users helpers also included
//$sign_in_page = "../../controllers/signin.php";
sign_in($db, $_POST);
?>
<html>
<head>
<title> Sign In </title>
<link rel="stylesheet" type="text/css" href="<?php
echo asset_route('css');
?>
main.css">
</head>
<body>
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/reou/views/layouts/header.php';
?>
<div class="login-container">
<?php
session_start();
include "db.php";
include "templates.php";
echo $index;
echo "<table><tr><th>Войти</th><th>Зарегистрироваться</th></tr><tr><td>" . $sign_in . "</td>";
if (isset($_POST['auth'])) {
$Login = $_POST['Login'];
$Password = $_POST['Password'];
sign_in($Login, $Password, $conn);
}
echo "<td>" . $sign_up . "</td></tr></table>";
if (isset($_POST['reg'])) {
$FirstName = $_POST['FirstName'];
$LastName = $_POST['LastName'];
$Login = $_POST['Login'];
$Password = $_POST['Password'];
sign_up($FirstName, $LastName, $Login, $Password, $conn);
}
?>
<script type="text/javascript" src="https://code.jquery.com/jquery-2.1.4.min.js"></script>
<script type="text/javascript" src="js/script.js"></script>
<link href='https://cdnjs.cloudflare.com/ajax/libs/toastr.js/latest/css/toastr.min.css' rel='stylesheet' type='text/css'>
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/toastr.js/latest/js/toastr.min.js"></script>
</head>
<body>
<?php
$name = $_POST["name"];
$type = $_POST["inout"];
$server = "us-cdbr-iron-east-03.cleardb.net";
$username = "******";
$password = "******";
$db = "heroku_3d5da57e92aa9e3";
$mysqli = new mysqli($server, $username, $password, $db);
if ($type === "in") {
sign_in($name, $mysqli);
} else {
if ($type === "out") {
sign_out($name, $mysqli);
}
}
// NOTE: Probably want to put the following functions in a separate file.
// Not sure how to do that yet, so I'll leave it here for proof of concept.
/**************************************/
// SIGN IN AND OUT
function sign_in($name, $mysqli)
{
date_default_timezone_set("America/Chicago");
$unix = time();
$statement = $mysqli->prepare("INSERT INTO temp (name, time_in)\n\t\t\t\t\t\t\t\t\t\t\tVALUES (?, ?)");
$statement->bind_param('si', $name, $unix);
unset($_SESSION['name']);
}
//checking if the user logs in
if (!isset($_SESSION['name'])) {
if (isset($_POST['acuseremail']) && isset($_POST['acpassword']) && $_POST['acuseremail'] != "" && $_POST['acpassword']) {
$usr_info = sign_in($_POST['acuseremail'], $_POST['acpassword']);
if ($row = pg_fetch_array($usr_info)) {
session_regenerate_id();
//preventing session fixation attack
$_SESSION['usrid'] = $row['idusuario'];
$_SESSION['usravatar'] = $row['avatar'];
//not yet usefull
$_SESSION['name'] = $row['username'];
}
} else {
if (!isset($_SESSION['name'])) {
if (isset($_POST['unusername']) && isset($_POST['unuseremail']) && isset($_POST['unpassword']) && $_POST['unusername'] != "" && $_POST['unuseremail'] != "" && $_POST['unuseremail'] != "") {
sign_up($_POST['unusername'], $_POST['unuseremail'], $_POST['unpassword']);
$usr_info = sign_in($_POST['unuseremail'], $_POST['unpassword']);
if ($row = pg_fetch_array($usr_info)) {
session_regenerate_id();
//preventing session fixation attack
$_SESSION['usrid'] = $row['idusuario'];
$_SESSION['usravatar'] = $row['avatar'];
//not yet usefull
$_SESSION['name'] = $row['username'];
}
}
}
}
}
<?php
session_start();
include 'sql_calls.php';
// Set variables from html page
$email_up = $_POST['email_up'];
$password1 = $_POST['password1'];
$hash = password_hash($password1, PASSWORD_DEFAULT);
$first_name = $_POST['first_name'];
$middle_name = $_POST['middle_name'];
$last_name = $_POST['last_name'];
$SSN = $_POST['sign_up_SSN'];
$d_o_b = $_POST['d_o_b'];
$date = date('Y-m-d');
$privilege = 1;
sign_up($email_up, $hash, $first_name, $middle_name, $last_name, $SSN, $d_o_b, $privilege, $date);
sign_in($email_up, $password1);
