Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- if(isset($_COOKIE['username'])){
- if($_SESSION['came_from_upload'] != true){
- setcookie("username", "", time() - 60*60);
- $_COOKIE['username'] = "";
- header("Location: developerLogin.php");
- exit;
- }
- if($_SERVER['REQUEST_METHOD'] =="POST"){
- $userid = $_SESSION['id'];
- $fullname = addslashes(trim($_POST['fullname']));
- $username = addslashes(trim($_POST['username']));
- $email = addslashes(trim($_POST['email']));
- $password = addslashes(trim($_POST['password']));
- $storePassword = password_hash($password, PASSWORD_BCRYPT, array('cost' => 10));
- $file_name = addslashes(trim($_FILES['file']['name']));
- $file_tmp = addslashes(trim($_FILES['file']['tmp_name']));
- try{
- // new php data object
- $handler = new PDO('mysql:host=127.0.0.1;dbname=magicsever', 'root', '');
- //ATTR_ERRMODE set to exception
- $handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- }catch(PDOException $e){
- die("There was an error connecting to the database");
- }
- $stmtChecker = $handler->prepare("SELECT * FROM generalusersdata WHERE user_id = ?");
- $stmtChecker->execute($userid);
- if(!$resultChecker = $stmtChecker->fetch()){
- setcookie("username", "", time() - 60*60);
- $_COOKIE['username'] = "";
- header("Location: developerLogin.php");
- exit;
- }
- if(!empty($fullname)){
- $stmtFullname = $handler->prepare("UPDATE generalusersdata SET fullname = ? WHERE user_id = ?");
- $stmtFullname->execute(array($fullname, $userid));
- }
- if(!empty($username)){
- $stmtCheckerUsername = $handler->prepare("SELECT * FROM generalusersdata WHERE username = ?");
- $stmtCheckerUsername->execute($username);
- if($resultCheckerUsername = $stmtCheckerUsername->fetch()){
- die("Username Already in use! Please try again");
- }
- $stmtUsername = $handler->prepare("UPDATE generalusersdata SET username = ? WHERE user_id = ?");
- $stmtUsername->execute(array($username, $userid));
- }
- if(!empty($email)){
- if(filter_var($email, FILTER_VALIDATE_EMAIL) == false){
- die ("Email is Not Valid!");
- }
- $stmtCheckerEmail = $handler->prepare("SELECT * FROM generalusersdata WHERE email = ?");
- $stmtCheckerEmail->execute($email);
- if($resultCheckerEmail = $stmtCheckerEmail->fetch()){
- die("Email Already in use! Please try again");
- }
- $stmtEmail = $handler->prepare("UPDATE generalusersdata SET email = ? WHERE user_id = ?");
- $stmtEmail->execute(array($email, $userid));
- }
- if(!empty($password)){
- if(strlen($password) < 6){
- die ("Password has to be GREATER than 6 characters!");
- }
- //Check if password has atleast ONE Uppercase, One Lowercase and a number
- if(!preg_match("(^(?=.*[a-z])(?=.*[A-Z])(?=.*d).+$)",$password)){
- echo 'Password needs to be at least ONE uppercase, ONE lowercase, and a number!';
- exit;
- }
- $stmtPassword = $handler->prepare("UPDATE generalusersdata SET password = ? WHERE user_id = ?");
- $stmtPassword->execute(array($storePassword, $userid));
- }
- if($_FILES['file']['error'] == UPLOAD_ERR_OK){
- $allowedTypes = array(IMAGETYPE_PNG, IMAGETYPE_JPEG, IMAGETYPE_JPG, IMAGETYPE_TIFF, IMAGETYPE_BMP);
- $detectedType = exif_imagetype($_FILES['file']['tmp_name']);
- if($extensionCheck = !in_array($detectedType, $allowedTypes)){
- die("File type NOT ALLOWED! Please use PNG, JPG, TIFF, OR BMP!");
- }
- $dir = "userprofilepicture";
- if(is_dir($dir)==false){
- mkdir($dir, 0700);
- }
- move_uploaded_file($file_tmp,$dir.'/'.$file_name);
- $stmtPassword = $handler->prepare("UPDATE generalusersdata SET profile_image = ? WHERE user_id = ?");
- $stmtPassword->execute(array($file_name, $userid));
- }
- echo "Information Changed";
- exit;
- }
- }else{
- header("Location: developerLogin.php");
- exit;
- }
- ?>
- <?php
- session_start();
- try{
- // new php data object
- $handler = new PDO('mysql:host=127.0.0.1;dbname=magicsever', 'root', '');
- //ATTR_ERRMODE set to exception
- $handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- }catch(PDOException $e){
- die("There was an error connecting to the database");
- }
- //Check if TOKEN used to log in, is actually there
- $token = $_SESSION['token'];
- $stmtToken = $handler->prepare("SELECT * FROM token_table WHERE token = :token");
- $stmtToken->execute(array(':token'=>$token));
- if($rowToken = !$stmtToken->fetch()){
- setcookie("username", "", time() - 60*60);
- $_COOKIE['username'] = "";
- header("Location: developerLogin.php");
- exit;
- }
- //Check if information is still in there has changed
- $userid = $_SESSION['id'];
- $username = $_SESSION['username'];
- $fullname = $_SESSION['fullname'];
- $email = $_SESSION['email'];
- $password = $_SESSION['password'];
- $isDev = $_SESSION['isDev'];
- $stmtChecker = $handler->prepare("SELECT * FROM generalusersdata WHERE user_id= :userid AND fullname = :fullname AND username = :username AND email = :email AND isDev = :isDev");
- $stmtChecker->execute(array(':userid'=>$userid, ':fullname'=>$fullname, ':username'=>$username, ':email'=>$email, ':isDev'=>$isDev));
- if(!$resultChecker = $stmtChecker->fetch()){
- setcookie("username", "", time() - 60*60);
- $_COOKIE['username'] = "";
- header("Location: developerLogin.php");
- exit;
- }
- if(!password_verify($password, $resultChecker['password'])){
- setcookie("username", "", time() - 60*60);
- $_COOKIE['username'] = "";
- header("Location: developerLogin.php");
- exit;
- }
- if(isset($_COOKIE['username'])){
- if(isset($_POST['changeSettings'])){
- $_SESSION['id'] = $userid;
- $_SESSION['came_from_upload'] = true;
- header("Location: developer_infoupdater.php");
- exit;
- }
- if($_SERVER['REQUEST_METHOD'] =="POST"){
- if(!empty($_POST['price']) && !empty($_POST['description'])){
- if(!ctype_digit($_POST['price'])){
- echo "PRICE ENTERED IS NOT AN INTEGER... PLEASE TRY AGAIN!";
- exit;
- }
- $price = addslashes(trim((int)$_POST['price']));
- $description = addslashes(trim($_POST['description']));
- if(strlen($description) < 15){
- echo "Description field needs to be GREATER than 15 characters!";
- exit;
- }
- if(count($_FILES['file']['name']) <= 5){
- try{
- // new php data object
- $handler = new PDO('mysql:host=127.0.0.1;dbname=magicsever', 'root', '');
- //ATTR_ERRMODE set to exception
- $handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- }catch(PDOException $e){
- die("There was an error connecting to the database");
- }
- //Insert into pack_profile
- $packid = rand();
- $number_of_downloads = 0;
- $stmtPackProfile = $handler->prepare("INSERT INTO pack_profile set
- pack_id=?,
- pack_developer_id=?,
- pack_developer=?,
- pack_price=?,
- number_downloads=?,
- pack_description=?");
- if(!$stmtPackProfile->execute(array($packid, $userid, $username, $price, $number_of_downloads, $description,))){
- echo "AN ERROR OCCURRED WHILE SENDING... PLEASE RESEND!";
- exit;
- }
- $query = "INSERT INTO pack_screenshots(pack_id, file_name, file_tmp)VALUES(:packid, :file_name, :file_tmp)";
- $stmtFileUpload = $handler->prepare($query);
- $errors = array();
- foreach($_FILES['file']['tmp_name'] as $key => $error){
- if ($error != UPLOAD_ERR_OK) {
- $errors[] = $_FILES['file']['name'][$key] . ' was not uploaded.';
- continue;
- }
- $file_name = $key.$_FILES['file']['name'][$key];
- $file_tmp = $_FILES['file']['tmp_name'][$key];
- try{
- $stmtFileUpload->bindParam(':packid', $packid, PDO::PARAM_STR);
- $stmtFileUpload->bindParam(':file_name', $file_name, PDO::PARAM_STR);
- $stmtFileUpload->bindParam(':file_tmp', $file_tmp, PDO::PARAM_STR);
- $stmtFileUpload->execute();
- $dir = "devFiles";
- if(is_dir($dir)==false){
- mkdir($dir, 0700);
- }
- if(is_file($dir.'/'.$file_name)==false){
- move_uploaded_file($file_tmp,$dir.'/'.$file_name);
- }else{
- $_SESSION['invalid'] = true;
- header("Location: developer_invalid.php");
- exit;
- }
- }catch(PDOException $e){
- $errors[] = $file_name . 'not saved in db.';
- echo $e->getMessage();
- }
- }
- }else{
- $_SESSION['bigfile'] = true;
- header("Location: developer_bigfile.php");
- exit;
- }
- }else{
- echo '<br><h1 style="color:red;">VALUES MISSING!</h1>';
- exit;
- }
- }
- }else{
- header("Location: developerLogin.php");
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement