function check_input($string)
{
$string = initial_filter($string);
if (preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', $string)) {
return false;
}
return true;
}
require("./validations.php");
require("./user_class.php");
session_start();
$servername = SERVERIP;
$username = USER;
$password = PASSWORD;
$database_name= DATABASE_NAME;
$post=json_decode(file_get_contents('php://input'), true);
if(!isset($post["user_name"])){
die("something went wrong");
}
$db_name=$post["user_name"];
$db_pass=$post["password"];
$db_name = initial_filter($db_name); //Basic security filters
$db_pass = initial_filter($db_pass); //Basic security filters
if(!check_input($db_name)){
die("special character");
}
$mysqli = new mysqli($servername, $username, $password,$database_name);
// Check connection
if ($mysqli->connect_errno) {
printf("Connect failed: %s\n", $mysqli->connect_error);
exit();
}
$sql = "SELECT * FROM users where user_name='$db_name'";
if ($result = $mysqli->query($sql)) {
$row=$result->fetch_assoc();
$mysqli = new mysqli($servername, $username, $password,$database_name);
// Check connection
if ($mysqli->connect_errno) {
printf("Connect failed: %s\n", $mysqli->connect_error);
exit();
}
if(!isset($post["user_name"])){
die("something went wrong");
}
$user_name =initial_filter($post['user_name']);
$first_name=initial_filter($post['first_name']);
$last_name=initial_filter($post['last_name']);
$password=initial_filter($post['password']);
$email=initial_filter($post['email']);
$error=false;
if(empty($user_name)){
$error=true;
}
else if(!ctype_alnum($user_name)){
$error=true;
}
if(empty($first_name)){
$error=true;
}
else if(!ctype_alpha($first_name)){
$error=true;
}
// Check connection
if ($mysqli->connect_errno) {
printf("Connect failed: %s\n", $mysqli->connect_error);
exit;
}
$db_name = "";
$db_pass = "";
//Check if method is POST
if ($_SERVER["REQUEST_METHOD"] == "POST") {
//retrive username and password
if ($_POST['name'] && $_POST['password']) {
$db_name = $_POST['name'];
$db_pass = $_POST['password'];
}
$db_name = initial_filter($db_name);
$db_pass = initial_filter($db_pass);
echo check_input($db_name);
if (!check_input($db_name)) {
$_SESSION["err_name"] = "No special chracters allowed";
header("Location: ./index.php");
die("special character");
}
//Checking from database if Username/Password pair exists.
$sql = "SELECT * FROM users where user_name='{$db_name}' and password='******'";
if ($result = $mysqli->query($sql)) {
if ($row = $result->fetch_assoc()) {
//start the session
//make a session variable stiring a UserClass instance
//with all the user information.
$_SESSION['user'] = new UserClass();
$_SESSION['user']->load_info_from_db($row);
printf("Connect failed: %s\n", $mysqli->connect_error);
exit;
}
//Check if method is POST
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (!isset($_POST['g-recaptcha-response'])) {
$_SESSION['err_recaptcha_not_filled'] = "Please fill the recaptcha";
die("Captcha error");
}
$user_name = initial_filter($_POST['user_name']);
$first_name = initial_filter($_POST['first_name']);
$last_name = initial_filter($_POST['last_name']);
$password = initial_filter($_POST['password']);
$cnf_password = initial_filter($_POST['confirm_password']);
$email = initial_filter($_POST['email']);
$dob = initial_filter($_POST['dob']);
$error = false;
$secret = "6LerYQwTAAAAAH7076pzcdA4rm6vr-8Lnz5zXcHC";
$recaptcha = new \ReCaptcha\ReCaptcha($secret);
$resp = $recaptcha->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
if ($resp->isSuccess()) {
} else {
$error = true;
}
if (empty($user_name)) {
$error = true;
$_SESSION["err_uname"] = ERR_EMPTY_INPUT;
} else {
if (!ctype_alnum($user_name)) {
$error = true;
$_SESSION["err_uname"] = ERR_ONLY_ALPHANUM;
