Example #1
0
<?php

session_start();
require_once 'dbConnection.php';
$connection = new dbConnection();
session_regenerate_id();
$email = $connection->escape($_POST['email']);
$pass = $connection->escape($_POST['pass']);
$result = $connection->select("SELECT UserID, Email, Password FROM `Users` WHERE `Email`='{$email}' AND `Password`='{$pass}'");
if (mysqli_num_rows($result) == 0) {
    echo 0;
} else {
    echo 1;
    $row = $result->fetch_assoc();
    $_SESSION['Login'] = $email;
    $_SESSION['UserID'] = $row['UserID'];
}
Example #2
0
<?php

session_start();
$action = '';
if (isset($_GET['act'])) {
    $action = $_GET['act'];
}
if ($action == "all") {
    require_once 'dbConnection.php';
    require_once 'wishClass.php';
    $connection = new dbConnection();
    $status = preg_replace("/[^0-9,.]/", "", $connection->escape($_POST['status']));
    $owner = preg_replace("/[^0-9,.]/", "", $connection->escape($_POST['owner']));
    $performer = preg_replace("/[^0-9,.]/", "", $connection->escape($_POST['performer']));
    $moneyFrom = preg_replace("/[^0-9,.]/", "", $connection->escape($_POST['moneyFrom']));
    $moneyTo = preg_replace("/[^0-9,.]/", "", $connection->escape($_POST['moneyTo']));
    $pointsFrom = preg_replace("/[^0-9,.]/", "", $connection->escape($_POST['pointsFrom']));
    $pointsTo = preg_replace("/[^0-9,.]/", "", $connection->escape($_POST['pointsTo']));
    $rankFrom = preg_replace("/[^0-9,.]/", "", $connection->escape($_POST['rankFrom']));
    $rankTo = preg_replace("/[^0-9,.]/", "", $connection->escape($_POST['rankTo']));
    $wishes = wishClass::selectAll($status, $owner, $performer, $moneyFrom, $moneyTo, $pointsFrom, $pointsTo, $rankFrom, $rankTo);
    if (!isset($_SESSION['count'])) {
        $_SESSION['count'] = 0;
    }
    foreach ($wishes as $wish) {
        if (!file_exists("images/profiles/{$wish->ownerId}.jpg")) {
            $profileImage = 'not-found.png';
        } else {
            $profileImage = $wish->ownerId . '.jpg' . '?' . time();
        }
        if ($wish->status == 0) {
Example #3
0
<?php

session_start();
require_once 'dbConnection.php';
$connection = new dbConnection();
$email = $connection->escape($_POST['email']);
$pass = $connection->escape($_POST['pass']);
$fname = $connection->escape($_POST['fname']);
$lname = $connection->escape($_POST['lname']);
$phone = $connection->escape($_POST['phone']);
$err = 0;
# проверяем, не сущестует ли пользователя с таким именем
$result = $connection->select("SELECT COUNT(UserID) FROM Users WHERE Email='" . $email . "'");
$row = $result->fetch_row();
if ($row[0] !== 0) {
    $err = 1;
}
//"Пользователь с таким логином уже существует в базе данных"
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    $err = 2;
}
//" invalid emailaddress
# Если нет ошибок, то добавляем в БД нового пользователя
if ($err == 0) {
    $result = $connection->insert("INSERT INTO `Users`(`Email`, `Password`, `FirstName`, `LastName`, `Phone`) VALUES ('" . $email . "','" . $pass . "','" . $fname . "','" . $lname . "','" . $phone . "')");
    if ($result != 0) {
        echo 0;
        session_regenerate_id();
        $_SESSION['UserID'] = $connection->getLastInsertedID();
        $_SESSION['Login'] = $email;
    }