function register_user($post)
{
$_SESSION['errors'] == array();
if (empty($post['first_name'])) {
$_SESSION['errors'][] = "first name can't be blank";
}
if (empty($post['last_name'])) {
$_SESSION['errors'][] = "last name can't be blank";
}
if (empty($post['password'])) {
$_SESSION['errors'][] = "password field must not be blank";
}
if ($post['password'] !== $post['confirm_password']) {
$_SESSION['errors'][] = "passwords must match!";
}
if (!filter_var($post['email'], FILTER_VALIDATE_EMAIL)) {
$_SESSION['errors'][] = "please use a valid email address!";
}
if (count($_SESSION['errors']) > 0) {
header('location: index.php');
die;
} else {
$query = "INSERT INTO users (first_name, last_name, password, email, created_at, updated_at) VALUES ('{$post['first_name']}','{$post['last_name']}','{$post['password']}','{$post['email']}',NOW(),NOW())";
run_mysql_query($query);
$_SESSION['success_message'] = 'User successfully created!';
header('location: index.php');
}
// var_dump($_SESSION);
header('location: index.php');
die;
}
function register_user($post)
{
$_SESSION['errors'] = array();
if (empty($post['first_name'])) {
$_SESSION['errors'][] = "First name cannot be blank.";
}
if (empty($post['last_name'])) {
$_SESSION['errors'][] = "Last name cannot be blank.";
}
if (empty($post['password'])) {
$_SESSION['errors'][] = "Password field is required.";
}
if ($post['password'] !== $post['confirm_password']) {
$_SESSION['errors'][] = "Passwords don't match.";
}
if (!filter_var($post['email'], FILTER_VALIDATE_EMAIL)) {
$_SESSION['errors'][] = "Invalid email address.";
}
//validate for duplicate registration by email
if ($post['email'] === $post['email']) {
$_SESSION['errors'][] = "Email already registered. Please log in.";
}
if (count($_SESSION['errors']) > 0) {
header("Location: index.php");
die;
} else {
$query = "INSERT INTO users (first_name, last_name, password, email, created_at, updated_at) \n\t\t\t\t VALUES ('{$post['first_name']}', '{$post['last_name']}', '{$post['password']}', '{$post['email']}', NOW(), NOW())";
run_mysql_query($query);
$_SESSION['success_message'] = "Successful registration! Please log in.";
header("Location: index.php");
die;
}
}
function register_user($post)
{
$_SESSION['errors'] = array();
if (empty($post['first_name'])) {
$_SESSION['errors'][] = "first name can't be blank";
}
if (empty($post['last_name'])) {
$_SESSION['errors'][] = "last name can't be blank";
}
if (empty($post['password'])) {
$_SESSION['errors'][] = "password field is required";
}
if (!filter_var($post['email'], FILTER_VALIDATE_EMAIL)) {
$_SESSION['errors'][] = "must be valid email";
}
if ($post['password'] !== $post['confirm_password']) {
$_SESSION['errors'][] = 'passwords must match';
}
///-------------end of validation checks-----------//
if (count($_SESSION['errors']) > 0) {
header('Location: index.php');
die;
} else {
$query = "INSERT INTO users (first_name, last_name, password, email, created_at, updated_at)\r\n\t\t\t\t\tVALUES ('{$post['first_name']}', '{$post['last_name']}', '{$post['password']}', '{$post['email']}', NOW(), NOW())";
run_mysql_query($query);
$_SESSION['success_message'] = 'User succesfully created';
header("Location: index.php");
exit;
}
}
function register_user($post)
{
//--------------being of validation checks-----------------------//
$_SESSION['errors'] = array();
if (empty($post['first_name'])) {
$_SESSION['errors'][] = "First name can't be blank";
}
if (empty($post['last_name'])) {
$_SESSION['errors'][] = "Last name can't be blank";
}
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$_SESSION['errors'][] = "Please enter a valid email address";
}
if (empty($post['password']) || empty($post['confirm_password'])) {
$_SESSION['errors'][] = "Password field is required";
}
if ($post['password'] !== $post['confirm_password']) {
$_SESSION['errors'][] = "Password must match";
}
//--------------end of validation checks-----------------------//
if (count($_SESSION['errors']) === 0) {
$query = "INSERT INTO users (first_name, last_name, email, password, created_at, updated_at)\n\t\t\t\t\t VALUES ('{$_POST['first_name']}', '{$_POST['last_name']}', '{$_POST['email']}', '{$_POST['password']}', NOW(), NOW())";
run_mysql_query($query);
$_SESSION['message'] = "Registration Successful!";
}
header("Location: index.php");
}
function register_user($post)
{
// --------begin val checks---------------
$_SESSION['errors'] = array();
if (empty($post['first_name'])) {
$_SESSION['errors'][] = "first name can't be blank";
}
if (empty($post['last_name'])) {
$_SESSION['errors'][] = "last name can't be blank";
}
if (empty($post['password'])) {
$_SESSION['errors'][] = "password can't be blank";
}
if ($post['password'] !== $post['confirm_password']) {
$_SESSION['errors'][] = "password must match";
}
if (!filter_var($post['email'], FILTER_VALIDATE_EMAIL)) {
$_SESSION['errors'][] = "please use a valid email";
}
//-------end of validation checks
if (count($_SESSION['errors']) > 0) {
//if there's any errors at all
header('location: index.php');
die;
} else {
//insert database
$query = "INSERT INTO users (first_name, last_name, email, password, created_at, updated_at)\n\t\tVALUES ('{$post['first_name']}','{$post['last_name']}','{$post['email']}','{$post['password']}',NOW(),NOW())";
run_mysql_query($query);
$_SESSION['success_message'] = 'Yay, you did it!';
header('location: index.php');
die;
}
}
function post_comments()
{
$comment = escape_this_string($_POST["comment"]);
$query = "INSERT INTO comments (comment, created_at, updated_at, message_id, user_id)\n\t\t\t\t VALUES ('{$comment}', NOW(), NOW(), '{$_POST['message_id']}', '{$_SESSION['user_id']}')";
if (run_mysql_query($query)) {
header("Location: wall.php");
}
}
function register_user($post)
{
$errors = array();
// Begin validation checks
if (empty($_POST["first_name"])) {
$errors[] = "Please provide a first name!";
} else {
if (preg_match("/[0-9]/", $_POST["first_name"])) {
$errors[] = "Please provide a valid first name!";
}
}
if (empty($_POST["last_name"])) {
$errors[] = "Please provide a last name!";
} else {
if (preg_match("/[0-9]/", $_POST["last_name"])) {
$errors[] = "Please provide a valid last name!";
}
}
if (empty($_POST["email"])) {
$errors[] = "Please provide an email!";
} else {
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
$errors[] = "Please provide a valid email!";
}
}
if (empty($_POST["password"])) {
$errors[] = "Please provide a password!";
} else {
if (strlen($_POST["password"]) < 7) {
$errors[] = "Please provide a password that has at least 6 characters!";
}
}
if (empty($_POST["c_password"])) {
$errors[] = "Please confirm password";
} else {
if ($_POST["password"] != $_POST["c_password"]) {
$errors[] = "Please provide a matching password!";
}
}
// End of validation checks
if (count($errors) > 0) {
$_SESSION["errors"] = $errors;
header("Location: index.php");
die;
} else {
$first_name = escape_this_string($_POST["first_name"]);
$last_name = escape_this_string($_POST["last_name"]);
$email = escape_this_string($_POST["email"]);
$password = escape_this_string($_POST["password"]);
$query = "INSERT INTO users (first_name, last_name, email, password, created_at, updated_at)\n\t\t\t\t\t VALUES ('{$first_name}', '{$last_name}', '{$email}', '{$password}', NOW(), NOW())";
if (run_mysql_query($query)) {
$_SESSION["success"] = "You have successfully registered!";
header("Location: index.php");
die;
}
}
}
function wall_post($wall_post)
{
$query = "INSERT INTO messages (message, created_at, updated_at, users_id)\n\tVALUES ('{$wall_post['wall']}', NOW(), NOW(), {$_SESSION['user_id']})";
// var_dump($query);
// die();
run_mysql_query($query);
header('location: success.php');
die;
}
function register_user($post)
{
$_SESSION['errors'] = array();
// Assigning more secure variables to important fields using escape_this_string function
$username = escape_this_string($post['username']);
$email = escape_this_string($post['email']);
$password = escape_this_string($post['password']);
// Beginning of validation checks
// Attempt at validating existing information
$check_data_query = "SELECT users.username, users.email FROM users";
$existing_users = fetch_all($check_data_query);
if (!empty($existing_users)) {
foreach ($existing_users as $user) {
if ($username == $user['username']) {
$_SESSION['errors'][] = 'This username is already taken.';
}
if ($email == $user['email']) {
$_SESSION['errors'][] = 'This email is already in use.';
}
}
}
// Validating non-existing information to make sure nothing is blank or invalid
if (empty($username)) {
$_SESSION['errors'][] = "Username cannot be blank.";
}
if (empty($post['first_name'])) {
$_SESSION['errors'][] = "First name cannot be blank.";
}
if (empty($post['last_name'])) {
$_SESSION['errors'][] = "Last name cannot be blank.";
}
if (empty($password)) {
$_SESSION['errors'][] = "Password fields cannot be blank.";
}
if ($post['password'] !== $post['confirm_password']) {
$_SESSION['errors'][] = "Passwords must match.";
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$_SESSION['errors'][] = "Please use a valid email address.";
}
if (count($_SESSION['errors']) > 0) {
header('Location: main.php');
exit;
} else {
// Here I am gonna encrypt both the email and password and then I'm going to make a query to insert that data into the database
$salt = bin2hex(openssl_random_pseudo_bytes(22));
$encrypted_password = md5($password . '' . $salt);
$query = "INSERT INTO users (username, first_name, last_name, email, password, salt, created_at, updated_at) \n\t\t\t \t\t VALUES ('{$username}', '{$post['first_name']}', '{$post['last_name']}', '{$email}', '{$encrypted_password}', '{$salt}', NOW(), NOW())";
run_mysql_query($query);
$_SESSION['success'] = "User has been successfully created!";
header('Location: main.php');
exit;
}
}
function comment_action($post)
{
if (!empty($post['comment'])) {
$comment_query = "INSERT INTO comments (users_id, messages_id, comment, created_at, updated_at) \n\t\t\t\t\t\t VALUES (" . $_SESSION['user_id'] . ", '{$post['messages_id']}', '{$post['comment']}', NOW(), NOW())";
run_mysql_query($comment_query);
header("Location: wall.php");
} else {
$_SESSION['errors'][] = "Comment field cannot be empty.";
header("Location: wall.php");
die;
}
}
function user_message($post)
{
$_SESSION['errors'] = array();
if (empty($post['message'])) {
$_SESSION['errors'][] = "Message cannot be blank";
}
//----------No Errors then run query------------//
if (count($_SESSION['errors']) == 0) {
$query = "INSERT INTO wall.messages (message, created_at, updated_at, users_id) VALUES ('{$_POST['message']}', NOW(), NOW(), {$_SESSION['user_id']});";
$_SESSION['success_message'] = "Your message has successfully been posted!";
run_mysql_query($query);
}
}
public function gawa_ng_kalendaryo($year)
{
$numberOfDays = 390;
$newdayofweek = 1;
$weekNumber = 1;
$days = "+0 days";
// check table for the last date on the the table
$query = "SELECT juliandate FROM fiscalcalendar ORDER BY juliandate desc Limit 1";
$result = fetch_record($query);
if ($result['juliandate'] == 0) {
$juliandate = gregoriantojd(01, 01, date('Y', strtotime($year)));
} else {
$juliandate = $result['juliandate'] + 1;
}
// $juliandate = gregoriantojd(01,01,date('Y',strtotime($days)));
echo "<table border='5px'><thead><td>Julian Date</td><td>Gregorian Date</td><td>end of week</td><td>end of month</td><td>week#</td></thead><tbody>";
for ($i = 0; $i <= $numberOfDays; $i++) {
// check for end of week
$days = JDToGregorian($juliandate);
if (date('N', strtotime($days)) == 7) {
$endOfWeek = 'Y';
} else {
$endOfWeek = 'N';
}
// end of year
if (date("m", strtotime($days)) == 12 && date("j", strtotime($days)) == date("t", strtotime($days))) {
$endofyear = 'Y';
} else {
$endofyear = 'N';
}
// end of month
if (date("j", strtotime($days)) == date("t", strtotime($days))) {
$endofmonth = 'Y';
} else {
$endofmonth = 'N';
}
if (date("j", strtotime($days)) == 1) {
$weekNumber = 1;
$newdayofweek = date('N', strtotime($days));
} else {
if ($newdayofweek == date('N', strtotime($days))) {
$weekNumber += 1;
}
}
echo "<tr>" . $juliandate . '</td><td>' . JDToGregorian($juliandate) . '</td><td>' . $endOfWeek . '</td><td>' . $endofmonth . '</td><td>' . $weekNumber . '</td></tr>';
$query = "INSERT INTO fiscalcalendar (juliandate,fdate, fmonth, fday, fyear, endOfWeek, endofmonth, dayOfWeek, weekNumber) VALUES('" . $juliandate . "','" . date("y-m-d", strtotime($days)) . "'," . date("m", strtotime($days)) . "," . date('j', strtotime($days)) . "," . date('Y', strtotime($days)) . ",'" . $endOfWeek . "','" . $endofmonth . "','" . date('N', strtotime($days)) . "'," . $weekNumber . ")";
$result = run_mysql_query($query);
$juliandate += 1;
}
}
function insert_query_comment($post)
{
$content = escape_this_string($post['content']);
$query = "INSERT INTO comments\n\t\t\t\t\t(content, created_at, updated_at,post_id,user_id)\n\t\t\t\t\tvalues\n\t\t\t\t\t('{$content}',now(),now(),{$_POST['post_id']},{$_SESSION['user_id']});";
if (run_mysql_query($query)) {
// run query here
header('Location: wall.php');
return true;
} else {
var_dump($post);
die("System Error");
}
//return
}
function post_comment($post)
{
if (empty($post['comments'])) {
$_SESSION['errors'][] = "Please submit a comment.";
header("Location: success.php");
exit;
} elseif (!empty($post['comments'])) {
$query = "INSERT INTO comments (comment, created_at, updated_at, users_id, messages_id)\r\n\t\t\t\tVALUES ('{$post['comments']}', NOW(), NOW(), '{$post['user_id']}', '{$post['message_id']}')";
run_mysql_query($query);
$query = "SELECT * FROM users\r\n\t\t\t\tLEFT JOIN comments\r\n\t\t\t\tON users.id = comments.users_id";
$_SESSION['comments'] = fetch_all($query);
header("Location: success.php");
die;
}
}
function insert_comment($post)
{
// Making sure that comment is not empty, don't want any empty comments clogging up my database
if (empty($post['comment'])) {
$_SESSION['blank'] = "Your comment cannot be blank!";
header('Location: wall.php');
exit;
}
if (!empty($post['comment'])) {
$query = "INSERT INTO comments (message_id, user_id, comment, created_at, updated_at) \n\t\t\t\t\t VALUES ('{$post['message_id']}', '{$_SESSION['user_id']}', '{$post['comment']}', NOW(), NOW())";
run_mysql_query($query);
header('Location: wall.php');
exit;
}
}
function insert_query($post)
{
foreach ($post as $key => $value) {
$post[$key] = escape_this_string($value);
}
// escape everything in $post
$query = "INSERT INTO users(name_first, name_last, email, password, created_at, updated_at)\n\tvalues('{$post['name_first']}','{$post['name_last']}','{$post['email']}','{$post['password']}',now(),now())";
if (run_mysql_query($query)) {
// run query here
$get_register_query = "SELECT id as user_id, name_first, name_last\n\t\t\t\t\t\t\t\tFROM users\n\t\t\t\t\t\t\t\tWHERE email='{$post['email']}'\n\t\t\t\t\t\t\t\tAND password='******'password']}';\n\t\t";
var_dump($get_register_query);
die;
// $_SESSION=fetch($get_register_query)[0]; // user array replaces SESSION
// header("Location: wall.php");
} else {
var_dump($post);
die("System Error");
}
//return boolean false if errors
}
function register($post)
{
//------------begin validation----------------//
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$_SESSION['errors'][] = "Email format is NOT validate!";
}
if (empty($_POST['first_name']) || has_number($_POST['first_name'])) {
$_SESSION['errors'][] = "First name must be no number and not empty.";
}
if (empty($_POST['last_name']) || has_number($_POST['last_name'])) {
$_SESSION['errors'][] = "Last name must be no number and not empty.";
}
if (empty($_POST['password']) || $_POST['password'] != $_POST['com_password']) {
$_SESSION['errors'][] = "Password can not be empty and remain same password.";
}
//-------------end validation-------------------//
//--------------communicate with Database------------//
$query = "INSERT INTO login_out (email, first_name, last_name, password) \n\t\t\tVALUES ('{$_POST['email']}','{$_POST['first_name']}','{$_POST['last_name']}','{$_POST['password']}');";
run_mysql_query($query);
$_SESSION['log_in'] = true;
header("location: index.php");
}
function register_user($post)
{
$_SESSION['errors'] = array();
if (empty($post['first_name'])) {
$_SESSION['errors']['first_name'] = "First name cant be blank";
}
if (empty($post['last_name'])) {
$_SESSION['errors']['last_name'] = "Last name cant be blank";
}
if (empty($post['email'])) {
$_SESSION['errors']['email'] = "Email cannot be blank";
}
if (!filter_var($post['email'], FILTER_VALIDATE_EMAIL) === true) {
$_SESSION['errors']['email'] = "Email is not valid";
}
if (empty($post['password'])) {
$_SESSION['errors']['password'] = "******";
}
if (strlen($post['password']) < 8) {
$_SESSION['errors']['password'] = "******";
}
if ($post['password'] !== $post['confirm_password']) {
$_SESSION['errors']['confirm_password'] = "******";
}
//--------------navigate user----------------//
if (count($_SESSION['errors']) > 0) {
header('location: login.php');
} else {
$first_name = escape_this_string($post['first_name']);
$last_name = escape_this_string($post['last_name']);
$password = md5($post['password']);
$email = escape_this_string($post['email']);
$query = "INSERT INTO wall.users (first_name, last_name, email, password, created_at, updated_at) \n\t\t\t\t\t\t\tVALUES ('{$first_name}', '{$last_name}', '{$email}', '{$password}', NOW(), NOW())";
$_SESSION['success_message'] = "Welcome {$post['first_name']}, to the wall!";
run_mysql_query($query);
header('location: login.php');
die;
}
}
function register_user($post)
{
//-------------- begin validation checks ---------------//
$_SESSION['errors'] = array();
if (empty($post['f_name'])) {
$_SESSION['errors'][] = "First name canoot be blank";
}
if (empty($post['l_name'])) {
$_SESSION['errors'][] = "Last name cannot be blank";
}
if (empty($post['email'])) {
$_SESSION['errors'][] = "Email cannot be blank";
} else {
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) == true) {
$_SESSION['errors'][] = "Your email address is not valid";
}
}
if (empty($post['password'])) {
$_SESSION['errors'][] = "Password cannot be blank";
}
if ($post['password'] !== $post['confirm_password']) {
$_SESSION['errors'][] = "Your passwords do not match";
}
//-------------- begin validation checks ---------------//
if (count($_SESSION['errors']) > 0) {
header('location: index.php');
//check if there are any errors
die;
} else {
$query = "INSERT INTO users (first_name, last_name, email, password, created_at, updated_at)\n\t\t\t\t\t\t\tVALUES ('{$post['f_name']}', '{$post['l_name']}', '{$post['email']}', '{$post['password']}', NOW(), NOW())";
$_SESSION['success_message'] = "User successfully created!";
run_mysql_query($query);
header('location: index.php');
die;
}
}
$esc_option4 = escape_this_string($_POST['option4']);
$poll_query = "INSERT INTO green_belt.polls (name, description, created_at, updated_at) VALUES ('{$esc_title}', '{$esc_description}', NOW(), NOW())";
$poll_id = run_mysql_query($poll_query);
$option1_query = "INSERT INTO green_belt.poll_options (name, poll_id, updated_at, created_at) VALUES ('{$esc_option1}', {$poll_id}, NOW(), NOW())";
$option2_query = "INSERT INTO green_belt.poll_options (name, poll_id, updated_at, created_at) VALUES ('{$esc_option2}', {$poll_id}, NOW(), NOW())";
$option3_query = "INSERT INTO green_belt.poll_options (name, poll_id, updated_at, created_at) VALUES ('{$esc_option3}', {$poll_id}, NOW(), NOW())";
$option4_query = "INSERT INTO green_belt.poll_options (name, poll_id, updated_at, created_at) VALUES ('{$esc_option4}', {$poll_id}, NOW(), NOW())";
$option1_id = run_mysql_query($option1_query);
$option2_id = run_mysql_query($option2_query);
$option3_id = run_mysql_query($option3_query);
$option4_id = run_mysql_query($option4_query);
header("location: index.php");
}
} elseif (isset($_POST['action']) && $_POST['action'] == 'vote') {
if (empty($_POST['opt'])) {
unset($_SESSION['error']);
$_SESSION['error'][] = "You did not select an option.";
header("location: index.php");
} else {
$result_id = $_POST['opt'];
$poll_id = $_POST['poll_id'];
$result_query = "INSERT INTO green_belt.poll_results (poll_id, poll_option_id, created_at, updated_at) VALUES ({$poll_id}, {$result_id}, NOW(), NOW())";
$result = run_mysql_query($result_query);
unset($_SESSION['error']);
header("location: index.php");
}
} else {
session_destroy();
header("location: index.php");
die;
}
if (isset($_POST['action']) && $_POST['action'] == 'add') {
if (empty($_POST['email'])) {
$_SESSION['validation'] = "Please enter a valid email address.";
} else {
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
$_SESSION['validation'] = "Please enter a valid email address.";
} else {
if (isset($_POST['email'])) {
$query_add = "INSERT INTO emails (email, created_at, updated_at)\n\t\t\t\t\tVALUES('{$_POST['email']}', NOW(), NOW())";
run_mysql_query($query_add);
$_SESSION['validation'] = $_POST['email'] . " has been submitted!";
}
}
}
}
if (isset($_POST['action']) && $_POST['action'] == 'delete') {
if (empty($_POST['email_delete'])) {
$_SESSION['validation'] = "Please enter a valid email address.";
} else {
if (filter_var($_POST['email_delete'], FILTER_VALIDATE_EMAIL) === false) {
$_SESSION['validation'] = "Please enter a valid email address.";
} else {
if (isset($_POST['email_delete'])) {
$query_delete = "DELETE FROM emails WHERE email = '{$_POST['email_delete']}'";
run_mysql_query($query_delete);
$_SESSION['validation'] = $_POST['email_delete'] . " has been deleted!";
}
}
}
}
header('location: success.php');
$_SESSION['error'][] = "Please enter a valid email address.";
}
if (strlen($_POST['password']) < 6 && !empty($_POST['password'])) {
$_SESSION['error'][] = "Password must contain at least 6 characters.";
}
if ($_POST['password'] !== $_POST['confirm_pass']) {
$_SESSION['error'][] = "Passwords do not match.";
}
if (isset($_SESSION['error'])) {
header("location: index.php");
die;
} else {
$query = "INSERT INTO thewall.users (first_name, last_name, email, password, created_at, updated_at) VALUES ('{$_POST['first_name']}', '{$_POST['last_name']}', '{$_POST['email']}', '{$_POST['password']}', NOW(), NOW())";
$user = run_mysql_query($query);
$_SESSION['session_id'] = $user;
header("location: success.php?new=true");
die;
}
} elseif (isset($_POST['action']) && $_POST['action'] == 'msg') {
$query = "INSERT INTO thewall.messages (message, created_at, updated_at, user_id) VALUES ('{$_POST['message']}', NOW(), NOW(), '{$_POST['userid']}')";
run_mysql_query($query);
header("location: success.php?new=false");
} elseif (isset($_POST['action']) && $_POST['action'] == 'cmt') {
$query = "INSERT INTO thewall.comments (comment, created_at, updated_at, user_id, message_id) VALUES ('{$_POST['comment']}', NOW(), NOW(), '{$_POST['userid']}', '{$_POST['messageid']}')";
$comment = run_mysql_query($query);
header("location: success.php?new=false");
} else {
session_destroy();
header("location: index.php");
die;
}
function comment($post)
{
if (empty($post['comment'])) {
header('location:the_wall.php');
die;
}
$query = "INSERT INTO comments (user_id, message_id, comment, created_at, updated_at) VALUES ('{$_SESSION['user']['id']}', '{$post['message_id']}', '{$post['comment']}', NOW(), NOW())";
run_mysql_query($query);
// var_dump($_SESSION['user']);
header('location:the_wall.php');
die;
}
function delete_message($post)
{
require_once 'connect-coding-dojo.php';
//echo "we are here!";
$id = $_POST['record'];
$thirtymin = $_POST['thirtymin'];
if (strtotime(date("H:i F j Y")) < strtotime($thirtymin)) {
$query = "DELETE FROM messages\n\t\t\t\t WHERE messages.id = {$id}";
if (run_mysql_query($query)) {
$_SESSION['message'][] = "<li>Record has been deleted!</li>";
header('location: wall.php');
} else {
$_SESSION['message'][] = "<li>Failed to delete record.</li>";
header('location: wall.php');
}
} else {
$_SESSION['message'][] = "<li>30 minutes has passed. We can no longer delete the record.</li>";
header('location: wall.php');
}
}
<?php
session_start();
require_once 'new-connection.php';
function validateEmail($email)
{
return filter_var($email, FILTER_VALIDATE_EMAIL) ? true : false;
}
if (isset($_POST['action']) && $_POST['action'] == 'email_form') {
if (empty($_POST['email'])) {
$_SESSION['error']['email'] = 'Email address field cannot be blank.';
} else {
$_SESSION['email_success'] = validateEmail($_POST['email']);
if (!$_SESSION['email_success']) {
$_SESSION['error']['email'] = 'Email is INVALID.';
} else {
$insert_email_query = "INSERT INTO users (email, created_at, updated_at)\n\t \t\t\t VALUES('{$_POST['email']}', NOW(), NOW())";
$insert_email_result = run_mysql_query($insert_email_query, $connection);
if ($insert_email_result == true) {
$_SESSION['email'] = $_POST['email'];
header('Location: success.php');
exit;
} else {
$_SESSION['error']['email'] = "Error. Check database connection.";
}
}
}
header('Location: index.php');
exit;
}
<?php
session_start();
if (isset($_POST['delete']) && $_POST['delete'] == "delete") {
// delete_record.php
// include connection page
require_once 'connect-coding-dojo.php';
//echo "we are here!";
$id = $_POST['record'];
$query = "DELETE FROM users\n\t\t\t WHERE users.id = {$id}";
if (run_mysql_query($query)) {
$_SESSION['message'] = "<li>Record has been deleted!</li>";
} else {
$_SESSION['message'] = "<li>Failed to delete record.</li>";
}
header('Location: index.php');
}
exit;
}
}
}
//if user is posting a message
if ($_POST['action'] == 'post_message') {
$query = "INSERT INTO messages (user_id, message, created_at, updated_at) VALUES ('" . escape_this_string($_SESSION['user_id']) . "', '" . escape_this_string($_POST['message']) . "', NOW(), NOW())";
run_mysql_query($query);
header("LOCATION: home.php");
exit;
}
//if user is posting a comment
if ($_POST['action'] == 'post_comment') {
$query = "INSERT INTO comments (message_id, user_id, comment, created_at, updated_at) VALUES ('" . escape_this_string($_POST['message_id']) . "','" . escape_this_string($_POST['user_id']) . "', '" . escape_this_string($_POST['comment']) . "', NOW(), NOW())";
run_mysql_query($query);
header("LOCATION: home.php");
exit;
}
//if user is logging off
if ($_POST['action'] == 'logoff') {
header("LOCATION: index.php");
session_destroy();
exit;
}
//if user is deleting his message
if ($_POST['action'] == 'delete') {
$query = "DELETE FROM messages WHERE id = " . escape_this_string($_POST['message_id']);
run_mysql_query($query);
header("LOCATION: home.php");
exit;
}
if (isset($_POST['action']) && $_POST['action'] == 'login') {
$query = 'SELECT * FROM users WHERE email = "' . $_POST['email'] . '";';
$user = fetch_record($query);
if ($user == null) {
$errLogin = "******";
$_SESSION['error'] .= $errLogin;
header('location: ./index.php');
} else {
if ($user['password'] != $_POST['password']) {
$errMatch = "<p class='errText'>The provided login info doesn't match.</p>";
$_SESSION['error'] .= $errMatch;
header('location: ./index.php');
} else {
$_SESSION['user'] = $user;
header('location: ./wall.php');
}
}
}
////////////////////
// SUBMIT A MSG //
////////////////////
if ($_POST['submission'] == 'comment') {
$comment = "INSERT INTO comments (comment,created_at,message_id,user_id) VALUES ('{$_POST['reply']}',NOW(),'{$_POST['msg_id']}','{$_SESSION['user']['id']}');";
run_mysql_query($comment);
header('location: ./wall.php');
}
if ($_POST['submission'] == 'msg') {
$msg = "INSERT INTO messages (message,created_at,user_id) VALUES ('{$_POST['msg']}',NOW(),'{$_SESSION['user']['id']}');";
run_mysql_query($msg);
header('location: ./wall.php');
}
function register_validation($post)
{
//set error flags to 0
$error_flags = 0;
//first_name errors
if (!empty($_POST['first_name'])) {
$first_name = trim($_POST['first_name']);
$_SESSION['first_name'] = $first_name;
if (preg_match("/^[a-zA-Z ]*\$/", $first_name)) {
$_SESSION['first_name_flag'] = 'good';
} else {
$_SESSION['errors'][] = 'First Name :' . $first_name . ' is invalid. First name cannot contain any numerical values or special characters, please enter a valid name using only alphanumeric characters.';
$_SESSION['first_name_flag'] = 'bad';
$error_flags++;
}
} else {
$_SESSION['errors'][] = 'First name field is empty. Please enter your first name.';
$_SESSION['first_name_flag'] = 'bad';
$error_flags++;
}
//last_name errors
if (!empty($_POST['last_name'])) {
$last_name = trim($_POST['last_name']);
$_SESSION['last_name'] = $last_name;
if (preg_match("/^[a-zA-Z ]*\$/", $last_name)) {
$_SESSION['last_name_flag'] = 'good';
} else {
$_SESSION['errors'][] = 'Last Name :' . $last_name . ' is invalid. Last name cannot contain any numerical values or special characters, please enter a valid name using only alphanumeric characters.';
$_SESSION['last_name_flag'] = 'bad';
$error_flags++;
}
} else {
$_SESSION['errors'][] = 'Last name field is empty. Please enter your last name.';
$_SESSION['last_name_flag'] = 'bad';
$error_flags++;
}
//email errors
if (!empty($_POST['email'])) {
$email = trim($_POST['email']);
//check if email is in use
//include connection page
require_once 'connect-coding-dojo.php';
$esc_email = mysqli_real_escape_string($connection, $email);
$email_query = "SELECT * FROM users WHERE users.email = '{$esc_email}'";
$user = fetch($email_query);
if (!empty($user)) {
$_SESSION['errors'][] = 'Email is in use. Please try a different email.';
$_SESSION['email_flag'] = 'bad';
$error_flags++;
} else {
$_SESSION['email'] = $email;
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$_SESSION['errors'][] = 'Email :' . $email . ' is invalid. Please provide a valid email, like speros@codindojo.com or chris@gmail.com.';
$_SESSION['email_flag'] = 'bad';
$error_flags++;
} else {
$_SESSION['email_flag'] = 'good';
}
}
} else {
$_SESSION['errors'][] = 'Email field is empty. Please enter a valid email, like speros@codindojo.com or chris@yahoo.com.';
$_SESSION['email_flag'] = 'bad';
$error_flags++;
}
//password errors
if (!empty($_POST['password'])) {
$password = trim($_POST['password']);
if (strlen($password) < 6) {
$_SESSION['errors'][] = 'Password must be at least 6 characters.';
$_SESSION['password_flag'] = 'bad';
$error_flags++;
} else {
$_SESSION['password_flag'] = 'good';
}
} else {
$_SESSION['errors'][] = 'Please enter a password';
$_SESSION['password_flag'] = 'bad';
$error_flags++;
}
//confirm password errors
if (!empty($_POST['confirm_password'])) {
$confirm_password = trim($_POST['confirm_password']);
if (strlen($confirm_password) < 6) {
$_SESSION['errors'][] = 'Confirm password must be at least 6 characters. Please re-enter both passwords.';
$_SESSION['password_flag'] = 'bad';
$_SESSION['confirm_password_flag'] = 'bad';
$error_flags++;
} else {
if ($confirm_password == $password) {
$_SESSION['confirm_password_flag'] = 'good';
} else {
$_SESSION['errors'][] = 'Passwords did not match, please re-enter passwords.';
$_SESSION['password_flag'] = 'bad';
$_SESSION['confirm_password_flag'] = 'bad';
$error_flags++;
}
}
} else {
$_SESSION['errors'][] = 'Confirm password not entered. Please enter your passwords again to confirm.';
$_SESSION['password_flag'] = 'bad';
$_SESSION['confirm_password_flag'] = 'bad';
$error_flags++;
}
//date_of_birth errors
if (!empty($_POST['date_of_birth'])) {
$date_of_birth = trim($_POST['date_of_birth']);
$_SESSION['date_of_birth'] = $date_of_birth;
if (strlen($date_of_birth) != 10) {
$_SESSION['errors'][] = '*Date was entered as: ' . $date_of_birth . '. Date of birth must be entered like so : MM/DD/YYYY , 11/17/1988.';
$_SESSION['date_of_birth_flag'] = 'bad';
$error_flags++;
} else {
$dob = explode('/', $date_of_birth);
if (count($dob) != 3) {
$_SESSION['errors'][] = '!Date was entered as: ' . $date_of_birth . '. Date of birth must be entered like so : MM/DD/YYYY , 11/17/1988.';
$_SESSION['date_of_birth_flag'] = 'bad';
$error_flags++;
} else {
if (strlen($dob[0]) == 2 && strlen($dob[1]) == 2 && strlen($dob[2]) == 4) {
$dob_count = 0;
foreach ($dob as $numbers) {
if (is_numeric($numbers)) {
$dob_count++;
}
}
if ($dob_count != 3) {
$_SESSION['errors'][] = 'Date was entered as: ' . $date_of_birth . '. Date of birth must be entered like so : MM/DD/YYYY , 11/17/1988.';
$_SESSION['date_of_birth_flag'] = 'bad';
$error_flags++;
} else {
$_SESSION['date_of_birth_flag'] = 'good';
}
} else {
$_SESSION['errors'][] = '@Date was entered as: ' . $date_of_birth . '. Date of birth must be entered like so : MM/DD/YYYY , 11/17/1988.';
$_SESSION['date_of_birth_flag'] = 'bad';
$error_flags++;
}
}
}
}
if (!empty($_FILES['profile_picture']['tmp_name'])) {
$profile_photo = $_FILES['profile_picture']['name'];
$uploads_dir = 'uploads/';
$profile_picture = $uploads_dir . basename($_FILES['profile_picture']['name']);
$imageFileType = pathinfo($profile_picture, PATHINFO_EXTENSION);
$check = getimagesize($_FILES['profile_picture']['tmp_name']);
$getfilesize = $_FILES['profile_picture']['tmp_name'];
$filesize = filesize($getfilesize);
//check if image is an image
if ($check !== false) {
$_SESSION['OK'][] = "File is an image - " . $check["mime"] . ".";
$_SESSION['profile_picture_flag'] = 'green';
} else {
$_SESSION['errors'][] = "File must be an image file, (JPG, JPEG, PNG, or GIF.";
$_SESSION['profile_picture_flag'] = 'bad';
$error_flags++;
}
// Check file size
if ($filesize > 5000000) {
$_SESSION['errors'][] = "Sorry, your photo must be under 5MB.";
$_SESSION['profile_picture_flag'] = 'bad';
$error_flags++;
}
// Allow certain file formats
if ($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif") {
$_SESSION['errors'][] = "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$_SESSION['profile_picture_flag'] = 'bad';
$error_flags++;
}
}
//if there are any errors, we must redirect them back to the form for registration
if ($error_flags > 0) {
if (isset($profile_photo)) {
$_SESSION['password_flag'] = 'bad';
$_SESSION['confirm_password_flag'] = 'bad';
$_SESSION['profile_picture_flag'] = 'bad';
$_SESSION['errors'][] = "Please re-enter your passwords and profile photo.";
header('location: index.php');
} else {
$_SESSION['password_flag'] = 'bad';
$_SESSION['confirm_password_flag'] = 'bad';
$_SESSION['errors'][] = "Please re-enter your passwords.";
header('location: index.php');
}
} else {
//if a photo exists we will try and upload
if (!empty($_FILES['profile_picture']['tmp_name'])) {
// create another if/else to check if file is successfully moved, in case it is a directory error or something we cannot catch before move
// and preventing upload to database before everything is OK
if (move_uploaded_file($_FILES["profile_picture"]["tmp_name"], $profile_picture)) {
//all validations have passed so we will connect and upload to database
//include connection page
require_once 'connect-coding-dojo.php';
//since dob is optional, we will create empty entry
if (!isset($date_of_birth)) {
$date_of_birth = '';
}
//prevent mysql injection
global $connection;
$esc_email = mysqli_real_escape_string($connection, $email);
$esc_password = mysqli_real_escape_string($connection, $password);
$esc_profile_picture = mysqli_real_escape_string($connection, $profile_photo);
//password handling
// we will create salt
$salt = bin2hex(openssl_random_pseudo_bytes(22));
$encrypted_password = md5($esc_password . '' . $salt);
// if validations check out we insert the records into the database
$query = "INSERT INTO users (first_name, last_name, email, salt, password, date_of_birth, profile_picture, created_at, updated_at)\n\t\t\t\t VALUES('{$first_name}','{$last_name}','{$email}', '{$salt}', '{$encrypted_password}', '{$date_of_birth}','{$esc_profile_picture}', NOW(), NOW())";
if (run_mysql_query($query)) {
//on success let us retrieve the id of the latest entry
$last_id = $connection->insert_id;
$_SESSION['message'][] = "New Interest has been added with the id = " . $last_id;
$_SESSION['active_user_id'] = $last_id;
$_SESSION['message'][] = $query;
header('Location: success.php');
} else {
$_SESSION['message'][] = "<li>Failed to add new Interest</li>";
$_SESSION['message'][] = $query;
header('Location: index.php');
}
} else {
$_SESSION['errors'][] = "Sorry, there was an error uploading your file, please try again or select a different image.";
$_SESSION['profile_picture_flag'] = 'bad';
$error_flags++;
header('location: index.php');
}
} else {
//all validations have passed so we will connect and upload to database
//include connection page
require_once 'connect-coding-dojo.php';
//since dob is optional, we will create empty entry
if (!isset($date_of_birth)) {
$date_of_birth = '';
}
//since profile_picture is optional, we will create empty entry
if (!isset($profile_picture)) {
$profile_picture = '';
}
//prevent mysql injection
global $connection;
$esc_email = mysqli_real_escape_string($connection, $email);
$esc_password = mysqli_real_escape_string($connection, $password);
//password handling
// we will create salt
$salt = bin2hex(openssl_random_pseudo_bytes(22));
$encrypted_password = md5($esc_password . '' . $salt);
// if validations check out we insert the records into the database
$query = "INSERT INTO users (first_name, last_name, email, salt, password, date_of_birth, profile_picture, created_at, updated_at)\n\t\t\t VALUES('{$first_name}','{$last_name}','{$email}', '{$salt}', '{$encrypted_password}', '{$date_of_birth}', '{$profile_picture}', NOW(), NOW())";
if (run_mysql_query($query)) {
//on success let us retrieve the id of the latest entry
$last_id = $connection->insert_id;
$_SESSION['message'][] = "New Interest has been added with the id = " . $last_id;
$_SESSION['active_user_id'] = $last_id;
$_SESSION['message'][] = $query;
header('Location: success.php');
} else {
$_SESSION['message'][] = "<li>Failed to add new Interest</li>";
$_SESSION['message'][] = $query;
header('Location: index.php');
}
}
}
}
}
if (count($errors) > 0) {
$_SESSION['errors'] = $errors;
header('location: index.php');
die;
} else {
$_SESSION['errors'] = $errors;
}
$first_name = escape_this_string($_POST['first_name']);
$last_name = escape_this_string($_POST['last_name']);
$email = escape_this_string($_POST['email']);
$password = escape_this_string($_POST['password']);
$salt = bin2hex(openssl_random_pseudo_bytes(22));
$encrypted_password = md5($password . '' . $salt);
$query = "INSERT INTO users (first_name, last_name, email, password, salt, created_at, updated_at)\n\t\t\t\tVALUES ('{$first_name}', '{$last_name}', '{$email}', '{$encrypted_password}','{$salt}', NOW(), NOW())";
$_SESSION['user_id'] = run_mysql_query($query);
if ($_SESSION['user_id']) {
header('location: main.php');
die;
} else {
echo 'failed';
}
} else {
if (isset($_POST['action']) && $_POST['action'] == 'login') {
$email = escape_this_string($_POST['email']);
$password = escape_this_string($_POST['password']);
$user_query = "SELECT * FROM users WHERE users.email = '{$email}'";
$user = fetch_record($user_query);
if (!empty($user)) {
$encrypted_password = md5($password . '' . $user['salt']);
if ($user['password'] == $encrypted_password) {
