Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class Controller extends Database {
- public $arr;
- public $username;
- public $email;
- public $password;
- protected $database;
- function __construct($arr) {
- $args = count($arr);
- if ($args == 3) {
- $this->username = $arr['username'];
- $this->email = $arr['email'];
- $this->password = $arr['password'];
- }
- if ($args == 2) {
- $this->email = $arr['email'];
- $this->password = $arr['password'];
- }
- }
- function register() {
- // check if empty or null
- if ( empty($this->username) || empty($this->email) || empty($this->password) ) {
- header( "Location: index.php?error=empty_field_value" );
- }
- // check if email has a '@' symbol
- else if ( $findAtChar = strpos( $this->email, '@') == false ) {
- header( "Location: index.php?error=not_a_valid_email" );
- }
- // check if username has special characters
- else if ( $findInvalidChar = preg_match( "/[[:punct:]]/", $this->username ) == true) {
- header( "Location: index.php?error=invalid_characters_found" );
- }
- // check if username has only one space; invailid if more than 1 space exist
- else if ( $multiSpace = preg_match_all('/\s/', $this->username, $matches, PREG_OFFSET_CAPTURE) > 1 ) {
- header( "Location: index.php?error=multiple_spaces_found" );
- }
- else {
- $this->database = new Database();
- $escape_username = $this->database->connect()->real_escape_string($this->username);
- $escape_email = $this->database->connect()->real_escape_string($this->email);
- $escape_password = $this->database->connect()->real_escape_string($this->password);
- $encrypted_password = password_hash($escape_password, PASSWORD_BCRYPT);
- $stmt = $this->database->connect()->prepare("INSERT INTO user(username, email, password) VALUES(?, ?, ?)");
- $stmt->bind_param('sss', $this->username, $this->email, $encrypted_password);
- $stmt->execute();
- //$result = $stmt->get_result();
- //printf("%d Row inserted.\n", $stmt->affected_rows);
- unset($escape_username, $escape_email, $escape_password, $encrypted_password, $stmt, $result);
- header( "Location: index.php?register_success" );
- }
- }
- function login() {
- // check if username, email, or password is empty or null
- if ( empty($this->email || empty($this->password) )) {
- //echo "null or empty";
- header( "Location: index.php?error=empty_field_value" );
- }
- // check if email has a '@' symbol
- else if ( $findAtChar = strpos( $this->email, '@') == false ) {
- //echo "missing @";
- header( "Location: index.php?error=not_a_valid_email" );
- }
- else {
- $this->database = new Database();
- $escape_email = $this->database->connect()->real_escape_string($this->email);
- $escape_password = $this->database->connect()->real_escape_string($this->password);
- $stmt = $this->database->connect()->prepare("SELECT * FROM user WHERE email = ?");
- $stmt->bind_param('s', $escape_email);
- $stmt->execute();
- $result = $stmt->get_result();
- $row = $result->fetch_array(MYSQLI_ASSOC);
- if( password_verify( $escape_password, $row['password'] ) ) {
- session_start();
- $_SESSION['userID'] = $row['userID']; // Note that $_SESSION['userID'] is a global keyword and is case sensitive
- header("Location: home.php?login_success");
- }
- else {
- header("Location: index.php?login_failed");
- }
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement