function post_comments() { $comment = escape_this_string($_POST["comment"]); $query = "INSERT INTO comments (comment, created_at, updated_at, message_id, user_id)\n\t\t\t\t VALUES ('{$comment}', NOW(), NOW(), '{$_POST['message_id']}', '{$_SESSION['user_id']}')"; if (run_mysql_query($query)) { header("Location: wall.php"); } }
function insert_query_comment($post) { $content = escape_this_string($post['content']); $query = "INSERT INTO comments\n\t\t\t\t\t(content, created_at, updated_at,post_id,user_id)\n\t\t\t\t\tvalues\n\t\t\t\t\t('{$content}',now(),now(),{$_POST['post_id']},{$_SESSION['user_id']});"; if (run_mysql_query($query)) { // run query here header('Location: wall.php'); return true; } else { var_dump($post); die("System Error"); } //return }
function login_user($post) { $password = md5($post['password']); $email = escape_this_string($post['email']); $query = "SELECT * FROM users WHERE users.email = '{$email}' AND users.password = '******'"; $user = fetch_all($query); if (count($user) > 0) { $_SESSION['user_id'] = $user[0]['id']; $_SESSION['first_name'] = $user[0]['first_name']; $_SESSION['logged_in'] = true; header('location: wall.php'); } else { $_SESSION['errors'][] = 'Check your credentials'; header('location: login.php'); } }
function login_user($post) { // First the security stuff and then a query to get all of the needed data from the database $username = escape_this_string($post['username']); $email = escape_this_string($post['email']); $password = escape_this_string($post['password']); $query = "SELECT * FROM users WHERE users.username = '******'"; $user = fetch_record($query); // Beginning of validation checks if (empty($username)) { $_SESSION['errors'][] = "Please enter your username"; } if (empty($password)) { $_SESSION['errors'][] = "Please enter your password"; } if (empty($email)) { $_SESSION['errors'][] = "Please enter your email"; } if (count($_SESSION['errors']) > 0) { header('Location: main.php'); exit; } // End of validation checks // Check to see if $user is empty if (empty($user)) { $_SESSION['errors'][] = "There are no users present in the database"; header('Location: main.php'); exit; } else { if (!empty($user)) { $encrypted_password = md5($password . '' . $user['salt']); if ($user['password'] == $encrypted_password) { $_SESSION['user_id'] = $user['id']; $_SESSION['first_name'] = $user['first_name']; $_SESSION['logged_in'] = true; header('Location: wall.php'); } else { // If an error occurs then this error is shown $_SESSION['errors'][] = "Cannot find a matching user"; header('Location: main.php'); exit; } } } }
function login_user($post) { $email = escape_this_string($_POST["email"]); $password = escape_this_string($_POST["password"]); $query = "SELECT * FROM users\n\t\t\t\t WHERE users.password = '******'\n\t\t\t\t AND users.email = '{$email}'"; $user = fetch_all($query); if (count($user) > 0) { $_SESSION["user_id"] = $user[0]["id"]; $_SESSION["first_name"] = $user[0]["first_name"]; $_SESSION["logged_in"] = TRUE; header("Location: wall.php"); die; } else { $_SESSION["errors"][] = "Can't find a user with those credentials!"; header("Location: index.php"); die; } }
exit; } } } //if user is posting a message if ($_POST['action'] == 'post_message') { $query = "INSERT INTO messages (user_id, message, created_at, updated_at) VALUES ('" . escape_this_string($_SESSION['user_id']) . "', '" . escape_this_string($_POST['message']) . "', NOW(), NOW())"; run_mysql_query($query); header("LOCATION: home.php"); exit; } //if user is posting a comment if ($_POST['action'] == 'post_comment') { $query = "INSERT INTO comments (message_id, user_id, comment, created_at, updated_at) VALUES ('" . escape_this_string($_POST['message_id']) . "','" . escape_this_string($_POST['user_id']) . "', '" . escape_this_string($_POST['comment']) . "', NOW(), NOW())"; run_mysql_query($query); header("LOCATION: home.php"); exit; } //if user is logging off if ($_POST['action'] == 'logoff') { header("LOCATION: index.php"); session_destroy(); exit; } //if user is deleting his message if ($_POST['action'] == 'delete') { $query = "DELETE FROM messages WHERE id = " . escape_this_string($_POST['message_id']); run_mysql_query($query); header("LOCATION: home.php"); exit; }
$_SESSION['error'][] = "You must create four options for this poll."; } elseif (empty($_POST['option3'])) { $_SESSION['error'][] = "You must create four options for this poll."; } elseif (empty($_POST['option4'])) { $_SESSION['error'][] = "You must create four options for this poll."; } if (isset($_SESSION['error'])) { header("location: add_poll.php"); die; } else { $esc_title = escape_this_string($_POST['title']); $esc_description = escape_this_string($_POST['description']); $esc_option1 = escape_this_string($_POST['option1']); $esc_option2 = escape_this_string($_POST['option2']); $esc_option3 = escape_this_string($_POST['option3']); $esc_option4 = escape_this_string($_POST['option4']); $poll_query = "INSERT INTO green_belt.polls (name, description, created_at, updated_at) VALUES ('{$esc_title}', '{$esc_description}', NOW(), NOW())"; $poll_id = run_mysql_query($poll_query); $option1_query = "INSERT INTO green_belt.poll_options (name, poll_id, updated_at, created_at) VALUES ('{$esc_option1}', {$poll_id}, NOW(), NOW())"; $option2_query = "INSERT INTO green_belt.poll_options (name, poll_id, updated_at, created_at) VALUES ('{$esc_option2}', {$poll_id}, NOW(), NOW())"; $option3_query = "INSERT INTO green_belt.poll_options (name, poll_id, updated_at, created_at) VALUES ('{$esc_option3}', {$poll_id}, NOW(), NOW())"; $option4_query = "INSERT INTO green_belt.poll_options (name, poll_id, updated_at, created_at) VALUES ('{$esc_option4}', {$poll_id}, NOW(), NOW())"; $option1_id = run_mysql_query($option1_query); $option2_id = run_mysql_query($option2_query); $option3_id = run_mysql_query($option3_query); $option4_id = run_mysql_query($option4_query); header("location: index.php"); } } elseif (isset($_POST['action']) && $_POST['action'] == 'vote') { if (empty($_POST['opt'])) { unset($_SESSION['error']);
<?php $username = escape_this_string($_POST['username']); $email = escape_this_string($_POST['email']); $password = escape_this_string($_POST['password']); $salt = bin2hex(openssl_random_pseudo_bytes(22)); $encrypted_password = md5($password . '' . $salt); $query = "INSERT INTO users (username, email, password, salt, created_at, updated_at) \n VALUES ('{$username}', '{$email}', '{$encrypted_password}', '{$salt}', NOW(), NOW());\n run_mysql_query({$query})";
// die(); $query = "INSERT INTO comments (comment, message_id, comment_user_id, created_at_cmt, updated_at_cmt) VALUE ('{$comment}', '{$message_id}', '{$user_id}', NOW(), NOW())"; run_mysql_query($query); header('location: wall.php'); } else { header('Location: wall.php'); } //message handling } else { if ($_POST['action'] == 'post_message') { //check what button was clicked if (isset($_POST['submit_message']) && $_POST['submit_message'] != null && !empty($_POST['submit_message'])) { //make sure the message isn't blank $user_id = $_SESSION['user_id']; //again, variables for easier syntax in the query $message = escape_this_string($_POST['message']); //prevent MySQL injection $query = "INSERT INTO messages (message, user_id, created_at_msg, updated_at_msg) VALUE ('{$message}', '{$user_id}', NOW(), NOW())"; // var_dump($user_id); // die(); run_mysql_query($query); header('location: wall.php'); } else { if ($_POST['submit_message'] == null) { header('location: wall.php'); } else { header("Location: wall.php"); //if no button was clicked, then refresh } } //delete message handling
function login() { $email = escape_this_string($_POST['email']); $password = escape_this_string($_POST['password']); //check is login info is in database // $query = "SELECT * FROM users WHERE users.email ='{$email}' and users.password ='******'; "; $query = "SELECT id as user_id, name_first, name_last\n\t\t\t\t\t\t\t\tFROM users\n\t\t\t\t\t\t\t\tWHERE email='{$email}'\n\t\t\t\t\t\t\t\tAND password='******';\n\t\t"; if (!fetch($query)) { $_SESSION['errors']['login'] = "******"; header("Location: index.php"); die; } $_SESSION = fetch($query)[0]; //// user array replaces SESSION // $user = fetch($query)[0]; // $_S['user-id'] = $user['id']; // $_S['user-name'] = $user['name_first']; header("Location: wall.php"); }
/* ========================== Posts form validation ====================================================== */ if ($_POST['submitted_form'] == 'post') { $posts = $_POST['post_message']; $query_1 = "INSERT INTO posts (post, created_at, updated_at, user_id) \n \t\t\t\t\tVALUES ( '{$posts}', NOW(), NOW(), {$_SESSION['this_user']['id']} )"; $query_2 = "SELECT posts.id as post_id, post, posts.created_at as post_created_at, posts.user_id, \n\t\t\t\t\tusers.id as user_id, users.first_name, users.last_name, users.created_at as users_created_at \n\t\t\t\t\tFROM posts LEFT JOIN users ON posts.user_id = users.id"; $query_3 = "SELECT comments.id AS comment_id, comments.comment, comments.created_at AS comment_created_at, \n\t\t\t\t\tcomments.user_id AS comment_user_id, comments.post_id AS comment_post_id, \n\t\t\t\t\tusers.first_name AS comment_first_name, users.id AS comment_user_id FROM comments\n\t\t\t\t\tLEFT JOIN users ON comments.user_id = users.id;;"; // var_dump($post_message); // var_dump(run_mysql_query($get_messages)); // var_dump(fetch_all($get_messages)); // var_dump(fetch_all($get_posts)); run_mysql_query($query_1); if (fetch_all($query_2)) { $_SESSION['all_posts'] = fetch_all($query_2); } if (!empty(fetch_all($query_3))) { $_SESSION['all_comments'] = fetch_all($query_3); } header('location: wall.php'); } /* ========================== Comment form validation ==================================================== */ if ($_POST['submitted_form'] == 'comments') { $comment = escape_this_string($_POST['post_comments']); $query_1 = "INSERT INTO comments (comment, created_at, updated_at, user_id, post_id )\n\t\t VALUES ('{$comment}', NOW(), NOW(), '{$_SESSION['this_user']['id']}', '{$_POST['post_id']}')"; $query_2 = "SELECT comments.id AS comment_id, comments.comment, comments.created_at AS comment_created_at, \n\t\t\t\t\tcomments.user_id AS comment_user_id, comments.post_id AS comment_post_id, \n\t\t\t\t\tusers.first_name AS comment_first_name, users.id AS comment_user_id FROM comments\n\t\t\t\t\tLEFT JOIN users ON comments.user_id = users.id;"; run_mysql_query($query_1); // // // var_dump($_SESSION['post_id']); // // // var_dump($query_1); // // // var_dump(run_mysql_query($post_comments)); $_SESSION['all_comments'] = fetch_all($query_2); header('location: wall.php'); }
<?php session_start(); require 'connection.php'; $errors = array(); if (isset($_POST['action']) && $_POST['action'] == 'logout') { session_destroy(); header('location: index.php'); } else { if (isset($_POST['action']) && $_POST['action'] == 'message') { $message = escape_this_string($_POST['message']); $query = "INSERT INTO messages (message, users_id, created_at, updated_at) VALUES ('{$message}', '{$_SESSION['user_id']}', NOW(), NOW())"; if (!run_mysql_query($query)) { $errors[] = 'failed to post message'; } $_SESSION['errors'] = $errors; header('location: main.php'); } else { if (isset($_POST['action']) && $_POST['action'] == 'comment') { $comment = escape_this_string($_POST['comment']); $query = "INSERT INTO comments (comment, users_id, messages_id, created_at, updated_at) VALUES ('{$comment}', '{$_SESSION['user_id']}', '{$_POST['message_id']}', NOW(), NOW())"; if (!run_mysql_query($query)) { $errors[] = 'failed to post comment'; } $_SESSION['errors'] = $errors; header('location: main.php'); } } }
} /* ======================== Login form validation ======================================================== */ if ($_POST['submitted_form'] == 'login') { if (empty($_POST['email']) || empty($_POST['password'])) { $errors[] = "Make sure no fields are empty"; } if (strlen($_POST['password']) < 6 || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $errors[] = "Make sure password is more than 6 characters and email is valid"; } // Set local variables // $query_1 = "SELECT * FROM users WHERE email = '{$_POST['email']}' "; $query_2 = "SELECT posts.id as post_id, post, posts.created_at as post_created_at, posts.user_id, \n\t\t\t\t\tusers.id as user_id, users.first_name, users.last_name, users.created_at as users_created_at \n\t\t\t\t\tFROM posts LEFT JOIN users ON posts.user_id = users.id"; $query_3 = "SELECT comments.id AS comment_id, comments.comment, comments.created_at AS comment_created_at, \n\t\t\t\t\tcomments.user_id AS comment_user_id, comments.post_id AS comment_post_id, \n\t\t\t\t\tusers.first_name AS comment_first_name, users.id AS comment_user_id FROM comments\n\t\t\t\t\tLEFT JOIN users ON comments.user_id = users.id;"; $this_user = fetch_record($query_1); // Check database for username & password // $encrypted_password = md5(escape_this_string($_POST['password']) . '' . $this_user['salt']); if (empty($this_user)) { $errors[] = "Email was not found"; } else { if ($this_user['password'] != $encrypted_password) { $errors[] = "Password and email do not match"; } } /* ---------- use when troubleshooting password / email errors ------ */ // echo "this_user: "******"encrypted_password:"******"stored password:"; // var_dump($this_user['password']); // var_dump($this_user['salt']);