function login_verify($email, $password)
{
//connect to db
$conn = connect_to_mysql();
$sql = "select * from users where user_email = '" . $email . "';";
// find user record via email
$result = $conn->query($sql);
// make sure we got a record back
if ($result->num_rows !== 1) {
return false;
}
// get the first row
$row = mysqli_fetch_array($result);
// get the password hash
$db_passhash = $row["password_hash"];
//compare password hash, if true, set session vars
if (password_verify($password, $db_passhash)) {
$_SESSION["logged_in"] = true;
$_SESSION["user_id"] = $row["id"];
$_SESSION["username"] = $row["username"];
return true;
} else {
$_SESSION["logged_in"] = false;
return false;
}
}
function get_user_data()
{
$connection = connect_to_mysql();
$query = "SELECT * FROM users WHERE email = '";
$query .= $_SESSION["email"] . "'";
$result = mysqli_query($connection, $query);
$row = mysqli_fetch_array($result);
if ($row != false) {
close_mysql_connection($connection);
return $row;
}
}
// verify password
if (strcmp($password, $password_verify) !== 0) {
$_SESSION["growl_type"] = "error";
$_SESSION["growl_message"] = "Passwords do not match!";
header('Location: /signup');
return;
}
// verify the email
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$_SESSION["growl_type"] = "error";
$_SESSION["growl_message"] = "The email address you entered is invlaid";
header('Location: /signup');
return;
}
// make sure email is not already taken
$conn = connect_to_mysql();
$sql = "select * from users where user_email = '" . $email . "';";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
$_SESSION["growl_type"] = "error";
$_SESSION["growl_message"] = "This email address is already taken";
header('Location: /signup');
return;
}
// hash the password
$hash = password_hash($password, PASSWORD_DEFAULT);
$date = date('Y-m-d');
$sql = "INSERT INTO users\n\t(username, user_email, password_hash, date_created, date_modified, deleted)\n\tVALUES\n\t('" . $username . "', '" . $email . "', '" . $hash . "', '" . $date . "', '" . $date . "', 0);";
$result = $conn->query($sql);
// get the user id
$sql = "SELECT id FROM users where user_email = '" . $email . "';";
function check_change_password()
{
$fail = false;
//if old password is incorrect, exit
$connection = connect_to_mysql();
$query = "SELECT * FROM users WHERE email = '" . $_SESSION['email'] . "' AND password = '******'";
$row = mysqli_query($connection, $query);
if (mysqli_num_rows($row) != 1) {
$GLOBALS['oldPasswordIncorrect'] = true;
$fail = true;
}
// if password contains special characters, exit
if (!filter_var($_POST["InputPW1"], FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => "/^[a-zA-Z0-9_]*\$/")))) {
$GLOBALS['passwordNotValid'] = true;
$fail = true;
}
//if passwords do not match, exit
if ($_POST["InputPW1"] != $_POST["InputPW2"]) {
$GLOBALS['passwordNotMatch'] = true;
$fail = true;
}
if (!$fail) {
start_password_change($connection);
}
close_mysql_connection($connection);
}
function contact_realtor()
{
$connection = connect_to_mysql();
$query = "INSERT INTO touched (idListing, name, email, phone, message) VALUES('";
$query .= $_POST['contact'] . "','";
$query .= $_POST['name'] . "','";
$query .= $_POST['email'] . "','";
$query .= $_POST['phone'] . "','";
$query .= $_POST['message'] . "')";
mysqli_query($connection, $query);
echo "<script type='text/javascript'>alert('Request sent to realtor!');</script>";
}
function display_listing($id)
{
$connection = connect_to_mysql();
$query = "SELECT * ";
$query .= "FROM listings ";
$query .= "WHERE id ='" . $id . "'";
$result = mysqli_query($connection, $query);
$row = mysqli_fetch_array($result);
echo '<div class="row">
<div class="container transbox">
<div class="brdr bgc-fff pad-10 box-shad btm-mrg-20 property-listing" style="overflow:hidden;">
<div class="media">
<a class="pull-left" href="#" target="_parent">';
$rand_num = rand(1, 3);
$img_name1 = $row["image" . $rand_num];
$img_path = 'assets/home_images/home' . $row["id"] . '/small/' . $img_name1;
echo '<img class="img-responsive" style="margin-top:9%;" src="' . $img_path . '"/></a>
<div class="clearfix visible-sm"></div>
<div class="media-body fnt-smaller">
<a href="#" target="_parent"></a>
<h3 class="media-heading">
<a href="#" target="_parent">$' . number_format($row["price"]) . '</a><small class="pull-right"><i>' . $row["address"] . '</i></small></h3>
<p><small class="pull-right">' . $row["city"] . ", " . $row["us_state"] . ", " . $row["zip_code"] . '</small></p>
<br>
<ul class="list-inline mrg-0 btm-mrg-10 clr-535353 pull-right">
<li>' . $row["sq_ft"] . 'SqFt</li>
<li style="list-style: none">|</li>
<li>' . $row["num_bedrooms"] . 'Beds</li>
<li style="list-style: none">|</li>
<li>' . $row["num_bathrooms"] . 'Baths</li>
</ul>
<br><br>
<p class="hidden-xs">' . substr($row["description"], 0, 300) . '...</p>
<div class="btn-toolbar pull-right">
<form action="home_details.php" method="get">
<button type="button" class="btn btn-default btn-sm">
<span class="glyphicon glyphicon-star" aria-hidden="true"></span> Star
</button>
<button name="details" type="submit" value="' . $row[0] . '" class="btn btn-success btn-sm">Details</button>
</form>
</div>
<br>
<span class="fnt-smaller fnt-lighter fnt-arial">Milestone Properties©</span>
</div>
</div>
</div>
</div>
</div><hr>';
}
function remove_row()
{
$connection = connect_to_mysql();
$query = "DELETE FROM touched WHERE id = '" . $_POST['idRow'] . "'";
mysqli_query($connection, $query);
echo "<script type='text/javascript'>alert('Contact request deleted!');</script>";
}
function check_login()
{
$email = filter_var($_POST["InputEmail"], FILTER_SANITIZE_EMAIL);
$connection = connect_to_mysql();
$result = mysqli_query($connection, "SELECT * FROM users WHERE email = '" . $email . "'");
$row = mysqli_fetch_array($result);
if ($_POST["InputEmail"] == "" || $_POST["InputPW1"] == "") {
$GLOBALS['emptyFields'] = true;
} else {
if ($_POST["InputEmail"] != $email) {
$GLOBALS['emailNotValid'] = true;
} else {
if (!password_verify($_POST["InputPW1"], $row["password"])) {
$GLOBALS['wrongCredentials'] = true;
} else {
sec_session_start($email);
header("Location: temp.php");
exit;
}
}
}
}
function create_user()
{
// hashes the password to store it safely in the DB
$password = password_hash($_POST["InputPW1"], PASSWORD_DEFAULT);
$connection = connect_to_mysql();
// query to create a new user in the DB
$query = "INSERT INTO users (email,password,user_type,zip_code,phone_number,first_name,last_name)";
$query .= "VALUES(";
$query .= "'{$_POST["InputEmail"]}',";
$query .= "'{$password}',";
$query .= "1,";
$query .= "{$_POST["InputZip"]},";
$query .= "'{$_POST["InputPhone"]}',";
$query .= "'{$_POST["InputFirstName"]}',";
$query .= "'{$_POST["InputLastName"]}')";
if (mysqli_query($connection, $query) == FALSE) {
echo "Failed to create user";
}
close_mysql_connection($connection);
}
function bookmark_listing()
{
$connection = connect_to_mysql();
if (isset($_SESSION['id'])) {
$query = "INSERT into bookmarks (user_id, listing_id) VALUES(";
$query .= $_SESSION['id'] . "," . $_POST['bookmark'] . ")";
mysqli_query($connection, $query);
echo "<script type='text/javascript'>alert('Listing added to bookmarks');</script>";
} else {
echo "<script type='text/javascript'>alert('You must be logged in to bookmark a property!');</script>";
}
}
function check_login_forgot()
{
$original_email = trim($_POST["InputEmail"]);
$clean_email = filter_var($original_email, FILTER_SANITIZE_EMAIL);
$fail = false;
// if email has special characters or doesn't have right format, exit
if ($original_email != $clean_email || !filter_var($original_email, FILTER_VALIDATE_EMAIL)) {
$GLOBALS['emailNotValid'] = true;
$fail = true;
}
// if email is not already registered, exit
$connection = connect_to_mysql();
$query = "SELECT * FROM users WHERE email = '" . $original_email . "'";
$row = mysqli_query($connection, $query);
if (mysqli_num_rows($row) != 1) {
$GLOBALS['emailNotRegistered'] = true;
$fail = true;
}
if (!$fail) {
start_password_recovery($connection, $clean_email);
}
close_mysql_connection($connection);
}
