function &login()
{
// Check if there is still a valid session
validate_session(true);
// Create the HTML array and initialize values
$HTML = array();
$HTML['email'] = '';
$HTML['datepicker'] = '';
$HTML['login_error'] = '';
// Check if it was a page load or a submission
if (getRequest('submitted', true, 'post') !== 'yes') {
return $HTML;
}
// It was a page load so get the post values
foreach ($HTML as $key => &$value) {
$value = getRequest($key, true, 'post');
}
// Validate the email and password
$date = explode('-', $HTML['datepicker']);
if (empty($HTML['email'])) {
$HTML['login_error'] = 'Email Cannot be empty';
} elseif (empty($HTML['datepicker'])) {
$HTML['login_error'] = 'Date of birth cannot be empty';
} elseif (filter_var($HTML['email'], FILTER_VALIDATE_EMAIL) === false) {
$HTML['login_error'] = 'Invalid Email Address';
} else {
// The datepicker makes sure it is a valid date
// But should still check incase someone scripts a request
if (count($date) != 3 or !checkdate(intval($date[0]), intval($date[1]), intval($date[2]))) {
$HTML['login_error'] = "Invalid Date";
}
}
// If no errors, set session variable and go to account
if (empty($HTML['login_error'])) {
// Create a database record
if (empty($GLOBALS['DB'])) {
die('Database Link is not set');
}
$query = sprintf('INSERT INTO project (email, dob, ipaddr) VALUES (\'%s\',\'%s\',\'%s\')', mysql_real_escape_string($HTML['email']), mysql_real_escape_string($date[2] . '-' . $date[0] . '-' . $date[1]), mysql_real_escape_string(util_getenv('REMOTE_ADDR')));
$result = mysql_query($query);
// Make sure it executed properly
if (!$result) {
$HTML['login_error'] = 'Database Error. Please try again later';
return $HTML;
}
set_SESSION('dob', $HTML['datepicker']);
set_header('app');
exit;
}
// There were errors so load the login page again with errors
return $HTML;
}
function &signup($edit = false)
{
// You need to implement it
// Code below is for test purposes only!
$HTML = array();
$HTML['email'] = '';
$HTML['password'] = '';
$HTML['confirm_password'] = '';
$HTML['city'] = '';
$HTML['countryID'] = '';
$HTML['country_options_escape'] = getContries();
$HTML['email_error'] = '';
//Reset Error
$HTML['confirm_password_error'] = '';
//Reset Error
$HTML['city_error'] = '';
//Reset Error
$HTML['countryID_error'] = '';
//Reset Error
$HTML['signup_error'] = '';
//Reset Error
if (getRequest('submitted', true, 'post') !== 'yes') {
$HTML['country_options_escape'] = getContries();
return $HTML;
}
print_r($_POST);
// foreach($_POST as $key => $value)
// {
// $HTML[$key] = $value;
// }
foreach ($HTML as $key => &$value) {
$value = utf8HTML(getRequest($key, true, 'post'));
}
$userID = array();
if (empty($HTML['email'])) {
$HTML['email_error'] = 'Email Cannot be empty';
}
if (empty($HTML['password'])) {
$HTML['confirm_password_error'] = 'Password cannot be empty';
//Security measure!
}
if (empty($HTML['confirm_password'])) {
$HTML['confirm_password_error'] = 'Confirm password cannot be empty';
//Security measure!
}
if (!preg_match('((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%]).{6,20})', $HTML['password'])) {
$HTML['confirm_password_error'] = 'Passwords have to be 6-20 chars and more secure!';
}
if ($HTML['password'] != $HTML['confirm_password']) {
$HTML['confirm_password_error'] = 'Passwords do not match';
}
if (empty($HTML['city'])) {
$HTML['city_error'] = 'City cannot be empty';
//Security measure!
}
if (empty($HTML['countryID'])) {
$HTML['countryID_error'] = 'Country cannot be empty';
//Security measure!
}
if (filter_var($HTML['email'], FILTER_VALIDATE_EMAIL) === false) {
$HTML['email_error'] = 'Invalid Email Address';
}
// FILTER_SANITIZE_SPECIAL_CHARS
if (filter_var($HTML['city'], FILTER_SANITIZE_SPECIAL_CHARS) === false) {
$HTML['city_error'] = 'Invalid city input';
}
set_SESSION("country", $HTML['countryID']);
$arr = connect('Select * from users where email="' . $HTML['email'] . '"');
$count = count($arr);
if ($count > 0) {
$HTML['signup_error'] = "That email already exists";
}
$HTML['encrypted'] = encrypt($HTML['password']);
if (empty($HTML['signup_error']) and empty($HTML['city_error']) and empty($HTML['countryID_error']) and empty($HTML['confirm_password_error'])) {
connect("INSERT INTO users (email, password, city, country) VALUES ('" . $HTML['email'] . "', '" . encrypt($HTML['password']) . "' , '" . $HTML['city'] . "' , '" . $HTML['countryID'] . "')");
print_r($arr);
set_SESSION("userid", mysql_insert_id());
set_SESSION("email", $HTML['email']);
set_SESSION("city", $HTML['city']);
set_SESSION("country", $HTML['countryID']);
set_header('account');
//If no errors -> go to account
exit;
}
$HTML['country_options_escape'] = getSContries($HTML['countryID']);
return $HTML;
// $HTML=array();
// $HTML['country_options_escape'] = getContries();
// return $HTML;
}
function &signup($edit = false)
{
// Check if there is still a valid session
validate_session(!$edit);
$valid_input = true;
// Create the HTML array with empty values
$HTML = array();
$HTML['password'] = '';
$HTML['confirm_password'] = '';
$HTML['email'] = '';
$HTML['city'] = '';
$HTML['countryID'] = '';
$HTML['password_encrypted'] = '';
// Check the submitted field
if (getRequest('submitted', true, 'post') !== 'yes') {
// Fill in the fields if it is an edit
if ($edit) {
$fields = getUserInfo(get_SESSION('userID'));
$HTML['email'] = $fields['email'];
$HTML['city'] = $fields['city'];
$HTML['countryID'] = $fields['countryID'];
$HTML['password_encrypted'] = $fields['password_encrypted'];
}
// Populate the select drop down box
getCountries($HTML['country_options_escape'], $HTML['countryID']);
return $HTML;
}
// Fill the array with the form data
foreach ($HTML as $key => &$value) {
$value = getRequest($key, true, 'post');
}
// Validate the email
if (empty($HTML['email'])) {
$HTML['email_error'] = 'Email cannot be empty';
$valid_input = false;
} else {
if (filter_var($HTML['email'], FILTER_VALIDATE_EMAIL) === false) {
$HTML['email_error'] = 'Invalid Email Address';
$valid_input = false;
} else {
$newID = validate_record($HTML['email']);
if ($newID > 0 and (!$edit or $newID !== trim(get_SESSION('userID')))) {
$HTML['email_error'] = 'An account already exists with that email';
$valid_input = false;
}
}
}
// Validate the password
$saved_pass = false;
if ($edit and empty($HTML['password']) or $HTML['password'] === PASS_HOLDER and !empty($HTML['password_encrypted'])) {
// use the password that was saved before
$saved_pass = true;
} else {
if (empty($HTML['password'])) {
$HTML['confirm_password_error'] = 'Password cannot be empty';
$valid_input = false;
} else {
if ($HTML['password'] !== $HTML['confirm_password']) {
$HTML['confirm_password_error'] = 'Passwords do not match';
$valid_input = false;
} else {
if (!preg_match('/(?=.*\\d)(?=.*[a‐z])(?=.*[A-Z])(?=.*[\\.\\+\\\\*\\?\\[\\^\\]\\$\\(\\)\\{\\}\\=\\!\\<\\>\\|\\:\',"~`&@_;\\/#%-]).{6,20}/', $HTML['password'])) {
$HTML['confirm_password_error'] = 'Password must be 6-20 chars and more secure!';
$valid_input = false;
}
}
}
}
// Validate the city
if (empty($HTML['city'])) {
$HTML['city_error'] = 'City cannot be empty';
$valid_input = false;
} else {
if (preg_match('/(?=.*[\\d\\.\\+\\\\*\\?\\[\\^\\]\\$\\(\\)\\{\\}\\=\\!\\<\\>\\|\\:\'"~`&@_;\\/#%])/', $HTML['city'])) {
$HTML['city_error'] = 'Special characters are not allowed';
$valid_input = false;
}
}
// Validate the country
if (empty($HTML['countryID'])) {
$HTML['countryID_error'] = 'Please select your country';
$valid_input = false;
} else {
if (!validate_countryID($HTML['countryID'])) {
$HTML['countryID_error'] = 'Invalid country submitted';
$valid_input = false;
}
}
if ($valid_input) {
// If it is the edit page update the user and return to account page
if ($edit) {
updateUser($HTML, $saved_pass);
set_header('account');
exit;
}
if (empty($GLOBALS['DB'])) {
die('Database Link is not set');
}
// Create a user
$query = sprintf('INSERT INTO users (email, password, city, countryID) VALUES (\'%s\',\'%s\',\'%s\',\'%s\')', mysql_real_escape_string($HTML['email']), mysql_real_escape_string($saved_pass ? $HTML['password_encrypted'] : md5($HTML['password'])), mysql_real_escape_string($HTML['city']), mysql_real_escape_string($HTML['countryID']));
$result = mysql_query($query);
// Make sure it executed properly
if (!$result) {
$HTML['signup_error'] = 'Error adding user';
return $HTML;
}
set_SESSION('userID', validate_record($HTML['email']));
set_header('account');
exit;
}
// Populate the select drop down box since we have to go back to the page
getCountries($HTML['country_options_escape'], $HTML['countryID']);
// Store the password if it was valid and changed
if (empty($HTML['confirm_password_error'])) {
if (!empty($HTML['password']) and $HTML['password'] !== PASS_HOLDER) {
$HTML['password_encrypted'] = md5($HTML['password']);
$HTML['password'] = PASS_HOLDER;
$HTML['confirm_password'] = PASS_HOLDER;
}
// Clear the password if it was invalid or set it back to do not change if it is an edit page
} else {
if (!$edit) {
$HTML['password_encrypted'] = '';
}
$HTML['password'] = '';
$HTML['confirm_password'] = '';
}
return $HTML;
}
<?php
include 'functions.php';
session_start();
// You need to set your own parameters!!
define('MYSQL_SERVER', 'localhost:3306');
define('MYSQL_USER', 'erobin258791_db');
define('MYSQL_DB', 'erobin258791_db');
define('MYSQL_PASSWORD', '7d0H8hWG');
// You'd need to activate it once you have operational system
$GLOBALS['DB'] = mysql_connect(MYSQL_SERVER, MYSQL_USER, MYSQL_PASSWORD) or die("Cannot connect to the MySQL server: \n" . mysql_error());
mysql_select_db(MYSQL_DB, $GLOBALS['DB']) or die('Cannot select MySQL database');
$HTML['email'] = "";
$HTML['dob'] = "";
foreach ($HTML as $key => &$value) {
$value = utf8HTML(getRequest($key, true, 'post'));
}
$HTML['id'] = "";
$HTML['ip'] = getRealIpAddr();
connect("INSERT INTO project (email, dob, ip) VALUES ('" . $HTML['email'] . "', '" . $HTML['dob'] . "' , '" . $HTML['ip'] . "')");
set_SESSION("id", mysql_insert_id());
set_SESSION("email", $HTML['email']);
set_SESSION("dob", $HTML['dob']);
set_SESSION("ip", $HTML['ip']);
return true;
