function create_account($dirty_email) { $email = escape($dirty_email); if (user_count($email) != 0) { echo "signup-failure"; return; } if (validate_email($email) == false) { echo "signup-failure"; return; } $pending_verification = "pending-verification"; $sql1 = "INSERT INTO account_head (account, email, status)"; $sql1 .= " VALUES (null, '{$email}', '{$pending_verification}');"; query($sql1); if (user_count($email) == 1) { $new_account_num = account_id_from_email($email); $time = time(); $signupString = generate_string(); $sql2 = "INSERT INTO account_signup (account, code, date_requested)"; $sql2 .= " VALUES ({$new_account_num}, '{$signupString}', {$time});"; query($sql2); $sql3 = "SELECT * FROM account_signup WHERE account={$new_account_num}"; $result = query($sql3); $count = mysqli_num_rows($result); //mail($email,"ProjectPortfolio - Complete signup", "This is the msg telling you to sign up, fart."); send_signup_email($email, $signupString); if ($count == 1) { echo "signup-success"; return; } else { $sql4 = "DELETE FROM account_signup WHERE account={$new_account_num}"; $sql5 = "DELETE FROM account_head WHERE account={$new_account_num}"; query($sql4); query($sql5); } } else { echo "deleting head table failed"; $sql6 = "DELETE FROM account_head WHERE email={$email}"; query($sql6); } echo "signup-failure"; }
function login($dirty_email, $dirty_password) { $email = escape($dirty_email); $password = escape($dirty_password); if (!validate_email($email)) { echo "login-invalid-email"; return; } if (!validate_password($password)) { echo "login-invalid-password"; return; } $account_id = account_id_from_email($email); if ($account_id == -1) { echo "DEBUG: email or password invalid"; return; } if (correct_password($account_id, $password) == false) { echo "DEBUG: email or password invalid"; return; } session_regenerate_id(); fresh_logon($account_id); $username = username_from_account_id($account_id); setcookie('LOGGED_IN', $username, time() + 3600); echo "login-success"; }