<?php
require_once './includes/configuration.php';
require_once './student/student_controller.php';
$display_message = FALSE;
$sc = new Student_controller();
if (isset($_POST['login'])) {
$user = sanitize_text($_POST['user']);
$pass = sanitize_text($_POST['pass']);
$error_msg;
if ($sc->validate_username($user) !== 1 || $sc->validate_password($pass) === FALSE) {
$error_msg = "Invalid username or password";
$display_message;
} else {
$answer = $sc->log_member_in($user, $pass);
if ($answer !== FALSE && $answer !== TRUE) {
$display_message = TRUE;
} elseif ($answer === FALSE) {
$display_message = TRUE;
}
}
if (isset($_SESSION['logged_in'])) {
if (!empty($_SESSION['tried_url'])) {
$tried_url = $_SESSION['tried_url'];
$_SESSION['tried_url'] = null;
?>
<script>window.location = "<?php
echo $tried_url;
?>
";</script>
<?php
<?php require './includes/configuration.php'; require './student/student_controller.php'; $sc = new Student_controller(); $sc->log_member_out(); ?> <script> window.location = "<?php echo W1BASE; ?> "; </script>
<?php
require_once './includes/configuration.php';
require_once './student/student_controller.php';
$sc = new Student_controller();
if (isset($_SESSION['logged_in']) and isset($_GET['id'])) {
?>
<script>window.location = "<?php
echo BASE;
?>
";</script>
<?php
die;
}
$username = "";
$firstname = "";
$lastname = "";
$email = "";
$error_message = "";
if (isset($_POST['join'])) {
$username = sanitize_text($_POST['username']);
$firstname = sanitize_text($_POST['firstname']);
$lastname = sanitize_text($_POST['lastname']);
$email = sanitize_email($_POST['email']);
//First, let's check if token is correct!
$form_token = $_POST['token'];
$sess_token = retrieve_session_token();
if ($form_token === $sess_token) {
$pass1 = sanitize_text($_POST['password1']);
$pass2 = sanitize_text($_POST['password2']);
$answer = $sc->create_student($username, $firstname, $lastname, $email, $pass1, $pass2);
die;
}
$student = new Student($_SESSION['user_id']);
if (!isset($_GET['id'])) {
if (!isset($_GET['usr'])) {
$student_visited = $student;
} else {
if (sanitize_text(strtolower($_GET['usr'])) == "buddies") {
?>
<script>window.location = "<?php
echo SERVER . BASE;
?>
student/buddies.php";</script>
<?php
}
$sc = new Student_controller();
$user_array = $sc->get_member_with_username(sanitize_text($_GET['usr']));
$student_visited = new Student($user_array['id']);
}
} else {
$student_visited = new Student($_GET['id']);
}
/*
* Setting buddy statuses
*/
$buddies_pending = FALSE;
$buddies = FALSE;
if (isset($_POST['becomeBuddy'])) {
if ($student_visited->apply_for_buddies($student->get_id())) {
$buddies_pending = TRUE;
} else {
if (!isset($_GET['s'])) {
?>
<script>window.location = "<?php
echo BASE;
?>
";</script>
<?php
die;
} else {
$search_string = sanitize_text($_GET['s']);
if ($_GET['s'] !== $search_string) {
//Something is not as it should be!
$crooked = true;
$message = "You bastard! We've logged your search with ip: " . get_ip_address();
}
$sc = new Student_controller();
$search_student_ids = $sc->search_for_student($search_string);
}
?>
<html>
<head>
<meta charset="UTF-8">
<title><?php
echo $student->get_firstname();
?>
(Member Area)</title>
<?php
require '../includes/header.php';
?>
</head>
<body>
<?php
require_once '../includes/configuration.php';
require_once './student_controller.php';
require_once './student.php';
$display_message = FALSE;
$we_have_an_answer = false;
$sc = new Student_controller();
if (isset($_SESSION['logged_in'])) {
?>
<script>window.location = "<?php
echo BASE;
?>
";</script>
<?php
die;
}
//We're using u, e and c codes from the url...
if (isset($_GET['u']) && isset($_GET['e']) && isset($_GET['c'])) {
$ready_for_reset = true;
} else {
$ready_for_reset = false;
if (isset($_POST['sendReset'])) {
$answer = $sc->please_reset_my_password_because_im_stupid($_POST['user']);
$we_have_an_answer = true;
}
}
if ($ready_for_reset === true) {
$u = sanitize_text($_GET['u']);
$e = sanitize_text($_GET['e']);
$c = sanitize_text($_GET['c']);
