<?php session_start(); $_SESSION['message'] = ''; $dbconn = new mysq

1. <?php
2. session_start();
3. $_SESSION['message'] = '';
4. $dbconn = new mysqli('localhost', 'root', 'nimda', 'mydatabase003'); // Establish database connection.
5.  
6. if ($_SERVER['REQUEST_METHOD'] == 'POST') {//This is to ensure that a submit button is pressed.
7. // First validation - ensure two passwords are matched.
8. if ($_POST['password'] == $_POST['confirmpassword']) {//password and confirmpassword is the name of the input txtbox
9.  
10. $username = mysqli_real_escape_string($dbconn,$_POST['username']);
11. $email = mysqli_real_escape_string($dbconn,$_POST['email']);
12. $password = md5($_POST['password']); //md5 hash password security
13. $avatar_name = addslashes($_FILES['avatar']['name']);
14. $avatar = addslashes(file_get_contents($_FILES['avatar']['tmp_name']));
15. $avatar = base64_encode($avatar);
16. //$avatar_path = mysqli_real_escape_string($dbconn,'avatar/'.$_FILES['avatar']['name']);
17.  
18. //images stored in image folder, access using global variable
19. // $_FILES global variable is access using the avatar name
20. // same as the name of the input.
21.  
22. // Second validation - ensure file type is image
23. if (preg_match("!image!", $_FILES['avatar']['type'])) {
24. $_SESSION['username'] = $username;
25. $_SESSION['avatar'] = $avatar;
26.  
27. $sql = "INSERT INTO user_details (username, email, password, avatar_name, avatar)"
28. . "VALUES ('$username', '$email', '$password', '$avatar_name', '$avatar')";
29.  
30. // if the query is successful, redirect to welcome page, done!
31. if (mysqli_query($dbconn, $sql)=== true){
32. $_SESSION['message'] = "Registration successful! Added $username to the database!";
33. header("location: welcome.php");
34. } else {
35. $_SESSION['message'] = "Registration failed! User could not be added to the database!"; }
36. } else {
37. $_SESSION['message'] = "Please only upload GIF, JPG, JPEG, or PNG images";
38. }
39. } else {
40. $_SESSION['message'] = "Passwords does not match";
41. }
42. }
43. ?>
44.  
45. <link href="//db.onlinewebfonts.com/c/a4e256ed67403c6ad5d43937ed48a77b?family=Core+Sans+N+W01+35+Light" rel="stylesheet" type="text/css"/>
46. <link rel="stylesheet" href="blob.css" type="text/css">
47. <div class="body-content">
48. <div class="module">
49. <h1>Create an account</h1>
50. <form class="form" action="blob.php" method="post" enctype="multipart/form-data" autocomplete="off">
51. <div class="alert alert-error"><?= $_SESSION['message'] ?></div>
52. <input type="text" placeholder="User Name" name="username" required />
53. <input type="email" placeholder="Email" name="email" required />
54. <input type="password" placeholder="Password" name="password" autocomplete="new-password" required />
55. <input type="password" placeholder="Confirm Password" name="confirmpassword" autocomplete="new-password" required />
56. <input type="hidden" name="MAX_FILE_SIZE" value="1000000">
57. <div class="avatar"><label>Select your avatar: </label><input type="file" name="avatar" accept="image/*" required /></div>
58. <input type="submit" value="Register" name="register" class="btn btn-block btn-primary" />
59. </form>
60. </div>
61. </div>
62.  
63. <link rel="stylesheet" href="blob.css">
64.  
65. <?php
66. session_start();
67. ?>
68. <div class="body content"></div>
69. <div class="Welcome"></div>
70. <div class="alert alert-success"><?=$_SESSION['message'] ?></div>
71. <span class="user"><img src='<?= $_SESSION['avatar']?>'> </span> <br />
72. Welcome <span class="user"> <?= $_SESSION['username']?> </span>
73.  
74. <?php
75.  
76. $dbconn = new mysqli('localhost', 'root', 'nimda', 'mydatabase003'); // Establish database connection.
77. $sql = "SELECT username, avatar FROM user_details";
78. $result = mysqli_query($dbconn, $sql); //$result = mysqli_result object
79.  
80. ?>
81.  
82. <div id = "registered">
83. <span>All registered users:</span>
84. <?php
85. while($row=mysqli_fetch_assoc($result)) {
86. echo "<div class='userlist'><span>$row[username]</span> <br/>";
87. // echo "<img src='file_get_contents($row[avatar])'></div>";
88. echo "<img src= 'data:image;base64,'.$row[2].'";
89. }
90. ?>
91. </div>
92.  
93. <?php
94. // verify request id.
95. if (empty($_GET['id']) || !is_numeric($_GET['id'])) {
96. echo 'A valid image file id is required to display the image file.';
97. exit; }
98.  
99. $imageId = $_GET['id'];
100. //connect to mysql database
101. if ($conn = mysqli_connect('localhost', 'root', 'nimda', 'mydatabase003')) {
102. $content = mysqli_real_escape_string($conn, $content);
103. $sql = "SELECT username, avatar FROM user_details where id = {$avatar}";
104. if ($rs = mysqli_query($conn, $sql)) {
105. $imageData = mysqli_fetch_array($rs, MYSQLI_ASSOC);
106. mysqli_free_result($rs);
107. } else {
108. echo "Error: Could not get data from mysql database. Please try again.";
109. }
110. //close mysqli connection
111. mysqli_close($conn);
112. } else {
113. echo "Error: Could not connect to MySQL database. Please try again.";
114. }
115. if (!empty($imageData)) {
116. // show the image.
117. header("Content-type: {$imageData['type']}");
118. echo $imageData['content'];``
119. }
120. ?>