/
process.php
executable file
·87 lines (83 loc) · 2.33 KB
/
process.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
<?php
session_start();
require ('new-connection.php');
if(isset($_POST['action']) && $_POST['action'] == 'register'){
register_user($_POST); ///use the actual post
}
elseif(isset($_POST['action']) && $_POST['action'] == 'login'){
login_user($_POST);
}
else //malicious navigation to process.php or someone is tryting to log off!
{
session_destroy();
header("Location: index.php");
die();
}
function register_user($post)
{
$_SESSION['errors'] = array();
if(empty($post['first_name']))
{
$_SESSION['errors'][] = "first name can't be blank";
}
if(empty($post['last_name']))
{
$_SESSION['errors'][] = "last name can't be blank";
}
if(empty($post['password']))
{
$_SESSION['errors'][] = "password field is required";
}
if(!filter_var($post['email'], FILTER_VALIDATE_EMAIL))
{
$_SESSION['errors'][] = "must be valid email";
}
if($post['password'] !== $post['confirm_password'])
{
$_SESSION['errors'][] = 'passwords must match';
}
///-------------end of validation checks-----------//
if(count($_SESSION['errors'])>0)
{
header('Location: index.php');
die();
}
else
{
$query = "INSERT INTO users (first_name, last_name, password, email, created_at, updated_at)
VALUES ('{$post['first_name']}', '{$post['last_name']}', '{$post['password']}', '{$post['email']}', NOW(), NOW())";
run_mysql_query($query);
$_SESSION['success_message'] = 'User succesfully created';
header("Location: index.php");
exit();
}
}
function login_user($post) //just a parameter called post
{
$query = "SELECT * FROM users WHERE users.password = '{$post['password']}'
AND users.email = '{$post['email']}'";
$user = fetch_all($query);
$query = "SELECT * FROM users
LEFT JOIN messages
ON users.id = messages.users_id
ORDER BY messages.created_at ASC";
$_SESSION['records'] = fetch_all($query);
$query = "SELECT * FROM users
LEFT JOIN comments
ON users.id = comments.users_id";
$_SESSION['comments'] = fetch_all($query);
if(count($user)>0)
{
$_SESSION['user_id'] = $user[0]['id'];
$_SESSION['first_name'] = $user[0]['first_name'];
$_SESSION['logged_in'] = TRUE;
header("location: success.php");
}
else
{
$_SESSION['errors'][] = "can't find a user with those credentials";
header("location: index.php");
die();
}
}
?>