if (isset($_SESSION['username'])) { return true; } else { return false; } } function isUsernameValid($username) { $usernameValidator = new UsernameValidator(); return $usernameValidator->isValid($username); } function isPasswordValid($password) { $passwordValidator = new PasswordValidator(); return $passwordValidator->isValid($password); } if (isLoggedIn()) { redirect('demoAccount.php'); exit; } else { if (isUsernameValid($username)) { if (isPasswordValid($password)) { redirect('demoAccount.php'); exit; } else { echo 'invalid password'; } } else { echo 'invalid username'; } }
if (isset($_POST['newusername']) && $_POST['newusername'] != $user['username']) { $errors = isUsernameValid($_POST['newusername'], $errors); if (empty($errors)) { $result = mysqli_query($link, 'SELECT `username` FROM `users` WHERE `username`=\'' . mysqli_real_escape_string($link, $_POST['newusername']) . '\';'); $found = @mysqli_fetch_all($result, MYSQLI_ASSOC); if (!empty($found)) { array_push($errors, 'Username taken!'); break; } mysqli_free_result($result); mysqli_query($link, 'UPDATE `users` SET `username`=\'' . mysqli_real_escape_string($link, $_POST['newusername']) . '\' WHERE `id`=' . $id . ';'); } } if (isset($_POST['oldpassword']) && isset($_POST['newpassword']) && $_POST['oldpassword'] != '' && $_POST['newpassword'] != '') { if ($_POST['oldpassword'] == $_POST['newpassword']) { $errors = isPasswordValid($_POST['newpassword'], $errors); } if (!password_verify($_POST['oldpassword'], $user['password'])) { array_push($errors, 'Old password invalid!'); } if (empty($errors)) { mysqli_query($link, 'UPDATE `users` SET `password`=\'' . getPasswordHash($_POST['newpassword']) . '\' WHERE `id`=' . $id . ';'); } } if (isset($_POST['newcolour']) && $_POST['newcolour'] != $user['colour']) { if (empty($errors)) { mysqli_query($link, 'UPDATE `users` SET `colour`=\'' . mysqli_real_escape_string($link, $_POST['newcolour']) . '\' WHERE `id`=' . $id . ';'); } } mysqli_close($link); unset($link);
if (CONF_EMAIL_STRICT) { if (strlen($email) < 3) { array_push($errors, 'Email address too short!'); break; } if (strlen($email) > 128) { array_push($errors, 'Email address too long!'); break; } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { array_push($errors, 'Invalid email address!'); break; } } // PASSWORD $errors = isPasswordValid($password, $errors); // Continue - all fields are valid. $password_hash = password_hash($_POST['password'], PASSWORD_DEFAULT); if (!($link = db_init(true))) { break; } $result = mysqli_query($link, 'SELECT `id` FROM `users` ORDER BY `id` DESC LIMIT 1;'); if (!$result) { print_error('MySQL error! | ' . mysqli_error($link) . '<br>'); break; } $id = (int) mysqli_fetch_all($result, MYSQLI_ASSOC)[0]['id'] + 1; mysqli_free_result($result); $result = mysqli_query($link, 'SELECT * FROM `users` WHERE LOWER(`username`)=\'' . $username . '\';'); if (is_array(mysqli_fetch_all($result, MYSQLI_ASSOC)[0])) { array_push($errors, 'Username taken!');