function check_input($string) { $string = initial_filter($string); if (preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', $string)) { return false; } return true; }
require("./validations.php"); require("./user_class.php"); session_start(); $servername = SERVERIP; $username = USER; $password = PASSWORD; $database_name= DATABASE_NAME; $post=json_decode(file_get_contents('php://input'), true); if(!isset($post["user_name"])){ die("something went wrong"); } $db_name=$post["user_name"]; $db_pass=$post["password"]; $db_name = initial_filter($db_name); //Basic security filters $db_pass = initial_filter($db_pass); //Basic security filters if(!check_input($db_name)){ die("special character"); } $mysqli = new mysqli($servername, $username, $password,$database_name); // Check connection if ($mysqli->connect_errno) { printf("Connect failed: %s\n", $mysqli->connect_error); exit(); } $sql = "SELECT * FROM users where user_name='$db_name'"; if ($result = $mysqli->query($sql)) { $row=$result->fetch_assoc();
$mysqli = new mysqli($servername, $username, $password,$database_name); // Check connection if ($mysqli->connect_errno) { printf("Connect failed: %s\n", $mysqli->connect_error); exit(); } if(!isset($post["user_name"])){ die("something went wrong"); } $user_name =initial_filter($post['user_name']); $first_name=initial_filter($post['first_name']); $last_name=initial_filter($post['last_name']); $password=initial_filter($post['password']); $email=initial_filter($post['email']); $error=false; if(empty($user_name)){ $error=true; } else if(!ctype_alnum($user_name)){ $error=true; } if(empty($first_name)){ $error=true; } else if(!ctype_alpha($first_name)){ $error=true; }
// Check connection if ($mysqli->connect_errno) { printf("Connect failed: %s\n", $mysqli->connect_error); exit; } $db_name = ""; $db_pass = ""; //Check if method is POST if ($_SERVER["REQUEST_METHOD"] == "POST") { //retrive username and password if ($_POST['name'] && $_POST['password']) { $db_name = $_POST['name']; $db_pass = $_POST['password']; } $db_name = initial_filter($db_name); $db_pass = initial_filter($db_pass); echo check_input($db_name); if (!check_input($db_name)) { $_SESSION["err_name"] = "No special chracters allowed"; header("Location: ./index.php"); die("special character"); } //Checking from database if Username/Password pair exists. $sql = "SELECT * FROM users where user_name='{$db_name}' and password='******'"; if ($result = $mysqli->query($sql)) { if ($row = $result->fetch_assoc()) { //start the session //make a session variable stiring a UserClass instance //with all the user information. $_SESSION['user'] = new UserClass(); $_SESSION['user']->load_info_from_db($row);
printf("Connect failed: %s\n", $mysqli->connect_error); exit; } //Check if method is POST if ($_SERVER["REQUEST_METHOD"] == "POST") { if (!isset($_POST['g-recaptcha-response'])) { $_SESSION['err_recaptcha_not_filled'] = "Please fill the recaptcha"; die("Captcha error"); } $user_name = initial_filter($_POST['user_name']); $first_name = initial_filter($_POST['first_name']); $last_name = initial_filter($_POST['last_name']); $password = initial_filter($_POST['password']); $cnf_password = initial_filter($_POST['confirm_password']); $email = initial_filter($_POST['email']); $dob = initial_filter($_POST['dob']); $error = false; $secret = "6LerYQwTAAAAAH7076pzcdA4rm6vr-8Lnz5zXcHC"; $recaptcha = new \ReCaptcha\ReCaptcha($secret); $resp = $recaptcha->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']); if ($resp->isSuccess()) { } else { $error = true; } if (empty($user_name)) { $error = true; $_SESSION["err_uname"] = ERR_EMPTY_INPUT; } else { if (!ctype_alnum($user_name)) { $error = true; $_SESSION["err_uname"] = ERR_ONLY_ALPHANUM;