$answer = $_POST["answer"];
// check if password matches
if (!password_match($password, $password_confirm)) {
?>
<p>Password doesn't match!</p>
<?php
}
if (!check_email_username($email, $username)) {
?>
<p>Email or username already exist!</p>
<?php
}
// check if pass all the tests
if (password_match($password, $password_confirm) && check_email_username($email, $username)) {
print "siginin";
sign_up($username, $lastname, $email, $password, $gender, $city, $state, $country, $security, $answer);
// start the session, remember the user name
session_start();
$db = new PDO("mysql:dbname=database; host=localhost", "root", "root");
$email = $db->quote($email);
$rows = $db->query("SELECT * FROM user WHERE email = {$email}");
foreach ($rows as $row) {
$_SESSION["username"] = $row["username"];
}
?>
<p>Welcome to Foodcart! <?php
echo $username;
?>
</p>
<?php
}
<?php
session_start();
include "db.php";
include "templates.php";
echo $index;
echo "<table><tr><th>Войти</th><th>Зарегистрироваться</th></tr><tr><td>" . $sign_in . "</td>";
if (isset($_POST['auth'])) {
$Login = $_POST['Login'];
$Password = $_POST['Password'];
sign_in($Login, $Password, $conn);
}
echo "<td>" . $sign_up . "</td></tr></table>";
if (isset($_POST['reg'])) {
$FirstName = $_POST['FirstName'];
$LastName = $_POST['LastName'];
$Login = $_POST['Login'];
$Password = $_POST['Password'];
sign_up($FirstName, $LastName, $Login, $Password, $conn);
}
?>
<?php
session_start();
require_once 'new_connection.php';
//login
if (isset($_POST['action']) && $_POST['action'] == 'login') {
login($_POST);
die;
}
//sign up
if (isset($_POST['action']) && $_POST['action'] == 'sign_up') {
sign_up($_POST);
die;
}
//post a message
if (isset($_POST['action']) && $_POST['action'] == 'message') {
message($_POST);
die;
}
//delete a message
if (isset($_POST['action']) && $_POST['action'] == 'delete') {
delete($_POST);
die;
}
//post a comment
if (isset($_POST['action']) && $_POST['action'] == 'comment') {
comment($_POST);
die;
}
//logout
if (isset($_POST['action']) && $_POST['action'] == 'logout') {
<?php
require 'config.php';
require './src/class.phpmailer.php';
require './src/class.smtp.php';
require './src/security.php';
$action = @$_POST['action'];
if ($action == 'sign_up') {
sign_up();
}
if ($action == 'get_token') {
send_token();
}
function sign_up()
{
$email = validate_email(@$_POST['email']);
$pass = security_filter(@$_POST['password']);
$token = security_filter(@$_POST['token']);
if (email_overlap($email)) {
echo "email overlap";
die;
}
$count = count($GLOBALS['DB']->query("SELECT * FROM user WHERE email=? and token=?", array($email, $token)));
if ($count > 0) {
echo "token auth success";
$result = $GLOBALS['DB']->query("UPDATE user SET activated='1', enable='1', pass=?, passwd='0000000' WHERE email=? and token=?", array($pass, $email, $token));
} else {
echo "token auth fail";
}
}
function send_token()
<body>
<?php
if (isset($_POST['submit'])) {
if (!empty($_POST['name']) && !empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['email'])) {
if (strlen($_POST['password']) > 5 && strlen($_POST['password_check']) > 5) {
$check = restrictUsername($_POST['username']);
$emailCheck = restrictEmail($_POST['email']);
if ($check == 0) {
$i = check_email($_POST['email']);
$emailCheck = restrictEmail($_POST['email']);
if ($i == 1) {
if ($emailCheck == 0) {
if (strcmp($_POST['password'], $_POST['password_check']) == 0) {
$dob = isset($_REQUEST["date1"]) ? $_REQUEST["date1"] : "";
$p_id = sign_up($_POST['username'], $_POST['name'], $_POST['password'], $_POST['email'], $dob, $_POST['about'], $_POST['sex']);
if (isset($_FILES['media'])) {
upload_profilepic($_FILES['media'], $p_id);
}
} else {
echo "<script language=\"javascript\" type=\"text/javascript\">";
echo "alert('The Passwords not matching! Try again.Thank you')";
echo "</script>";
}
} else {
echo "<script language=\"javascript\" type=\"text/javascript\">";
echo "alert('Account with this Email already exists')";
echo "</script>";
}
} else {
echo "<script language=\"javascript\" type=\"text/javascript\">";
unset($_SESSION['name']);
}
//checking if the user logs in
if (!isset($_SESSION['name'])) {
if (isset($_POST['acuseremail']) && isset($_POST['acpassword']) && $_POST['acuseremail'] != "" && $_POST['acpassword']) {
$usr_info = sign_in($_POST['acuseremail'], $_POST['acpassword']);
if ($row = pg_fetch_array($usr_info)) {
session_regenerate_id();
//preventing session fixation attack
$_SESSION['usrid'] = $row['idusuario'];
$_SESSION['usravatar'] = $row['avatar'];
//not yet usefull
$_SESSION['name'] = $row['username'];
}
} else {
if (!isset($_SESSION['name'])) {
if (isset($_POST['unusername']) && isset($_POST['unuseremail']) && isset($_POST['unpassword']) && $_POST['unusername'] != "" && $_POST['unuseremail'] != "" && $_POST['unuseremail'] != "") {
sign_up($_POST['unusername'], $_POST['unuseremail'], $_POST['unpassword']);
$usr_info = sign_in($_POST['unuseremail'], $_POST['unpassword']);
if ($row = pg_fetch_array($usr_info)) {
session_regenerate_id();
//preventing session fixation attack
$_SESSION['usrid'] = $row['idusuario'];
$_SESSION['usravatar'] = $row['avatar'];
//not yet usefull
$_SESSION['name'] = $row['username'];
}
}
}
}
}
<?php
session_start();
include 'sql_calls.php';
// Set variables from html page
$email_up = $_POST['email_up'];
$password1 = $_POST['password1'];
$hash = password_hash($password1, PASSWORD_DEFAULT);
$first_name = $_POST['first_name'];
$middle_name = $_POST['middle_name'];
$last_name = $_POST['last_name'];
$SSN = $_POST['sign_up_SSN'];
$d_o_b = $_POST['d_o_b'];
$date = date('Y-m-d');
$privilege = 1;
sign_up($email_up, $hash, $first_name, $middle_name, $last_name, $SSN, $d_o_b, $privilege, $date);
sign_in($email_up, $password1);
function check()
{
$script = $_SERVER['PHP_SELF'];
$user = $_POST["usr"];
$user = trim($user);
$passwd = $_POST["passwd"];
$passwd = trim($passwd);
# generate user login info
$user_info = $user . ":" . $passwd;
# open file for reading
$file = fopen("./passwd", "r");
$found = FALSE;
while (!feof($file)) {
$line = fgets($file);
$line = trim($line);
if ($line == $user_info) {
$found = TRUE;
break;
}
}
if ($found) {
$pre_reader = $_COOKIE["pre_reader"];
$pre_reader++;
setcookie("pre_reader", $pre_reader, time() + 120);
$script = $_SERVER['PHP_SELF'];
print "Thank you for logging in.";
$file = fopen("./main_page.html", "r");
while (!feof($file)) {
$line = fgets($file);
print $line;
}
fclose($file);
} else {
print "Sorry. Login failed. Please try again";
sign_up();
}
}
}
} else {
$q = sprintf("SELECT * FROM users WHERE username='******' AND password='******'", mysql_real_escape_string($_POST['username']), md5($_POST['password']));
$res = mysql_query($q, $db);
if (mysql_num_rows($res) == 1) {
setcookie("aura", $_POST['username'], time() + 3600);
mysql_close($db);
header('Location: index.php');
} else {
mysql_close($db);
login_page();
}
}
} else {
if (isset($_GET['signup'])) {
sign_up(false, false);
} else {
if (isset($_GET['logout'])) {
setcookie("aura", "", time() - 3600);
login_page();
} else {
if (isset($_GET['delete'])) {
if ($_GET['delete'] != "true") {
delete_page();
} else {
$db = @mysql_connect($dbserv, $dbuser, $dbpass);
mysql_select_db($dbdb, $db);
$q = sprintf("DELETE FROM users WHERE username='******'", mysql_real_escape_string($_COOKIE['aura']));
mysql_query($q, $db);
mysql_close($db);
setcookie("aura", "", time() - 3600);
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . "/reou/includes/const.php";
require_once D_ROOT . "/reou/controllers/users_controller.php";
sign_up($db, $_POST);
?>
<html>
<head>
<title> Sign Up </title>
<link rel="stylesheet" type="text/css" href="<?php
echo asset_route('css');
?>
main.css">
</head>
<body>
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/reou/views/layouts/header.php';
?>
<!--
========== THE PLAN ============