function register_user($post) { $_SESSION['errors'] == array(); if (empty($post['first_name'])) { $_SESSION['errors'][] = "first name can't be blank"; } if (empty($post['last_name'])) { $_SESSION['errors'][] = "last name can't be blank"; } if (empty($post['password'])) { $_SESSION['errors'][] = "password field must not be blank"; } if ($post['password'] !== $post['confirm_password']) { $_SESSION['errors'][] = "passwords must match!"; } if (!filter_var($post['email'], FILTER_VALIDATE_EMAIL)) { $_SESSION['errors'][] = "please use a valid email address!"; } if (count($_SESSION['errors']) > 0) { header('location: index.php'); die; } else { $query = "INSERT INTO users (first_name, last_name, password, email, created_at, updated_at) VALUES ('{$post['first_name']}','{$post['last_name']}','{$post['password']}','{$post['email']}',NOW(),NOW())"; run_mysql_query($query); $_SESSION['success_message'] = 'User successfully created!'; header('location: index.php'); } // var_dump($_SESSION); header('location: index.php'); die; }
function register_user($post) { $_SESSION['errors'] = array(); if (empty($post['first_name'])) { $_SESSION['errors'][] = "First name cannot be blank."; } if (empty($post['last_name'])) { $_SESSION['errors'][] = "Last name cannot be blank."; } if (empty($post['password'])) { $_SESSION['errors'][] = "Password field is required."; } if ($post['password'] !== $post['confirm_password']) { $_SESSION['errors'][] = "Passwords don't match."; } if (!filter_var($post['email'], FILTER_VALIDATE_EMAIL)) { $_SESSION['errors'][] = "Invalid email address."; } //validate for duplicate registration by email if ($post['email'] === $post['email']) { $_SESSION['errors'][] = "Email already registered. Please log in."; } if (count($_SESSION['errors']) > 0) { header("Location: index.php"); die; } else { $query = "INSERT INTO users (first_name, last_name, password, email, created_at, updated_at) \n\t\t\t\t VALUES ('{$post['first_name']}', '{$post['last_name']}', '{$post['password']}', '{$post['email']}', NOW(), NOW())"; run_mysql_query($query); $_SESSION['success_message'] = "Successful registration! Please log in."; header("Location: index.php"); die; } }
function register_user($post) { $_SESSION['errors'] = array(); if (empty($post['first_name'])) { $_SESSION['errors'][] = "first name can't be blank"; } if (empty($post['last_name'])) { $_SESSION['errors'][] = "last name can't be blank"; } if (empty($post['password'])) { $_SESSION['errors'][] = "password field is required"; } if (!filter_var($post['email'], FILTER_VALIDATE_EMAIL)) { $_SESSION['errors'][] = "must be valid email"; } if ($post['password'] !== $post['confirm_password']) { $_SESSION['errors'][] = 'passwords must match'; } ///-------------end of validation checks-----------// if (count($_SESSION['errors']) > 0) { header('Location: index.php'); die; } else { $query = "INSERT INTO users (first_name, last_name, password, email, created_at, updated_at)\r\n\t\t\t\t\tVALUES ('{$post['first_name']}', '{$post['last_name']}', '{$post['password']}', '{$post['email']}', NOW(), NOW())"; run_mysql_query($query); $_SESSION['success_message'] = 'User succesfully created'; header("Location: index.php"); exit; } }
function register_user($post) { //--------------being of validation checks-----------------------// $_SESSION['errors'] = array(); if (empty($post['first_name'])) { $_SESSION['errors'][] = "First name can't be blank"; } if (empty($post['last_name'])) { $_SESSION['errors'][] = "Last name can't be blank"; } if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $_SESSION['errors'][] = "Please enter a valid email address"; } if (empty($post['password']) || empty($post['confirm_password'])) { $_SESSION['errors'][] = "Password field is required"; } if ($post['password'] !== $post['confirm_password']) { $_SESSION['errors'][] = "Password must match"; } //--------------end of validation checks-----------------------// if (count($_SESSION['errors']) === 0) { $query = "INSERT INTO users (first_name, last_name, email, password, created_at, updated_at)\n\t\t\t\t\t VALUES ('{$_POST['first_name']}', '{$_POST['last_name']}', '{$_POST['email']}', '{$_POST['password']}', NOW(), NOW())"; run_mysql_query($query); $_SESSION['message'] = "Registration Successful!"; } header("Location: index.php"); }
function register_user($post) { // --------begin val checks--------------- $_SESSION['errors'] = array(); if (empty($post['first_name'])) { $_SESSION['errors'][] = "first name can't be blank"; } if (empty($post['last_name'])) { $_SESSION['errors'][] = "last name can't be blank"; } if (empty($post['password'])) { $_SESSION['errors'][] = "password can't be blank"; } if ($post['password'] !== $post['confirm_password']) { $_SESSION['errors'][] = "password must match"; } if (!filter_var($post['email'], FILTER_VALIDATE_EMAIL)) { $_SESSION['errors'][] = "please use a valid email"; } //-------end of validation checks if (count($_SESSION['errors']) > 0) { //if there's any errors at all header('location: index.php'); die; } else { //insert database $query = "INSERT INTO users (first_name, last_name, email, password, created_at, updated_at)\n\t\tVALUES ('{$post['first_name']}','{$post['last_name']}','{$post['email']}','{$post['password']}',NOW(),NOW())"; run_mysql_query($query); $_SESSION['success_message'] = 'Yay, you did it!'; header('location: index.php'); die; } }
function post_comments() { $comment = escape_this_string($_POST["comment"]); $query = "INSERT INTO comments (comment, created_at, updated_at, message_id, user_id)\n\t\t\t\t VALUES ('{$comment}', NOW(), NOW(), '{$_POST['message_id']}', '{$_SESSION['user_id']}')"; if (run_mysql_query($query)) { header("Location: wall.php"); } }
function register_user($post) { $errors = array(); // Begin validation checks if (empty($_POST["first_name"])) { $errors[] = "Please provide a first name!"; } else { if (preg_match("/[0-9]/", $_POST["first_name"])) { $errors[] = "Please provide a valid first name!"; } } if (empty($_POST["last_name"])) { $errors[] = "Please provide a last name!"; } else { if (preg_match("/[0-9]/", $_POST["last_name"])) { $errors[] = "Please provide a valid last name!"; } } if (empty($_POST["email"])) { $errors[] = "Please provide an email!"; } else { if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) { $errors[] = "Please provide a valid email!"; } } if (empty($_POST["password"])) { $errors[] = "Please provide a password!"; } else { if (strlen($_POST["password"]) < 7) { $errors[] = "Please provide a password that has at least 6 characters!"; } } if (empty($_POST["c_password"])) { $errors[] = "Please confirm password"; } else { if ($_POST["password"] != $_POST["c_password"]) { $errors[] = "Please provide a matching password!"; } } // End of validation checks if (count($errors) > 0) { $_SESSION["errors"] = $errors; header("Location: index.php"); die; } else { $first_name = escape_this_string($_POST["first_name"]); $last_name = escape_this_string($_POST["last_name"]); $email = escape_this_string($_POST["email"]); $password = escape_this_string($_POST["password"]); $query = "INSERT INTO users (first_name, last_name, email, password, created_at, updated_at)\n\t\t\t\t\t VALUES ('{$first_name}', '{$last_name}', '{$email}', '{$password}', NOW(), NOW())"; if (run_mysql_query($query)) { $_SESSION["success"] = "You have successfully registered!"; header("Location: index.php"); die; } } }
function wall_post($wall_post) { $query = "INSERT INTO messages (message, created_at, updated_at, users_id)\n\tVALUES ('{$wall_post['wall']}', NOW(), NOW(), {$_SESSION['user_id']})"; // var_dump($query); // die(); run_mysql_query($query); header('location: success.php'); die; }
function register_user($post) { $_SESSION['errors'] = array(); // Assigning more secure variables to important fields using escape_this_string function $username = escape_this_string($post['username']); $email = escape_this_string($post['email']); $password = escape_this_string($post['password']); // Beginning of validation checks // Attempt at validating existing information $check_data_query = "SELECT users.username, users.email FROM users"; $existing_users = fetch_all($check_data_query); if (!empty($existing_users)) { foreach ($existing_users as $user) { if ($username == $user['username']) { $_SESSION['errors'][] = 'This username is already taken.'; } if ($email == $user['email']) { $_SESSION['errors'][] = 'This email is already in use.'; } } } // Validating non-existing information to make sure nothing is blank or invalid if (empty($username)) { $_SESSION['errors'][] = "Username cannot be blank."; } if (empty($post['first_name'])) { $_SESSION['errors'][] = "First name cannot be blank."; } if (empty($post['last_name'])) { $_SESSION['errors'][] = "Last name cannot be blank."; } if (empty($password)) { $_SESSION['errors'][] = "Password fields cannot be blank."; } if ($post['password'] !== $post['confirm_password']) { $_SESSION['errors'][] = "Passwords must match."; } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $_SESSION['errors'][] = "Please use a valid email address."; } if (count($_SESSION['errors']) > 0) { header('Location: main.php'); exit; } else { // Here I am gonna encrypt both the email and password and then I'm going to make a query to insert that data into the database $salt = bin2hex(openssl_random_pseudo_bytes(22)); $encrypted_password = md5($password . '' . $salt); $query = "INSERT INTO users (username, first_name, last_name, email, password, salt, created_at, updated_at) \n\t\t\t \t\t VALUES ('{$username}', '{$post['first_name']}', '{$post['last_name']}', '{$email}', '{$encrypted_password}', '{$salt}', NOW(), NOW())"; run_mysql_query($query); $_SESSION['success'] = "User has been successfully created!"; header('Location: main.php'); exit; } }
function comment_action($post) { if (!empty($post['comment'])) { $comment_query = "INSERT INTO comments (users_id, messages_id, comment, created_at, updated_at) \n\t\t\t\t\t\t VALUES (" . $_SESSION['user_id'] . ", '{$post['messages_id']}', '{$post['comment']}', NOW(), NOW())"; run_mysql_query($comment_query); header("Location: wall.php"); } else { $_SESSION['errors'][] = "Comment field cannot be empty."; header("Location: wall.php"); die; } }
function user_message($post) { $_SESSION['errors'] = array(); if (empty($post['message'])) { $_SESSION['errors'][] = "Message cannot be blank"; } //----------No Errors then run query------------// if (count($_SESSION['errors']) == 0) { $query = "INSERT INTO wall.messages (message, created_at, updated_at, users_id) VALUES ('{$_POST['message']}', NOW(), NOW(), {$_SESSION['user_id']});"; $_SESSION['success_message'] = "Your message has successfully been posted!"; run_mysql_query($query); } }
public function gawa_ng_kalendaryo($year) { $numberOfDays = 390; $newdayofweek = 1; $weekNumber = 1; $days = "+0 days"; // check table for the last date on the the table $query = "SELECT juliandate FROM fiscalcalendar ORDER BY juliandate desc Limit 1"; $result = fetch_record($query); if ($result['juliandate'] == 0) { $juliandate = gregoriantojd(01, 01, date('Y', strtotime($year))); } else { $juliandate = $result['juliandate'] + 1; } // $juliandate = gregoriantojd(01,01,date('Y',strtotime($days))); echo "<table border='5px'><thead><td>Julian Date</td><td>Gregorian Date</td><td>end of week</td><td>end of month</td><td>week#</td></thead><tbody>"; for ($i = 0; $i <= $numberOfDays; $i++) { // check for end of week $days = JDToGregorian($juliandate); if (date('N', strtotime($days)) == 7) { $endOfWeek = 'Y'; } else { $endOfWeek = 'N'; } // end of year if (date("m", strtotime($days)) == 12 && date("j", strtotime($days)) == date("t", strtotime($days))) { $endofyear = 'Y'; } else { $endofyear = 'N'; } // end of month if (date("j", strtotime($days)) == date("t", strtotime($days))) { $endofmonth = 'Y'; } else { $endofmonth = 'N'; } if (date("j", strtotime($days)) == 1) { $weekNumber = 1; $newdayofweek = date('N', strtotime($days)); } else { if ($newdayofweek == date('N', strtotime($days))) { $weekNumber += 1; } } echo "<tr>" . $juliandate . '</td><td>' . JDToGregorian($juliandate) . '</td><td>' . $endOfWeek . '</td><td>' . $endofmonth . '</td><td>' . $weekNumber . '</td></tr>'; $query = "INSERT INTO fiscalcalendar (juliandate,fdate, fmonth, fday, fyear, endOfWeek, endofmonth, dayOfWeek, weekNumber) VALUES('" . $juliandate . "','" . date("y-m-d", strtotime($days)) . "'," . date("m", strtotime($days)) . "," . date('j', strtotime($days)) . "," . date('Y', strtotime($days)) . ",'" . $endOfWeek . "','" . $endofmonth . "','" . date('N', strtotime($days)) . "'," . $weekNumber . ")"; $result = run_mysql_query($query); $juliandate += 1; } }
function insert_query_comment($post) { $content = escape_this_string($post['content']); $query = "INSERT INTO comments\n\t\t\t\t\t(content, created_at, updated_at,post_id,user_id)\n\t\t\t\t\tvalues\n\t\t\t\t\t('{$content}',now(),now(),{$_POST['post_id']},{$_SESSION['user_id']});"; if (run_mysql_query($query)) { // run query here header('Location: wall.php'); return true; } else { var_dump($post); die("System Error"); } //return }
function post_comment($post) { if (empty($post['comments'])) { $_SESSION['errors'][] = "Please submit a comment."; header("Location: success.php"); exit; } elseif (!empty($post['comments'])) { $query = "INSERT INTO comments (comment, created_at, updated_at, users_id, messages_id)\r\n\t\t\t\tVALUES ('{$post['comments']}', NOW(), NOW(), '{$post['user_id']}', '{$post['message_id']}')"; run_mysql_query($query); $query = "SELECT * FROM users\r\n\t\t\t\tLEFT JOIN comments\r\n\t\t\t\tON users.id = comments.users_id"; $_SESSION['comments'] = fetch_all($query); header("Location: success.php"); die; } }
function insert_comment($post) { // Making sure that comment is not empty, don't want any empty comments clogging up my database if (empty($post['comment'])) { $_SESSION['blank'] = "Your comment cannot be blank!"; header('Location: wall.php'); exit; } if (!empty($post['comment'])) { $query = "INSERT INTO comments (message_id, user_id, comment, created_at, updated_at) \n\t\t\t\t\t VALUES ('{$post['message_id']}', '{$_SESSION['user_id']}', '{$post['comment']}', NOW(), NOW())"; run_mysql_query($query); header('Location: wall.php'); exit; } }
function insert_query($post) { foreach ($post as $key => $value) { $post[$key] = escape_this_string($value); } // escape everything in $post $query = "INSERT INTO users(name_first, name_last, email, password, created_at, updated_at)\n\tvalues('{$post['name_first']}','{$post['name_last']}','{$post['email']}','{$post['password']}',now(),now())"; if (run_mysql_query($query)) { // run query here $get_register_query = "SELECT id as user_id, name_first, name_last\n\t\t\t\t\t\t\t\tFROM users\n\t\t\t\t\t\t\t\tWHERE email='{$post['email']}'\n\t\t\t\t\t\t\t\tAND password='******'password']}';\n\t\t"; var_dump($get_register_query); die; // $_SESSION=fetch($get_register_query)[0]; // user array replaces SESSION // header("Location: wall.php"); } else { var_dump($post); die("System Error"); } //return boolean false if errors }
function register($post) { //------------begin validation----------------// if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $_SESSION['errors'][] = "Email format is NOT validate!"; } if (empty($_POST['first_name']) || has_number($_POST['first_name'])) { $_SESSION['errors'][] = "First name must be no number and not empty."; } if (empty($_POST['last_name']) || has_number($_POST['last_name'])) { $_SESSION['errors'][] = "Last name must be no number and not empty."; } if (empty($_POST['password']) || $_POST['password'] != $_POST['com_password']) { $_SESSION['errors'][] = "Password can not be empty and remain same password."; } //-------------end validation-------------------// //--------------communicate with Database------------// $query = "INSERT INTO login_out (email, first_name, last_name, password) \n\t\t\tVALUES ('{$_POST['email']}','{$_POST['first_name']}','{$_POST['last_name']}','{$_POST['password']}');"; run_mysql_query($query); $_SESSION['log_in'] = true; header("location: index.php"); }
function register_user($post) { $_SESSION['errors'] = array(); if (empty($post['first_name'])) { $_SESSION['errors']['first_name'] = "First name cant be blank"; } if (empty($post['last_name'])) { $_SESSION['errors']['last_name'] = "Last name cant be blank"; } if (empty($post['email'])) { $_SESSION['errors']['email'] = "Email cannot be blank"; } if (!filter_var($post['email'], FILTER_VALIDATE_EMAIL) === true) { $_SESSION['errors']['email'] = "Email is not valid"; } if (empty($post['password'])) { $_SESSION['errors']['password'] = "******"; } if (strlen($post['password']) < 8) { $_SESSION['errors']['password'] = "******"; } if ($post['password'] !== $post['confirm_password']) { $_SESSION['errors']['confirm_password'] = "******"; } //--------------navigate user----------------// if (count($_SESSION['errors']) > 0) { header('location: login.php'); } else { $first_name = escape_this_string($post['first_name']); $last_name = escape_this_string($post['last_name']); $password = md5($post['password']); $email = escape_this_string($post['email']); $query = "INSERT INTO wall.users (first_name, last_name, email, password, created_at, updated_at) \n\t\t\t\t\t\t\tVALUES ('{$first_name}', '{$last_name}', '{$email}', '{$password}', NOW(), NOW())"; $_SESSION['success_message'] = "Welcome {$post['first_name']}, to the wall!"; run_mysql_query($query); header('location: login.php'); die; } }
function register_user($post) { //-------------- begin validation checks ---------------// $_SESSION['errors'] = array(); if (empty($post['f_name'])) { $_SESSION['errors'][] = "First name canoot be blank"; } if (empty($post['l_name'])) { $_SESSION['errors'][] = "Last name cannot be blank"; } if (empty($post['email'])) { $_SESSION['errors'][] = "Email cannot be blank"; } else { if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) == true) { $_SESSION['errors'][] = "Your email address is not valid"; } } if (empty($post['password'])) { $_SESSION['errors'][] = "Password cannot be blank"; } if ($post['password'] !== $post['confirm_password']) { $_SESSION['errors'][] = "Your passwords do not match"; } //-------------- begin validation checks ---------------// if (count($_SESSION['errors']) > 0) { header('location: index.php'); //check if there are any errors die; } else { $query = "INSERT INTO users (first_name, last_name, email, password, created_at, updated_at)\n\t\t\t\t\t\t\tVALUES ('{$post['f_name']}', '{$post['l_name']}', '{$post['email']}', '{$post['password']}', NOW(), NOW())"; $_SESSION['success_message'] = "User successfully created!"; run_mysql_query($query); header('location: index.php'); die; } }
$esc_option4 = escape_this_string($_POST['option4']); $poll_query = "INSERT INTO green_belt.polls (name, description, created_at, updated_at) VALUES ('{$esc_title}', '{$esc_description}', NOW(), NOW())"; $poll_id = run_mysql_query($poll_query); $option1_query = "INSERT INTO green_belt.poll_options (name, poll_id, updated_at, created_at) VALUES ('{$esc_option1}', {$poll_id}, NOW(), NOW())"; $option2_query = "INSERT INTO green_belt.poll_options (name, poll_id, updated_at, created_at) VALUES ('{$esc_option2}', {$poll_id}, NOW(), NOW())"; $option3_query = "INSERT INTO green_belt.poll_options (name, poll_id, updated_at, created_at) VALUES ('{$esc_option3}', {$poll_id}, NOW(), NOW())"; $option4_query = "INSERT INTO green_belt.poll_options (name, poll_id, updated_at, created_at) VALUES ('{$esc_option4}', {$poll_id}, NOW(), NOW())"; $option1_id = run_mysql_query($option1_query); $option2_id = run_mysql_query($option2_query); $option3_id = run_mysql_query($option3_query); $option4_id = run_mysql_query($option4_query); header("location: index.php"); } } elseif (isset($_POST['action']) && $_POST['action'] == 'vote') { if (empty($_POST['opt'])) { unset($_SESSION['error']); $_SESSION['error'][] = "You did not select an option."; header("location: index.php"); } else { $result_id = $_POST['opt']; $poll_id = $_POST['poll_id']; $result_query = "INSERT INTO green_belt.poll_results (poll_id, poll_option_id, created_at, updated_at) VALUES ({$poll_id}, {$result_id}, NOW(), NOW())"; $result = run_mysql_query($result_query); unset($_SESSION['error']); header("location: index.php"); } } else { session_destroy(); header("location: index.php"); die; }
if (isset($_POST['action']) && $_POST['action'] == 'add') { if (empty($_POST['email'])) { $_SESSION['validation'] = "Please enter a valid email address."; } else { if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) { $_SESSION['validation'] = "Please enter a valid email address."; } else { if (isset($_POST['email'])) { $query_add = "INSERT INTO emails (email, created_at, updated_at)\n\t\t\t\t\tVALUES('{$_POST['email']}', NOW(), NOW())"; run_mysql_query($query_add); $_SESSION['validation'] = $_POST['email'] . " has been submitted!"; } } } } if (isset($_POST['action']) && $_POST['action'] == 'delete') { if (empty($_POST['email_delete'])) { $_SESSION['validation'] = "Please enter a valid email address."; } else { if (filter_var($_POST['email_delete'], FILTER_VALIDATE_EMAIL) === false) { $_SESSION['validation'] = "Please enter a valid email address."; } else { if (isset($_POST['email_delete'])) { $query_delete = "DELETE FROM emails WHERE email = '{$_POST['email_delete']}'"; run_mysql_query($query_delete); $_SESSION['validation'] = $_POST['email_delete'] . " has been deleted!"; } } } } header('location: success.php');
$_SESSION['error'][] = "Please enter a valid email address."; } if (strlen($_POST['password']) < 6 && !empty($_POST['password'])) { $_SESSION['error'][] = "Password must contain at least 6 characters."; } if ($_POST['password'] !== $_POST['confirm_pass']) { $_SESSION['error'][] = "Passwords do not match."; } if (isset($_SESSION['error'])) { header("location: index.php"); die; } else { $query = "INSERT INTO thewall.users (first_name, last_name, email, password, created_at, updated_at) VALUES ('{$_POST['first_name']}', '{$_POST['last_name']}', '{$_POST['email']}', '{$_POST['password']}', NOW(), NOW())"; $user = run_mysql_query($query); $_SESSION['session_id'] = $user; header("location: success.php?new=true"); die; } } elseif (isset($_POST['action']) && $_POST['action'] == 'msg') { $query = "INSERT INTO thewall.messages (message, created_at, updated_at, user_id) VALUES ('{$_POST['message']}', NOW(), NOW(), '{$_POST['userid']}')"; run_mysql_query($query); header("location: success.php?new=false"); } elseif (isset($_POST['action']) && $_POST['action'] == 'cmt') { $query = "INSERT INTO thewall.comments (comment, created_at, updated_at, user_id, message_id) VALUES ('{$_POST['comment']}', NOW(), NOW(), '{$_POST['userid']}', '{$_POST['messageid']}')"; $comment = run_mysql_query($query); header("location: success.php?new=false"); } else { session_destroy(); header("location: index.php"); die; }
function comment($post) { if (empty($post['comment'])) { header('location:the_wall.php'); die; } $query = "INSERT INTO comments (user_id, message_id, comment, created_at, updated_at) VALUES ('{$_SESSION['user']['id']}', '{$post['message_id']}', '{$post['comment']}', NOW(), NOW())"; run_mysql_query($query); // var_dump($_SESSION['user']); header('location:the_wall.php'); die; }
function delete_message($post) { require_once 'connect-coding-dojo.php'; //echo "we are here!"; $id = $_POST['record']; $thirtymin = $_POST['thirtymin']; if (strtotime(date("H:i F j Y")) < strtotime($thirtymin)) { $query = "DELETE FROM messages\n\t\t\t\t WHERE messages.id = {$id}"; if (run_mysql_query($query)) { $_SESSION['message'][] = "<li>Record has been deleted!</li>"; header('location: wall.php'); } else { $_SESSION['message'][] = "<li>Failed to delete record.</li>"; header('location: wall.php'); } } else { $_SESSION['message'][] = "<li>30 minutes has passed. We can no longer delete the record.</li>"; header('location: wall.php'); } }
<?php session_start(); require_once 'new-connection.php'; function validateEmail($email) { return filter_var($email, FILTER_VALIDATE_EMAIL) ? true : false; } if (isset($_POST['action']) && $_POST['action'] == 'email_form') { if (empty($_POST['email'])) { $_SESSION['error']['email'] = 'Email address field cannot be blank.'; } else { $_SESSION['email_success'] = validateEmail($_POST['email']); if (!$_SESSION['email_success']) { $_SESSION['error']['email'] = 'Email is INVALID.'; } else { $insert_email_query = "INSERT INTO users (email, created_at, updated_at)\n\t \t\t\t VALUES('{$_POST['email']}', NOW(), NOW())"; $insert_email_result = run_mysql_query($insert_email_query, $connection); if ($insert_email_result == true) { $_SESSION['email'] = $_POST['email']; header('Location: success.php'); exit; } else { $_SESSION['error']['email'] = "Error. Check database connection."; } } } header('Location: index.php'); exit; }
<?php session_start(); if (isset($_POST['delete']) && $_POST['delete'] == "delete") { // delete_record.php // include connection page require_once 'connect-coding-dojo.php'; //echo "we are here!"; $id = $_POST['record']; $query = "DELETE FROM users\n\t\t\t WHERE users.id = {$id}"; if (run_mysql_query($query)) { $_SESSION['message'] = "<li>Record has been deleted!</li>"; } else { $_SESSION['message'] = "<li>Failed to delete record.</li>"; } header('Location: index.php'); }
exit; } } } //if user is posting a message if ($_POST['action'] == 'post_message') { $query = "INSERT INTO messages (user_id, message, created_at, updated_at) VALUES ('" . escape_this_string($_SESSION['user_id']) . "', '" . escape_this_string($_POST['message']) . "', NOW(), NOW())"; run_mysql_query($query); header("LOCATION: home.php"); exit; } //if user is posting a comment if ($_POST['action'] == 'post_comment') { $query = "INSERT INTO comments (message_id, user_id, comment, created_at, updated_at) VALUES ('" . escape_this_string($_POST['message_id']) . "','" . escape_this_string($_POST['user_id']) . "', '" . escape_this_string($_POST['comment']) . "', NOW(), NOW())"; run_mysql_query($query); header("LOCATION: home.php"); exit; } //if user is logging off if ($_POST['action'] == 'logoff') { header("LOCATION: index.php"); session_destroy(); exit; } //if user is deleting his message if ($_POST['action'] == 'delete') { $query = "DELETE FROM messages WHERE id = " . escape_this_string($_POST['message_id']); run_mysql_query($query); header("LOCATION: home.php"); exit; }
if (isset($_POST['action']) && $_POST['action'] == 'login') { $query = 'SELECT * FROM users WHERE email = "' . $_POST['email'] . '";'; $user = fetch_record($query); if ($user == null) { $errLogin = "******"; $_SESSION['error'] .= $errLogin; header('location: ./index.php'); } else { if ($user['password'] != $_POST['password']) { $errMatch = "<p class='errText'>The provided login info doesn't match.</p>"; $_SESSION['error'] .= $errMatch; header('location: ./index.php'); } else { $_SESSION['user'] = $user; header('location: ./wall.php'); } } } //////////////////// // SUBMIT A MSG // //////////////////// if ($_POST['submission'] == 'comment') { $comment = "INSERT INTO comments (comment,created_at,message_id,user_id) VALUES ('{$_POST['reply']}',NOW(),'{$_POST['msg_id']}','{$_SESSION['user']['id']}');"; run_mysql_query($comment); header('location: ./wall.php'); } if ($_POST['submission'] == 'msg') { $msg = "INSERT INTO messages (message,created_at,user_id) VALUES ('{$_POST['msg']}',NOW(),'{$_SESSION['user']['id']}');"; run_mysql_query($msg); header('location: ./wall.php'); }
function register_validation($post) { //set error flags to 0 $error_flags = 0; //first_name errors if (!empty($_POST['first_name'])) { $first_name = trim($_POST['first_name']); $_SESSION['first_name'] = $first_name; if (preg_match("/^[a-zA-Z ]*\$/", $first_name)) { $_SESSION['first_name_flag'] = 'good'; } else { $_SESSION['errors'][] = 'First Name :' . $first_name . ' is invalid. First name cannot contain any numerical values or special characters, please enter a valid name using only alphanumeric characters.'; $_SESSION['first_name_flag'] = 'bad'; $error_flags++; } } else { $_SESSION['errors'][] = 'First name field is empty. Please enter your first name.'; $_SESSION['first_name_flag'] = 'bad'; $error_flags++; } //last_name errors if (!empty($_POST['last_name'])) { $last_name = trim($_POST['last_name']); $_SESSION['last_name'] = $last_name; if (preg_match("/^[a-zA-Z ]*\$/", $last_name)) { $_SESSION['last_name_flag'] = 'good'; } else { $_SESSION['errors'][] = 'Last Name :' . $last_name . ' is invalid. Last name cannot contain any numerical values or special characters, please enter a valid name using only alphanumeric characters.'; $_SESSION['last_name_flag'] = 'bad'; $error_flags++; } } else { $_SESSION['errors'][] = 'Last name field is empty. Please enter your last name.'; $_SESSION['last_name_flag'] = 'bad'; $error_flags++; } //email errors if (!empty($_POST['email'])) { $email = trim($_POST['email']); //check if email is in use //include connection page require_once 'connect-coding-dojo.php'; $esc_email = mysqli_real_escape_string($connection, $email); $email_query = "SELECT * FROM users WHERE users.email = '{$esc_email}'"; $user = fetch($email_query); if (!empty($user)) { $_SESSION['errors'][] = 'Email is in use. Please try a different email.'; $_SESSION['email_flag'] = 'bad'; $error_flags++; } else { $_SESSION['email'] = $email; if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $_SESSION['errors'][] = 'Email :' . $email . ' is invalid. Please provide a valid email, like speros@codindojo.com or chris@gmail.com.'; $_SESSION['email_flag'] = 'bad'; $error_flags++; } else { $_SESSION['email_flag'] = 'good'; } } } else { $_SESSION['errors'][] = 'Email field is empty. Please enter a valid email, like speros@codindojo.com or chris@yahoo.com.'; $_SESSION['email_flag'] = 'bad'; $error_flags++; } //password errors if (!empty($_POST['password'])) { $password = trim($_POST['password']); if (strlen($password) < 6) { $_SESSION['errors'][] = 'Password must be at least 6 characters.'; $_SESSION['password_flag'] = 'bad'; $error_flags++; } else { $_SESSION['password_flag'] = 'good'; } } else { $_SESSION['errors'][] = 'Please enter a password'; $_SESSION['password_flag'] = 'bad'; $error_flags++; } //confirm password errors if (!empty($_POST['confirm_password'])) { $confirm_password = trim($_POST['confirm_password']); if (strlen($confirm_password) < 6) { $_SESSION['errors'][] = 'Confirm password must be at least 6 characters. Please re-enter both passwords.'; $_SESSION['password_flag'] = 'bad'; $_SESSION['confirm_password_flag'] = 'bad'; $error_flags++; } else { if ($confirm_password == $password) { $_SESSION['confirm_password_flag'] = 'good'; } else { $_SESSION['errors'][] = 'Passwords did not match, please re-enter passwords.'; $_SESSION['password_flag'] = 'bad'; $_SESSION['confirm_password_flag'] = 'bad'; $error_flags++; } } } else { $_SESSION['errors'][] = 'Confirm password not entered. Please enter your passwords again to confirm.'; $_SESSION['password_flag'] = 'bad'; $_SESSION['confirm_password_flag'] = 'bad'; $error_flags++; } //date_of_birth errors if (!empty($_POST['date_of_birth'])) { $date_of_birth = trim($_POST['date_of_birth']); $_SESSION['date_of_birth'] = $date_of_birth; if (strlen($date_of_birth) != 10) { $_SESSION['errors'][] = '*Date was entered as: ' . $date_of_birth . '. Date of birth must be entered like so : MM/DD/YYYY , 11/17/1988.'; $_SESSION['date_of_birth_flag'] = 'bad'; $error_flags++; } else { $dob = explode('/', $date_of_birth); if (count($dob) != 3) { $_SESSION['errors'][] = '!Date was entered as: ' . $date_of_birth . '. Date of birth must be entered like so : MM/DD/YYYY , 11/17/1988.'; $_SESSION['date_of_birth_flag'] = 'bad'; $error_flags++; } else { if (strlen($dob[0]) == 2 && strlen($dob[1]) == 2 && strlen($dob[2]) == 4) { $dob_count = 0; foreach ($dob as $numbers) { if (is_numeric($numbers)) { $dob_count++; } } if ($dob_count != 3) { $_SESSION['errors'][] = 'Date was entered as: ' . $date_of_birth . '. Date of birth must be entered like so : MM/DD/YYYY , 11/17/1988.'; $_SESSION['date_of_birth_flag'] = 'bad'; $error_flags++; } else { $_SESSION['date_of_birth_flag'] = 'good'; } } else { $_SESSION['errors'][] = '@Date was entered as: ' . $date_of_birth . '. Date of birth must be entered like so : MM/DD/YYYY , 11/17/1988.'; $_SESSION['date_of_birth_flag'] = 'bad'; $error_flags++; } } } } if (!empty($_FILES['profile_picture']['tmp_name'])) { $profile_photo = $_FILES['profile_picture']['name']; $uploads_dir = 'uploads/'; $profile_picture = $uploads_dir . basename($_FILES['profile_picture']['name']); $imageFileType = pathinfo($profile_picture, PATHINFO_EXTENSION); $check = getimagesize($_FILES['profile_picture']['tmp_name']); $getfilesize = $_FILES['profile_picture']['tmp_name']; $filesize = filesize($getfilesize); //check if image is an image if ($check !== false) { $_SESSION['OK'][] = "File is an image - " . $check["mime"] . "."; $_SESSION['profile_picture_flag'] = 'green'; } else { $_SESSION['errors'][] = "File must be an image file, (JPG, JPEG, PNG, or GIF."; $_SESSION['profile_picture_flag'] = 'bad'; $error_flags++; } // Check file size if ($filesize > 5000000) { $_SESSION['errors'][] = "Sorry, your photo must be under 5MB."; $_SESSION['profile_picture_flag'] = 'bad'; $error_flags++; } // Allow certain file formats if ($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif") { $_SESSION['errors'][] = "Sorry, only JPG, JPEG, PNG & GIF files are allowed."; $_SESSION['profile_picture_flag'] = 'bad'; $error_flags++; } } //if there are any errors, we must redirect them back to the form for registration if ($error_flags > 0) { if (isset($profile_photo)) { $_SESSION['password_flag'] = 'bad'; $_SESSION['confirm_password_flag'] = 'bad'; $_SESSION['profile_picture_flag'] = 'bad'; $_SESSION['errors'][] = "Please re-enter your passwords and profile photo."; header('location: index.php'); } else { $_SESSION['password_flag'] = 'bad'; $_SESSION['confirm_password_flag'] = 'bad'; $_SESSION['errors'][] = "Please re-enter your passwords."; header('location: index.php'); } } else { //if a photo exists we will try and upload if (!empty($_FILES['profile_picture']['tmp_name'])) { // create another if/else to check if file is successfully moved, in case it is a directory error or something we cannot catch before move // and preventing upload to database before everything is OK if (move_uploaded_file($_FILES["profile_picture"]["tmp_name"], $profile_picture)) { //all validations have passed so we will connect and upload to database //include connection page require_once 'connect-coding-dojo.php'; //since dob is optional, we will create empty entry if (!isset($date_of_birth)) { $date_of_birth = ''; } //prevent mysql injection global $connection; $esc_email = mysqli_real_escape_string($connection, $email); $esc_password = mysqli_real_escape_string($connection, $password); $esc_profile_picture = mysqli_real_escape_string($connection, $profile_photo); //password handling // we will create salt $salt = bin2hex(openssl_random_pseudo_bytes(22)); $encrypted_password = md5($esc_password . '' . $salt); // if validations check out we insert the records into the database $query = "INSERT INTO users (first_name, last_name, email, salt, password, date_of_birth, profile_picture, created_at, updated_at)\n\t\t\t\t VALUES('{$first_name}','{$last_name}','{$email}', '{$salt}', '{$encrypted_password}', '{$date_of_birth}','{$esc_profile_picture}', NOW(), NOW())"; if (run_mysql_query($query)) { //on success let us retrieve the id of the latest entry $last_id = $connection->insert_id; $_SESSION['message'][] = "New Interest has been added with the id = " . $last_id; $_SESSION['active_user_id'] = $last_id; $_SESSION['message'][] = $query; header('Location: success.php'); } else { $_SESSION['message'][] = "<li>Failed to add new Interest</li>"; $_SESSION['message'][] = $query; header('Location: index.php'); } } else { $_SESSION['errors'][] = "Sorry, there was an error uploading your file, please try again or select a different image."; $_SESSION['profile_picture_flag'] = 'bad'; $error_flags++; header('location: index.php'); } } else { //all validations have passed so we will connect and upload to database //include connection page require_once 'connect-coding-dojo.php'; //since dob is optional, we will create empty entry if (!isset($date_of_birth)) { $date_of_birth = ''; } //since profile_picture is optional, we will create empty entry if (!isset($profile_picture)) { $profile_picture = ''; } //prevent mysql injection global $connection; $esc_email = mysqli_real_escape_string($connection, $email); $esc_password = mysqli_real_escape_string($connection, $password); //password handling // we will create salt $salt = bin2hex(openssl_random_pseudo_bytes(22)); $encrypted_password = md5($esc_password . '' . $salt); // if validations check out we insert the records into the database $query = "INSERT INTO users (first_name, last_name, email, salt, password, date_of_birth, profile_picture, created_at, updated_at)\n\t\t\t VALUES('{$first_name}','{$last_name}','{$email}', '{$salt}', '{$encrypted_password}', '{$date_of_birth}', '{$profile_picture}', NOW(), NOW())"; if (run_mysql_query($query)) { //on success let us retrieve the id of the latest entry $last_id = $connection->insert_id; $_SESSION['message'][] = "New Interest has been added with the id = " . $last_id; $_SESSION['active_user_id'] = $last_id; $_SESSION['message'][] = $query; header('Location: success.php'); } else { $_SESSION['message'][] = "<li>Failed to add new Interest</li>"; $_SESSION['message'][] = $query; header('Location: index.php'); } } } }
} if (count($errors) > 0) { $_SESSION['errors'] = $errors; header('location: index.php'); die; } else { $_SESSION['errors'] = $errors; } $first_name = escape_this_string($_POST['first_name']); $last_name = escape_this_string($_POST['last_name']); $email = escape_this_string($_POST['email']); $password = escape_this_string($_POST['password']); $salt = bin2hex(openssl_random_pseudo_bytes(22)); $encrypted_password = md5($password . '' . $salt); $query = "INSERT INTO users (first_name, last_name, email, password, salt, created_at, updated_at)\n\t\t\t\tVALUES ('{$first_name}', '{$last_name}', '{$email}', '{$encrypted_password}','{$salt}', NOW(), NOW())"; $_SESSION['user_id'] = run_mysql_query($query); if ($_SESSION['user_id']) { header('location: main.php'); die; } else { echo 'failed'; } } else { if (isset($_POST['action']) && $_POST['action'] == 'login') { $email = escape_this_string($_POST['email']); $password = escape_this_string($_POST['password']); $user_query = "SELECT * FROM users WHERE users.email = '{$email}'"; $user = fetch_record($user_query); if (!empty($user)) { $encrypted_password = md5($password . '' . $user['salt']); if ($user['password'] == $encrypted_password) {