public function __construct()
{
if (!($this->db_connection = startPDOConnection())) {
echo '<h2>Database Is Down For Maintenace</h2>';
echo '<h4>Please Try Again Later</h4>';
die;
}
}
private function loginWithPOST()
{
// Verfiy the contents that were submitted by the form
if (empty($_POST['user_name'])) {
$this->setLoginErrorAndQuit('The Username field was empty.');
} elseif (empty($_POST['user_password'])) {
$this->setLoginErrorAndQuit('The Password field was empty.');
} elseif (!empty($_POST['user_name']) && !empty($_POST['user_password'])) {
// Start the database connection
if ($this->db_connection = startPDOConnection()) {
// Trimming the whitespace. The input is not sanitized because prepared statements are being used
$user_name = trim($_POST['user_name']);
// The database query which allows the client to login via email address or by username.
$stmt = $this->db_connection->prepare('SELECT username, email, password FROM clients WHERE username = ? OR email = ?');
$stmt->execute(array($user_name, $user_name));
// If the user exists, then verfiy the password
if ($stmt->rowCount() == 1) {
// Get the user row as an array
$user = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt = null;
// Using PHP 5.5's password_verify() function to check if the provided password matches the hash of the password entered
if (password_verify($_POST['user_password'], $user['password'])) {
// Write the client's data into a PHP SESSION
$_SESSION['user_name'] = $user['username'];
$_SESSION['user_email'] = $user['email'];
//The user's privilege is always user from this console
$_SESSION['privilege'] = 'user';
$_SESSION['user_login_status'] = 1;
//The login is complete, redirect them
header('Location: /account.php');
exit;
} else {
$this->setLoginErrorAndQuit('The Username or Password is incorrect.<br />Please try again.');
}
} else {
$this->setLoginErrorAndQuit('The Username or Password is incorrect.<br />Please try again.');
}
} else {
$this->setLoginErrorAndQuit('There was a problem connecting to the database.<br />Please try again.');
}
}
}
public function registerNewUser($user_group = 1)
{
if (empty($_POST['user_name'])) {
$this->setErrorAndQuit('Username cannot be empty.');
} elseif (empty($_POST['user_password_new']) || empty($_POST['user_password_repeat'])) {
$this->setErrorAndQuit('Password cannot be empty.');
} elseif ($_POST['user_password_new'] !== $_POST['user_password_repeat']) {
$this->setErrorAndQuit('RegisterError', 'Passwords do not match.');
} elseif (!passwordPolicyMatch($_POST['user_password_new'])) {
$this->setErrorAndQuit('Password does not match');
} elseif (strlen($_POST['user_name']) > 64 || strlen($_POST['user_name']) < 2) {
$this->setErrorAndQuit('Password does not conform to the password policy.<br />' . passwordPolicyWritten());
} elseif (!preg_match('/^[a-zA-Z0-9]*[_.-]?[a-zA-Z0-9]*$/', $_POST['user_name'])) {
$this->setErrorAndQuit('Username does not match the naming scheme. Only letters, numbers, underscores, and periods are allowed');
} elseif (empty($_POST['user_email'])) {
$this->setErrorAndQuit('Email cannot be empty.');
} elseif (strlen($_POST['user_email']) > 64) {
$this->setErrorAndQuit('Email cannot be longer than 64 characters.');
} elseif (!filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL)) {
$this->setErrorAndQuit('Your email address is not in a valid email format.');
} elseif (!empty($_POST['user_name']) && strlen($_POST['user_name']) <= 64 && strlen($_POST['user_name']) >= 2 && preg_match('/^[a-zA-Z0-9]*[_.-]?[a-zA-Z0-9]*$/', $_POST['user_name']) && !empty($_POST['user_email']) && strlen($_POST['user_email']) <= 64 && filter_var($_POST['user_email'], FILTER_VALIDATE_EMAIL) && !empty($_POST['user_password_new']) && !empty($_POST['user_password_repeat']) && $_POST['user_password_new'] === $_POST['user_password_repeat']) {
if ($this->db_connection = startPDOConnection()) {
//Trim the whitespace
$user_name = trim($_POST['user_name']);
$user_fullname = trim($_POST['user_fullname']);
$user_email = trim($_POST['user_email']);
$user_password = $_POST['user_password_new'];
$user_created = date('Y-m-d H:i:s');
$user_password_hash = password_hash($user_password, PASSWORD_DEFAULT);
if (isset($_POST['account_type']) && $_POST['account_type'] == 'admin') {
$account_type = 'admin';
} else {
$account_type = 'clients';
}
// Check if the user/email address is already taken or not
if ($stmt = $this->db_connection->prepare('SELECT * FROM ' . $account_type . ' WHERE username=? OR email=?')) {
if ($stmt->execute(array($user_name, $user_email))) {
if ($stmt->rowCount() == 1) {
$this->setErrorAndQuit('Sorry, that username or email address is already taken.');
} else {
$stmt = null;
// Prepare and bind the database to insert the administrator account
if ($stmt = $this->db_connection->prepare('INSERT INTO ' . $account_type . ' (username, password, email, name, created) VALUES (?, ?, ?, ?, ?)')) {
if ($stmt->execute(array($user_name, $user_password_hash, $user_email, $user_fullname, $user_created))) {
FlashMessage::flash('RegisterSuccess', $user_name . ' has been created successfully.');
header('Location: /admin/newaccount.php');
exit;
} else {
$this->setErrorAndQuit('Sorry, your registration failed.<br />Please go back and try again.');
}
} else {
$this->setErrorAndQuit('Sorry, your registration failed.<br />Please go back and try again.');
}
}
} else {
$this->setErrorAndQuit('There was a problem connecting to the database.<br />Please try again.');
}
} else {
$this->setErrorAndQuit('There was a problem connecting to the database.<br />Please try again.');
}
} else {
$this->setErrorAndQuit('There was a problem connecting to the database.<br />Please try again.');
}
} else {
$this->setErrorAndQuit('Sorry, your registration failed.<br />Please go back and try again.');
}
}
