$row = $query->fetch_assoc(); if ($register[0] == $row['username'] && $register[3] == $row['user_email']) { header("Location: " . BASE_URI . "index.php?e=4"); exit; } elseif ($register[0] == $row['username']) { header("Location: " . BASE_URI . "index.php?e=2"); exit; } elseif ($register[3] == $row['user_email']) { header("Location: " . BASE_URI . "index.php?e=3"); exit; } } // If encrypted password is equal to encrypted confirm password if (sha1($register[1]) == sha1($register[2])) { for ($i = 0; $i < count($register); $i++) { $register[$i] = $clean->sanitize($register[$i]); } $register[1] = sha1($register[1]); $sql = "INSERT INTO `users`\n\t\t\t\t\t\t(`username`, `user_password`, `user_email`, `user_created`, `user_hash`, `user_cookie`)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t('{$register['0']}', '{$register['1']}', '{$register['3']}', '{$register['4']}', '{$register['5']}', '{$register['6']}')"; $query = $conn->query($sql) or die($conn->error); $_SESSION['username'] = $register[0]; $_SESSION['access'] = "member"; $_SESSION['active'] = "unactive"; $sql = "SELECT `user_hash` FROM `users`\n\t\t\t\t\t\tWHERE `username` = '{$register['0']}'"; $query = $conn->query($sql); $rows = $query->fetch_assoc(); $to = $register[3]; $subject = "Offstreams User Activation"; $message = "\n\t\t\t\t\t\t\t\t<strong>Activation Email for {$register['0']} at Offstreams.com</strong>\n\t\t\t\t\t\t\t\t<br />\n\t\t\t\t\t\t\t\t<br />\n\t\t\t\t\t\t\t\t<p>In order to activate your account for offstreams.com, click the link below</p>\n\t\t\t\t\t\t\t\t<p><a>" . "http://localhost/offstreams/user/" . $s->lower($register[0]) . "/" . $rows['user_hash'] . "</a></p>\n\t\t\t\t\t\t\t\t<br />\n\t\t\t\t\t\t\t\t<p>Reasons to activate your account:</p>\n\t\t\t\t\t\t\t\t<ul>\n\t\t\t\t\t\t\t\t\t<li>Ability to participate in polls</li>\n\t\t\t\t\t\t\t\t\t<li>Allowed to like/dislike songs</li>\n\t\t\t\t\t\t\t\t\t<li>Favorite bands/albums</li>\n\t\t\t\t\t\t\t\t</ul>\n\t\t\t\t\t\t\t"; $headers = "From: experienceit12@gmail.com" . "\r\n" . "X-Mailer: PHP/" . phpversion() . "\r\n" . "Content-type: text/html" . "\r\n"; mail($to, $subject, $message, $headers);
<?php require "../includes/config/config.php"; if (isset($_POST['loginSubmit'])) { $login = array(); $login[0] = $_POST['username']; $login[1] = $_POST['password']; $clean = new cleanInput(); for ($i = 0; $i < count($login); $i++) { $login[$i] = $clean->sanitize($login[$i]); } $pass = sha1($login[1]); $sql = "SELECT `user_id`, `username`, `user_password`, `user_active`, `user_access` \n\t\t\t\t\tFROM `users` \n\t\t\t\t\tWHERE `username` = '{$login['0']}' AND `user_password` = '{$pass}'"; $query = $conn->query($sql); $num_rows = $query->num_rows; $row = $query->fetch_assoc(); // If there is an exact match // Login user and go to page if ($num_rows == 1) { $active = $row['user_active']; $access = $row['user_access']; $_SESSION['username'] = $row['username']; $_SESSION['user_id'] = $row['user_id']; $_SESSION['access'] = $access; $_SESSION['active'] = $active; $_SESSION['loggedIn'] = true; $cookie->createUserCookies(); $sql = "UPDATE users \n\t\t\t\t\t\tSET user_cookie = '" . sha1(SALT . isset($_SESSION['username']) . SALT) . "' \n\t\t\t\t\t\tWHERE username = '******'username'] . "'"; $query = $conn->query($sql); header("Location: " . BASE_URI . "user/" . $login[0]); exit;