spl_autoload_register("my_autoloader");
session_start();
$db = new DbObject();
if (!isset($_SERVER["HTTPS"]) || !$_SERVER["HTTPS"]) {
//redirect to secure
header("HTTP/1.1 301 Moved Permanently");
header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
exit;
}
//if they are already logged in, redirect to home page
if (isset($_SESSION["loggedIn"]) && $_SESSION["loggedIn"]) {
header("Location: home.php");
}
//check for a valid username and password if submitted
if (isset($_POST["submitLogin"])) {
$passwordCheck = new PasswordChecker();
// check the posted username and password
if (!empty($_POST["username"])) {
$_POST["submitLogin"] = $passwordCheck->isValid($_POST["username"], $_POST["password"]);
// regenerate the session id
session_regenerate_id(true);
//if the login is valid redirect to home page
if ($_POST["submitLogin"]) {
$_SESSION["loggedIn"] = true;
$_SESSION["username"] = $_POST["username"];
header("Location: home.php");
} else {
echo "<div>Invalid username or password</div>";
}
}
}
function checkCurrentPassword()
{
$passwordCheck = new PasswordChecker();
return $passwordCheck->isValid($_SESSION["username"], $_POST["currentPassword"]);
}
echo "</div>";
}
}
}
$form->renderSubmitEnd("subRegisterSubmit", "Register");
}
//check to see if the form was submitted
if (isset($_POST["subRegisterSubmit"])) {
//if the passwords do not match - or password is left blank - load the form again
//with an error message. Send false indicating that the password check failed.
if (!checkUsernameRegex() || !checkChallengeQuestions() || !checkEmailRegex() || !checkForEmptyFields() || !checkPasswordMatch()) {
loadForm(false);
} else {
//load the form again
loadForm(true);
$passwordChecker = new PasswordChecker();
$user = strip_tags($_POST["txtUsername"]);
$email = strip_tags($_POST["txtEmail"]);
$pwd = strip_tags($_POST["txtPassword"]);
$qst1 = strip_tags($_POST["txtQst1"]);
$qst1Answer = strip_tags($_POST["txtQst1Answer"]);
$qst2 = strip_tags($_POST["txtQst2"]);
$qst2Answer = strip_tags($_POST["txtQst2Answer"]);
$success = $passwordChecker->addUser($user, $pwd, $email, $qst1, $qst1Answer, $qst2, $qst2Answer);
if ($success) {
$_SESSION["loggedIn"] = true;
$_SESSION["username"] = $user;
} else {
echo "<p>Failed to add {$user} to the website</p>";
echo "<p>The username {$user} already exists!</p>";
echo "<p>Please enter a new username</p>";
/**
* Wrapper for PasswordChecker::check method
*
* @param $password string
* @return int
*/
public static function check($password)
{
return PasswordChecker::check($password);
}
