} } nullcheck($ncfname, 'First Name'); nullcheck($ncsname, 'Surname'); nullcheck($ncemail, 'Email'); nullcheck($ncsecques, 'Security Question'); nullcheck($ncsecans, 'Security Question Answer'); if ($nerror === 0) { //echo 'Stage Two of client creation:<br/>'; $emailck = "SELECT COUNT(*) as count\n\t\t\t\t\t\t\t\t\t\tFROM tbl_clients\n\t\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\t\temail = '{$ncemail}'\n\t\t\t\t\t\t\t\t\t\t"; $emailckqry = mysql_query($emailck); $emailckres = mysql_fetch_assoc($emailckqry); //echo 'Number of the same email addresses: ' . $emailckres; if ($emailckres['count'] == 0) { //echo 'Stage There of client creation:'; $pass = hashword('password321', $hash); $createqry = "INSERT INTO tbl_clients (\n\t\t\t\t\t\t\t\t\t\t\t\tfirstname,\n\t\t\t\t\t\t\t\t\t\t\t\tsurname,\n\t\t\t\t\t\t\t\t\t\t\t\temail,\n\t\t\t\t\t\t\t\t\t\t\t\tmob,\n\t\t\t\t\t\t\t\t\t\t\t\ttel,\n\t\t\t\t\t\t\t\t\t\t\t\tpassword,\n\t\t\t\t\t\t\t\t\t\t\t\tsecques,\n\t\t\t\t\t\t\t\t\t\t\t\tsecans,\n\t\t\t\t\t\t\t\t\t\t\t\tday,\n\t\t\t\t\t\t\t\t\t\t\t\tmonth,\n\t\t\t\t\t\t\t\t\t\t\t\tyear,\n\t\t\t\t\t\t\t\t\t\t\t\tbanned,\n\t\t\t\t\t\t\t\t\t\t\t\tempty\n\t\t\t\t\t\t\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t\t\t\t\t\t\t'{$ncfname}',\n\t\t\t\t\t\t\t\t\t\t\t\t'{$ncsname}',\n\t\t\t\t\t\t\t\t\t\t\t\t'{$ncemail}',\n\t\t\t\t\t\t\t\t\t\t\t\t'{$ncmob}',\n\t\t\t\t\t\t\t\t\t\t\t\t'0',\n\t\t\t\t\t\t\t\t\t\t\t\t'{$pass}',\n\t\t\t\t\t\t\t\t\t\t\t\t'{$ncsecques}',\n\t\t\t\t\t\t\t\t\t\t\t\t'{$ncsecans}',\n\t\t\t\t\t\t\t\t\t\t\t\t'0',\n\t\t\t\t\t\t\t\t\t\t\t\t'0',\n\t\t\t\t\t\t\t\t\t\t\t\t'0',\n\t\t\t\t\t\t\t\t\t\t\t\t'0',\n\t\t\t\t\t\t\t\t\t\t\t\t'0'\n\t\t\t\t\t\t\t\t\t\t\t)"; $createsql = mysql_query($createqry); if ($createsql) { echo 'A New Client Created.<br />'; $clicheckqry = "SELECT *\n\t\t\t\t\t\t\t\t\t\t\t\t\tFROM tbl_clients\n\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\t\t\t\t\temail = '{$ncemail}'\n\t\t\t\t\t\t\t\t\t\t\t\t\tAND\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tsecans = '{$ncsecans}'\n\t\t\t\t\t\t\t\t\t\t\t\t\tLIMIT 1"; $clichecksql = mysql_query($clicheckqry); $clirows = mysql_num_rows($clichecksql); if (empty($clirows)) { echo 'error: no client with that email'; echo '<a href="/newwebsite.php">Go back to the start</a>'; } else { while ($clirow = mysql_fetch_assoc($clichecksql)) { echo '<form action="/newwebsite.php" method="post"> <label for="cid">Client ID:</label><input type="number" name="cid" id="cid" value="' . $clirow['id'] . '" readonly/> <br />
} //testing empty emptyvalue($fname); emptyvalue($sname); emptyvalue($email); emptyvalue($mob); emptyvalue($tel); emptyvalue($pass); emptyvalue($repass); emptyvalue($day); emptyvalue($month); emptyvalue($year); emptyvalue($secques); emptyvalue($secans); if ($pass === $repass) { $pass = hashword($pass, $hash); } else { $error++; } //Checking the email address if ($error === 0) { $check = 0; $regsql = "SELECT * \n\t\t\t\t\t\t\t\t\t\t\tFROM tbl_members\n\t\t\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\t\t\temail = '{$email}'"; $regqry = mysql_query($regsql) or sql_error(); $numRows = mysql_num_rows($regqry); if ($numRows > 0) { $check++; } if ($check === 0) { echo 'unique'; //Adding the user
$loginError = 0; function loginNull($string, $item) { global $loginError; if (empty($string)) { $loginError++; echo '<p class="error">No value in ' . $item . '.</p>'; echo $loginForm; } } loginNull($loginEmail, "Email"); loginNull($loginPassword, "Password"); //echo $loginError; //encrypting and hashing values $loginEmail = encrypt($loginEmail, $key); $loginPassword = hashword($loginPassword, $hash); //echo "<p>Email: " . $loginEmail . "</p><p>Password: "******"</p>"; if ($loginError === 0) { $userID = ''; $query = "SELECT *\n\t\t\tFROM tbl_members\n\t\t\tWHERE\n\t\t\t\temail = '{$loginEmail}'\n\t\t\tAND\n\t\t\t\tpassword = '******'\n\t\t"; $sql = mysql_query($query) or mysql_error(); while ($row = mysql_fetch_assoc($sql)) { //echo "id: " . $row['id'] . "<br />"; global $userID; $userID = $row['id']; $_SESSION['user'] = $row; } //echo $_SESSION['user']['id']; if (!empty($_SESSION['user']['id'])) { header("location: User.php"); die("Logged In");
<?php include "../class/connection.php"; if (!empty($_POST)) { if (isset($_POST['mail']) && isset($_POST['password']) && isset($_POST['uur']) && isset($_POST['datum']) && isset($_POST['waterlevel'])) { $mail = $_POST['mail']; $mail = encrypt($mail, $key); $password = $_POST['password']; $password2 = $password; $password = hashword($password, $salt); $waterlevel = $_POST['waterlevel']; $uur = $_POST['uur']; $datum = $_POST['datum']; $userdata = login($mail, $password, $conn, $key); if ($userdata !== null) { setdata($userdata['ID_users'], $waterlevel, $uur, $datum, $conn); echo "success"; exit; } else { $userdata = login($mail, $password2, $conn, $key); if ($userdata !== null) { setdata($userdata['ID_users'], $waterlevel, $uur, $datum, $conn); echo "success"; exit; } else { echo "wrong login"; exit; } } } }
<?php $email = protect($_POST['logemail']); $password = protect($_POST['logpassword']); //hash password $password = hashword($password, $hash); //set session $logqry = "SELECT *\n\t\t\t\tFROM tbl_admins\n\t\t\t\tWHERE\n\t\t\t\t\temail = '{$email}'\n\t\t\t\tAND\n\t\t\t\t\tpassword = '******'\n\t\t\t"; $logsql = mysql_query($logqry) or mysql_error(); while ($usr = mysql_fetch_assoc($logsql)) { $_SESSION['user'] = $usr; header('Location: usr.php'); die; }
$error++; } //encrypt the data $regfname = encrypt($regfname, $key); $regsname = encrypt($regsname, $key); $regemail = encrypt($regemail, $key); $regtel = encrypt($regtel, $key); $regmob = encrypt($regmob, $key); $regday = encrypt($regday, $key); $regmonth = encrypt($regmonth, $key); $regyear = encrypt($regyear, $key); $reggender = encrypt($reggender, $key); $regsecques = encrypt($regsecques, $key); $regsecans = encrypt($regsecans, $key); //hashing password $regpass = hashword($regpass, $hash); //set regpass2 to null $regpass2 = ""; //echo //$regfname . " " . $regsname . "<br />" . $regemail . "<br />" . $regtel . "<br />" . $regmob . "<br />" . $regday . "/" . $regmonth . "/" . $regyear . "<br />" . $regpass . "<br />" . $regpass2 . "<br />" . $regsecques . "<br />" . $regsecans . ".<br />" //; //Checking number of errors if ($error === 0) { $check = 0; $query = "SELECT *\n\t\tFROM tbl_members\n\t\tWHERE\n\t\t\temail = '{$regemail}'\n\t\t"; $sql = mysql_query($query) or sql_error(); $numRows = mysql_num_rows($sql); if ($numRows > 0) { $check++; } if ($check === 0) {
function emptychk($string) { global $errors; if (empty($string)) { $errors++; } } // run the functions emptychk($old); emptychk($new); emptychk($re); // Make sure there are no errors in the values if ($errors === 0) { // hash the password to check against the old password $pass = hashword($old, $hash); $newpass = hashword($new, $hash); // Check the password if ($pass === $_SESSION['user']['password']) { //Check to make sure that the password and the re-type are the same if ($new === $re) { // Give that the new password are the same and the inputted old password is the same as the current password // Now checking to make sure that the new password is not the same as the old password if ($newpass !== $pass) { // all aspects seem to be what is required to change the users password $changesql = "UPDATE tbl_members\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tpassword = '******'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tid = '{$userid}'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tAND\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tpassword = '******'"; if (mysql_query($changesql)) { echo '<p class="success">Your password has been changed.</p>'; } else { echo '<p class="error">Your password has not been changed.</p>'; } } else {