function login()
{
$controller = new UserTools();
$db = new DB();
$db->connect();
if (!isset($_POST['apikey'])) {
echo "bad api key";
return NULL;
}
if (isset($_POST['username']) && isset($_POST['password'])) {
$user = $_POST['username'];
$pass = $_POST['password'];
$result = $controller->login($user, $pass);
echo $result;
/*
$query = $db->select('users', 'username=$user,pass_hash=$pass');
if(mysql_num_rows($query) == 1){
//success
$_SESSION['logged_in'] = $query['id'];
} else {
//fail
echo "invalid username or password";
}
*/
}
}
if ($success) {
//prep the data for saving in a new user object
$data['first_name'] = $firstname;
$data['last_name'] = $lastname;
$data['password'] = md5($password);
//encrypt the password for storage
$data['email'] = $email;
if (!empty($avatar)) {
$data['avatar'] = $avatar;
}
//create the new user object
$newUser = new User($data);
//save the new user to the database
$newUser->save(true);
//log them in
$userTools->login($email, $password);
//redirect them to a welcome page
header("Location: index.php");
}
}
//If the form wasn't submitted, or didn't validate
//then we show the registration form again
?>
<html>
<head>
<title>Registration</title>
</head>
<body>
<?php
require_once "partials/header.php";
<?php
//login.php
require_once 'includes/global.inc.php';
$error = "";
$username = "";
$password = "";
//check to see if they've submitted the login form
if (isset($_POST['submit-login'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$userTools = new UserTools();
if ($userTools->login($username, $password)) {
//successful login, redirect them to a page
header("Location: index.php");
} else {
$error = "Incorrect username or password. Please try again.";
}
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<?php
if ($error != "") {
echo $error . "<br/>";
}
?>
<?php
/**
* Created by PhpStorm.
* User: Alexandr
* Date: 01.02.16
* Time: 13:44
*/
$config::$menu = "login";
config::$page = "Авторизация";
if (isset($_POST['sub']) && $_POST['captcha'] == $_SESSION['captcha']) {
$login = new UserTools();
$login->login($_POST);
} elseif (isset($_POST['sub']) && $_POST['captcha'] !== $_SESSION['captcha']) {
$_SESSION['reg_error_captcha'] = "Не верный код капчи";
}
//echo $_COOKIE['auth'];
if (filter_var($emailId, FILTER_VALIDATE_EMAIL) != true) {
header ("Location: error.php?message=Email Validation Failed");
}
$row = mysql_fetch_object(mysql_query("SELECT * FROM USERS WHERE emailId = '$emailId' AND isActive = 1"));
if (!empty($_POST)) {
$currentpassword = Validation::xss_clean(DB::makeSafe($_POST["currentpassword"]));
$newpassword = Validation::xss_clean(DB::makeSafe($_POST["newpassword"]));
$confirmnewpassword = Validation::xss_clean(DB::makeSafe($_POST["confirmnewpassword"]));
// Check if current password is correct
$userTools = new UserTools();
if (!$userTools->login($emailId, $currentpassword)) {
header ("Location: error.php?message=Current Password Wrong");
return;
}
if ($newpassword != $confirmnewpassword) {
header ("Location: error.php?message=Confirm Password Wrong");
return;
}
$updateDate = array(
"password" => "'". $newpassword ."'"
);
if ($db->update ($updateDate, "ACCOUNTS", "userId = '".$emailId."'")) {
?>
