<?phpsession_start();if(isset($_COOKIE['username'])){ if($_SESSION['cam

1. <?php
2.  
3. session_start();
4.  
5. if(isset($_COOKIE['username'])){
6.  
7. if($_SESSION['came_from_upload'] != true){
8.  
9. setcookie("username", "", time() - 60*60);
10. $_COOKIE['username'] = "";
11. header("Location: developerLogin.php");
12. exit;
13.  
14.  
15. }
16.  
17. if($_SERVER['REQUEST_METHOD'] =="POST"){
18. $userid = $_SESSION['id'];
19. $fullname = addslashes(trim($_POST['fullname']));
20. $username = addslashes(trim($_POST['username']));
21. $email = addslashes(trim($_POST['email']));
22. $password = addslashes(trim($_POST['password']));
23. $storePassword = password_hash($password, PASSWORD_BCRYPT, array('cost' => 10));
24. $file_name = addslashes(trim($_FILES['file']['name']));
25. $file_tmp = addslashes(trim($_FILES['file']['tmp_name']));
26.  
27. try{
28.  
29. // new php data object
30. $handler = new PDO('mysql:host=127.0.0.1;dbname=magicsever', 'root', '');
31. //ATTR_ERRMODE set to exception
32. $handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
33.  
34. }catch(PDOException $e){
35. die("There was an error connecting to the database");
36.  
37. }
38.  
39.  
40. $stmtChecker = $handler->prepare("SELECT * FROM generalusersdata WHERE user_id = ?");
41. $stmtChecker->execute($userid);
42. if(!$resultChecker = $stmtChecker->fetch()){
43.  
44. setcookie("username", "", time() - 60*60);
45. $_COOKIE['username'] = "";
46. header("Location: developerLogin.php");
47. exit;
48. }
49.  
50. if(!empty($fullname)){
51.  
52. $stmtFullname = $handler->prepare("UPDATE generalusersdata SET fullname = ? WHERE user_id = ?");
53. $stmtFullname->execute(array($fullname, $userid));
54. }
55.  
56. if(!empty($username)){
57.  
58. $stmtCheckerUsername = $handler->prepare("SELECT * FROM generalusersdata WHERE username = ?");
59. $stmtCheckerUsername->execute($username);
60. if($resultCheckerUsername = $stmtCheckerUsername->fetch()){
61.  
62. die("Username Already in use! Please try again");
63. }
64.  
65. $stmtUsername = $handler->prepare("UPDATE generalusersdata SET username = ? WHERE user_id = ?");
66. $stmtUsername->execute(array($username, $userid));
67.  
68. }
69.  
70. if(!empty($email)){
71.  
72. if(filter_var($email, FILTER_VALIDATE_EMAIL) == false){
73.  
74. die ("Email is Not Valid!");
75. }
76.  
77. $stmtCheckerEmail = $handler->prepare("SELECT * FROM generalusersdata WHERE email = ?");
78. $stmtCheckerEmail->execute($email);
79. if($resultCheckerEmail = $stmtCheckerEmail->fetch()){
80.  
81. die("Email Already in use! Please try again");
82. }
83.  
84. $stmtEmail = $handler->prepare("UPDATE generalusersdata SET email = ? WHERE user_id = ?");
85. $stmtEmail->execute(array($email, $userid));
86.  
87. }
88.  
89. if(!empty($password)){
90.  
91. if(strlen($password) < 6){
92.  
93. die ("Password has to be GREATER than 6 characters!");
94.  
95. }
96.  
97. //Check if password has atleast ONE Uppercase, One Lowercase and a number
98. if(!preg_match("(^(?=.*[a-z])(?=.*[A-Z])(?=.*d).+$)",$password)){
99.  
100. echo 'Password needs to be at least ONE uppercase, ONE lowercase, and a number!';
101. exit;
102. }
103.  
104. $stmtPassword = $handler->prepare("UPDATE generalusersdata SET password = ? WHERE user_id = ?");
105. $stmtPassword->execute(array($storePassword, $userid));
106.  
107.  
108. }
109.  
110. if($_FILES['file']['error'] == UPLOAD_ERR_OK){
111.  
112. $allowedTypes = array(IMAGETYPE_PNG, IMAGETYPE_JPEG, IMAGETYPE_JPG, IMAGETYPE_TIFF, IMAGETYPE_BMP);
113. $detectedType = exif_imagetype($_FILES['file']['tmp_name']);
114. if($extensionCheck = !in_array($detectedType, $allowedTypes)){
115.  
116. die("File type NOT ALLOWED! Please use PNG, JPG, TIFF, OR BMP!");
117. }
118.  
119. $dir = "userprofilepicture";
120.  
121. if(is_dir($dir)==false){
122.  
123. mkdir($dir, 0700);
124. }
125.  
126.  
127. move_uploaded_file($file_tmp,$dir.'/'.$file_name);
128.  
129. $stmtPassword = $handler->prepare("UPDATE generalusersdata SET profile_image = ? WHERE user_id = ?");
130. $stmtPassword->execute(array($file_name, $userid));
131.  
132. }
133.  
134. echo "Information Changed";
135. exit;
136.  
137.  
138. }
139.  
140.  
141.  
142. }else{
143.  
144. header("Location: developerLogin.php");
145. exit;
146. }
147.  
148.  
149.  
150.  
151.  
152. ?>
153.  
154. <?php
155. session_start();
156.  
157. try{
158.  
159. // new php data object
160. $handler = new PDO('mysql:host=127.0.0.1;dbname=magicsever', 'root', '');
161. //ATTR_ERRMODE set to exception
162. $handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
163.  
164. }catch(PDOException $e){
165. die("There was an error connecting to the database");
166.  
167. }
168.  
169. //Check if TOKEN used to log in, is actually there
170. $token = $_SESSION['token'];
171. $stmtToken = $handler->prepare("SELECT * FROM token_table WHERE token = :token");
172. $stmtToken->execute(array(':token'=>$token));
173. if($rowToken = !$stmtToken->fetch()){
174.  
175. setcookie("username", "", time() - 60*60);
176. $_COOKIE['username'] = "";
177. header("Location: developerLogin.php");
178. exit;
179. }
180.  
181. //Check if information is still in there has changed
182. $userid = $_SESSION['id'];
183. $username = $_SESSION['username'];
184. $fullname = $_SESSION['fullname'];
185. $email = $_SESSION['email'];
186. $password = $_SESSION['password'];
187. $isDev = $_SESSION['isDev'];
188.  
189. $stmtChecker = $handler->prepare("SELECT * FROM generalusersdata WHERE user_id= :userid AND fullname = :fullname AND username = :username AND email = :email AND isDev = :isDev");
190.  
191. $stmtChecker->execute(array(':userid'=>$userid, ':fullname'=>$fullname, ':username'=>$username, ':email'=>$email, ':isDev'=>$isDev));
192.  
193. if(!$resultChecker = $stmtChecker->fetch()){
194.  
195. setcookie("username", "", time() - 60*60);
196. $_COOKIE['username'] = "";
197. header("Location: developerLogin.php");
198. exit;
199.  
200. }
201.  
202. if(!password_verify($password, $resultChecker['password'])){
203.  
204. setcookie("username", "", time() - 60*60);
205. $_COOKIE['username'] = "";
206. header("Location: developerLogin.php");
207. exit;
208.  
209. }
210.  
211. if(isset($_COOKIE['username'])){
212.  
213. if(isset($_POST['changeSettings'])){
214.  
215. $_SESSION['id'] = $userid;
216. $_SESSION['came_from_upload'] = true;
217. header("Location: developer_infoupdater.php");
218. exit;
219.  
220. }
221.  
222. if($_SERVER['REQUEST_METHOD'] =="POST"){
223.  
224.  
225. if(!empty($_POST['price']) && !empty($_POST['description'])){
226.  
227. if(!ctype_digit($_POST['price'])){
228.  
229. echo "PRICE ENTERED IS NOT AN INTEGER... PLEASE TRY AGAIN!";
230. exit;
231. }
232. $price = addslashes(trim((int)$_POST['price']));
233. $description = addslashes(trim($_POST['description']));
234. if(strlen($description) < 15){
235.  
236. echo "Description field needs to be GREATER than 15 characters!";
237. exit;
238. }
239.  
240. if(count($_FILES['file']['name']) <= 5){
241.  
242.  
243. try{
244.  
245. // new php data object
246. $handler = new PDO('mysql:host=127.0.0.1;dbname=magicsever', 'root', '');
247. //ATTR_ERRMODE set to exception
248. $handler->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
249.  
250. }catch(PDOException $e){
251. die("There was an error connecting to the database");
252.  
253. }
254. //Insert into pack_profile
255. $packid = rand();
256. $number_of_downloads = 0;
257. $stmtPackProfile = $handler->prepare("INSERT INTO pack_profile set
258. pack_id=?,
259. pack_developer_id=?,
260. pack_developer=?,
261. pack_price=?,
262. number_downloads=?,
263. pack_description=?");
264.  
265. if(!$stmtPackProfile->execute(array($packid, $userid, $username, $price, $number_of_downloads, $description,))){
266.  
267. echo "AN ERROR OCCURRED WHILE SENDING... PLEASE RESEND!";
268. exit;
269. }
270.  
271.  
272.  
273. $query = "INSERT INTO pack_screenshots(pack_id, file_name, file_tmp)VALUES(:packid, :file_name, :file_tmp)";
274. $stmtFileUpload = $handler->prepare($query);
275. $errors = array();
276.  
277. foreach($_FILES['file']['tmp_name'] as $key => $error){
278.  
279. if ($error != UPLOAD_ERR_OK) {
280. $errors[] = $_FILES['file']['name'][$key] . ' was not uploaded.';
281. continue;
282. }
283.  
284. $file_name = $key.$_FILES['file']['name'][$key];
285. $file_tmp = $_FILES['file']['tmp_name'][$key];
286.  
287. try{
288.  
289. $stmtFileUpload->bindParam(':packid', $packid, PDO::PARAM_STR);
290. $stmtFileUpload->bindParam(':file_name', $file_name, PDO::PARAM_STR);
291. $stmtFileUpload->bindParam(':file_tmp', $file_tmp, PDO::PARAM_STR);
292. $stmtFileUpload->execute();
293.  
294. $dir = "devFiles";
295.  
296. if(is_dir($dir)==false){
297.  
298. mkdir($dir, 0700);
299. }
300.  
301. if(is_file($dir.'/'.$file_name)==false){
302.  
303. move_uploaded_file($file_tmp,$dir.'/'.$file_name);
304.  
305. }else{
306.  
307. $_SESSION['invalid'] = true;
308. header("Location: developer_invalid.php");
309. exit;
310. }
311. }catch(PDOException $e){
312.  
313. $errors[] = $file_name . 'not saved in db.';
314. echo $e->getMessage();
315. }
316. }
317.  
318.  
319.  
320. }else{
321.  
322. $_SESSION['bigfile'] = true;
323. header("Location: developer_bigfile.php");
324. exit;
325. }
326.  
327. }else{
328.  
329. echo '<br><h1 style="color:red;">VALUES MISSING!</h1>';
330. exit;
331.  
332. }
333.  
334.  
335.  
336. }
337.  
338.  
339. }else{
340.  
341. header("Location: developerLogin.php");
342. }
343. ?>