function login_verify($email, $password) { //connect to db $conn = connect_to_mysql(); $sql = "select * from users where user_email = '" . $email . "';"; // find user record via email $result = $conn->query($sql); // make sure we got a record back if ($result->num_rows !== 1) { return false; } // get the first row $row = mysqli_fetch_array($result); // get the password hash $db_passhash = $row["password_hash"]; //compare password hash, if true, set session vars if (password_verify($password, $db_passhash)) { $_SESSION["logged_in"] = true; $_SESSION["user_id"] = $row["id"]; $_SESSION["username"] = $row["username"]; return true; } else { $_SESSION["logged_in"] = false; return false; } }
function get_user_data() { $connection = connect_to_mysql(); $query = "SELECT * FROM users WHERE email = '"; $query .= $_SESSION["email"] . "'"; $result = mysqli_query($connection, $query); $row = mysqli_fetch_array($result); if ($row != false) { close_mysql_connection($connection); return $row; } }
// verify password if (strcmp($password, $password_verify) !== 0) { $_SESSION["growl_type"] = "error"; $_SESSION["growl_message"] = "Passwords do not match!"; header('Location: /signup'); return; } // verify the email if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $_SESSION["growl_type"] = "error"; $_SESSION["growl_message"] = "The email address you entered is invlaid"; header('Location: /signup'); return; } // make sure email is not already taken $conn = connect_to_mysql(); $sql = "select * from users where user_email = '" . $email . "';"; $result = $conn->query($sql); if ($result->num_rows > 0) { $_SESSION["growl_type"] = "error"; $_SESSION["growl_message"] = "This email address is already taken"; header('Location: /signup'); return; } // hash the password $hash = password_hash($password, PASSWORD_DEFAULT); $date = date('Y-m-d'); $sql = "INSERT INTO users\n\t(username, user_email, password_hash, date_created, date_modified, deleted)\n\tVALUES\n\t('" . $username . "', '" . $email . "', '" . $hash . "', '" . $date . "', '" . $date . "', 0);"; $result = $conn->query($sql); // get the user id $sql = "SELECT id FROM users where user_email = '" . $email . "';";
function check_change_password() { $fail = false; //if old password is incorrect, exit $connection = connect_to_mysql(); $query = "SELECT * FROM users WHERE email = '" . $_SESSION['email'] . "' AND password = '******'"; $row = mysqli_query($connection, $query); if (mysqli_num_rows($row) != 1) { $GLOBALS['oldPasswordIncorrect'] = true; $fail = true; } // if password contains special characters, exit if (!filter_var($_POST["InputPW1"], FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => "/^[a-zA-Z0-9_]*\$/")))) { $GLOBALS['passwordNotValid'] = true; $fail = true; } //if passwords do not match, exit if ($_POST["InputPW1"] != $_POST["InputPW2"]) { $GLOBALS['passwordNotMatch'] = true; $fail = true; } if (!$fail) { start_password_change($connection); } close_mysql_connection($connection); }
function contact_realtor() { $connection = connect_to_mysql(); $query = "INSERT INTO touched (idListing, name, email, phone, message) VALUES('"; $query .= $_POST['contact'] . "','"; $query .= $_POST['name'] . "','"; $query .= $_POST['email'] . "','"; $query .= $_POST['phone'] . "','"; $query .= $_POST['message'] . "')"; mysqli_query($connection, $query); echo "<script type='text/javascript'>alert('Request sent to realtor!');</script>"; }
function display_listing($id) { $connection = connect_to_mysql(); $query = "SELECT * "; $query .= "FROM listings "; $query .= "WHERE id ='" . $id . "'"; $result = mysqli_query($connection, $query); $row = mysqli_fetch_array($result); echo '<div class="row"> <div class="container transbox"> <div class="brdr bgc-fff pad-10 box-shad btm-mrg-20 property-listing" style="overflow:hidden;"> <div class="media"> <a class="pull-left" href="#" target="_parent">'; $rand_num = rand(1, 3); $img_name1 = $row["image" . $rand_num]; $img_path = 'assets/home_images/home' . $row["id"] . '/small/' . $img_name1; echo '<img class="img-responsive" style="margin-top:9%;" src="' . $img_path . '"/></a> <div class="clearfix visible-sm"></div> <div class="media-body fnt-smaller"> <a href="#" target="_parent"></a> <h3 class="media-heading"> <a href="#" target="_parent">$' . number_format($row["price"]) . '</a><small class="pull-right"><i>' . $row["address"] . '</i></small></h3> <p><small class="pull-right">' . $row["city"] . ", " . $row["us_state"] . ", " . $row["zip_code"] . '</small></p> <br> <ul class="list-inline mrg-0 btm-mrg-10 clr-535353 pull-right"> <li>' . $row["sq_ft"] . 'SqFt</li> <li style="list-style: none">|</li> <li>' . $row["num_bedrooms"] . 'Beds</li> <li style="list-style: none">|</li> <li>' . $row["num_bathrooms"] . 'Baths</li> </ul> <br><br> <p class="hidden-xs">' . substr($row["description"], 0, 300) . '...</p> <div class="btn-toolbar pull-right"> <form action="home_details.php" method="get"> <button type="button" class="btn btn-default btn-sm"> <span class="glyphicon glyphicon-star" aria-hidden="true"></span> Star </button> <button name="details" type="submit" value="' . $row[0] . '" class="btn btn-success btn-sm">Details</button> </form> </div> <br> <span class="fnt-smaller fnt-lighter fnt-arial">Milestone Properties©</span> </div> </div> </div> </div> </div><hr>'; }
function remove_row() { $connection = connect_to_mysql(); $query = "DELETE FROM touched WHERE id = '" . $_POST['idRow'] . "'"; mysqli_query($connection, $query); echo "<script type='text/javascript'>alert('Contact request deleted!');</script>"; }
function check_login() { $email = filter_var($_POST["InputEmail"], FILTER_SANITIZE_EMAIL); $connection = connect_to_mysql(); $result = mysqli_query($connection, "SELECT * FROM users WHERE email = '" . $email . "'"); $row = mysqli_fetch_array($result); if ($_POST["InputEmail"] == "" || $_POST["InputPW1"] == "") { $GLOBALS['emptyFields'] = true; } else { if ($_POST["InputEmail"] != $email) { $GLOBALS['emailNotValid'] = true; } else { if (!password_verify($_POST["InputPW1"], $row["password"])) { $GLOBALS['wrongCredentials'] = true; } else { sec_session_start($email); header("Location: temp.php"); exit; } } } }
function create_user() { // hashes the password to store it safely in the DB $password = password_hash($_POST["InputPW1"], PASSWORD_DEFAULT); $connection = connect_to_mysql(); // query to create a new user in the DB $query = "INSERT INTO users (email,password,user_type,zip_code,phone_number,first_name,last_name)"; $query .= "VALUES("; $query .= "'{$_POST["InputEmail"]}',"; $query .= "'{$password}',"; $query .= "1,"; $query .= "{$_POST["InputZip"]},"; $query .= "'{$_POST["InputPhone"]}',"; $query .= "'{$_POST["InputFirstName"]}',"; $query .= "'{$_POST["InputLastName"]}')"; if (mysqli_query($connection, $query) == FALSE) { echo "Failed to create user"; } close_mysql_connection($connection); }
function bookmark_listing() { $connection = connect_to_mysql(); if (isset($_SESSION['id'])) { $query = "INSERT into bookmarks (user_id, listing_id) VALUES("; $query .= $_SESSION['id'] . "," . $_POST['bookmark'] . ")"; mysqli_query($connection, $query); echo "<script type='text/javascript'>alert('Listing added to bookmarks');</script>"; } else { echo "<script type='text/javascript'>alert('You must be logged in to bookmark a property!');</script>"; } }
function check_login_forgot() { $original_email = trim($_POST["InputEmail"]); $clean_email = filter_var($original_email, FILTER_SANITIZE_EMAIL); $fail = false; // if email has special characters or doesn't have right format, exit if ($original_email != $clean_email || !filter_var($original_email, FILTER_VALIDATE_EMAIL)) { $GLOBALS['emailNotValid'] = true; $fail = true; } // if email is not already registered, exit $connection = connect_to_mysql(); $query = "SELECT * FROM users WHERE email = '" . $original_email . "'"; $row = mysqli_query($connection, $query); if (mysqli_num_rows($row) != 1) { $GLOBALS['emailNotRegistered'] = true; $fail = true; } if (!$fail) { start_password_recovery($connection, $clean_email); } close_mysql_connection($connection); }