-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.php
executable file
·190 lines (157 loc) · 6.11 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
<?php
/**
* Created by PhpStorm.
* User: pashutaz
* Date: 07.05.17
* Time: 14:52
*/
session_start();
$error = "";
$headerAddress = "Location: /allnotes.php";
//user logout
if (array_key_exists('logout', $_GET)){
setcookie('id', '', time() - 60*60*24*365,'/');
// $_COOKIE['id'] = '';
// unset($_COOKIE);
// remove all session variables
session_unset();
// destroy the session
// session_destroy();
}
//echo '<p>session:'.$_SESSION['id']."</p>";
//echo '<p>cookie:'.$_COOKIE['id'].'</p>';
if ((array_key_exists('id', $_SESSION) and $_SESSION['id']) or (array_key_exists('id', $_COOKIE) and $_COOKIE['id'])) {
if (headers_sent() === false) {
header($headerAddress);
die();
} else {
$error .= "<p>header had sent</p>";
print_r($_POST);
}
}
//form submitted
if (array_key_exists("submit",$_POST)){
$email = mysqli_real_escape_string($link,$_POST['email']);
if (!$_POST['email']){
$error .= "<p>Enter email</p>";
}
if (!$_POST['password']){
$error .= "<p>Enter password</p>";
}
if (!$error){
include "connection.php";
$query = "SELECT * FROM Users WHERE email = '" . mysqli_real_escape_string($link, $_POST['email']) . "' LIMIT 1";
$result = mysqli_query($link, $query);
$row = mysqli_fetch_array($result);
$userID = $row['idUsers'];
// sign in
if (mysqli_num_rows($result) != 1 and $_POST['login'] == '0') {
$verifyHash = password_hash($email.time(),PASSWORD_DEFAULT);
$hashedPassword = password_hash($userID . $_POST['password'], PASSWORD_DEFAULT);
$query = "INSERT INTO Users(email,password,verification) VALUES ('" . mysqli_real_escape_string($link, $_POST['email']) . "','" . mysqli_real_escape_string($link, $hashedPassword) . "', '". $verifyHash ."')";
if(mysqli_query($link, $query)){
$userID = mysqli_insert_id($link);
$_SESSION['id'] = $userID;
if (array_key_exists("stayLoggedIn", $_POST)){
setcookie('id','$userID',time() + 60*60*24*365,'/');
}
if (headers_sent() === false){
header($headerAddress);
die();
}else{
$error .= "<p>header have sent</p>";
print_r($_POST);
}
}else{
$error .= "<p>Could not sign you up</p>";
}
// login email not found
} elseif (mysqli_num_rows($result) != 1) {
$error = "<p>There is no such email, please sign up first.</p>";
// login
} elseif ($_POST['login'] == '1') {
if (password_verify($userID.$_POST['password'], $row['password'])) {
$_SESSION['id'] = $userID;
if (array_key_exists("stayLoggedIn", $_POST)) {
setcookie('id', '$userID', time() + 60 * 60 * 24 * 365,'/');
}
if (headers_sent() === false) {
header($headerAddress);
die();
} else {
$error .= "<p>headers have sent</p>";
print_r($_POST);
}
} else {
$error .= "<p>Wrong password</p>";
}
// sign in taken email
}else{
$error .= "<p>This email already taken, try to login</p>";
}
}
//return errors
if ($error){
$error = '<div class="alert alert-danger" role="alert">' . "<p>There were errors in form: </p>" . $error . '</div>';
}
}
?>
<?php include "header.php" ?>
<div class="container">
<h1>ENote</h1>
<p><strong>Store your ideas here</strong></p>
<div id="error"><p><?php echo $error; ?></p></div>
<form id="signUpForm" method="post">
<p>Interested? Sign Up!</p>
<div class="form-group">
<label for="email">Email address</label>
<input type="email" name="email" placeholder="email address" class="form-control">
<small id="emailHelp" class="form-text text-muted">We'll never share your email with anyone else.</small>
</div>
<div class="form-group">
<label for="password">Password</label>
<input type="password" name="password" placeholder="password" class="form-control">
</div>
<div class="form-check">
<label class="form-check-label">
<input type="checkbox" name="stayLoggedIn" value="1">
Stay logged in?
</label>
</div>
<input type="hidden" name="login" value="0">
<input type="submit" name="submit" value="Sign Up" class="btn btn-success">
<!-- <p><a class="toggleForms">Log in?</a></p>-->
<div class="form-group">
<button type="button" class="btn btn-link toggleForms">Log In?</button>
</div>
</form>
<form id="logInForm" method="post">
<p>Log in using your Email below</p>
<div class="form-group">
<label for="email">Email address</label>
<input type="email" name="email" placeholder="email address" class="form-control">
</div>
<div class="form-group">
<label for="password">Password</label>
<input type="password" name="password" placeholder="password" class="form-control">
</div>
<div class="form-check">
<label class="form-check-label">
<input type="checkbox" name="stayLoggedIn" value="1">
Stay logged in?
</label>
</div>
<input type="hidden" name="login" value="1">
<input type="submit" name="submit" value="Log In" class="btn btn-success">
<!-- <p><a class="toggleForms">Sign up?</a></p>-->
<div class="form-group">
<button type="button" class="btn btn-link toggleForms">Sign Up?</button>
</div>
</form>
</div>
<footer>
<p style="margin-right: 10px">
<small>Created by <a href="https://github.com/pashutaz">Pashutaz</a></small>
</p>
</footer>
<?php include "footer.php" ?>