$_SESSION["error"] = "fieldcheck";
header('Location:registry.php');
}
}
//changes password
if (isset($_POST['changepw'])) {
if ($_POST['password1'] != '' and $_POST['password2'] != '' and $_POST['password3'] != '') {
$password1 = $_POST["password1"];
$password2 = $_POST["password2"];
$password3 = $_POST["password3"];
$email = $_SESSION["email"];
if ($password2 != $password3) {
$_SESSION["error"] = "newpwmatch";
header("Location:settings.php");
} else {
if (pwcheck($password1, mysqli_fetch_assoc(mysqli_query($con, "SELECT passwordHash FROM owner WHERE email='{$email}'"))['passwordHash']) != 1) {
$_SESSION["error"] = "oldpwmatch";
header('Location:settings.php');
} else {
$hash = pwhash($password2);
mysqli_query($con, "UPDATE owner SET passwordHash='{$hash}' WHERE email='{$email}'");
$_SESSION["error"] = "pwupdated";
header("Location:settings.php");
}
}
} else {
$_SESSION["error"] = "pwsnotthere";
header("Location:settings.php");
}
}
if (isset($_POST['addurl'])) {
<?php
include 'constants.php';
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
if (isset($_POST['login'])) {
if ($_POST['email'] != '' and $_POST['password'] != '') {
$email = $_POST["email"];
$password = $_POST["password"];
if (mysqli_fetch_assoc(mysqli_query($con, "SELECT passwordHash FROM owner WHERE email={$email}"))['passwordHash'] == pwcheck($password)) {
$_SESSION["error"] = "none";
$que = mysqli_fetch_assoc(mysqli_query($con, "SELECT ownerid FROM owner WHERE email='{$email}'"));
$userid = $que['ownerid'];
$_SESSION["userid"] = $userid;
header('Location:home.php');
} else {
if ($_POST['email'] == '' or $_POST['password'] == '') {
$_SESSION["error"] = "fieldcheck";
header("Location:login.php");
} else {
$_SESSION["error"] = "nomatch";
header("Location:login.php");
}
}
}
}
//redirects users to the registry page
if (isset($_POST['registryform'])) {
header("Location:registry.php");
}