function database_add_user($username, $password, $picture, $phone)
{
global $mysqli;
// Sanitize the variables you passed in
$username = sanitize_input($username);
$password = sanitize_input($password);
// NOTE: Add another variable to be sanitized here:
$phone = sanitize_input($phone);
// Hash the password so that it is not stored in the database as plain text
$password = create_hash($password);
// Process the picture for putting it in the database
$picture = process_picture($picture);
// NOTE: modify this query to also include the newfield
// Insert the new user into the database
$q1 = "INSERT INTO users (username, password, picture, phone)";
$q2 = "VALUES ('{$username}','{$password}','{$picture}', '{$phone}')";
$q = $q1 . $q2;
$userID = 0;
if (isUsernameTaken($username) == false) {
// Add the user to the database
mysqli_query($mysqli, $q);
// Set this userID as logged in
$userID = mysqli_insert_id($mysqli);
set_user_logged_in($userID, $password);
}
return $userID;
}
function database_user_login($username, $password)
{
global $mysqli;
$username = sanitize_input($username);
$password = sanitize_input($password);
$userID = database_get_userID($username);
$q = "SELECT password FROM users WHERE userID='{$userID}'";
$result = mysqli_query($mysqli, $q);
$row = mysqli_fetch_array($result);
$datapass = $row['password'];
// If the database password and the passed in password are the same
// the user is verified. Otherwise, return 0.
if (validate_password($password, $datapass)) {
set_user_logged_in($userID);
} else {
set_user_logged_out();
$userID = 0;
}
return $userID;
}
if (isset($_GET['code'])) {
try {
$access_token = acquire_access_token($_GET['code']);
if (!isset($access_token)) {
throw new Exception('Failed to get access token');
}
// For use with "Log In and Checkout", when we just want the access token and not a full user account
$_SESSION['access_token'] = $access_token;
$profile = acquire_paypal_user_profile($access_token);
if (!isset($profile)) {
throw new Exception('Failed to get user profile');
}
$_SESSION['username'] = $profile->given_name;
$_SESSION['user'] = array("email" => $profile->email, "given_name" => $profile->given_name, "family_name" => $profile->family_name, "language" => $profile->language, "phone_number" => $profile->phone_number, "street_address" => $profile->address->street_address, "locality" => $profile->address->locality, "region" => $profile->address->region, "postal_code" => $profile->address->postal_code, "country" => $profile->address->country, "payer_id" => $profile->payer_id, "access_token" => $access_token);
if (does_user_have_account($profile->email)) {
set_user_logged_in($profile->given_name, $profile->email);
store_access_token($profile->email, $access_token);
if (!does_user_have_paypal_id($profile->email)) {
$targetUrl = 'link-accounts.php?email=' . urlencode($profile->email) . '&payer_id=' . $profile->payer_id;
}
} else {
$targetUrl = 'create-account.php';
}
} catch (Exception $e) {
throw_error_in_console($e->getMessage());
}
}
?>
<script>
var endpoint = ( sessionStorage.intent ) ? "<?php
/**
* create merchant account
* @return string error
*/
function create_account()
{
if (!verify_nonce()) {
return "Cross-site scripting detection error";
}
if (!isset($_POST['email']) || strlen($_POST['email']) == 0) {
return "Email address not found.";
}
if (does_user_have_account($_POST['email'])) {
return "Email account already exists.";
}
cull_accounts();
try {
global $pdo;
$query = "INSERT INTO users VALUES(\n\t\t\t\t\t0,\n\t\t\t\t\tAES_ENCRYPT(:email,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:password,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:given_name,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:family_name,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:language,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:phone_number,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:street_address,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:locality,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:region,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:postal_code,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:country,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:payer_id,':aes_key'),\n\t\t\t\t\tAES_ENCRYPT(:access_token,':aes_key'),\n\t\t\t\t\tNOW(),\n\t\t\t\t\tAES_ENCRYPT(:session_key,':aes_key')\n\t\t\t\t\t)";
$query = str_replace(":aes_key", AES_KEY, $query);
$sql = $pdo->prepare($query);
$sql->bindParam(':email', $_POST['email'], PDO::PARAM_STR);
$sql->bindParam(':password', $_POST['password'], PDO::PARAM_STR);
$sql->bindParam(':given_name', $_POST['given_name'], PDO::PARAM_STR);
$sql->bindParam(':family_name', $_POST['family_name'], PDO::PARAM_STR);
$sql->bindParam(':language', $_POST['language'], PDO::PARAM_STR);
$sql->bindParam(':phone_number', $_POST['phone_number'], PDO::PARAM_STR);
$sql->bindParam(':street_address', $_POST['street_address'], PDO::PARAM_STR);
$sql->bindParam(':locality', $_POST['locality'], PDO::PARAM_STR);
$sql->bindParam(':region', $_POST['region'], PDO::PARAM_STR);
$sql->bindParam(':postal_code', $_POST['postal_code'], PDO::PARAM_STR);
$sql->bindParam(':country', $_POST['country'], PDO::PARAM_STR);
$sql->bindParam(':payer_id', $_POST['payer_id'], PDO::PARAM_STR);
$sql->bindParam(':access_token', $_POST['access_token'], PDO::PARAM_STR);
$sql->bindParam(':session_key', $_COOKIE['session_key'], PDO::PARAM_STR);
$sql->execute();
set_user_logged_in($_POST['given_name'], $_POST['email']);
} catch (Exception $e) {
echo 'Foo' . $e->getMessage();
return 'Error creating data: ' . $e->getMessage();
}
return null;
}
?>
<?php
$linked_accounts = false;
?>
<div class="span8 offset2">
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
?>
<?php
$user_data = get_user_data($_POST['email']);
if ($_POST['password'] == $user_data['password']) {
add_paypal_id_to_user_account($_POST['email'], $_POST['payer_id']);
set_user_logged_in($user_data['given_name'], $user_data['email']);
$linked_accounts = true;
}
?>
<?php
if ($linked_accounts) {
?>
<div id="success">
<h2>Thank you for linking your account!</h2>
<p>Go to:</p>
<ul>
<li><a href="<?php
echo BASE_URL;
?>
">Home page</a></li>