<?php session_start(); require_once 'dbConnection.php'; $connection = new dbConnection(); session_regenerate_id(); $email = $connection->escape($_POST['email']); $pass = $connection->escape($_POST['pass']); $result = $connection->select("SELECT UserID, Email, Password FROM `Users` WHERE `Email`='{$email}' AND `Password`='{$pass}'"); if (mysqli_num_rows($result) == 0) { echo 0; } else { echo 1; $row = $result->fetch_assoc(); $_SESSION['Login'] = $email; $_SESSION['UserID'] = $row['UserID']; }
<?php session_start(); $action = ''; if (isset($_GET['act'])) { $action = $_GET['act']; } if ($action == "all") { require_once 'dbConnection.php'; require_once 'wishClass.php'; $connection = new dbConnection(); $status = preg_replace("/[^0-9,.]/", "", $connection->escape($_POST['status'])); $owner = preg_replace("/[^0-9,.]/", "", $connection->escape($_POST['owner'])); $performer = preg_replace("/[^0-9,.]/", "", $connection->escape($_POST['performer'])); $moneyFrom = preg_replace("/[^0-9,.]/", "", $connection->escape($_POST['moneyFrom'])); $moneyTo = preg_replace("/[^0-9,.]/", "", $connection->escape($_POST['moneyTo'])); $pointsFrom = preg_replace("/[^0-9,.]/", "", $connection->escape($_POST['pointsFrom'])); $pointsTo = preg_replace("/[^0-9,.]/", "", $connection->escape($_POST['pointsTo'])); $rankFrom = preg_replace("/[^0-9,.]/", "", $connection->escape($_POST['rankFrom'])); $rankTo = preg_replace("/[^0-9,.]/", "", $connection->escape($_POST['rankTo'])); $wishes = wishClass::selectAll($status, $owner, $performer, $moneyFrom, $moneyTo, $pointsFrom, $pointsTo, $rankFrom, $rankTo); if (!isset($_SESSION['count'])) { $_SESSION['count'] = 0; } foreach ($wishes as $wish) { if (!file_exists("images/profiles/{$wish->ownerId}.jpg")) { $profileImage = 'not-found.png'; } else { $profileImage = $wish->ownerId . '.jpg' . '?' . time(); } if ($wish->status == 0) {
<?php session_start(); require_once 'dbConnection.php'; $connection = new dbConnection(); $email = $connection->escape($_POST['email']); $pass = $connection->escape($_POST['pass']); $fname = $connection->escape($_POST['fname']); $lname = $connection->escape($_POST['lname']); $phone = $connection->escape($_POST['phone']); $err = 0; # проверяем, не сущестует ли пользователя с таким именем $result = $connection->select("SELECT COUNT(UserID) FROM Users WHERE Email='" . $email . "'"); $row = $result->fetch_row(); if ($row[0] !== 0) { $err = 1; } //"Пользователь с таким логином уже существует в базе данных" if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $err = 2; } //" invalid emailaddress # Если нет ошибок, то добавляем в БД нового пользователя if ($err == 0) { $result = $connection->insert("INSERT INTO `Users`(`Email`, `Password`, `FirstName`, `LastName`, `Phone`) VALUES ('" . $email . "','" . $pass . "','" . $fname . "','" . $lname . "','" . $phone . "')"); if ($result != 0) { echo 0; session_regenerate_id(); $_SESSION['UserID'] = $connection->getLastInsertedID(); $_SESSION['Login'] = $email; }