<?php
session_start();
require_once "sql/functions.php";
$servername = 'localhost';
$db_database = 'owend2014';
$db_username = '******';
$db_password = '******';
$conn = mysqli_connect($db_hostname, $db_username, $db_password, $db_database);
if (!$conn) {
die("Unable to connect to MySQL: " . mysqli_connect_error());
}
if (isset($_POST["recUserName"]) && isset($_POST["recPWCode"]) && isset($_POST["recPassword"])) {
$username = $_POST["recUserName"];
$sql = "SELECT ID, username, pw_code FROM tbl_users WHERE username='******'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
$row = mysqli_fetch_assoc($result);
if ($row["pw_code"] == $_POST["recPWCode"]) {
$sql = "UPDATE tbl_users SET password= '******' WHERE id= " . $row["ID"];
$result = mysqli_query($conn, $sql);
$_SESSION['PHP_CURRENT_PAGE'] = "home";
}
}
}
if ($_SESSION['PHP_CURRENT_PAGE'] != "home") {
$_SESSION['PHP_CURRENT_PAGE'] = "recover&passed=false";
}
redirectTo();
require_once "sql/functions.php";
$servername = 'localhost';
$db_database = 'owend2014';
$db_username = '******';
$db_password = '******';
$conn = mysqli_connect($db_hostname, $db_username, $db_password, $db_database);
if (!$conn) {
die("Unable to connect to MySQL: " . mysqli_connect_error());
}
if (isset($_POST["loginUsername"]) && isset($_POST["loginPassword"])) {
$sql = "SELECT * FROM tbl_users WHERE username='******'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
// output data of each row
if ($row = mysqli_fetch_assoc($result)) {
$password = saltAndHash($_POST["loginPassword"]);
if ($row["password"] == $password) {
$session_key = genRanStr();
$session_ts = date('Y-m-d G:i:s');
$sql = "UPDATE tbl_users SET session_key= '" . $session_key . "', session_stamp='" . $session_ts . "' WHERE id= " . $row["ID"];
if (mysqli_query($conn, $sql)) {
//record updated
$_SESSION['PHP_AUTH_USER'] = $row["username"];
$_SESSION['PHP_AUTH_SKEY'] = $session_key;
$_SESSION['PHP_AUTH_USER_ID'] = $row["ID"];
} else {
//record failed
}
} else {
$_SESSION['PHP_CURRENT_PAGE'] = "recover";
}
session_start();
require_once "sql/functions.php";
unset($_SESSION['PHP_AUTH_USER']);
unset($_SESSION['PHP_AUTH_SKEY']);
$servername = 'localhost';
$db_database = 'owend2014';
$db_username = '******';
$db_password = '******';
$conn = mysqli_connect($db_hostname, $db_username, $db_password, $db_database);
if (!$conn) {
die("Unable to connect to MySQL: " . mysqli_connect_error());
}
if (isset($_POST["regPassword"]) && isset($_POST["regPWCode"]) && isset($_POST["regUserName"]) && isset($_POST["regFirst"]) && isset($_POST["regLast"])) {
$username = $_POST["regUserName"];
$password = saltAndHash($_POST["regPassword"]);
$pw_code = substr($_POST["regPWCode"], 0, 4);
$first = $_POST["regFirst"];
$last = $_POST["regLast"];
$email = "";
if (isset($_POST["regEmail"])) {
$email = $_POST["regEmail"];
} else {
$email = NULL;
}
$sql = "SELECT username, session_key FROM tbl_users WHERE username='******'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
//username exist
} else {
//username doesn't exist, create account
