Example #1
0
     $message .= "Click on this link to activate your account\n";
     $message .= "http://bmetest.site40.net/confirm.php?passkey={$confirm_code}";
     mail($account->email, 'Registration Confirmation', "{$message}");
     header("Location: register.php?error_message={$error_message}");
 } else {
     if ($confirm_password != $account->password) {
         $error_message = "Passwords do not match";
         header("Location: register.php?error_message={$error_message}");
     } else {
         if ($confirm_email != $account->email) {
             $error_message = "Emails do not match";
             header("Location: register.php?error_message={$error_message}");
         } else {
             if ($error_message == "") {
                 $confirm_code = rand();
                 while (Queries::valueOccurances(Database::$table_temp, 'code', $confirm_code)) {
                     $confirm_code = rand();
                 }
                 if (!Queries::instertValuesIntoTable(Database::$table_temp, array($confirm_code, $account->username, $account->password, $account->email))) {
                     $error_message = "Error putting user into temporary database";
                     header("Location: register.php?error_message={$error_message}");
                 }
                 $message = "Your confirmation link: \r\n";
                 $message .= "Click on this link to activate your account\n";
                 $message .= "http://bmetest.site40.net/confirm.php?passkey={$confirm_code}";
                 mail($account->email, 'Registration Confirmation', "{$message}");
                 header("Location: thankyou.html");
             }
         }
     }
 }
Example #2
0
<?php

include '../includes.php';
Tracking::track(basename(filter_input(INPUT_SERVER, 'PHP_SELF')));
$passkey = filter_input(INPUT_GET, 'passkey');
if (!$passkey) {
    echo "Error receiving passkey";
} else {
    if (!ctype_digit($passkey)) {
        echo "Invalid passkey";
    } else {
        if (Queries::valueOccurances(Database::$table_temp, "code", $passkey) == 1) {
            $rows = Queries::getRowWithValue(Database::$table_temp, "code", $passkey);
            if (Queries::instertValuesIntoTable(Database::$table_users, array($rows['username'], $rows['password'], $rows['email']))) {
                echo "Email confirmation successful!";
                if (Queries::deleteValueFromTable(Database::$table_temp, "code", $passkey)) {
                    echo "<br>User info moved from temporary to permanent database";
                }
            }
        }
    }
}
Example #3
0
$account->password = filter_input(INPUT_POST, 'password');
$error_message = "";
if (!$account->username) {
    $error_message = "Error receiving username";
} else {
    if (!$account->password) {
        $error_message = "Error receiving password";
    } else {
        if (!ctype_alnum($account->username)) {
            $error_message = "Username must be alphanumeric";
        } else {
            if (!ctype_alnum($account->password)) {
                $error_message = "Password must be alphanumeric";
            }
        }
    }
}
if ($error_message != "") {
    echo $error_message;
} else {
    if (Queries::valueOccurances(Database::$table_users, "username", $account->username) == 1) {
        if (Queries::valueOccurances(Database::$table_users, "password", $account->password) == 1) {
            User::login($account->username, $account->password);
            header("Location: loggedin.php");
        } else {
            echo "Invalid password";
        }
    } else {
        echo "Invalid username";
    }
}
Example #4
0
$account = new User();
if ($account->isLoggedIn()) {
    $title = filter_input(INPUT_POST, 'title');
    $description = filter_input(INPUT_POST, 'description');
    $goal = filter_input(INPUT_POST, 'goal');
    $error_message = "";
    if (!ctype_alnum($title) && strlen($title) < 3 || strlen($title) > 100) {
        $error_message = "Title is not alphanumeric, too short (less than 3 characters), or too long (over 100 characters)";
    }
    if (strpos($description, "'") !== false || strpos($description, "\"") !== false) {
        $error_message = "Description cannot contain a ' or a \"";
    }
    if (!ctype_digit($goal)) {
        $error_message = "Goal is not numeric";
    }
    if ($error_message != "") {
        echo $error_message;
    } else {
        if (!Queries::valueOccurances(Database::$table_pages, "title", $title)) {
            if (!Queries::instertValuesIntoTable(Database::$table_pages, array($account->username, $title, $description, $goal, 0))) {
                echo "Error inserting page info into database";
            } else {
                echo "Successfully created your page!";
            }
        } else {
            echo "There's already a page with that title";
        }
    }
} else {
    echo "You need to be logged in to access this page";
}