<?php
require '../../phpinclude/init.php';
// get, check and clean inputs
$email = check_text_input($_POST['email'], 1, 255, "Email", "/public/signin.php?err");
$password = check_text_input($_POST['password'], 1, 32, "Password", "/public/signin.php?err");
dbconnect(0);
// email exists?
$result = doSQL("select userID, password from users where email=?;", $email) or die("ERR");
if (!is_array($result)) {
// error, email inexistent
header("Location: /public/signin.php?err=1");
exit;
}
// get password
$row = $result[0];
// check hash
$passwordok = 0;
if (crypt($password, $row['password']) === $row['password']) {
$passwordok = 1;
}
if ($passwordok == 0) {
// error, password wrong
header("Location: /public/signin.php?err=1");
exit;
}
// sign in
sessionstart($row['userID']);
header("Location: /account/index.php?signin=1");
exit;
}
?>
<?php
// called for new sign in
$erraddr1 = 'signup.php?msg1';
$erraddr2 = 'signup.php?msg2';
$erraddr3 = 'signup.php?msg3';
$erraddrrc = 'signup.php?msgrc';
// check and clean inputs
$username = check_text_input($_POST['usernamesu'], 1, 16, 'Username', $erraddr1);
$password = check_text_input($_POST['passwordsu'], 6, 32, 'First Password', $erraddr2);
$password2 = check_text_input($_POST['passwordsu2'], 6, 32, 'Confirm Password', $erraddr2);
$email = check_text_input($_POST['emailsu'], 1, 255, 'First Email', $erraddr3);
$email2 = check_text_input($_POST['emailsu2'], 1, 255, 'Confirm Email', $erraddr3);
if (!(check_legal_chars($username) == $username)) {
do_err($erraddr1, 'Illegal characters in Username');
}
if (!($password == $password2)) {
do_err($erraddr2, 'Passwords do not match');
}
if (!($email == $email2)) {
do_err($erraddr3, 'Emails do not match');
}
dbconnect(0);
// check email still available
$result = doSQL("select * from users where email=?;", $email) or do_err($erraddr3, "Database Error");
if (is_array($result)) {
// no, exists, quit
do_err($erraddr3, "Email in use");
