function sign_up($ObjectPDO, $params) { require_once $_SERVER['DOCUMENT_ROOT'] . "/reou/includes/const.php"; require_once D_ROOT . "/reou/helpers/users_helper.php"; // TODO - On the sign up page if one of the fields has no name value then you get an error. Correct that. // If already signed then take to courses page if (userSignedIn()) { header("Location:" . course_route('course_category')); die; } if ($_SERVER['REQUEST_METHOD'] == "POST") { // Check Honeypot Field ( for spam stop comparing yourself to others. This is you right now.) $_POST = check_honeypot_fields($_POST); $params = $_POST; $user = new User($ObjectPDO); try { if ($user->create_user($params)) { header("Location:" . course_route('course_category')); sign_in($ObjectPDO, $params); } else { header("Location:" . $_SERVER['REQUEST_URI']); die; } } catch (Exception $e) { // This needs to be an error message echo $e->getMessage(); die("There was a porblem creating the user check sigup.php"); } // header("location: ../views/courses/course_category.php"); } }
function process_form() { $page = isset($_POST["page"]) ? $_POST["page"] : ""; $processed = true; switch ($page) { case FORM_LOGIN: require 'inc/process/login.php'; sign_in(); break; case FORM_CUSTOMER_NEW: require 'inc/process/customer.php'; customer_add(); break; case FORM_CUSTOMER_EDIT: require 'inc/process/customer.php'; customer_edit(); break; case FORM_PURCHASE_NEW: require 'inc/process/purchase.php'; purchase_add(); break; case FORM_PURCHASE_EDIT: require 'inc/process/purchase.php'; purchase_edit(); break; case "sell_new": require 'inc/process/sell.php'; sell_add(); break; case "sell_edit": require 'inc/process/sell.php'; sell_edit(); break; case "store_edit": require 'inc/process/store.php'; store_edit(); break; case "user_new": require 'inc/process/user.php'; user_add(); break; case "user_edit": require 'inc/process/user.php'; user_edit(); break; case FORM_LOT_NEW: require 'inc/process/lot.php'; lot_add(); break; default: $processed = false; } return $processed; }
<?php session_start(); include 'sql_calls.php'; // Set variables from html page $email_in = $_POST['email_in']; $password3 = $_POST['password3']; sign_in($email_in, $password3);
/** * Basic page to manage user sign in. */ require_once 'config.php'; $form_data = array('email' => null, 'password' => null); function sign_in($email, $password, $connection) { $hashed_pw = md5($password); $sql = "SELECT * FROM `users` WHERE `email` = '{$email}' AND `password` = '{$hashed_pw}'"; $result = $connection->query($sql); return $result->num_rows === 1 ? $result->fetch_object() : null; } if ($_SERVER["REQUEST_METHOD"] == "POST") { $form_error = array(); $form_data['email'] = $_POST['email']; $user = sign_in($_POST['email'], $_POST['password'], $connection); if ($user) { $_SESSION['user_email'] = $user->email; $_SESSION['user_fname'] = $user->first_name; $_SESSION['user_lname'] = $user->last_name; header('Location: index.php'); } else { $form_error['email'] = "Invalid email or password"; } } require 'template/header.php'; require 'template/navigation.php'; ?> <div class="container"> <div class="row"> <div class="col-md-12">
<?php require_once $_SERVER['DOCUMENT_ROOT'] . "/reou/includes/const.php"; require_once D_ROOT . "/reou/controllers/users_controller.php"; # users helpers also included //$sign_in_page = "../../controllers/signin.php"; sign_in($db, $_POST); ?> <html> <head> <title> Sign In </title> <link rel="stylesheet" type="text/css" href="<?php echo asset_route('css'); ?> main.css"> </head> <body> <?php require_once $_SERVER['DOCUMENT_ROOT'] . '/reou/views/layouts/header.php'; ?> <div class="login-container">
<?php session_start(); include "db.php"; include "templates.php"; echo $index; echo "<table><tr><th>Войти</th><th>Зарегистрироваться</th></tr><tr><td>" . $sign_in . "</td>"; if (isset($_POST['auth'])) { $Login = $_POST['Login']; $Password = $_POST['Password']; sign_in($Login, $Password, $conn); } echo "<td>" . $sign_up . "</td></tr></table>"; if (isset($_POST['reg'])) { $FirstName = $_POST['FirstName']; $LastName = $_POST['LastName']; $Login = $_POST['Login']; $Password = $_POST['Password']; sign_up($FirstName, $LastName, $Login, $Password, $conn); } ?>
<script type="text/javascript" src="https://code.jquery.com/jquery-2.1.4.min.js"></script> <script type="text/javascript" src="js/script.js"></script> <link href='https://cdnjs.cloudflare.com/ajax/libs/toastr.js/latest/css/toastr.min.css' rel='stylesheet' type='text/css'> <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/toastr.js/latest/js/toastr.min.js"></script> </head> <body> <?php $name = $_POST["name"]; $type = $_POST["inout"]; $server = "us-cdbr-iron-east-03.cleardb.net"; $username = "******"; $password = "******"; $db = "heroku_3d5da57e92aa9e3"; $mysqli = new mysqli($server, $username, $password, $db); if ($type === "in") { sign_in($name, $mysqli); } else { if ($type === "out") { sign_out($name, $mysqli); } } // NOTE: Probably want to put the following functions in a separate file. // Not sure how to do that yet, so I'll leave it here for proof of concept. /**************************************/ // SIGN IN AND OUT function sign_in($name, $mysqli) { date_default_timezone_set("America/Chicago"); $unix = time(); $statement = $mysqli->prepare("INSERT INTO temp (name, time_in)\n\t\t\t\t\t\t\t\t\t\t\tVALUES (?, ?)"); $statement->bind_param('si', $name, $unix);
unset($_SESSION['name']); } //checking if the user logs in if (!isset($_SESSION['name'])) { if (isset($_POST['acuseremail']) && isset($_POST['acpassword']) && $_POST['acuseremail'] != "" && $_POST['acpassword']) { $usr_info = sign_in($_POST['acuseremail'], $_POST['acpassword']); if ($row = pg_fetch_array($usr_info)) { session_regenerate_id(); //preventing session fixation attack $_SESSION['usrid'] = $row['idusuario']; $_SESSION['usravatar'] = $row['avatar']; //not yet usefull $_SESSION['name'] = $row['username']; } } else { if (!isset($_SESSION['name'])) { if (isset($_POST['unusername']) && isset($_POST['unuseremail']) && isset($_POST['unpassword']) && $_POST['unusername'] != "" && $_POST['unuseremail'] != "" && $_POST['unuseremail'] != "") { sign_up($_POST['unusername'], $_POST['unuseremail'], $_POST['unpassword']); $usr_info = sign_in($_POST['unuseremail'], $_POST['unpassword']); if ($row = pg_fetch_array($usr_info)) { session_regenerate_id(); //preventing session fixation attack $_SESSION['usrid'] = $row['idusuario']; $_SESSION['usravatar'] = $row['avatar']; //not yet usefull $_SESSION['name'] = $row['username']; } } } } }
<?php session_start(); include 'sql_calls.php'; // Set variables from html page $email_up = $_POST['email_up']; $password1 = $_POST['password1']; $hash = password_hash($password1, PASSWORD_DEFAULT); $first_name = $_POST['first_name']; $middle_name = $_POST['middle_name']; $last_name = $_POST['last_name']; $SSN = $_POST['sign_up_SSN']; $d_o_b = $_POST['d_o_b']; $date = date('Y-m-d'); $privilege = 1; sign_up($email_up, $hash, $first_name, $middle_name, $last_name, $SSN, $d_o_b, $privilege, $date); sign_in($email_up, $password1);