if (!is_numeric($pin) || strlen($pin) != 6) { $error = True; $title_err = "Enter valid pincode"; } $phone = testinput($_POST["phone"]); if (ord($phone) != ord('+')) { $error = True; $title_err = "Phone number must begin with +"; } else { if (!is_numeric(substr($phone, 1, strlen($phone)))) { $error = True; $title_err = "Enter valid phone number"; } } $gender = testinput($_POST["gender"]); $state = testinput($_POST["state"]); if (!$error) { $conn = new mysqli($servername, $username, $userpassword, $dbname); if ($conn->connect_error) { die("Connection failed " . $conn->error); } do { $id = newid(); $stmt = $conn->prepare("insert into " . $tablename . "(id, name, email, password, gender, address, state, pin, phone, time) \n\t\t\t\tvalues(?, ?, ?, ?, ?, ?, ?, ?, ?, ?) "); $stmt->bind_param('ssssssssss', $id, $name, $email, $password, $gender, $address, $state, $pin, $phone, date("Y-m-d H:i:s")); $stmt->execute(); header("Location: login.php"); exit; } while ($stmt->error); $conn->close(); }
$snameerr = "Email is required."; } else { $semail = testinput($_POST["semail"]); if (!filter_var($semail, FILTER_VALIDATE_EMAIL)) { $semailerr = "Invalid Email format."; } } if (empty($_POST["spwd"])) { $spwderr = "Password is required."; } else { $spwd = testinput($_POST["spwd"]); } if (empty($_POST["sname"])) { $snameerr = "Name is required."; } else { $sname = testinput($_POST["sname"]); // check if name only contains letters and whitespace if (!preg_match("/^[a-zA-Z0-9 ]*\$/", $sname)) { $snameerr = "Invalid Name."; } } $sql = "SELECT * from user WHERE user_email='{$semail}' AND user_name='{$sname}'"; $result = mysqli_query($dbcon, $sql); if (mysqli_num_rows($result) > 0) { $dberr = "Email or NickName already exists."; } else { $slevel = 0; $spwd = sha1($spwd); date_default_timezone_set("Asia/Kolkata"); $sdate = date("y:m:d h:i:s"); $sql = "insert into user (user_name,user_pass,user_email,user_date,user_level) VALUES ('{$sname}','{$spwd}','{$semail}','{$sdate}','{$slevel}')";
$tablename = "Users"; $email = testinput($_POST["email"]); $conn = new mysqli($servername, $username, $userpassword, $dbname); if ($conn->error) { die("Error in database"); } $stmt = $conn->prepare("select * from " . $tablename . " where email = ?"); $stmt->bind_param('s', $email); $result = $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows == 0) { $error = True; $title_err = "Email Id doesnt exist"; } $conn->close(); $password = testinput($_POST["password"]); if (!$error) { $conn = new mysqli($servername, $username, $userpassword, $dbname); if ($conn->error) { die("Error in database"); } $stmt = $conn->prepare("select * from " . $tablename . " where email = ? and password = ?"); $stmt->bind_param('ss', $email, $password); $result = $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows == 0) { $error = True; $title_err = "Incorrect email or password"; } else { $row = $result->fetch_assoc(); $id = $row["id"];
die; } $servername = '127.0.0.1'; $user = '******'; $pswd = 'password'; $db = 'Project'; $error = ""; function testinput($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $password = testinput($_POST['password']); $conn = new mysqli($servername, $user, $pswd, $db); $stmt = 'select password from Users where id = ' . $_COOKIE['id']; $result = $conn->query($stmt); $result = $result->fetch_assoc(); $conn->close(); if ($password === $result['password']) { $address = $_POST['address']; $state = $_POST['state']; $pin = $_POST['pin']; $phone = $_POST['phone']; $newpassword = $_POST['newpassword']; if ($newpassword != '') { $password = $newpassword; } $phone = $_POST['phone'];