Untitled

<?php
include "conn.php";
ob_start();
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
require 'vendor/autoload.php';
if(isset($_POST['login'])){

  $email = $_POST['mail'];
  $pass = $_POST['password'];
  $pass = md5($pass);

  $sql = "SELECT * FROM users WHERE email='$email' and password='$pass'";
  $result = $conn->query($sql);
  if($result->num_rows>0){
    while($row = $result->fetch_assoc()){
      $_SESSION["logged"] = "1";
      $_SESSION["id"] = $row['id'];
    }
    header('Location: ./index.php');
    echo "USPESNO SI LOGOVAN";
  }else{
    echo "Nisi se uspesno ulogovao!";
  }
}


// return tru if $str ends with $sub
function endsWith( $str, $sub ) {
    return ( substr( $str, strlen( $str ) - strlen( $sub ) ) == $sub );
}

  if(isset($_POST['register'])){
    $email = $_POST['mail'];
    $pass = $_POST['password'];
    $pass = md5($pass);
    $code=substr(md5(mt_rand()),0,15);


      $sql = "INSERT INTO users (`email`, `password`, `code`)
      VALUES ('$email', '$pass', '$code')";

      if($conn->query($sql) === TRUE){
      $sql = "SELECT id FROM users WHERE email='$email'";
      $result = $conn->query($sql);
      if($result->num_rows>0){
        while($row = $result->fetch_assoc()){
          $id = $row["id"];
        }
      }else{
        echo "Error: ". $sql . "<br>" . $conn->error;
      }
      if(endsWith($email, "@raf.rs")){
        //Saljem mail sa $id i $code
        $mail = new PHPMailer(true);
        try {
          $mail->SMTPDebug = 0;                                 // Enable verbose debug output
          $mail->isSMTP();                                      // Set mailer to use SMTP
          $mail->Host = 'smtp.gmail.com';  // Specify main and backup SMTP servers
          $mail->SMTPAuth = true;                               // Enable SMTP authentication
          $mail->Username = 'rafoidinfo@gmail.com';                 // SMTP username
          $mail->Password = 'rafrules';                           // SMTP password
          $mail->SMTPSecure = 'tls';                            // Enable TLS encryption, `ssl` also accepted
          $mail->Port = 587;                                    // TCP port to connect to


          //Recipients
          $mail->setFrom('rafoidinfo@gmail.com');
          $mail->addAddress($email);

          //Content
          $mail->isHTML(true);                                  // Set email format to HTML
          $mail->Subject = 'Validacioni link';
          $mail->Body    = 'Kliknite na ovaj <a href="https://rafoid.000webhostapp.com/verification.php?id='.$id.'&code='.$code.'">link</a> da bi ste aktivirali svoj nalog.';

          $mail->send();
          echo "Poslali smo vam validacioni kod na email";
        } catch (\Exception $e) {
          echo 'Message could not be sent. Mailer Error: ', $mail->ErrorInfo;
        }
      }else{
        echo "Morate se registrovati sa RAF mail-om!";
      }


    }else{
      echo "Error: ". $sql . "<br>" . $conn->error;
    }

  }

  if(isset($_POST['reset'])){

    $email = $_POST['mail'];
    $sql = "SELECT * FROM users WHERE email='$email'";
    $result = $conn->query($sql);
    if($result->num_rows>0){
      $code=substr(md5(mt_rand()),0,15);
      while($row = $result->fetch_assoc()){
        $id = $row["id"];
      }
      //apdejtujem code polje u bazi
      $sql = "UPDATE users SET code='$code' WHERE id='$id'";
      $result = $conn->query($sql);

      //nalog postoji, saljem mail
      $mail = new PHPMailer(true);
      try {
        $mail->SMTPDebug = 0;                                 // Enable verbose debug output
        $mail->isSMTP();                                      // Set mailer to use SMTP
        $mail->Host = 'smtp.gmail.com';  // Specify main and backup SMTP servers
        $mail->SMTPAuth = true;                               // Enable SMTP authentication
        $mail->Username = 'rafoidinfo@gmail.com';                 // SMTP username
        $mail->Password = 'rafrules';                           // SMTP password
        $mail->SMTPSecure = 'tls';                            // Enable TLS encryption, `ssl` also accepted
        $mail->Port = 587;                                    // TCP port to connect to
        //Recipients
        $mail->setFrom('rafoidinfo@gmail.com');
        $mail->addAddress($email);

        //Content
        $mail->isHTML(true);                                  // Set email format to HTML
        $mail->Subject = 'Reset sifre';
        $mail->Body    = 'Kliknite na ovaj <a href="https://rafoid.000webhostapp.com/reset.php?code='.$code.'">link</a> kako bi resetovali sifru.';

        $mail->send();
        echo "Poslali smo vam link za reset sifre na e-mail";
      } catch (\Exception $e) {
        echo 'Message could not be sent. Mailer Error: ', $mail->ErrorInfo;
      }
    }
  }

  if(isset($_POST['update'])){
    $email = $_POST['mail'];
    $pass = $_POST['password'];
    $pass = md5($pass);

    $sql = "UPDATE users SET password='$pass' WHERE email='$email'";
    $result = $conn->query($sql);
  }


  //Glasanje
  //Prosledjuje se sesija i ID od aplikacije

  if(isset($_POST['glasaj']) && isset($_POST['korisnik']) && isset($_POST['appID'])){
    $korisnik = $_POST['korisnik'];
    $appID = $_POST['appID'];

  //provera da li je korisnik vec glasao
  // proveravam da li je id korisnika == glasac u tabeli glasovi
  $sql = "SELECT * FROM glasovi WHERE glasac = '$korisnik'";
  $result = $conn->query($sql);
    if($result->num_rows>0){
      echo "Vec ste glasali za neku aplikaciju!";
    }else{
      //Ako nema poklapanja u bazi onda moze da glasa
      $sql = "INSERT INTO glasovi (`glasac`, `aplikacija`)
      VALUES ('$korisnik', '$appID')";
      if($conn->query($sql) === TRUE){
        echo "Uspesno ste glasali za ovu aplikaciju <br>Napomena: Ne mozete glasati za vise od jedne aplikacije niti mozete promeniti glas!";
      }
    }
  }


 ?>