Пример #1
0
	<?php 
session_start();
function __autoload($filename)
{
    include "classes/" . $filename . ".php";
}
$dataBase = new dataBase();
if (isset($_POST["changeInfo"])) {
    $newEmail = $_POST["email"];
    $id = $_POST["id"];
    if ($_POST["email"] != "" && $_FILES["profilePicture"]["name"] != "") {
        if ($_FILES["profilePicture"]["type"] == "image/png" || $_FILES["profilePicture"]["type"] == "image/jpeg" || $_FILES["profilePicture"]["type"] == "image/gif") {
            if ($_FILES["profilePicture"]["size"] <= 2000000) {
                $newPictureName = newName($_FILES["profilePicture"]["name"]);
                while (file_exists("img\\" . $newPictureName)) {
                    $newPictureName = newName($_FILES["profilePicture"]["name"]);
                }
                move_uploaded_file($_FILES['profilePicture']['tmp_name'], "img\\" . $newPictureName);
                $test = $dataBase->update("users", "email", "'" . $newEmail . "'", "profile_picture", "'" . $newPictureName . "'", "id", "'" . $id . "'");
                $salt = $dataBase->getRow("salt", "users", true, "'" . $id . "'", "id");
                $actualSalt = $salt[0]["salt"];
                $hash = openssl_digest($newEmail . $actualSalt, 'sha512');
                var_dump($test);
                setcookie("login", $newEmail . "," . $hash, time() + 2592000);
                header("location: gegevens-wijzigen-form.php");
            } else {
                $_SESSION["notifications"]["type"] = "error";
                $_SESSION["notifications"]["message"] = "File is too big";
                header("location: gegevens-wijzigen-form.php");
            }
        } else {
Пример #2
0
<?php

session_start();
if (isset($_POST['btnGegevensWijzigen'])) {
    $email = $_POST['email'];
    $id = $_SESSION['id'];
    if ($_POST['email'] != '' && $_FILES['profilePicture']['name'] != '') {
        if ($_FILES['profilePicture']['type'] == 'image/png' || $_FILES['profilePicture']['type'] == 'image/jpg' || $_FILES['profilePicture']['type'] == 'image/gif') {
            if ($_FILES['profilePicture']['size'] <= 2000000) {
                //2MB
                $newFileName = newName($_FILES['profilePicture']['name']);
                //Checks whether a file or directory exists
                //if name exists make new one
                while (file_exists('images\\' . $newFileName)) {
                    $newFileName = newName($_FILES['profilePicture']['name']);
                }
                //move tmp_name file to $tempName folder
                $movedSuccesful = move_uploaded_file($_FILES['profilePicture']['tmp_name'], 'images\\' . $newFileName);
                if ($movedSuccesful) {
                    $db = new PDO('mysql:host=localhost;dbname=opdracht-file-upload', 'root', '', array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
                    // Connectie maken
                    try {
                        if ($email != $_POST['email']) {
                            $newEmail = $_POST['email'];
                            $querystring = '	UPDATE users
													SET profile_picture = :tempName, 
													email = :email
													WHERE id = :id
												';
                            /*':' om sql injection te voorkomen*/
                            $selectStatement = $db->prepare($querystring);