$_SESSION['error'] = message_error(pg_last_error($db_connection));
header("Location: ../showcase/php/php_showcase_data_manipulation.php");
}
} else {
header("Location: ../showcase/php/php_showcase_data_manipulation.php");
}
} else {
if (isset($_POST['edit_mode'])) {
if (!isset($_POST['password']) || isset($_POST['password']) && strlen($_POST['password']) == 0) {
$password = null;
}
if (strlen(create_error_string($login, $password, $email, $gender)) == 0) {
$update_user_sql = "UPDATE users SET superuser = '******', email = '{$email}', note = '{$note}', gender = '{$gender}'";
if (isset($_POST['password']) && strlen($password) > 0) {
$salt_hash = create_salt();
$password_hash = create_password_hash($password, $salt_hash);
$update_user_sql .= ", password_hash = '{$password_hash}', salt_hash = '{$salt_hash}' ";
}
$update_user_sql .= "WHERE login LIKE '{$login}'";
if ($update_user_sql_result = pg_query($db_connection, $update_user_sql)) {
$_SESSION['info'] = message_info("User " . $login . " updated successfully.");
header("Location: ../showcase/php/php_showcase_db_diagnostics.php");
} else {
$_SESSION['error'] = message_error(pg_last_error($db_connection));
header("Location: ../showcase/php/php_showcase_data_manipulation.php");
}
} else {
header("Location: ../showcase/php/php_showcase_data_manipulation.php");
}
} else {
$_SESSION['error'] = message_warning("User with login {$login} already exists.");
}
if (!isset($_POST['login']) || !isset($_POST['password'])) {
$_SESSION['error'] = message_error("Login and/or password not set.");
header('Location: ../../showcase/php/php_showcase_login.php');
exit;
}
$db_connection = pg_connect("host={$host} port={$port} dbname={$db_name} user={$db_user} password={$db_password}");
if (!$db_connection) {
$_SESSION['error'] = "Error connecting to the database - " . pg_last_error($db_connection) . ".";
} else {
$login = $_POST['login'];
$password = $_POST['password'];
$salt_hash_sql = "SELECT salt_hash FROM users WHERE login LIKE '{$login}'";
if ($salt_hash_sql_result = pg_query($db_connection, $salt_hash_sql)) {
$hash_row = pg_fetch_assoc($salt_hash_sql_result);
$password_hash = create_password_hash($password, $hash_row['salt_hash']);
$login_sql = "SELECT * FROM users WHERE login LIKE '{$login}' AND password_hash LIKE '{$password_hash}'";
if ($login_sql_result = pg_query($db_connection, $login_sql)) {
if (pg_num_rows($login_sql_result) == 1) {
$_SESSION['logged_in'] = $login;
$user_row = pg_fetch_assoc($login_sql_result);
$_SESSION['superuser'] = $user_row['superuser'];
unset($_SESSION['error']);
pg_free_result($login_sql_result);
header('Location: ../../showcase/php/php_showcase_main.php');
} else {
$_SESSION['error'] = message_error("Login or password incorrect - password / salt combo: " . $login . " / " . $password_hash);
header('Location: ../../showcase/php/php_showcase_login.php');
}
} else {
$_SESSION['error'] = message_error("Unable to retrieve information from database = " . pg_last_error($db_connection) . ".");