<?phpclass Controller extends Database { public $arr; public $username;

1. <?php
2.  
3.  
4.  
5. class Controller extends Database {
6.  
7. public $arr;
8.  
9. public $username;
10. public $email;
11. public $password;
12. protected $database;
13.  
14. function __construct($arr) {
15.  
16. $args = count($arr);
17.  
18. if ($args == 3) {
19.  
20. $this->username = $arr['username'];
21. $this->email = $arr['email'];
22. $this->password = $arr['password'];
23.  
24. }
25.  
26. if ($args == 2) {
27.  
28. $this->email = $arr['email'];
29. $this->password = $arr['password'];
30.  
31. }
32.  
33.  
34.  
35. }
36.  
37. function register() {
38.  
39. // check if empty or null
40. if ( empty($this->username) || empty($this->email) || empty($this->password) ) {
41.  
42. header( "Location: index.php?error=empty_field_value" );
43.  
44. }
45.  
46. // check if email has a '@' symbol
47. else if ( $findAtChar = strpos( $this->email, '@') == false ) {
48.  
49. header( "Location: index.php?error=not_a_valid_email" );
50.  
51. }
52.  
53. // check if username has special characters
54. else if ( $findInvalidChar = preg_match( "/[[:punct:]]/", $this->username ) == true) {
55.  
56. header( "Location: index.php?error=invalid_characters_found" );
57.  
58. }
59.  
60. // check if username has only one space; invailid if more than 1 space exist
61. else if ( $multiSpace = preg_match_all('/\s/', $this->username, $matches, PREG_OFFSET_CAPTURE) > 1 ) {
62.  
63. header( "Location: index.php?error=multiple_spaces_found" );
64.  
65. }
66.  
67. else {
68.  
69. $this->database = new Database();
70.  
71. $escape_username = $this->database->connect()->real_escape_string($this->username);
72. $escape_email = $this->database->connect()->real_escape_string($this->email);
73. $escape_password = $this->database->connect()->real_escape_string($this->password);
74.  
75. $encrypted_password = password_hash($escape_password, PASSWORD_BCRYPT);
76.  
77. $stmt = $this->database->connect()->prepare("INSERT INTO user(username, email, password) VALUES(?, ?, ?)");
78. $stmt->bind_param('sss', $this->username, $this->email, $encrypted_password);
79. $stmt->execute();
80. //$result = $stmt->get_result();
81.  
82. //printf("%d Row inserted.\n", $stmt->affected_rows);
83.  
84. unset($escape_username, $escape_email, $escape_password, $encrypted_password, $stmt, $result);
85.  
86. header( "Location: index.php?register_success" );
87.  
88. }
89.  
90. }
91.  
92. function login() {
93.  
94. // check if username, email, or password is empty or null
95. if ( empty($this->email || empty($this->password) )) {
96.  
97. //echo "null or empty";
98. header( "Location: index.php?error=empty_field_value" );
99.  
100. }
101.  
102. // check if email has a '@' symbol
103. else if ( $findAtChar = strpos( $this->email, '@') == false ) {
104.  
105. //echo "missing @";
106. header( "Location: index.php?error=not_a_valid_email" );
107.  
108. }
109.  
110. else {
111.  
112. $this->database = new Database();
113.  
114. $escape_email = $this->database->connect()->real_escape_string($this->email);
115. $escape_password = $this->database->connect()->real_escape_string($this->password);
116.  
117. $stmt = $this->database->connect()->prepare("SELECT * FROM user WHERE email = ?");
118. $stmt->bind_param('s', $escape_email);
119. $stmt->execute();
120. $result = $stmt->get_result();
121.  
122. $row = $result->fetch_array(MYSQLI_ASSOC);
123.  
124. if( password_verify( $escape_password, $row['password'] ) ) {
125.  
126. session_start();
127.  
128. $_SESSION['userID'] = $row['userID']; // Note that $_SESSION['userID'] is a global keyword and is case sensitive
129.  
130. header("Location: home.php?login_success");
131.  
132. }
133.  
134. else {
135.  
136. header("Location: index.php?login_failed");
137.  
138. }
139.  
140. }
141.  
142. }
143.  
144.  
145.  
146.  
147.  
148. }
149.  
150.  
151. ?>