<?php
require_once './header.php';
if (isPostSetAndNotEmpty('txtEmail') && isPostSetAndNotEmpty("txtPassword")) {
$pdo = new PDO("mysql:host={$DB_HOST};dbname={$DB_DATABASE};charset=utf8", $DB_USER, $DB_PASSWORD);
$sql = "SELECT email, password, first_name, last_name FROM user WHERE email = :email";
$sth = $pdo->prepare($sql);
$sth->execute(array(':email' => $_POST["txtEmail"]));
if ($sth->rowCount() == 0) {
$message = "incorrect username!";
} else {
$user = $sth->fetch(PDO::FETCH_ASSOC);
if (!password_verify($_POST["txtPassword"], $user["password"])) {
$message = "incorrect password!";
} else {
// valid user, save data to session and redirect
$_SESSION["username"] = $user["first_name"] . ' ' . $user['last_name'];
echo '<script>window.location.href = "index.php";</script>';
}
}
echo "<script>alert('{$message}');</script>";
}
?>
<form method="POST" id="formSignin">
<div class="form-group">
<label class="control-label" for="inputDefault">EMAIL</label>
<input type="text" class="form-control" id="txtEmail" name="txtEmail" placeholder="Enter email address" maxlength="100">
</div>
<div class="form-group">
<label class="control-label" for="inputDefault">PASSWORD</label>
<input type="password" class="form-control" id="txtPassword" name="txtPassword" placeholder="Enter password" maxlength="8">
<?php
require_once './header.php';
if (isPostSetAndNotEmpty('txtFirstName') && isPostSetAndNotEmpty('txtLastName') && isPostSetAndNotEmpty('txtPassword') && isPostSetAndNotEmpty('txtEmail') && isPostSetAndNotEmpty('txtConfirmPassword') && isPostSetAndNotEmpty('txtCaptcha')) {
// validate inputs
$message = '';
if ($_POST['txtPassword'] != $_POST['txtConfirmPassword']) {
$message = 'password is not equal to confirmPassword!\\n';
}
if (!isValidEmail($_POST['txtEmail'])) {
$message .= 'incorrect email pattern!\\n';
}
if (!isValidName($_POST['txtFirstName'])) {
$message .= 'incorrect first name pattern!\\n';
}
if (!isValidName($_POST['txtLastName'])) {
$message .= 'incorrect last name pattern!\\n';
}
if (!isValidPassword($_POST['txtPassword'])) {
$message .= 'incorrect password pattern!\\n';
}
if ($_SESSION['captcha']['code'] != $_POST['txtCaptcha']) {
$message .= 'incorrect captcha!';
}
if ($message == '') {
$pdo = new PDO("mysql:host={$DB_HOST};dbname={$DB_DATABASE};charset=utf8", $DB_USER, $DB_PASSWORD);
// check duplicate email
$sql = "SELECT email FROM user WHERE email = :email";
$sth = $pdo->prepare($sql);
$sth->execute(array(':email' => $_POST['txtEmail']));
if ($sth->rowCount() > 0) {
