function register_user()
{
global $db_server, $db_username, $db_password, $db_database;
// read input variables
$name = isset($_POST['name']) ? $_POST['name'] : "";
$username = isset($_POST['username']) ? $_POST['username'] : "";
$email = isset($_POST['email']) ? $_POST['email'] : "";
$password = isset($_POST['password']) ? $_POST['password'] : "";
// something is missing
if ($name == "" || $username == "" || $email == "" || $password == "") {
display_form("One or more input fields are empty", $name, $username, $email, $password);
} else {
$mysqli = new mysqli($db_server, $db_username, $db_password, $db_database);
$stmt = $mysqli->prepare("INSERT INTO reg(name, username, email, password) VALUES(?,?,?,?)");
$stmt->bind_param('ssss', $name, $username, $email, get_password_hash($password));
$stmt->execute();
if ($stmt->affected_rows == 1) {
echo "Registration successful";
}
$stmt->close();
$mysqli->close();
}
}
$pass_errors['current'] = 'Molim vas unesite svoju lozinku!';
}
if (preg_match('/^(\\w*(?=\\w*\\d)(?=\\w*[a-z])(?=\\w*[A-Z])\\w*){6,20}$/', $_POST['pass1'])) {
if ($_POST['pass1'] == $_POST['pass2']) {
$p = mysqli_real_escape_string($dbc, $_POST['pass1']);
} else {
$pass_errors['pass2'] = 'Vasa lozinka nije nadena u bazi podataka!';
}
} else {
$pass_errors['pass1'] = 'Molim unesite ispravnu lozinku!';
}
if (empty($pass_errors)) {
$q = "SELECT id FROM users WHERE pass='******' AND id={$_SESSION['user_id']}";
$r = mysqli_query($dbc, $q);
if (mysqli_num_rows($r) == 1) {
$q = "UPDATE users SET pass='******' WHERE id={$_SESSION['user_id']} LIMIT 1";
if ($r = mysqli_query($dbc, $q)) {
echo '<h3>Vasa lozinka je promjenjena.</h3>';
include './includes/footer.html';
exit;
} else {
trigger_error('Vasa lozinka nije mogli biti promjenjena zbog sistemskog errora.');
}
} else {
$pass_errors['current'] = 'Vasa trenutna lozinka je netocna';
}
}
}
require './includes/form_functions.inc.php';
?>
<h3>Promijenite vasu lozinku</h3>
function update_user($username, $email, $password, $firstName, $lastName, $age, $zipcode)
{
$password = get_password_hash($password);
$SQL = "UPDATE user SET username = '******', firstName = '" . $firstName . "', lastName = '" . $lastName . "', age = '" . $age . "'\n\t, email = '" . $email . "', password = '******', zipcode = '" . $zipcode . "' where username = '******';";
return mysql_query($SQL) or die(mysql_error());
}
require MYSQL;
require "stock.php";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$login_errors = array();
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$e = mysqli_real_escape_string($dbc, $_POST['email']);
} else {
$login_errors['email'] = 'Molimo unesite važeæu e-mail adresu!';
}
if (!empty($_POST['pass'])) {
$p = mysqli_real_escape_string($dbc, $_POST['pass']);
} else {
$login_errors['pass'] = '******';
}
if (empty($login_errors)) {
$q = "SELECT id, username, type FROM users WHERE(email='{$e}' AND pass='******')";
$r = mysqli_query($dbc, $q);
if (mysqli_num_rows($r) == 1) {
$row = mysqli_fetch_array($r, MYSQLI_NUM);
if ($row[2] == 'admin') {
session_regenerate_id(true);
$_SESSION['user_admin'] = true;
}
$_SESSION['user_id'] = $row[0];
$_SESSION['username'] = $row[1];
} else {
$login_errors['login'] = '******';
}
}
$o = "DELETE FROM current WHERE id=1";
$hi = mysqli_query($dbc, $o);
$pass_errors = array();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$q = 'SELECT id FROM users WHERE email="' . mysqli_real_escape_string($dbc, $_POST['email']) . '"';
$r = mysqli_query($dbc, $q);
if (mysqli_num_rows($r) == 1) {
list($uid) = mysqli_fetch_array($r, MYSQLI_NUM);
} else {
$pass_errors['email'] = 'Zadana email adresa ne slaze sa onim u arhivi!';
}
} else {
$pass_errors['email'] = 'Molim unesite vazecu email adresu!';
}
if (empty($pass_errors)) {
$p = substr(md5(uniqid(rand(), true)), 15, 15);
$q = "UPDATE users SET pass='******' WHERE id={$uid} LIMIT 1";
$r = mysqli_query($dbc, $q);
if (mysqli_affected_rows($dbc) == 1) {
$body = "Vasa sifra za logiranje na web sucelje za prodaju je privremeno promjenjena '{$p}'. \n\t\t\tMolim da se logirate pomocu te zaporke i ove email adrese. Tada mozete promjeniti vasu sifru\n\t\t\tna nesto poznatije.";
mail($_POST['email'], 'Vasa privremena lozinka.', $body, 'From: system0@net.hr');
echo '<h3>Vasa sifra je promjenjena.</h3><p>Primit cete novu, privremenu
zaporku emailom. Nakon sto ste se logirali sa novom sifrom, mozete ju promjeniti.</p>';
include './includes/footer.html';
exit;
} else {
trigger_error('Vasa zaporka se nije mogla promjeniti zbog sistemskog errora.');
}
}
}
require './includes/form_functions.inc.php';
?>
// Validate the email address:
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$e = mysqli_real_escape_string($dbc, $_POST['email']);
} else {
$login_errors['email'] = 'Please enter a valid email address!';
}
// Validate the password:
if (!empty($_POST['pass'])) {
$p = mysqli_real_escape_string($dbc, $_POST['pass']);
} else {
$login_errors['pass'] = '******';
}
if (empty($login_errors)) {
// OK to proceed!
// Query the database:
$q = "SELECT * FROM users WHERE (email='{$e}' AND pass='******')";
$r = mysqli_query($dbc, $q);
if (mysqli_num_rows($r) == 1) {
// A match was made.
// Get the data:
$row = mysqli_fetch_assoc($r);
// If the user is an administrator, create a new session ID to be safe:
// This code is created at the end of Chapter 4:
// Store the data in a session:
$_SESSION['user_id'] = $row['id'];
$_SESSION['username'] = $row['username'];
// Only indicate if the user's account is not expired:
} else {
// No match was made.
$login_errors['login'] = '******';
}
if ($refundSum > 0) {
$moneyflowTable->add(array("user" => $oldFields['user'], "sum" => $refundSum, "detailsname" => "refund", "detailsid" => $oldFields['id']));
}
break;
}
} else {
if ($oldFields['detailsname'] == 'adminpay') {
$moneyflowTable = new table('moneyflow');
$moneyflowTable->add(array("user" => $oldFields['user'], "sum" => -money($oldFields['sum']), "detailsname" => "adminpay", "detailsid" => $oldFields['detailsid']));
}
}
}
return $newFields;
}, 'master' => function ($id, $newFields) {
if (isset($newFields['password'])) {
$newFields['password'] = get_password_hash($newFields['password']);
}
return $newFields;
});
$afterEditRenderers = array('user' => function ($id, $newFields, $oldFields) {
// Router migration
if (isset($newFields['router'])) {
if (intval($oldFields['router'])) {
controllerRouterQueue($oldFields['router'], "delete", $id);
}
controllerRouterQueue($newFields['router'], "update", $id);
} else {
if (isset($newFields['login']) || isset($newFields['password']) || isset($newFields['disabled']) || isset($newFields['iplist'])) {
controllerRouterQueue($oldFields['router'], "update", $id);
}
}
<?php
function get_password_hash($password)
{
return $password;
}
if (isset($_POST["username"])) {
include "connect.php";
$q = "SELECT `id`,`password_hash` FROM `users` WHERE email = '" . $_POST["username"] . "'";
$user = mysql_fetch_object(mysql_query($q));
if ($user != null && $user->password_hash == get_password_hash($_POST["password"])) {
session_start();
$_SESSION['user'] = $user->id;
print "success";
exit;
} else {
print "error";
exit;
}
}
<?php
function get_password_hash($password)
{
// Generate a bcrypt encrypted password hash.
// This hash will always be 60 characters long.
return password_hash($password, PASSWORD_BCRYPT);
}
function verify_password_hash($password, $hash)
{
// Verify a bcrypt hashed password.
return password_verify($password, $hash);
}
$password = "";
if (isset($_GET['password'])) {
$password = $_GET['password'];
}
$hash = get_password_hash($password);
$hash_verified = verify_password_hash($password, $hash);
echo "Password: "******"<br>";
echo "Password hash: " . $hash . "<br>";
echo "Hash verified: " . ($hash_verified ? "True" : "False");
if (empty($reg_errors)) {
// If everything's OK...
// Make sure the email address and username are available:
$q = "SELECT email, username FROM users WHERE email='{$e}' OR username='******'";
$r = mysqli_query($dbc, $q);
// Get the number of rows returned:
$rows = mysqli_num_rows($r);
if ($rows == 0) {
// No problems!
// Add the user to the database...
// Temporary: set expiration to a month!
// Change after adding PayPal!
//$q = "INSERT INTO users (username, email, pass, first_name, last_name, date_expires) VALUES ('$u', '$e', '" . get_password_hash($p) . "', '$fn', '$ln', ADDDATE(NOW(), INTERVAL 1 MONTH) )";
// New query, updated in Chapter 6 for PayPal integration:
// Sets expiration to yesterday:
$q = "INSERT INTO users (username, email, pass, first_name, last_name, date_expires) VALUES ('{$u}', '{$e}', '" . get_password_hash($p) . "', '{$fn}', '{$ln}', SUBDATE(NOW(), INTERVAL 1 DAY) )";
$r = mysqli_query($dbc, $q);
if (mysqli_affected_rows($dbc) == 1) {
// If it ran OK.
// Get the user ID:
// Store the new user ID in the session:
// Added in Chapter 6:
$uid = mysqli_insert_id($dbc);
// $_SESSION['reg_user_id'] = $uid;
// Display a thanks message:
// Original message from Chapter 4:
echo '<h3>Thanks!</h3><p>Thank you for registering! You may now log in and access the site\'s content.</p>';
// Updated message from Chapter 6:
//echo "<h3>Thanks!</h3><p>Thank you for registering! To complete the process, please now click the button below so that you may pay for your site access via PayPal. The cost is $10 (US) per year.</p>";
// PayPal link added in Chapter 6:
echo '<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
}
if (preg_match('/^(\\w*(?=\\w*\\d)(?=\\w*[a-z])(?=\\w*[A-Z])\\w*){6,20}$/', $_POST['pass1'])) {
if ($_POST['pass1'] == $_POST['pass2']) {
$p = mysqli_real_escape_string($dbc, $_POST['pass1']);
} else {
$reg_errors['pass2'] = 'Vasa zaporka nije jednaka prihvacenoj zaporci!';
}
} else {
$reg_errors['pass1'] = 'Molim unesite zaporku!';
}
if (empty($reg_errors)) {
$q = "SELECT email, username FROM users WHERE email='{$e}' OR username='******'";
$r = mysqli_query($dbc, $q);
$rows = mysqli_num_rows($r);
if ($rows == 0) {
$q = "INSERT INTO users (username, email, pass, first_name, last_name) VALUES ('{$u}', '{$e}', '" . get_password_hash($p) . "', '{$fn}', '{$ln}')";
$r = mysqli_query($dbc, $q);
$concat = $fn . " " . $ln;
$z = "INSERT INTO db_cart_example_customer( name, email) VALUES('{$concat}', '{$e}')";
$w = mysqli_query($dbc, $z);
$uid = mysqli_insert_id($dbc);
echo '<h3>Zdravo</h3><p>Hvala vam na registraciji, ako zelite nastaviti ulogirajte se na desnoj strani sa
vasim korisnickim racunom
</p>';
echo 'Nadam se da ce vam se svidjeti ova stranica';
// Mail poslan korisniku kada se registrira
//$body = "Hvala vam na vasoj registraciji na nasoj stranici.";
//mail($_POST['email'], 'Registracija potvrdena', $body, 'From: system0@net.hr');
include './includes/footer.html';
exit;
} else {
