function check_login_info($_username, $_password) { $sql = new sql(); $query = "select id, password, date_creation from qcs_users where username = '******'"; $rs = $sql -> dquery($query); if ($rs[0] > 0) { $date_creation = substr($rs[1]['date_creation'], 0, 10); $input_password = md5(md5($_password).$date_creation); $db_password = $rs[1]['password']; $user_id = $rs[1]['id']; if ($input_password != $db_password) $user_id = -1; // echo "password = "******"rs[1]['password'] = " . $rs[1]['password']; // exit(); if($rs[1]['password'] == md5($_password)) $user_id = $rs[1]['id']; } else $user_id = -1; $sql -> dclose(); return $user_id; }
function email_exists($_email) { $sql = new sql(); $query = "select id from member where email = '".$_email."'"; $rs = $sql -> dquery($query); $sql -> dclose(); if ($rs[0] > 0) return FALSE; else return TRUE; }
} if (isset($_GET["target"])) { $target = htmlspecialchars($_GET["target"]); } // insert in database $field_str[] = "email"; $data_str[] = "'" . write_to_db($email) . "'"; $field_str[] = "name"; $data_str[] = "'" . write_to_db($company) . "'"; $field_str[] = "country"; $data_str[] = "'" . write_to_db($country) . "'"; $field_str[] = "newsletter"; $data_str[] = "'" . write_to_db($version) . "'"; $field_str[] = "date_login"; $data_str[] = Date("'Y-m-d H:i:s'"); $cc = implode(',', $field_str); $dd = implode(',', $data_str); $sql = new sql(); $query = "insert into qcs_tracking ({$cc}) values ({$dd})"; $sql->dinsert($query); $sql->dclose(); } // redirection $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); if ($target != '') { header("Location: http://{$host}{$uri}/{$target}"); } else { header("Location: http://{$host}{$uri}/new-products"); } exit;
function delete_user($_id) { $sql = new sql(); $query = 'delete from user where id = '.$_id; $sql -> dchange($query); $sql -> dclose(); }