public function __construct() { if (!($this->db_connection = startPDOConnection())) { echo '<h2>Database Is Down For Maintenace</h2>'; echo '<h4>Please Try Again Later</h4>'; die; } }
private function loginWithPOST() { // Verfiy the contents that were submitted by the form if (empty($_POST['user_name'])) { $this->setLoginErrorAndQuit('The Username field was empty.'); } elseif (empty($_POST['user_password'])) { $this->setLoginErrorAndQuit('The Password field was empty.'); } elseif (!empty($_POST['user_name']) && !empty($_POST['user_password'])) { // Start the database connection if ($this->db_connection = startPDOConnection()) { // Trimming the whitespace. The input is not sanitized because prepared statements are being used $user_name = trim($_POST['user_name']); // The database query which allows the client to login via email address or by username. $stmt = $this->db_connection->prepare('SELECT username, email, password FROM clients WHERE username = ? OR email = ?'); $stmt->execute(array($user_name, $user_name)); // If the user exists, then verfiy the password if ($stmt->rowCount() == 1) { // Get the user row as an array $user = $stmt->fetch(PDO::FETCH_ASSOC); $stmt = null; // Using PHP 5.5's password_verify() function to check if the provided password matches the hash of the password entered if (password_verify($_POST['user_password'], $user['password'])) { // Write the client's data into a PHP SESSION $_SESSION['user_name'] = $user['username']; $_SESSION['user_email'] = $user['email']; //The user's privilege is always user from this console $_SESSION['privilege'] = 'user'; $_SESSION['user_login_status'] = 1; //The login is complete, redirect them header('Location: /account.php'); exit; } else { $this->setLoginErrorAndQuit('The Username or Password is incorrect.<br />Please try again.'); } } else { $this->setLoginErrorAndQuit('The Username or Password is incorrect.<br />Please try again.'); } } else { $this->setLoginErrorAndQuit('There was a problem connecting to the database.<br />Please try again.'); } } }
public function registerNewUser($user_group = 1) { if (empty($_POST['user_name'])) { $this->setErrorAndQuit('Username cannot be empty.'); } elseif (empty($_POST['user_password_new']) || empty($_POST['user_password_repeat'])) { $this->setErrorAndQuit('Password cannot be empty.'); } elseif ($_POST['user_password_new'] !== $_POST['user_password_repeat']) { $this->setErrorAndQuit('RegisterError', 'Passwords do not match.'); } elseif (!passwordPolicyMatch($_POST['user_password_new'])) { $this->setErrorAndQuit('Password does not match'); } elseif (strlen($_POST['user_name']) > 64 || strlen($_POST['user_name']) < 2) { $this->setErrorAndQuit('Password does not conform to the password policy.<br />' . passwordPolicyWritten()); } elseif (!preg_match('/^[a-zA-Z0-9]*[_.-]?[a-zA-Z0-9]*$/', $_POST['user_name'])) { $this->setErrorAndQuit('Username does not match the naming scheme. Only letters, numbers, underscores, and periods are allowed'); } elseif (empty($_POST['user_email'])) { $this->setErrorAndQuit('Email cannot be empty.'); } elseif (strlen($_POST['user_email']) > 64) { $this->setErrorAndQuit('Email cannot be longer than 64 characters.'); } elseif (!filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL)) { $this->setErrorAndQuit('Your email address is not in a valid email format.'); } elseif (!empty($_POST['user_name']) && strlen($_POST['user_name']) <= 64 && strlen($_POST['user_name']) >= 2 && preg_match('/^[a-zA-Z0-9]*[_.-]?[a-zA-Z0-9]*$/', $_POST['user_name']) && !empty($_POST['user_email']) && strlen($_POST['user_email']) <= 64 && filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL) && !empty($_POST['user_password_new']) && !empty($_POST['user_password_repeat']) && $_POST['user_password_new'] === $_POST['user_password_repeat']) { if ($this->db_connection = startPDOConnection()) { //Trim the whitespace $user_name = trim($_POST['user_name']); $user_fullname = trim($_POST['user_fullname']); $user_email = trim($_POST['user_email']); $user_password = $_POST['user_password_new']; $user_created = date('Y-m-d H:i:s'); $user_password_hash = password_hash($user_password, PASSWORD_DEFAULT); if (isset($_POST['account_type']) && $_POST['account_type'] == 'admin') { $account_type = 'admin'; } else { $account_type = 'clients'; } // Check if the user/email address is already taken or not if ($stmt = $this->db_connection->prepare('SELECT * FROM ' . $account_type . ' WHERE username=? OR email=?')) { if ($stmt->execute(array($user_name, $user_email))) { if ($stmt->rowCount() == 1) { $this->setErrorAndQuit('Sorry, that username or email address is already taken.'); } else { $stmt = null; // Prepare and bind the database to insert the administrator account if ($stmt = $this->db_connection->prepare('INSERT INTO ' . $account_type . ' (username, password, email, name, created) VALUES (?, ?, ?, ?, ?)')) { if ($stmt->execute(array($user_name, $user_password_hash, $user_email, $user_fullname, $user_created))) { FlashMessage::flash('RegisterSuccess', $user_name . ' has been created successfully.'); header('Location: /admin/newaccount.php'); exit; } else { $this->setErrorAndQuit('Sorry, your registration failed.<br />Please go back and try again.'); } } else { $this->setErrorAndQuit('Sorry, your registration failed.<br />Please go back and try again.'); } } } else { $this->setErrorAndQuit('There was a problem connecting to the database.<br />Please try again.'); } } else { $this->setErrorAndQuit('There was a problem connecting to the database.<br />Please try again.'); } } else { $this->setErrorAndQuit('There was a problem connecting to the database.<br />Please try again.'); } } else { $this->setErrorAndQuit('Sorry, your registration failed.<br />Please go back and try again.'); } }