<?php session_start(); // Anslut till databasen $db = new PDO('

1. <?php
2.     session_start();
3.  
4.     // Anslut till databasen
5.    $db = new PDO('mysql:host=localhost;dbname=emildeveloping7;charset=utf8mb4', 'root', '');
6.  
7.     // Definera alla variablar
8.    $username = "";
9.    $email = "";
10.    $name = "";
11.    $errors = array();
12.  
13.    // Registrera användare om man trycker på register_btn
14.     if (isset($_POST['register_btn'])) {
15.         register();
16.   }
17.  
18.    // Logga in användare om man trycker på login_btn
19.     if (isset($_POST['login_btn'])) {
20.         login();
21.     }
22.  
23.    // Logga ut användare om man trycker på logout
24.   if (isset($_GET['logout'])) {
25.         session_destroy();
26.         unset($_SESSION['user']);
27.         header("location: ../login.php");
28.   }
29.  
30.      // Registrera Användare
31.     function register(){
32.       global $db, $errors;
33.  
34.      // Ta ut alla värden från register formuläret
35.     $username = $_POST['username'];
36.     $name = $_POST['name'];
37.     $email = $_POST['email'];
38.     $password_1 = $_POST['password_1'];
39.     $password_2 = $_POST['password_2'];
40.     $verification = md5(rand(0,1000));
41.    
42.  
43.      // Verifikations Mejl
44.         $to = $email;
45.         $subject = "Your New Account | Emil Developing";
46.         $message = "
47.        <html>
48.        <head>
49.        </head>
50.        <body>
51.        <p>Thanks for creating an account on Emil Developing!</p>
52.        <p>Before you start to use your account please verify your e-mail adress. Click the link below to activate your account.</p>
53.        <p>For any problems please contact us through our Support System.</p>
54.        <br>
55.        <p>Please click the link to activate your account.</p>
56.        <a href='https://emildeveloping.com/inc/verify.php?email='.$email.'&verification='.$verification.''>https://emildeveloping.com/inc/verify.php?email='.$email.'&verification='.$verification.'</a>
57.        </body>
58.        </html>
59.        ";
60.         $headers = "From: noreply@emildeveloping.com";
61.         $headers .= 'Content-type: text/html; charset=iso-8859-1';
62.     mail($to,$subject,$message,$headers);
63.    
64.  
65.      // Kolla så alla inputs är ifyllda
66.     if (empty($username)) {
67.             array_push($errors, "Username is required");
68.         }
69.         if (empty($email)) {
70.             array_push($errors, "Email is required");
71.         }
72.         if (empty($password_1)) {
73.             array_push($errors, "Password is required");
74.         }
75.         if ($password_1 != $password_2) {
76.             array_push($errors, "The two passwords do not match");
77.         }
78.  
79.      // Registrera användare om inga fel upptäcktes, samt kryptera lösenordet
80.     if (count($errors) == 0){
81.       $password = md5($password_1);
82.  
83.      try {
84.       if(isset($_POST['user_type'])){
85.         $user_type = $_POST['user_type'];
86.          
87.          // Registrera om personens user_type är admin
88.         $query = "INSERT INTO users (username, name, email, user_type, password, verification) VALUES (:username,:name,:email,:user_type,:password,:verification)";
89.         $stmt = $db->prepare($query);  
90.          $stmt->bindparam(":username",$username);
91.          $stmt->bindparam(":name",$name);
92.          $stmt->bindparam(":email",$email);
93.          $stmt->bindparam(":user_type",$user_type);
94.          $stmt->bindparam(":password",$password);
95.          $stmt->bindparam(":verification",$verification);
96.         $stmt->execute();
97.           $_SESSION['success'] = "User was created.";
98.           header ('Location: account/admin/index.php');
99.          
100.           // Registrera om personens user_type är user
101.         }else{
102.           $query2 = "INSERT INTO users (username, name, email, user_type, password, verification) VALUES (:username,:name,:email,'user',:password,:verification)";
103.           $stmt = $db->prepare($query2);  
104.            $stmt->bindparam(":username",$username);
105.            $stmt->bindparam(":name",$name);
106.            $stmt->bindparam(":email",$email);
107.            $stmt->bindparam(":password",$password);
108.            $stmt->bindparam(":verification",$verification);
109.           $stmt->execute();
110.  
111.            // Lägg in personens ID i en SESSION
112.           $logged_in_user_id = $db->lastInsertId();
113.           $_SESSION['user'] = getUserByID($logged_in_user_id);
114.            $_SESSION['success'] = "You got logged in.";
115.            header ('Location: account/index.php');
116.         }
117.       }catch(exception $e){}
118.     }
119.  
120.     // Get User By ID
121.   function getUserByID($id){
122.     global $db;
123.      $query3 = "SELECT * FROM users WHERE id = :id";
124.     $stmt = $db->prepare($query3);  
125.      $stmt->bindparam(":id",$id);
126.     $stmt->execute();
127.  
128.     $user = $stmt->fetch(PDO::FETCH_ASSOC);
129.      return $user;
130.   }
131.  
132.    // Logga in användare
133.   function login(){
134.     global $db, $username, $errors;
135.  
136.     $username = $_POST['username'];
137.     $password = $_POST['password'];
138.  
139.     if (empty($username)){
140.       array_push($errors, "Username is requierd.");
141.     }
142.  
143.     if (empty($password)){
144.       array_push($errors, "Password is requierd.");
145.     }
146.  
147.     if (count($errors) == 0){
148.       $password = md5($password);
149.  
150.     $query4 = "SELECT * FROM users WHERE username=:username AND password=:pasword LIMIT 1";
151.     $stmt = $db->prepare($query4);  
152.      $stmt->bindparam(":username",$username);
153.      $stmt->bindparam(":password",$password);
154.     $stmt->execute();
155.  
156.     if ($stmt->fetchColumn() == 1) {
157.       $logged_in_user = $stmt->fetch(PDO::FETCH_ASSOC);
158.        if ($logged_in_user['user_type'] == 'admin'){
159.  
160.           $_SESSION['user'] = $logged_in_user;
161.           $_SESSION['success'] = "Logged in as Admin.";
162.            header ('Location: account/admin/index.php');
163.  
164.        }else{
165.          $_SESSION['user'] = $logged_in_user;
166.          $_SESSION['user'] = "Logged in as User.";
167.           header ('Location: account/index.php');
168.        }
169.      }else{
170.         array_push($errors, "Wrong username/password combination.");
171.     }
172.   }
173.  
174.  function isLoggedIn(){
175.    if (isset($_SESSION['user'])){
176.      return true;
177.    }else{
178.      return false;
179.    }
180.  }
181.  
182.  function isAdmin(){
183.    if (isset($_SESSION['user']) && $_SESSION['user']['user_type'] == 'admin'){
184.      return true;
185.    }else{
186.      return false;
187.    }
188.  }
189.  
190.  function display_error(){
191.    global $errors;
192.  
193.     if (count($errors) > 0){
194.       echo '<div class="error">';
195.        foreach ($errors as $error){
196.          echo $error .'<br';
197.        }
198.        echo '</div>';
199.     }
200.   }
201.  exit();
202. #}
203. #catch(PDOException $exception){
204. #  die('ERROR: ' . $exception->getMessage());
205. #  }
206. #}
207. ?>