if (!is_numeric($pin) || strlen($pin) != 6) {
$error = True;
$title_err = "Enter valid pincode";
}
$phone = testinput($_POST["phone"]);
if (ord($phone) != ord('+')) {
$error = True;
$title_err = "Phone number must begin with +";
} else {
if (!is_numeric(substr($phone, 1, strlen($phone)))) {
$error = True;
$title_err = "Enter valid phone number";
}
}
$gender = testinput($_POST["gender"]);
$state = testinput($_POST["state"]);
if (!$error) {
$conn = new mysqli($servername, $username, $userpassword, $dbname);
if ($conn->connect_error) {
die("Connection failed " . $conn->error);
}
do {
$id = newid();
$stmt = $conn->prepare("insert into " . $tablename . "(id, name, email, password, gender, address, state, pin, phone, time) \n\t\t\t\tvalues(?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ");
$stmt->bind_param('ssssssssss', $id, $name, $email, $password, $gender, $address, $state, $pin, $phone, date("Y-m-d H:i:s"));
$stmt->execute();
header("Location: login.php");
exit;
} while ($stmt->error);
$conn->close();
}
$snameerr = "Email is required.";
} else {
$semail = testinput($_POST["semail"]);
if (!filter_var($semail, FILTER_VALIDATE_EMAIL)) {
$semailerr = "Invalid Email format.";
}
}
if (empty($_POST["spwd"])) {
$spwderr = "Password is required.";
} else {
$spwd = testinput($_POST["spwd"]);
}
if (empty($_POST["sname"])) {
$snameerr = "Name is required.";
} else {
$sname = testinput($_POST["sname"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z0-9 ]*\$/", $sname)) {
$snameerr = "Invalid Name.";
}
}
$sql = "SELECT * from user WHERE user_email='{$semail}' AND user_name='{$sname}'";
$result = mysqli_query($dbcon, $sql);
if (mysqli_num_rows($result) > 0) {
$dberr = "Email or NickName already exists.";
} else {
$slevel = 0;
$spwd = sha1($spwd);
date_default_timezone_set("Asia/Kolkata");
$sdate = date("y:m:d h:i:s");
$sql = "insert into user (user_name,user_pass,user_email,user_date,user_level) VALUES ('{$sname}','{$spwd}','{$semail}','{$sdate}','{$slevel}')";
$tablename = "Users";
$email = testinput($_POST["email"]);
$conn = new mysqli($servername, $username, $userpassword, $dbname);
if ($conn->error) {
die("Error in database");
}
$stmt = $conn->prepare("select * from " . $tablename . " where email = ?");
$stmt->bind_param('s', $email);
$result = $stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows == 0) {
$error = True;
$title_err = "Email Id doesnt exist";
}
$conn->close();
$password = testinput($_POST["password"]);
if (!$error) {
$conn = new mysqli($servername, $username, $userpassword, $dbname);
if ($conn->error) {
die("Error in database");
}
$stmt = $conn->prepare("select * from " . $tablename . " where email = ? and password = ?");
$stmt->bind_param('ss', $email, $password);
$result = $stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows == 0) {
$error = True;
$title_err = "Incorrect email or password";
} else {
$row = $result->fetch_assoc();
$id = $row["id"];
die;
}
$servername = '127.0.0.1';
$user = '******';
$pswd = 'password';
$db = 'Project';
$error = "";
function testinput($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$password = testinput($_POST['password']);
$conn = new mysqli($servername, $user, $pswd, $db);
$stmt = 'select password from Users where id = ' . $_COOKIE['id'];
$result = $conn->query($stmt);
$result = $result->fetch_assoc();
$conn->close();
if ($password === $result['password']) {
$address = $_POST['address'];
$state = $_POST['state'];
$pin = $_POST['pin'];
$phone = $_POST['phone'];
$newpassword = $_POST['newpassword'];
if ($newpassword != '') {
$password = $newpassword;
}
$phone = $_POST['phone'];
