if (isset($_SESSION['username'])) {
return true;
} else {
return false;
}
}
function isUsernameValid($username)
{
$usernameValidator = new UsernameValidator();
return $usernameValidator->isValid($username);
}
function isPasswordValid($password)
{
$passwordValidator = new PasswordValidator();
return $passwordValidator->isValid($password);
}
if (isLoggedIn()) {
redirect('demoAccount.php');
exit;
} else {
if (isUsernameValid($username)) {
if (isPasswordValid($password)) {
redirect('demoAccount.php');
exit;
} else {
echo 'invalid password';
}
} else {
echo 'invalid username';
}
}
if (isset($_POST['newusername']) && $_POST['newusername'] != $user['username']) {
$errors = isUsernameValid($_POST['newusername'], $errors);
if (empty($errors)) {
$result = mysqli_query($link, 'SELECT `username` FROM `users` WHERE `username`=\'' . mysqli_real_escape_string($link, $_POST['newusername']) . '\';');
$found = @mysqli_fetch_all($result, MYSQLI_ASSOC);
if (!empty($found)) {
array_push($errors, 'Username taken!');
break;
}
mysqli_free_result($result);
mysqli_query($link, 'UPDATE `users` SET `username`=\'' . mysqli_real_escape_string($link, $_POST['newusername']) . '\' WHERE `id`=' . $id . ';');
}
}
if (isset($_POST['oldpassword']) && isset($_POST['newpassword']) && $_POST['oldpassword'] != '' && $_POST['newpassword'] != '') {
if ($_POST['oldpassword'] == $_POST['newpassword']) {
$errors = isPasswordValid($_POST['newpassword'], $errors);
}
if (!password_verify($_POST['oldpassword'], $user['password'])) {
array_push($errors, 'Old password invalid!');
}
if (empty($errors)) {
mysqli_query($link, 'UPDATE `users` SET `password`=\'' . getPasswordHash($_POST['newpassword']) . '\' WHERE `id`=' . $id . ';');
}
}
if (isset($_POST['newcolour']) && $_POST['newcolour'] != $user['colour']) {
if (empty($errors)) {
mysqli_query($link, 'UPDATE `users` SET `colour`=\'' . mysqli_real_escape_string($link, $_POST['newcolour']) . '\' WHERE `id`=' . $id . ';');
}
}
mysqli_close($link);
unset($link);
if (CONF_EMAIL_STRICT) {
if (strlen($email) < 3) {
array_push($errors, 'Email address too short!');
break;
}
if (strlen($email) > 128) {
array_push($errors, 'Email address too long!');
break;
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
array_push($errors, 'Invalid email address!');
break;
}
}
// PASSWORD
$errors = isPasswordValid($password, $errors);
// Continue - all fields are valid.
$password_hash = password_hash($_POST['password'], PASSWORD_DEFAULT);
if (!($link = db_init(true))) {
break;
}
$result = mysqli_query($link, 'SELECT `id` FROM `users` ORDER BY `id` DESC LIMIT 1;');
if (!$result) {
print_error('MySQL error! | ' . mysqli_error($link) . '<br>');
break;
}
$id = (int) mysqli_fetch_all($result, MYSQLI_ASSOC)[0]['id'] + 1;
mysqli_free_result($result);
$result = mysqli_query($link, 'SELECT * FROM `users` WHERE LOWER(`username`)=\'' . $username . '\';');
if (is_array(mysqli_fetch_all($result, MYSQLI_ASSOC)[0])) {
array_push($errors, 'Username taken!');
