function login_user($name, $password) { global $model, $s; $password = md5($password); $result = $model['user']['login']($name, $password); if ($result) { $user = mysqli_fetch_assoc($result); $s['user'] = $user; add_flash('info', "You're now logged in"); go_home(); } else { add_flash('danger', "Wrong credentials"); } }
<?php $add_model = function (&$model) use($conn) { $user = array(); mysqli_query($conn, "CREATE TABLE IF NOT EXISTS users(\n id INT PRIMARY KEY AUTO_INCREMENT,\n name VARCHAR(20) UNIQUE,\n password VARCHAR(40),\n email VARCHAR(40),\n email_hash VARCHAR(40)\n )"); $user['create'] = function ($user) use($conn) { $name = $user['name']; $password = md5($user['password']); $email = strtolower($user['email']); $email_hash = md5($email); mysqli_query($conn, "INSERT INTO users(name, password, email, email_hash)\n VALUES('{$name}', '{$password}', '{$email}', '{$email_hash}')"); add_flash('success', "User created"); }; $user['login'] = function ($name, $password) use($conn) { $result = mysqli_query($conn, "SELECT * FROM users WHERE name='{$name}' AND password='******'"); return mysqli_num_rows($result) ? $result : False; }; $user['by_name'] = function ($name) use($conn) { $result = mysqli_query($conn, "SELECT * FROM users WHERE name='{$name}'"); $user = mysqli_fetch_assoc($result); return $user; }; $model['user'] = $user; }; $add_model($model); unset($add_model);
<?php $titles[] = 'Register'; if ($s['user']) { add_flash('warning', "You can't create new users during the session"); go_home(); } if ($p) { $error_messages = validate('register', $p); if ($error_messages) { foreach ($error_messages as $msg) { add_flash('danger', $msg); } } else { $model['user']['create']($p); login_user($p['name'], $p['password']); } } include get_tpl('register');
<?php $add_model = function (&$model) use($conn) { global $s; mysqli_query($conn, "CREATE TABLE IF NOT EXISTS posts(\n id INT PRIMARY KEY AUTO_INCREMENT,\n title VARCHAR(20),\n content TEXT\n )"); $post = array(); $post['create'] = function ($post) use($conn, $s) { $title = $post['title']; $content = strip_tags($post['content'], '<a>'); mysqli_query($conn, "INSERT INTO posts(title, content)\n VALUES('{$title}', '{$content}')"); $new_id = mysqli_insert_id($conn); mysqli_query($conn, "INSERT INTO com(from_id, from_type, to_id, to_type)\n VALUES({$s['user']['id']}, 'user', {$new_id}, 'post')"); add_flash('success', "Post created"); }; $post['all'] = function ($where = 'WHERE com.rel_type="have"') use($conn, $s) { $result = mysqli_query($conn, "SELECT * FROM posts JOIN com JOIN users\n ON posts.id = com.to_id AND users.id = com.from_id {$where}\n ORDER BY posts.id DESC"); // $posts = array(); while ($posts[] = mysqli_fetch_assoc($result)) { } array_pop($posts); return $posts; }; $post['my_stream'] = function () use($conn, $s, $post) { return $post['all']("WHERE users.id = {$s['user']['id']} AND com.rel_type='have' "); }; $post['by_user'] = function ($id) use($conn, $s, $post) { return $post['all']("WHERE users.id = {$id} AND com.rel_type='have' "); }; $post['by_id'] = function ($id) use($conn, $s, $post) { return $post['all']("WHERE posts.id = {$id} AND com.rel_type='have' "); };
<?php unset($s['user']); add_flash('info', "Now you're Anon"); go_home();