if ($_POST) { $data = $_POST; $data['userName'] = trim($data['userName']); if (empty($data['userName'])) { $errors['email'] = 'Username veld is verplicht!'; } if (empty($data['password'])) { $errors['password'] = '******'; } if (empty($errors)) { $query = 'SELECT * FROM user WHERE username=:username'; $stmt = $db->prepare($query); $stmt->execute(['username' => $data['userName']]); $result = $stmt->fetch(); if (isset($result)) { $userValid = SecurePassword::validatePassword($result['salt'], $result['password'], $data['password']); if ($userValid) { $_SESSION[USER] = $result['username']; header('location: admin/index.php'); } } if (!isset($_SESSION[USER])) { $errors['algemeen'] = 'De login gegevens kloppen niet! Probeer opnieuw.'; } } } } ?> <?php if (!empty($errors)) {
include $_SERVER['DOCUMENT_ROOT'] . "/wallfly-mvc/app/config/database.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/wallfly-mvc/app/core/Database.php"; include "securepassword.php"; $checkUser = "******"; $checkPassword = "******"; $_SESSION['loginError'] = ""; $response = array("error" => FALSE); try { $DBH = Database::getInstance(); $DBH->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch (PDOException $e) { echo "Unable to connect"; file_put_contents('Log/PDOErrorLog.txt', $e->getMessage(), FILE_APPEND); } try { $securePass = new SecurePassword(); //execute the SQL query and return records $statement = $DBH->prepare("SELECT * FROM super_user WHERE email=:email"); $statement->execute(['email' => $checkUser]); $result = $statement->fetch(PDO::FETCH_OBJ); if ($result) { $comparehash = $securePass->validate_password($checkPassword, $result->password); if ($comparehash) { //session expire setup $_SESSION["expiration"] = time() + 1800; //session user setup $response["usertype"] = "Owner"; $response["username"] = $result->email; $response['userFirstName'] = $result->firstname; $response['userLastName'] = $result->lastname; echo json_encode($response);
public function enterNewUser($validForm, $userName, $password, $userType, $email, $firstName, $lastName) { $this->valid = $validForm; if ($this->valid == false) { echo "<script type='text/javascript'> openModal(); </script>"; exit; } if (isset($_SESSION["signedUp"]) && $_SESSION["signedUp"] == "true") { $_SESSION["signedUp"] = ""; //database adding try { $DBH = Database::getInstance(); $DBH->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch (PDOException $e) { echo "Unable to connect"; file_put_contents('Log/PDOErrorLog.txt', $e->getMessage(), FILE_APPEND); } # query db for username $statement = $DBH->prepare("SELECT username FROM user WHERE username=:userName"); $statement->bindParam(':userName', $userName); $statement2 = $DBH->prepare("SELECT email FROM user WHERE email=:email"); $statement2->bindParam(':email', $email); $statement->execute(); $statement2->execute(); # setting the fetch mode $statement->setFetchMode(PDO::FETCH_OBJ); $statement2->setFetchMode(PDO::FETCH_OBJ); # handling the results if ($statement->rowCount() > 0) { echo "<script type='text/javascript'>"; echo 'sweetAlert("Sorry", "That username already exists", "error");'; // echo "alert('Sorry that username already exists');"; echo "openModal()"; echo "</script>"; exit; } elseif ($statement2->rowCount() > 0) { echo "<script type='text/javascript'>"; echo 'sweetAlert("Sorry", "That email is already registered", "error");'; // echo "alert('Sorry that email is already registered');"; echo "openModal()"; echo "</script>"; exit; } else { $securePass = new SecurePassword(); $this->hashedPassword = $securePass->create_hash($password); $statement3 = $DBH->prepare("INSERT INTO user(username, password, privilege, email, first_name, last_name)\n VALUES(:username, :password, :usertype, :email, :first_name, :last_name)"); $result = $statement3->execute(array("username" => $userName, "password" => $this->hashedPassword, "usertype" => $userType, "email" => $email, "first_name" => $firstName, "last_name" => $lastName)); #close db connection $DBH = NULL; #clear the saved form $_POST = array(); $userName = $password = $firstName = $lastName = $email = $userType = ""; $_SESSION[newSignUp] = 'true'; header('Location: index.php'); exit; } } }