<?php// easyIT - André Barros - drewvirtual.spacerequire("config.php");r

1. <?php
2. // easyIT - André Barros - drewvirtual.space
3.  
4. require("config.php");
5. require("connectDB.php");
6.  
7. function createUser() {
8. global $connectDB;
9. if (isset($_POST["registerUsername"]) && isset($_POST["registerName"]) && isset($_POST["registerPassword"]) && isset($_POST["registerPasswordConfirmation"])) {
10. $username = htmlspecialchars($_POST["registerUsername"]);
11. $name = $_POST["registerName"];
12. $pw1 = $_POST["registerPassword"];
13. $pw2 = $_POST["registerPasswordConfirmation"];
14. if ($pw1 === $pw2) {
15. $password = password_hash($pw1, PASSWORD_DEFAULT);
16. if ($connectDB->connect_error) {
17. die("<p>Serviço indisponível. Por favor tente mais tarde</p>");
18. }
19. $inst = $connectDB->prepare("INSERT INTO app_users(user_Username, user_Name, user_Hash) VALUES(?, ?, ?)");
20. $inst->bind_param("sss", $username, $name, $password);
21. if ($inst->execute()) {
22. echo json_encode("true");
23. } else {
24. echo json_encode("used");
25. }
26. } else {
27. echo json_encode("errorpw");
28. }
29. } else {
30. echo json_encode("false");
31. }
32. }
33.  
34. function userLogin() {
35. session_start();
36. global $connectDB;
37. if (isset($_POST["loginUsername"]) && isset($_POST["loginPassword"])) {
38. if ($connectDB->connect_error) {
39. http_response_code(503);
40. die(json_encode("false"));
41. }
42. $username = htmlspecialchars($_POST["loginUsername"]);
43. $inst = $connectDB->prepare("SELECT user_Id, user_Hash, user_Username, user_Previleges FROM app_users WHERE user_Username=?");
44. $inst->bind_param("s", $username);
45. $inst->execute();
46. $res = $inst->get_result();
47. if ($res->num_rows === 0) {
48. http_response_code(200);
49. $connectDB->close();
50. die(json_encode("false"));
51. }
52. $linha = $res->fetch_assoc();
53. http_response_code(200);
54. $connectDB->close();
55. if (password_verify($_POST["loginPassword"], $linha["user_Hash"])) {
56. if ($linha["user_Previleges"] === "1") {
57. $_SESSION['userAuth'] = "Yes";
58. $_SESSION['userID'] = $linha["user_Id"];
59. $_SESSION['userType'] = "Admin";
60. $_SESSION['userName'] = $linha["user_Username"];
61. echo json_encode("trueAdmin");
62. } else {
63. $_SESSION['userAuth'] = "Yes";
64. $_SESSION['userID'] = $linha["user_Id"];
65. $_SESSION['userType'] = "User";
66. $_SESSION['userName'] = $linha["user_Username"];
67. echo json_encode("trueUser");
68. }
69. } else {
70. echo json_encode("false");
71. }
72. } else {
73. echo json_encode("false");
74. }
75. }
76.  
77. function userLogout() {
78. session_start();
79. session_destroy();
80. //BASE URL
81. header("Location: ../../../../index.php");
82. }
83.  
84. function checkAuth() {
85. if (($_SESSION['userType']) != "Admin") {
86. //BASE URL
87. header("Location: ../../../../../index.php");
88. exit;
89. }
90. }
91. ?>
92.  
93.  
94. function showRegisterForm() {
95. $('.loginBox').fadeOut('fast', function () {
96. $('.registerBox').fadeIn('fast');
97. $('.login-footer').fadeOut('fast', function () {
98. $('.register-footer').fadeIn('fast');
99. });
100. $('.modal-title').html('easyIT - Register');
101. });
102. $('.error').removeClass('alert alert-danger').html('');
103.  
104. }
105.  
106. function showLoginForm() {
107. $('#loginModal .registerBox').fadeOut('fast', function () {
108. $('.loginBox').fadeIn('fast');
109. $('.register-footer').fadeOut('fast', function () {
110. $('.login-footer').fadeIn('fast');
111. });
112.  
113. $('.modal-title').html('easyIT - Login');
114. });
115. $('.error').removeClass('alert alert-danger').html('');
116. }
117.  
118. function openLoginModal() {
119. showLoginForm();
120. setTimeout(function () {
121. $('#loginModal').modal('show');
122. }, 230);
123. }
124.  
125. function openRegisterModal() {
126. showRegisterForm();
127. setTimeout(function () {
128. $('#loginModal').modal('show');
129. }, 230);
130.  
131. }
132. $('#loginUser').on('click', function () {
133. $.ajax({
134. //Define server side authentication function
135. url: "assets/php/includes/login/userLogin.php",
136. type: "POST",
137. dataType: "json",
138. data: {
139. loginUsername: $("#loginUsername").val(),
140. loginPassword: $("#loginPassword").val()
141. },
142. success: function (resposta) {
143. if (resposta === "trueAdmin") {
144. window.location.href = 'dashboard.php';
145. } else if (resposta === "trueUser") {
146. window.location.href = 'index.php';
147. } else if (resposta === "false") {
148. shakeModal();
149. }
150. },
151. error: function (xhr, status, error) {
152. }
153. });
154. });
155. $('#registerUser').on('click', function () {
156. $.ajax({
157. url: "assets/php/includes/login/createUser.php",
158. type: "POST",
159. dataType: "json",
160. data: {
161. registerUsername: $("#registerUsername").val(),
162. registerName: $("#registerName").val(),
163. registerPassword: $("#registerPassword").val(),
164. registerPasswordConfirmation: $("#registerPasswordConfirmation").val(),
165. },
166. success: function (resposta) {
167. if (resposta === "true") {
168. openLoginModal();
169. }
170. else{
171. shakeModal2();
172. }
173. },
174. error: function (xhr, status, error) {
175.  
176. }
177. });
178. });
179.  
180. function shakeModal() {
181. $('#loginModal .modal-dialog').addClass('shake');
182. $('.error').addClass('alert alert-danger').html("Invalid username/password combination");
183. $('input[type="password"]').val('');
184. setTimeout(function () {
185. $('#loginModal .modal-dialog').removeClass('shake');
186. }, 1000);
187. }
188. function shakeModal2() {
189. $('#loginModal .modal-dialog').addClass('shake');
190. $('.error').addClass('alert alert-danger').html("Fill all the fields/username already taken");
191. $('input[type="password"]').val('');
192. setTimeout(function () {
193. $('#loginModal .modal-dialog').removeClass('shake');
194. }, 1000);
195. }