$hasher = new PasswordHash(8, false);
// validate the form data
if (empty($_POST["username"]) || empty($_POST["password"])) {
//If neither field's been entered
} else {
if (!empty($_POST["username"]) && !empty($_POST["password"])) {
//If both fields have content.
//TODO Kriss - Hash and compare the passwords before continuing.
$username = $_POST["username"];
$password = $_POST["password"];
//Username is key value. Can only be one.
$select = "SELECT * FROM users WHERE name = '{$username}'";
$result = mysqli_query($conn, $select);
$check_user = 0;
if ($result == false) {
spit("User not found.");
$saved_username = "";
$hashed_pass = "";
} else {
//get row data, then remember the password for comparison
while ($row = mysqli_fetch_assoc($result)) {
$saved_username = $row['name'];
$hashed_pass = $row['password'];
$check_user = mysqli_num_rows($result);
$permission = $row['permissions'];
$userColour = $row['colour'];
}
}
//If there is 1 matching user (which there should be) and the password check returns true...
if ($check_user == 1 && $hasher->CheckPassword($password, $hashed_pass)) {
//Login
function getEntries($name, $everything = false)
{
global $conn;
$results = [];
//Search for posts with an owner of $name
$sqlUserCheck = "SELECT * FROM Users WHERE name='{$name}'";
$query = mysqli_query($conn, $sqlUserCheck);
//Check how many rows there are. There should be 1.
//If one result, $userExists is true. Else false.
if (mysqli_num_rows($query) == 1 && mysqli_fetch_assoc($query)['name'] == $name) {
$userExists = true;
} else {
$userExists = false;
}
//If results && $everything wanted
if ($userExists && $everything) {
//Get all of the groups a user is in, and search all posts from that user, or that group.
$sql2 = "SELECT DISTINCT * FROM Posts INNER JOIN Users WHERE posts.owner=users.name AND (owner='{$name}' OR postid IN (SELECT postid FROM GroupPosts WHERE groupid IN (SELECT groupid FROM GroupMembers WHERE userid='{$name}'))) ORDER BY postid DESC";
$query = mysqli_query($conn, $sql2);
spit(mysqli_error($conn));
while ($row = mysqli_fetch_assoc($query)) {
$temp = ["postid" => $row['postid'], "added" => $row['added'], "postname" => $row['postname'], "url" => $row['url'], "owner" => $row['owner'], "colour" => $row['colour']];
array_push($results, $temp);
}
//Get groups that the user is a member of and search them.
} else {
if ($userExists && !$everything) {
//Get user's owned posts exclusively.
$sql3 = "SELECT * FROM Posts INNER JOIN Users WHERE posts.owner=users.name AND owner='{$name}' ORDER BY postid DESC";
$query = mysqli_query($conn, $sql3);
while ($row = mysqli_fetch_assoc($query)) {
$temp = ["postid" => $row['postid'], "added" => $row['added'], "postname" => $row['postname'], "url" => $row['url'], "owner" => $row['owner'], "colour" => $row['colour']];
array_push($results, $temp);
}
} else {
//Search for posts by id in Posts table. where $name is the group.
$sql4 = "SELECT * FROM Posts INNER JOIN Users WHERE posts.owner=users.name AND postid IN (SELECT postid FROM GroupPosts WHERE GroupPosts.groupid='{$name}') ORDER BY postid DESC";
$query = mysqli_query($conn, $sql4);
while ($row = mysqli_fetch_assoc($query)) {
$temp = ["postid" => $row['postid'], "added" => $row['added'], "postname" => $row['postname'], "url" => $row['url'], "owner" => $row['owner'], "colour" => $row['colour']];
array_push($results, $temp);
}
}
}
return $results;
}