username: "******"\n". "password: "******"\n". "To activate your account go to this <a href='http://localhost/validate.php?userId='.$lastId>link</a>."; mail($userObj->getEmail(),"Account validation from usefulapps!", $msg); */ echo "<h1>Account created!</h1><hr>"; echo "<br><h4>An email has been sent to you in order to activate the account created.</h4><br>"; echo "<h4>To activate your account please go to this <a href=http://localhost/validate_user.php?userId={$lastId}>link</a></h4><br>"; } else { /*Two possible scenarios here: the first one is that the user already exists but is not activated. We tell the user that *he/she need to check his/her email acccount in order to activate our account. *The second one is that the user already exists and is activated. We validate that the username and password match *and redirect the user to the dashboard. This scenario will be *applied to the login.php too. */ $arr = $connObj->fetchArray(); $userId = $arr["user_id"]; //First scenario if ($arr['user_activated'] == 0) { echo "This user is already created. Please go to your email account and activate this user or\n go to this <a href=http://localhost/validate_user.php?userId={$userId}>link</a>"; } else { //Second scenario if ($userObj->getEmail() == $arr["email"] && $userObj->getPassword() == $arr["password"]) { //setting a session for this validated user $_SESSION["username"] = $arr["name"]; $_SESSION["email"] = $arr["email"]; $_SESSION["userId"] = $arr["user_id"]; //now I redirect the user to the dashboard header('Location: ' . "http://localhost/dashboard.php", true, 301); } else { echo "Email and password do not match. Please <a href=http://localhost/login.php>check</a> again.";
$connObj->getConnection(); if (isset($_SESSION['username'])) { //3 scenarios: upload the image, view images and delete image //First if ($_GET['act'] == "uimg") { //TODO: put more restrictions like file size, type of file, etc $filename = $connObj->escapeMe($_FILES['imgfile']['name']); $fileSize = $_FILES["imgfile"]["size"]; $fileObj = $_FILES["imgfile"]["tmp_name"]; $userId = $_SESSION["userId"]; $sql = sprintf($q->insInsertImg(), $userId, $fileObj, $filename, $fileSize); $connObj->executeQuery($sql); echo "<h1>Your image has been saved!!!</h1>"; echo "<hr><h3>Please go to the main <a href=http://localhost/dashboard.php>menu</a> for more options.</h3>"; } //Second if ($_GET['act'] == "viewimg") { $userId = $_SESSION["userId"]; $connObj->escapeMe($userId); $sql = sprintf($q->getImgByUserId(), $userId); $connObj->executeQuery($sql); $result = $connObj->fetchArray(); foreach ($result as $img) { echo '<img src=' . $img . '/>'; } echo "<hr><h3>Please go to the main <a href=http://localhost/dashboard.php>menu</a> for more options.</h3>"; } } else { echo "<h1>Hello there!</h1><hr>"; echo "<h4>If you want to user our services please create an account <a href=http://localhost/new_user.php>here</a>. Thanks!</h4>"; }