<?php session_start(); require_once 'cfg/config.php'; require_once 'cfg/common.php'; $login_validation = 0; if (isset($_POST['submit_login'])) { if ($_POST['submit_login'] == "submit_mms_login") { $ch = new clean_and_hash(); $email = $ch->clean_all_tags($_POST['email']); $password = $ch->clean_all_tags($_POST['password']); $securepass = $ch->password_hash($email, $password); $dbconn = new db_connection(); $prepare_statement = "SELECT * from " . user_profile . " where email='" . $email . "' and password='******'"; $result = $dbconn->query($prepare_statement); if ($result->num_rows == 1) { $row = mysqli_fetch_assoc($result); if ($row['activation_id'] != "0") { $login_validation = -2; } else { $login_validation = 1; $name = $row['name']; $_SESSION['mms_logged_uid'] = $email; $_SESSION['mms_logged_name'] = $name; header('location:dashboard.php'); } } else { $login_validation = -1; } } }
<?php session_start(); require_once 'cfg/config.php'; require_once 'cfg/common.php'; $success_registration = 0; if (isset($_POST['submit_btn'])) { if ($_POST['submit_btn'] == "submit_val") { $ch = new clean_and_hash(); $name = $ch->clean_all_tags($_POST['name']); $email = $ch->clean_all_tags($_POST['email']); $password = $ch->clean_all_tags($_POST['password']); $c_password = $ch->clean_all_tags($_POST['c_password']); if ($password != $c_password) { header('location:signup.php?error=1'); } $secure_pass = $ch->password_hash($email, $password); $activation_id = $ch->get_activation_code($email); $dbconn = new db_connection(); $prepare_statement = "SELECT * from " . user_profile . " where email = '" . $email . "' and reg_type='self'"; $result = $dbconn->query($prepare_statement); $num_rows = $result->num_rows; if ($num_rows == 0) { // new users $insert_statement = "INSERT into " . user_profile . " (email,password,name,activation_id) values ('" . $email . "','" . $secure_pass . "','" . $name . "','" . $activation_id . "')"; $insert_cmd = $dbconn->query($insert_statement); if ($insert_cmd) { $success_registration = 1; } else { $success_registration = 0; }
<?php session_start(); require_once '../cfg/common.php'; require_once '../cfg/config.php'; $ch = new clean_and_hash(); $bill_title = $ch->clean_all_tags($_POST['bill_title']); $bill_desc = $ch->clean_all_tags($_POST['bill_description']); $bill_amount = $ch->clean_all_tags($_POST['bill_amount']); $start_bill_day = $ch->clean_all_tags($_POST['start_bill_day']); $date = new DateTime(); $unix_date = $date->getTimestamp(); $bill_id = sha1($_SESSION['mms_logged_uid'] . $unix_date); $dbconn = new db_connection(); $success_addbill = -1; $logged_user = $_SESSION['mms_logged_uid']; $sum_of_all_shares = 0; $insert_statement = "INSERT into " . expense_details . " (exp_id,expense_title,expense_desc, expense_total,exp_owner,exp_date) values ('" . $bill_id . "','" . $bill_title . "','" . $bill_desc . "'," . $bill_amount . ",'" . $logged_user . "','" . $start_bill_day . "')"; $insert_cmd = $dbconn->query($insert_statement); if ($insert_cmd) { $success_addbill = 1; } else { $success_addbill = 0; } if (isset($_POST['split_frens_check'])) { $num_of_frens = 1; $success_fren_add_share = 0; $failure_fren_add_share = 0; while (isset($_POST["name{$num_of_frens}"])) { $fren_name = $ch->clean_all_tags($_POST["name{$num_of_frens}"]); $fren_share = $ch->clean_all_tags($_POST["share{$num_of_frens}"]);