}
}
nullcheck($ncfname, 'First Name');
nullcheck($ncsname, 'Surname');
nullcheck($ncemail, 'Email');
nullcheck($ncsecques, 'Security Question');
nullcheck($ncsecans, 'Security Question Answer');
if ($nerror === 0) {
//echo 'Stage Two of client creation:<br/>';
$emailck = "SELECT COUNT(*) as count\n\t\t\t\t\t\t\t\t\t\tFROM tbl_clients\n\t\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\t\temail = '{$ncemail}'\n\t\t\t\t\t\t\t\t\t\t";
$emailckqry = mysql_query($emailck);
$emailckres = mysql_fetch_assoc($emailckqry);
//echo 'Number of the same email addresses: ' . $emailckres;
if ($emailckres['count'] == 0) {
//echo 'Stage There of client creation:';
$pass = hashword('password321', $hash);
$createqry = "INSERT INTO tbl_clients (\n\t\t\t\t\t\t\t\t\t\t\t\tfirstname,\n\t\t\t\t\t\t\t\t\t\t\t\tsurname,\n\t\t\t\t\t\t\t\t\t\t\t\temail,\n\t\t\t\t\t\t\t\t\t\t\t\tmob,\n\t\t\t\t\t\t\t\t\t\t\t\ttel,\n\t\t\t\t\t\t\t\t\t\t\t\tpassword,\n\t\t\t\t\t\t\t\t\t\t\t\tsecques,\n\t\t\t\t\t\t\t\t\t\t\t\tsecans,\n\t\t\t\t\t\t\t\t\t\t\t\tday,\n\t\t\t\t\t\t\t\t\t\t\t\tmonth,\n\t\t\t\t\t\t\t\t\t\t\t\tyear,\n\t\t\t\t\t\t\t\t\t\t\t\tbanned,\n\t\t\t\t\t\t\t\t\t\t\t\tempty\n\t\t\t\t\t\t\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t\t\t\t\t\t\t'{$ncfname}',\n\t\t\t\t\t\t\t\t\t\t\t\t'{$ncsname}',\n\t\t\t\t\t\t\t\t\t\t\t\t'{$ncemail}',\n\t\t\t\t\t\t\t\t\t\t\t\t'{$ncmob}',\n\t\t\t\t\t\t\t\t\t\t\t\t'0',\n\t\t\t\t\t\t\t\t\t\t\t\t'{$pass}',\n\t\t\t\t\t\t\t\t\t\t\t\t'{$ncsecques}',\n\t\t\t\t\t\t\t\t\t\t\t\t'{$ncsecans}',\n\t\t\t\t\t\t\t\t\t\t\t\t'0',\n\t\t\t\t\t\t\t\t\t\t\t\t'0',\n\t\t\t\t\t\t\t\t\t\t\t\t'0',\n\t\t\t\t\t\t\t\t\t\t\t\t'0',\n\t\t\t\t\t\t\t\t\t\t\t\t'0'\n\t\t\t\t\t\t\t\t\t\t\t)";
$createsql = mysql_query($createqry);
if ($createsql) {
echo 'A New Client Created.<br />';
$clicheckqry = "SELECT *\n\t\t\t\t\t\t\t\t\t\t\t\t\tFROM tbl_clients\n\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\t\t\t\t\temail = '{$ncemail}'\n\t\t\t\t\t\t\t\t\t\t\t\t\tAND\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tsecans = '{$ncsecans}'\n\t\t\t\t\t\t\t\t\t\t\t\t\tLIMIT 1";
$clichecksql = mysql_query($clicheckqry);
$clirows = mysql_num_rows($clichecksql);
if (empty($clirows)) {
echo 'error: no client with that email';
echo '<a href="/newwebsite.php">Go back to the start</a>';
} else {
while ($clirow = mysql_fetch_assoc($clichecksql)) {
echo '<form action="/newwebsite.php" method="post">
<label for="cid">Client ID:</label><input type="number" name="cid" id="cid" value="' . $clirow['id'] . '" readonly/>
<br />
}
//testing empty
emptyvalue($fname);
emptyvalue($sname);
emptyvalue($email);
emptyvalue($mob);
emptyvalue($tel);
emptyvalue($pass);
emptyvalue($repass);
emptyvalue($day);
emptyvalue($month);
emptyvalue($year);
emptyvalue($secques);
emptyvalue($secans);
if ($pass === $repass) {
$pass = hashword($pass, $hash);
} else {
$error++;
}
//Checking the email address
if ($error === 0) {
$check = 0;
$regsql = "SELECT * \n\t\t\t\t\t\t\t\t\t\t\tFROM tbl_members\n\t\t\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\t\t\temail = '{$email}'";
$regqry = mysql_query($regsql) or sql_error();
$numRows = mysql_num_rows($regqry);
if ($numRows > 0) {
$check++;
}
if ($check === 0) {
echo 'unique';
//Adding the user
$loginError = 0;
function loginNull($string, $item)
{
global $loginError;
if (empty($string)) {
$loginError++;
echo '<p class="error">No value in ' . $item . '.</p>';
echo $loginForm;
}
}
loginNull($loginEmail, "Email");
loginNull($loginPassword, "Password");
//echo $loginError;
//encrypting and hashing values
$loginEmail = encrypt($loginEmail, $key);
$loginPassword = hashword($loginPassword, $hash);
//echo "<p>Email: " . $loginEmail . "</p><p>Password: "******"</p>";
if ($loginError === 0) {
$userID = '';
$query = "SELECT *\n\t\t\tFROM tbl_members\n\t\t\tWHERE\n\t\t\t\temail = '{$loginEmail}'\n\t\t\tAND\n\t\t\t\tpassword = '******'\n\t\t";
$sql = mysql_query($query) or mysql_error();
while ($row = mysql_fetch_assoc($sql)) {
//echo "id: " . $row['id'] . "<br />";
global $userID;
$userID = $row['id'];
$_SESSION['user'] = $row;
}
//echo $_SESSION['user']['id'];
if (!empty($_SESSION['user']['id'])) {
header("location: User.php");
die("Logged In");
<?php
include "../class/connection.php";
if (!empty($_POST)) {
if (isset($_POST['mail']) && isset($_POST['password']) && isset($_POST['uur']) && isset($_POST['datum']) && isset($_POST['waterlevel'])) {
$mail = $_POST['mail'];
$mail = encrypt($mail, $key);
$password = $_POST['password'];
$password2 = $password;
$password = hashword($password, $salt);
$waterlevel = $_POST['waterlevel'];
$uur = $_POST['uur'];
$datum = $_POST['datum'];
$userdata = login($mail, $password, $conn, $key);
if ($userdata !== null) {
setdata($userdata['ID_users'], $waterlevel, $uur, $datum, $conn);
echo "success";
exit;
} else {
$userdata = login($mail, $password2, $conn, $key);
if ($userdata !== null) {
setdata($userdata['ID_users'], $waterlevel, $uur, $datum, $conn);
echo "success";
exit;
} else {
echo "wrong login";
exit;
}
}
}
}
<?php
$email = protect($_POST['logemail']);
$password = protect($_POST['logpassword']);
//hash password
$password = hashword($password, $hash);
//set session
$logqry = "SELECT *\n\t\t\t\tFROM tbl_admins\n\t\t\t\tWHERE\n\t\t\t\t\temail = '{$email}'\n\t\t\t\tAND\n\t\t\t\t\tpassword = '******'\n\t\t\t";
$logsql = mysql_query($logqry) or mysql_error();
while ($usr = mysql_fetch_assoc($logsql)) {
$_SESSION['user'] = $usr;
header('Location: usr.php');
die;
}
$error++;
}
//encrypt the data
$regfname = encrypt($regfname, $key);
$regsname = encrypt($regsname, $key);
$regemail = encrypt($regemail, $key);
$regtel = encrypt($regtel, $key);
$regmob = encrypt($regmob, $key);
$regday = encrypt($regday, $key);
$regmonth = encrypt($regmonth, $key);
$regyear = encrypt($regyear, $key);
$reggender = encrypt($reggender, $key);
$regsecques = encrypt($regsecques, $key);
$regsecans = encrypt($regsecans, $key);
//hashing password
$regpass = hashword($regpass, $hash);
//set regpass2 to null
$regpass2 = "";
//echo
//$regfname . " " . $regsname . "<br />" . $regemail . "<br />" . $regtel . "<br />" . $regmob . "<br />" . $regday . "/" . $regmonth . "/" . $regyear . "<br />" . $regpass . "<br />" . $regpass2 . "<br />" . $regsecques . "<br />" . $regsecans . ".<br />"
//;
//Checking number of errors
if ($error === 0) {
$check = 0;
$query = "SELECT *\n\t\tFROM tbl_members\n\t\tWHERE\n\t\t\temail = '{$regemail}'\n\t\t";
$sql = mysql_query($query) or sql_error();
$numRows = mysql_num_rows($sql);
if ($numRows > 0) {
$check++;
}
if ($check === 0) {
function emptychk($string)
{
global $errors;
if (empty($string)) {
$errors++;
}
}
// run the functions
emptychk($old);
emptychk($new);
emptychk($re);
// Make sure there are no errors in the values
if ($errors === 0) {
// hash the password to check against the old password
$pass = hashword($old, $hash);
$newpass = hashword($new, $hash);
// Check the password
if ($pass === $_SESSION['user']['password']) {
//Check to make sure that the password and the re-type are the same
if ($new === $re) {
// Give that the new password are the same and the inputted old password is the same as the current password
// Now checking to make sure that the new password is not the same as the old password
if ($newpass !== $pass) {
// all aspects seem to be what is required to change the users password
$changesql = "UPDATE tbl_members\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tpassword = '******'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tid = '{$userid}'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAND\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tpassword = '******'";
if (mysql_query($changesql)) {
echo '<p class="success">Your password has been changed.</p>';
} else {
echo '<p class="error">Your password has not been changed.</p>';
}
} else {
