<?php require '../../phpinclude/init.php'; // get, check and clean inputs $email = check_text_input($_POST['email'], 1, 255, "Email", "/public/signin.php?err"); $password = check_text_input($_POST['password'], 1, 32, "Password", "/public/signin.php?err"); dbconnect(0); // email exists? $result = doSQL("select userID, password from users where email=?;", $email) or die("ERR"); if (!is_array($result)) { // error, email inexistent header("Location: /public/signin.php?err=1"); exit; } // get password $row = $result[0]; // check hash $passwordok = 0; if (crypt($password, $row['password']) === $row['password']) { $passwordok = 1; } if ($passwordok == 0) { // error, password wrong header("Location: /public/signin.php?err=1"); exit; } // sign in sessionstart($row['userID']); header("Location: /account/index.php?signin=1");
exit; } ?> <?php // called for new sign in $erraddr1 = 'signup.php?msg1'; $erraddr2 = 'signup.php?msg2'; $erraddr3 = 'signup.php?msg3'; $erraddrrc = 'signup.php?msgrc'; // check and clean inputs $username = check_text_input($_POST['usernamesu'], 1, 16, 'Username', $erraddr1); $password = check_text_input($_POST['passwordsu'], 6, 32, 'First Password', $erraddr2); $password2 = check_text_input($_POST['passwordsu2'], 6, 32, 'Confirm Password', $erraddr2); $email = check_text_input($_POST['emailsu'], 1, 255, 'First Email', $erraddr3); $email2 = check_text_input($_POST['emailsu2'], 1, 255, 'Confirm Email', $erraddr3); if (!(check_legal_chars($username) == $username)) { do_err($erraddr1, 'Illegal characters in Username'); } if (!($password == $password2)) { do_err($erraddr2, 'Passwords do not match'); } if (!($email == $email2)) { do_err($erraddr3, 'Emails do not match'); } dbconnect(0); // check email still available $result = doSQL("select * from users where email=?;", $email) or do_err($erraddr3, "Database Error"); if (is_array($result)) { // no, exists, quit do_err($erraddr3, "Email in use");