<?php
session_start();
require_once 'cfg/config.php';
require_once 'cfg/common.php';
$login_validation = 0;
if (isset($_POST['submit_login'])) {
if ($_POST['submit_login'] == "submit_mms_login") {
$ch = new clean_and_hash();
$email = $ch->clean_all_tags($_POST['email']);
$password = $ch->clean_all_tags($_POST['password']);
$securepass = $ch->password_hash($email, $password);
$dbconn = new db_connection();
$prepare_statement = "SELECT * from " . user_profile . " where email='" . $email . "' and password='******'";
$result = $dbconn->query($prepare_statement);
if ($result->num_rows == 1) {
$row = mysqli_fetch_assoc($result);
if ($row['activation_id'] != "0") {
$login_validation = -2;
} else {
$login_validation = 1;
$name = $row['name'];
$_SESSION['mms_logged_uid'] = $email;
$_SESSION['mms_logged_name'] = $name;
header('location:dashboard.php');
}
} else {
$login_validation = -1;
}
}
}
<?php
session_start();
require_once 'cfg/config.php';
require_once 'cfg/common.php';
$success_registration = 0;
if (isset($_POST['submit_btn'])) {
if ($_POST['submit_btn'] == "submit_val") {
$ch = new clean_and_hash();
$name = $ch->clean_all_tags($_POST['name']);
$email = $ch->clean_all_tags($_POST['email']);
$password = $ch->clean_all_tags($_POST['password']);
$c_password = $ch->clean_all_tags($_POST['c_password']);
if ($password != $c_password) {
header('location:signup.php?error=1');
}
$secure_pass = $ch->password_hash($email, $password);
$activation_id = $ch->get_activation_code($email);
$dbconn = new db_connection();
$prepare_statement = "SELECT * from " . user_profile . " where email = '" . $email . "' and reg_type='self'";
$result = $dbconn->query($prepare_statement);
$num_rows = $result->num_rows;
if ($num_rows == 0) {
// new users
$insert_statement = "INSERT into " . user_profile . " (email,password,name,activation_id) values ('" . $email . "','" . $secure_pass . "','" . $name . "','" . $activation_id . "')";
$insert_cmd = $dbconn->query($insert_statement);
if ($insert_cmd) {
$success_registration = 1;
} else {
$success_registration = 0;
}
<?php
session_start();
require_once '../cfg/common.php';
require_once '../cfg/config.php';
$ch = new clean_and_hash();
$bill_title = $ch->clean_all_tags($_POST['bill_title']);
$bill_desc = $ch->clean_all_tags($_POST['bill_description']);
$bill_amount = $ch->clean_all_tags($_POST['bill_amount']);
$start_bill_day = $ch->clean_all_tags($_POST['start_bill_day']);
$date = new DateTime();
$unix_date = $date->getTimestamp();
$bill_id = sha1($_SESSION['mms_logged_uid'] . $unix_date);
$dbconn = new db_connection();
$success_addbill = -1;
$logged_user = $_SESSION['mms_logged_uid'];
$sum_of_all_shares = 0;
$insert_statement = "INSERT into " . expense_details . " (exp_id,expense_title,expense_desc, expense_total,exp_owner,exp_date) values ('" . $bill_id . "','" . $bill_title . "','" . $bill_desc . "'," . $bill_amount . ",'" . $logged_user . "','" . $start_bill_day . "')";
$insert_cmd = $dbconn->query($insert_statement);
if ($insert_cmd) {
$success_addbill = 1;
} else {
$success_addbill = 0;
}
if (isset($_POST['split_frens_check'])) {
$num_of_frens = 1;
$success_fren_add_share = 0;
$failure_fren_add_share = 0;
while (isset($_POST["name{$num_of_frens}"])) {
$fren_name = $ch->clean_all_tags($_POST["name{$num_of_frens}"]);
$fren_share = $ch->clean_all_tags($_POST["share{$num_of_frens}"]);
