public function activate($code, $userId)
{
$rs = array('status' => '', 'note' => '');
if (!userExists($userId)) {
$rs['status'] = 'Fail';
$rs['note'] = 'User does not exists';
return $rs;
}
$activated = DI()->notorm->User->select('activated')->where('id', $userId);
$activated = $activated['activated'];
if ($activated == 1) {
$rs['status'] = 'Fail';
$rs['note'] = 'Already Activated';
return $rs;
}
$ac = DI()->notorm->User->select('activationCode')->where('id', $userId);
$ac = $ac['activationCode'];
if ($code == $ac) {
$rs['status'] = 'Success';
return $rs;
} else {
$rs['status'] = 'Fail';
$rs['note'] = 'Activation does not match';
return $rs;
}
}
function checkForm()
{
global $first_name, $last_name, $login, $password1, $password2, $email;
try {
$secret = filter_input(INPUT_POST, 'secret');
if (empty($last_name) || empty($first_name) || empty($login) || empty($password1) || empty($password2) || empty($email) || empty($secret)) {
throw new Exception('Нужно заполнить все поля');
}
if (!validLogin($login)) {
throw new Exception('Логин должен состоять из не мене 3-х букв латинского алфавиа цыфр и подчерка');
}
if (!validEmail($email)) {
throw new Exception('Неправильный email');
}
if ($password1 != $password1) {
throw new Exception('Пароли не совпадают');
}
if (!validUserName($first_name, $last_name)) {
throw new Exception('Имя и фамилия могут состоять только из букв');
}
if (userExists($login, $email)) {
throw new Exception('Такой логин или email уже существует.');
}
if ($secret != $_SESSION['secret']) {
throw new Exception('Неверно указано число с картинки');
}
} catch (Exception $exc) {
return $exc->getMessage();
}
}
function addNewUser()
{
// globals
global $DB;
global $MySelf;
global $MB_EMAIL;
// Sanitize the input.
$USERNAME = $MySelf->getUsername;
$NEW_USER = strtolower(sanitize($_POST[username]));
// supplied new username.
if (!ctypeAlnum($NEW_USER)) {
makeNotice("Only characters a-z, A-Z and 0-9 are allowed as username.", "error", "Invalid Username");
}
/* Password busines */
if ($_POST[pass1] != $_POST[pass2]) {
makeNotice("The passwords did not match!", "warning", "Passwords invalid", "index.php?action=newuser", "[retry]");
}
$PASSWORD = encryptPassword("{$_POST['pass1']}");
$PASSWORD_ENC = $PASSWORD;
/* lets see if the users (that is logged in) has sufficient
* rights to create even the most basic miner. Level 3+ is
* needed.
*/
if (!$MySelf->canAddUser()) {
makeNotice("You are not authorized to do that!", "error", "Forbidden");
}
// Lets prevent adding multiple users with the same name.
if (userExists($NEW_USER) >= 1) {
makeNotice("User already exists!", "error", "Duplicate User", "index.php?action=newuser", "[Cancel]");
}
// So we have an email address?
if (empty($_POST[email])) {
// We dont!
makeNotice("You need to supply an email address!", "error", "Account not created");
} else {
// We do. Clean it.
$NEW_EMAIL = sanitize($_POST[email]);
}
// Inser the new user into the database!
$DB->query("insert into users (username, password, email, addedby, confirmed) " . "values (?, ?, ?, ?, ?)", array("{$NEW_USER}", "{$PASSWORD_ENC}", "{$NEW_EMAIL}", $MySelf->getUsername(), "1"));
// Were we successfull?
if ($DB->affectedRows() == 0) {
makeNotice("Could not create user!", "error");
} else {
// Write the user an email.
global $SITENAME;
$mail = getTemplate("newuser", "email");
$mail = str_replace('{{USERNAME}}', "{$NEW_USER}", $mail);
$mail = str_replace('{{PASSWORD}}', "{$PASSWORD}", $mail);
$mail = str_replace('{{SITE}}', "http://" . $_SERVER['HTTP_HOST'] . "/", $mail);
$mail = str_replace('{{CORP}}', "{$SITENAME}", $mail);
$mail = str_replace('{{CREATOR}}', "{$USERNAME}", $mail);
$to = $NEW_EMAIL;
$DOMAIN = $_SERVER['HTTP_HOST'];
$subject = "Welcome to MiningBuddy";
$headers = "From:" . $MB_EMAIL;
mail($to, $subject, $mail, $headers);
makeNotice("User added and confirmation email sent.", "notice", "Account created", "index.php?action=editusers");
}
}
/**
* Function called before changing user attributes
* @param $FH FormHandler of the page
* @param $mode add or edit mode
*/
function _base_verifInfo($FH, $mode)
{
global $error;
$base_errors = "";
$uid = $FH->getPostValue("uid");
$pass = $FH->getPostValue("pass");
$confpass = $FH->getPostValue("confpass");
$homedir = $FH->getPostValue("homeDirectory");
$primary = $FH->getPostValue("primary");
$firstname = $FH->getPostValue("givenName");
$lastname = $FH->getPostValue("sn");
if (!preg_match("/^[a-zA-Z0-9][A-Za-z0-9_.-]*\$/", $uid)) {
$base_errors .= _("User's name invalid !") . "<br/>";
setFormError("uid");
}
if ($mode == "add" && $uid && userExists($uid)) {
$base_errors .= sprintf(_("The user %s already exists."), $uid) . "<br/>";
setFormError("uid");
}
if ($mode == "add" && $pass == '') {
$base_errors .= _("Password is empty.") . "<br/>";
setFormError("pass");
}
if ($mode == "add" && $lastname == '') {
$base_errors .= _("Last name is empty.") . "<br/>";
setFormError("sn");
}
if ($mode == "add" && $firstname == '') {
$base_errors .= _("First name is empty.") . "<br/>";
setFormError("givenName");
}
if ($pass != $confpass) {
$base_errors .= _("The confirmation password does not match the new password.") . " <br/>";
setFormError("pass");
setFormError("confpass");
}
/* Check that the primary group name exists */
if (!strlen($primary)) {
$base_errors .= _("The primary group field can't be empty.") . "<br />";
setFormError("primary");
} else {
if (!existGroup($primary)) {
$base_errors .= sprintf(_("The group %s does not exist, and so can't be set as primary group."), $primary) . "<br />";
setFormError("primary");
}
}
/* Check that the homeDir does not exists */
if ($mode == "add") {
if ($FH->getPostValue("createHomeDir") == "on" && $FH->getPostValue("ownHomeDir") != "on" && $uid) {
getHomeDir($uid, $FH->getValue("homeDirectory"));
}
} else {
/* If we want to move the userdir check the destination */
if ($FH->isUpdated("homeDirectory")) {
getHomeDir($uid, $FH->getValue("homeDirectory"));
}
}
$error .= $base_errors;
return $base_errors ? 1 : 0;
}
function isFieldsEmpty($loginDetails, $errorMsg)
{
if (isEmpty($loginDetails)) {
userExists($loginDetails, $errorMsg);
} else {
$errorMsg = "Username and/or password fields cannot be left blank";
errorMessage($errorMsg);
}
}
function userAdd($userData)
{
$user = $userData['user'];
$password = $userData['password'];
$password = md5($password);
if (userExists($user)) {
return false;
}
$query = "INSERT INTO `user` (`user`,`password`) VALUES ('{$user}','{$password}')";
$result = userQuery($query);
return $result != null;
}
function login()
{
if (isset($_POST['username'])) {
$db = new mysqli('localhost', 'root', 'root', 'gurucodertutorial_login');
$username = $db->real_escape_string($_POST['username']);
$password = $db->real_escape_string($_POST['password']);
if (userExists($username)) {
if (verifyPassword($username, $password)) {
header('Location: /GuruCoder-Tutorials/login.php?message=Successfully logged in');
} else {
header('Location: /GuruCoder-Tutorials/login.php?message=Incorrect password');
}
} else {
header('Location: /GuruCoder-Tutorials/login.php?message=No user exists');
}
}
}
function doLogin()
{
if (!isset($_POST['username']) || !isset($_POST['password'])) {
return 'Du hast ein Feld vergessen zu senden!';
}
$username = $_POST['username'];
$password = $_POST['password'];
if (!userExists($username)) {
return 'Dieser Benuzter existiert nicht!';
}
$userid = isUserPasswordCorrect($username, $password);
if ($userid === false) {
return 'Dein Passwort stimmt nicht!';
} else {
login($username, $userid);
$info = getUserInfo($userid);
$_SESSION['userinfo'] = $info;
return true;
}
}
public static function insertUser($name, $surname, $email, $password, $address, $city)
{
if (!userExists($email)) {
$name = mysql_real_escape_string($name);
$surname = mysql_real_escape_string($surname);
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
$address = mysql_real_escape_string($address);
$city = mysql_real_escape_string($city);
$query = "INSERT INTO users(first_name, last_name, email, password, address, city) VALUES \\\n (" . $name . "," . $surname . "," . $email . "," . $password . "," . $address . "," . $city . ")";
$result = Database::getInstance()->doInsert($query);
if ($result) {
header("location:../public/contest.html");
} else {
header("location:../public/register.html");
}
} else {
header("location:../public/register.html");
}
}
function isValidUsername($username)
{
if (userExists($username) or strlen($username) < 3) {
return false;
} else {
$valid_chars = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9');
$string = strtolower($username);
$nsize = strlen($string);
$x = 0;
$found = false;
while ($x < $nsize) {
if (in_array($string[$x], $valid_chars)) {
} else {
$found = true;
}
$x++;
}
if ($found) {
return false;
} else {
return true;
}
}
}
<?php
header('Content-type: application/json');
chdir("..");
chdir("database");
require_once "users.php";
if (isset($_GET["email"]) and isset($_GET["password"]) and userExists((string) $_GET["email"]) and getUserStatus((string) $_GET["email"]) == "active") {
$email = (string) $_GET["email"];
$password = (string) $_GET["password"];
if (checkUserLogin($email, $password)) {
echo json_encode(array("result" => "ok"));
} else {
echo json_encode(array("result" => "invalidLogin"));
}
} else {
echo json_encode(array("result" => "missingParams"));
}
header('Content-type: application/json');
chdir("../..");
chdir("database");
require_once "users.php";
chdir("..");
require_once "configuration.php";
/**
* DESCRIPTION: Sets the user space
* PARAMETERS: /api/users/setUserSpace.php <apikey> <user> <space>
*/
if (isset($_GET['apikey']) and isset($_GET['user']) and isset($_GET['space'])) {
$auth = (string) $_GET['apikey'];
$user = (string) $_GET['user'];
$space = intval($_GET['space']);
if ($auth != $apikey) {
echo json_encode(array("result" => "permissionDenied"));
} else {
if (!userExists($user)) {
echo json_encode(array("result" => "invalidUser"));
} else {
$valid = updateUserSpaceUsed($user, $space);
if ($valid) {
echo json_encode(array("result" => "ok"));
} else {
echo json_encode(array("result" => "notEnoughSpace"));
}
}
}
} else {
return json_encode(array("result" => "missingParams"));
}
<?php
require "init.php";
require_once 'CamsDatabase.php';
require_once 'users.php';
if (!empty($_POST)) {
$username = htmlspecialchars($_POST['userid']);
$password = htmlspecialchars($_POST['password']);
if (empty($username) || empty($password)) {
$_SESSION["login_error"] = 'User Name and Password cannot be blank';
} else {
if (!userExists($username)) {
$_SESSION["login_error"] = 'User Does not exist.';
} else {
$user = userLogin($username, $password);
if (!$user) {
$_SESSION["login_error"] = 'incorrect password';
} else {
$_SESSION['FirstName'] = $user['FirstName'];
$_SESSION['LastName'] = $user['LastName'];
$_SESSION['userid'] = $user['userid'];
$_SESSION['Email'] = $user['Email'];
$_SESSION['Empno'] = $user['Empno'];
$_SESSION['Phone'] = $user['Phone'];
$_SESSION['Role'] = $user['Role'];
$_SESSION['Agy'] = $user['Agy'];
$_SESSION['Dpt'] = $user['Dpt'];
}
}
}
header('Location: ../index.php');
function require_login($wanted = "")
{
$username = null;
$password = null;
if (isset($_SERVER["PHP_AUTH_USER"])) {
$username = $_SERVER["PHP_AUTH_USER"];
$password = $_SERVER["PHP_AUTH_PW"];
}
if (is_null($username)) {
headauth("Voce precisa fazer login para continuar!");
} else {
if (!userExists($username)) {
headauth("Esse usuario nao existe!");
}
if ($username !== $wanted && $wanted != "") {
headauth("Esse login nao e o correto!");
}
if (!isright($username, $password)) {
headauth("Senha incorreta!");
}
}
}
if ($mode == "SEND") {
$pid = clean($_POST['pid']);
$uid = clean($_POST['uid']);
$ident = clean($_POST['ident']);
$to = clean($_POST['to']);
$from = clean($_POST['from']);
$message = clean($_POST['message']);
$pluginname = "xMail";
if (isset($_POST['pluginOwner'])) {
$pluginname = clean($_POST['pluginOwner']);
}
$attachments = "";
// Check API key
check_key($ip, $mode, $key, $from);
if (valid($pid) && valid($uid) && valid($ident) && valid($to) && valid($from) && valid($message) && valid($pluginname)) {
if (userExists($to)) {
if ($ident == "S") {
if (!isSpam($to, $from, $message)) {
if (!$debug) {
mysql_query("INSERT INTO `mail` (`to`, `from`, `message`, `unread`, `complex`, `sent`, `sent_from`, `pluginname`) VALUES ('{$to}', '{$from}', '{$message}', '1', '0', '{$now}', '{$ip}', '{$pluginname}')") or die(mysql_error());
}
onSend($to, $from, $message);
echo json_encode(array("message" => "Message sent!", "status" => "OK"));
} else {
echo json_encode(array("message" => "Spam", "status" => "ERROR"));
}
} else {
if ($ident == "C") {
$message = str_replace("&", "&", $message);
$message = str_replace("§", "?", $message);
$parts = explode(";", $message);
function validBase()
{
$this->valid = $this->checkattribute("login");
if (!$this->valid) {
return;
}
$this->user_exists = userExists($this->user["login"]);
if (!$this->user_exists) {
$this->importable = true;
foreach (ImportUsers::getImportRequiredAttributes() as $attribute) {
if (!$this->checkattribute($attribute)) {
$this->importable = false;
}
}
} else {
$this->deletable = true;
// check for user
if ($this->user_exists && count($this->user) > 1) {
$this->modifiable = true;
}
}
}
<?php
// Load the installation directory
include './installation-configs/ins-directory.php';
// Load the API
include $_SERVER['DOCUMENT_ROOT'] . $INS_DIR . 'load.php';
if (isset($_GET['username'])) {
$v_username = $_GET['username'];
if (isset($_GET['id'])) {
$v_id = $_GET['id'];
if (userExists($v_username)) {
$v_email_status = getUserInfo($v_username, 'email-status');
if ($v_email_status == 'not-verified') {
$v_email_code = getUserInfo($v_username, 'email-code');
if ($v_id == $v_email_code) {
setUserInfo($v_username, 'email-status', 'verified');
echo 'Account Verified';
} else {
die('Invalid Verification Link');
}
} else {
if ($v_email_status == 'verified') {
die('This account is already verified.');
} else {
die('There was a problem with this link.');
}
}
} else {
die('Invalid Verification Link');
}
} else {
<?php
session_start();
header("HTTP/1.0 401 Unautorized");
require_once "secure.inc.php";
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$user = trim(strip_tags($_POST['user']));
$pw = trim(strip_tags($_POST['pw']));
$ref = trim(strip_tags($_GET['ref']));
if (!$ref) {
$ref = '/admin';
}
if ($user and $pw) {
if ($result = userExists($user)) {
list($login, $password, $salt, $iteration) = explode(':', $result);
if (getHash($pw, $salt, $iteration) == $password) {
$_SESSION['admin'] = true;
header("Location: {$ref}");
exit;
} else {
$title = 'Неправильный пароль';
}
} else {
$title = 'Неправильное имя пользователя';
}
} else {
$title = 'Заполните все поля формы';
}
}
$title = 'Авторизация';
$user = '';
<br>
<h1>Impossible octopus fitness</h1>
<br>
<p>
Welcome to JDeePee, the Twitter for runners, fitness and octopus lovers.
</p>
<br>
<div>
<?php
if ($_POST["login"]) {
if (userExists($_POST["login"], $_POST['password'], $users) == false) {
echo "<p>Hello, there!</p>";
echo "<br>";
echo "<p id='error'>Invalid credentials</p>";
} else {
$user = userExists($_POST["login"], $_POST['password'], $users);
$out = sprintf("<p>Hello, %s</p>", $user);
echo $out;
echo "<br>";
$rot13 = str_rot13($_POST["login"]);
$out_rot = sprintf("<p>Your rot13’d login is: %s</p>", $rot13);
echo $out_rot;
echo "<br>";
$length = strlen($_POST["login"]);
$length_out = sprintf("<p>The length of your login is: %s</p>", $length);
echo $length_out;
}
} else {
echo "<p>Hello, there!</p>";
}
?>
$fb_login .= "email='" . mysql_real_escape_string(strip_tags(trim($data['email']))) . "' ,birth_date='" . mysql_real_escape_string(strip_tags(trim($data['birthday']))) . "',";
$fb_login .= "gender='" . mysql_real_escape_string(strip_tags(trim($data['gender']))) . "' ,city='" . mysql_real_escape_string(strip_tags(trim($location[0]))) . "',";
echo $fb_login .= "last_login=now() ";
die;
$mysql = mysql_query($fb_login) or die(mysql_error());
if ($mysql) {
$id = mysql_insert_id();
$_SESSION['message']['user_login'] = "******";
$_SESSION['LoginUserId'] = $id;
echo "success";
} else {
echo "error";
}
} else {
$condition = " email = '" . $data['email'] . "'";
$user_login = userExists($condition);
$_SESSION['message']['user_login'] = "******";
$_SESSION['LoginUserId'] = $user_login['id'];
lastVisit($user_login['id']);
echo "success";
}
}
/*change password*/
if (isset($_POST['change_pass']) && $_POST['change_pass'] == "change_password") {
$current_pass = mysql_real_escape_string(trim($_POST['current_pass']));
$new_pass = mysql_real_escape_string(trim($_POST['new_pass']));
$user_id = mysql_real_escape_string(trim($_POST['user_id']));
$condition = " id='" . $user_id . "' and password = '******' ";
//and is_admin='no'
/* check if email id is alreadye exists or not */
$user = getUserDetail($condition);
function setUserLocal($value, $email = FALSE)
{
if (!$email) {
$email = $_SESSION['user']['email'];
}
if (!validEmailAddress($email)) {
return;
} else {
if (!userExists($email)) {
return;
} else {
if (isSiteAdmin(getUserId($email))) {
## site admin should not manipulate own delivery
return;
}
}
}
$parts = split('@', $email);
if ($email != $_SESSION['user']['email']) {
$adminDomains = getAdminDomains();
if (!in_array($parts[1], $adminDomains)) {
return;
}
}
if ($value !== 't' && $value !== 'f') {
if (!$value) {
$value = 'f';
} else {
$value = 't';
}
}
$count = 0;
if ($value == 'f') {
## user must have at least one active forward to disable local delivery
$count = count(getActiveUserForwards($email));
}
if ($value == 'f' && $count == 0) {
## TODO notify user
$value = 't';
}
$conditions = array('username' => $parts[0], 'domain_id' => getDomainId($parts[1]), 'destination' => $email);
db_update('virtual_aliases', array('active' => $value), $conditions);
}
$dashNav = true;
$cap = true;
$pageTitle = 'Profile';
// Variables to store user data
$name = $usersData['U_Forename'] . " " . $usersData['U_Surname'];
$gender = $usersData['U_Gender'];
$bio = $usersData['U_Biography'];
$team = $usersData['U_Team'];
$city = $usersData['U_City'];
// Includes HTML head, navigation, and opening body tag
include "inc/header.php";
?>
<!-- If the user exists, then display the profile page-->
<?php
if (userExists($_GET['id'])) {
?>
<section>
<div class="wrapper">
<?php
// If the logged in user is viewing another profile, this code block will execute
if ($_SESSION['U_ID'] != $_GET['id']) {
$testFollow = "SELECT `Following`.F_ID, `Following`.U_ID FROM `Following`\n WHERE U_ID = '{$_SESSION['U_ID']}' AND F_ID = '{$_GET['id']}'";
$testFollowResult = $db->query($testFollow);
if ($testFollowResult->num_rows > 0) {
// If the query brings back results, then display 'unfollow' button
echo "<button id='follow' class='lift' href='#'>Unfollow Driver</button>";
} else {
// Otherwise, give the option to follow the user
echo "<button id='unfollow' class='lift' href='#'>Follow Driver</button>";
}
<ul id="navigation">
<li><a href="#">Home</a></li>
<li><a href="#">My statuses</a></li>
<li><a href="#">All users</a></li>
<li><a href="http://impossible-octopus-fitness.netne.net/">About</a></li>
</ul>
</header>
<!-- Main section with food posts -->
<main>
<?php
// Display information about login and password
if (!empty($_POST["login"])) {
if (userExists($_POST["login"], $_POST["password"], $users)) {
echo "<p>Your rot13'd login is: " . str_rot13($_POST["login"]) . "</p>";
echo "<p>The length of your login is: " . strlen($_POST["login"]) . "</p>";
} else {
echo '<p id="invalid_err_warning">Invalid credentials</p>';
}
}
?>
<div class="center-children"><h2><button id="create_button">Create a post</button></h2></div>
<form id="postForm">
<label for="location"> Include a location: </label>
<input id="location" type="checkbox" name="location" value="include_location">
<label for="postarea"> Write a post:
<textarea id="postarea">Write a post</textarea>
function validUser($username)
{
$pattern = '/^\\w+$/';
$isValidUsername = preg_match($pattern, $username);
return $isValidUsername && !userExists($username);
}
\t'hostname' => '{$hostname}',
\t'database' => '{$database}',
\t'username' => '{$username}',
\t'password' => '{$password}',
\t'prefix' => '{$prefix}'
);
\$SETTINGS = array(
\t'allow_register' => true
);
EOT
);
// load config file
$MYSQL = array('hostname' => $hostname, 'database' => $database, 'username' => $username, 'password' => $password, 'prefix' => $prefix);
// create account
try {
if (userExists($adminusername)) {
if (!isUserPasswordCorrect($adminusername, $adminpassword1)) {
setError('Der Admin-Benutzer existiert bereits, hat aber ein anderes Passwort!');
$error = true;
}
} else {
if (!addUser($adminusername, $adminpassword1, $lastname)) {
setError('Fehler beim Anlegen des Admin-Accounts!');
$error = true;
}
}
if (!$error) {
$id = isUserPasswordCorrect($adminusername, $adminpassword1);
if (!setUserGroup($id, 'admin')) {
setError('Der Admin-Account konnte der Admin-Gruppe nicht zugewiesen werden!');
$error = true;
/**
* Validates the user email, updates the activation code of the user and sends a reset password email.
* @author Raafat
* @param string $email The unique email address of the user.
* @return boolean True if the email was sent and false otherwise.
*/
function resetPassword($email)
{
$email = fixEmail($email);
if (!userExists($email)) {
return ACCOUNT_NOT_FOUND_ERR;
}
$u = getUserIdByEmail($email);
$user_id = $u["user_id"];
$code = updateCode($user_id);
return sendResetMail($email, $user_id, $code);
}
include "../util/DbUtil.php";
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$oneWeekMs = 3600 * 24 * 7;
if ($_POST['rememberMe'] === "true") {
setcookie("rememberMe", $username, time() + $oneWeekMs, "/");
} else {
setcookie("rememberMe", "", time() + $oneWeekMs, "/");
}
$response = "";
$userObj = null;
if (substr_count($username, ' ') != 0) {
$response = "Username must not contain a space.";
} else {
$db_conn = getConnectedDb();
if (is_null($db_conn)) {
$response = "Error connecting to database. Try again later.";
} elseif (!userExists($db_conn, $username)) {
$response = "Username does not exist.";
} elseif (is_null($userObj = checkUsernamePassword($db_conn, $username, $password))) {
$response = "Invalid username or password";
} else {
$response = "success";
session_start();
$_SESSION['username'] = $userObj->username;
$_SESSION['admin'] = $userObj->isAdmin;
$_SESSION['userid'] = $userObj->id;
}
}
echo $response;
<?php
include_once "models/user.php";
//Including information about registered users.
include_once "models/status.php";
//Including statuses information.
?>
<?php
//Assigning some variables
$Login = $_POST['login'];
//Assigning a shorter variable to Post login params.
$Password = $_POST['password'];
//The same for Post password params.
$check = userExists($Login, $Password, $users);
//Assigning the variable to check authentication.
$cookie = hasCookie($_COOKIE['login'], $users);
//Assigning the variable to check if has cookie.
?>
<?php
//Control flow for authentication.
$show = '';
if (isset($Login)) {
if ($check) {
//If the login was made successfully.
setcookie("login", $_POST['login']);
$current_user = $check;
$message = "<h1>Hello, " . $current_user['full_name'] . "</h1><br>";
} else {
//If the user isn't in the database.
<!--Main section-->
<main>
<!--Blog post area-->
<article>
<div>
<p id="Hello_user">
<?php
if ($_POST["login"]) {
if (userExists($_POST["login"], $_POST['password'], $users) == false) {
echo "Hello, there!";
echo "<br>";
echo "<p id='error'>Invalid credentials</p>";
} else {
echo "Hello, " . userExists($_POST["login"], $_POST['password'], $users);
echo "<br>";
echo "Your rot13’d login is: " . str_rot13($_POST["login"]) . ",";
echo " and the length of your login is: " . strlen($_POST["login"]);
}
} else {
echo "Hello, there!";
}
?>
</p>
</div>
<!--"Post a status" box-->
<input type="button" id="buttonTriggersChange" value="Post a Status">
<div id="post_a_status">
<form id="status_form" action="action_page.php" method="post" target="_blank" accept-charset="UTF-8"
//$_POST['username'];
$password = "******";
//$_POST['password'];
$command = "ADD";
//$_POST['command'];
$ht_file = "";
//$_POST['ht_file'];
if ($debug == 1) {
echo "DATA is {$command}, {$username}, {$password}, {$ht_file}\n";
}
// Get the connection to the database.
$dbh = getDbConnection();
switch ($command) {
/* CHECK if the user exists */
case 'CHECK':
echo userExists($username) ? "FOUND" : "NOT_FOUND";
break;
/* ADD a new user */
/* ADD a new user */
case 'ADD':
addUser($username, $password);
echo "ADDED";
break;
/* DELETE a user */
/* DELETE a user */
case 'DELETE':
deleteUser($username);
echo "DELETED {$username}";
break;
}
// Close the database connection.