function validateDate($date, $format = 'Y-m-d H:i:s'){$d = DateTime::createFrom

1. function validateDate($date, $format = 'Y-m-d H:i:s'){
2. $d = DateTime::createFromFormat($format, $date);
3. return $d && $d->format($format) == $date;
4. }
5.  
6. if (isset($_POST['register'])) {
7. if (empty($_POST['date'])) {
8. $error = '1';
9. $dateError = "Please enter a birthday date.";
10. } else {
11. if ((validateDate($_POST['date'], 'm/d/Y')) == FALSE) {
12. $error = '1';
13. $dateError = "Please enter a valid birthday date.";
14. }
15. }
16.  
17. if (empty($_POST['username'])) {
18. $error = '1';
19. $usernameError = "Please enter an username.";
20. } else
21. if (strlen($_POST['username']) < 3) {
22. $error = '1';
23. $usernameError = "Username must have at least 3 characters.";
24. } else
25. if (!preg_match("/^[a-z0-9d_]{3,16}$/i", $_POST['username'])) {
26. $error = '1';
27. $usernameError = "Username can only contain alphabets, underscore characters and numbers.";
28. } else {
29. $sql = "SELECT * FROM users WHERE username=?";
30. $stmt = $mysql->prepare($sql);
31. $stmt->bind_param('s', $_POST['username']);
32. $stmt->execute();
33. $result = $stmt->get_result();
34. $results = $result->num_rows;
35. if ($results >= 1) {
36. $error = '1';
37. $usernameError = "Username is already in use.";
38. }
39. }
40.  
41. if (!empty($_POST["name"])) {
42. if (!preg_match("^(s)*[A-Za-z]+((s)?(('|-|.)?([A-Za-z])+))*(s)*$^", $_POST['name'])) {
43. $error = '1';
44. $nameError = "Name can only contain alphabets and spaces.";
45. }
46. }
47.  
48. if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
49. $error = '1';
50. $emailError = "Please enter a valid email address.";
51. } else {
52. $xsql = "SELECT * FROM users WHERE email=?";
53. $xstmt = $mysql->prepare($xsql);
54. $xstmt->bind_param('s', $_POST['email']);
55. $xstmt->execute();
56. $xresult = $xstmt->get_result();
57. $xresults = $xresult->num_rows;
58. if ($xresults >= 1) {
59. $error = '1';
60. $emailError = "Email is already in use.";
61. }
62. }
63.  
64. if (empty($_POST['password'])) {
65. $error = '1';
66. $passError = "Please enter a password.";
67. }
68. else {
69. if (strlen($_POST['password']) < 6) {
70. $error = '1';
71. $passError = "Password must have at least 6 characters.";
72. }
73. }
74.  
75. if ($error == '0') {
76. $name = $_POST['name'];
77. $name = substr($name, 0, 40);
78. $username = $_POST['username'];
79. $username = substr($username, 0, 16);
80. $date = $_POST['date'];
81. $email = $_POST['email'];
82. $password = $_POST['password'];
83. $trn_date = date("Y-m-d H:i:s");
84. $ip = '';
85. if (getenv('HTTP_CLIENT_IP')) {
86. $ip = getenv('HTTP_CLIENT_IP');
87. }
88. else
89. if (getenv('HTTP_X_FORWARDED_FOR')) {
90. $ip = getenv('HTTP_X_FORWARDED_FOR');
91. }
92. else
93. if (getenv('HTTP_X_FORWARDED')) {
94. $ip = getenv('HTTP_X_FORWARDED');
95. }
96. else
97. if (getenv('HTTP_FORWARDED_FOR')) {
98. $ip = getenv('HTTP_FORWARDED_FOR');
99. }
100. else
101. if (getenv('HTTP_FORWARDED')) {
102. $ip = getenv('HTTP_FORWARDED');
103. }
104. else
105. if (getenv('REMOTE_ADDR')) {
106. $ip = getenv('REMOTE_ADDR');
107. }
108. else {
109. $ip = '127.0.0.1';
110. }
111.  
112. $activation = md5($email . time());
113. $sql = "INSERT into `users` (username, name, password, email, birthday, status, activation, ip, trn_date, theme, picture, views, currency, publicprofile, showaboutyourself, showviews, changedecimal, sortby, apiscrape, badge, sortfeed, who_can_pm_me, who_can_notify_me, google_auth_code) VALUES (?, ?, ?, ?, ?, ?, '0', ?, ?, ?, 'light', 'default.png', '1', 'USD', '1', '1', '1', '0', 'latestadded', 'coinmarketcap', 'USER', 'relevance', 'all', 'all', ?)";
114. $options = ['cost' => 15, ];
115. $pdw = password_hash($password, PASSWORD_BCRYPT, $options);
116. $stmt = $mysql->prepare($sql);
117. $stmt->bind_param('sssssssss', $username, $name, $pdw, $email, $date, $activation, $ip, $trn_date, $secret);
118. $stmt->execute();
119.  
120.  
121.  
122. // log them in after registration
123. $sql = "SELECT id FROM `users` WHERE email=?";
124. $stmt = $mysql->prepare($sql);
125. $stmt->bind_param('s', $email);
126. $stmt->execute();
127. $result = $stmt->get_result();
128. $row = $result->fetch_assoc();
129. $userid = $row["id"];
130.  
131. $usersession = substr("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", mt_rand(0, 50) , 1) . substr(md5(time()) , 1) . bin2hex(openssl_random_pseudo_bytes(25));
132. $now = time();
133. $expires = time() + 86400;
134. date_default_timezone_set('Europe/Amsterdam');
135. $date = date('d-m-Y');
136. $sql = "INSERT INTO sessions (SESSION_ID, SESSION_USER_ID, SESSION_IP, SESSION_EXPIRES, SESSION_DATE, SESSION_ACTIVE, SESSION_AGENT) VALUES (?,?,?,?,?,'1',?)";
137. $stmt = $mysql->prepare($sql);
138. $stmt->bind_param('ssssss', $usersession, $userid, $ip, $expires, $date, $_SERVER['HTTP_USER_AGENT']);
139. $stmt->execute();
140. setcookie("MySite_Session_ID", $usersession, $expires, '/');
141. header("Location: /");
142. die();
143. }
144.  
145. if (isset($_POST['login'])) {
146. usleep(500000); // Slow down brute-forcers
147. $error = '0';
148. $email = $_POST['email'];
149. $password = $_POST['password'];
150. if (empty($email)) {
151. $error = '1';
152. $userError = "Please enter your email.";
153. }
154.  
155. if (empty($password)) {
156. $error = '1';
157. $passError = "Please enter your password.";
158. }
159.  
160. if ($error == '0') {
161. $sql = "SELECT id,password,status FROM `users` WHERE email=?";
162. $stmt = $mysql->prepare($sql);
163. $stmt->bind_param('s', $email);
164. $stmt->execute();
165. $result = $stmt->get_result();
166. $results = $result->num_rows;
167. if ($results >= 1) {
168. $row = $result->fetch_assoc();
169. if ($row['status'] != 0) {
170. if (password_verify($password, $row["password"])) {
171. // Password success, log them in
172.  
173. $userid = $row["id"];
174. $useragent = $_SERVER['HTTP_USER_AGENT'];
175. $usersession = substr("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", mt_rand(0, 50) , 1) . substr(md5(time()) , 1) . bin2hex(openssl_random_pseudo_bytes(25));
176. $now = time();
177. $expires = time() + 86400;
178. if (isset($_POST['rememberme'])) {
179. $expires = time() + 15768000;
180. }
181. date_default_timezone_set('Europe/Amsterdam');
182. $date = date('d-m-Y');
183. $sql = "INSERT INTO sessions (SESSION_ID, SESSION_USER_ID, SESSION_IP, SESSION_EXPIRES, SESSION_DATE, SESSION_ACTIVE, SESSION_AGENT) VALUES (?,?,?,?,?,'1',?)";
184. $stmt = $mysql->prepare($sql);
185. $stmt->bind_param('ssssss', $usersession, $userid, $_SERVER['REMOTE_ADDR'], $expires, $date, $_SERVER['HTTP_USER_AGENT']);
186. $stmt->execute();
187. setcookie("MySite_Session_ID", $usersession, $expires, '/');
188. header("Location: /");
189. } else {
190. $passError = "Invalid password.";
191. }
192. } else {
193. $userError = 'Your account has not been activated. Please check your email.';
194. }
195. }
196. }
197. }
198.  
199. $mysql = mysqli_connect('localhost', 'root', '');
200. mysqli_select_db($mysql,"mysite");
201.  
202. $sql = "DELETE FROM sessions WHERE SESSION_ID=?";
203. $stmt = $mysql->prepare($sql);
204. $stmt->bind_param('s', $_COOKIE['MySite_Session_ID']);
205. $stmt->execute();
206.  
207. setcookie ('MySite_Session_ID', "", 1);
208. setcookie ('MySite_Session_ID', false);
209. unset($_COOKIE['MySite_Session_ID']);
210.  
211. header("Location: /");
212. exit();
213.  
214. ini_set('display_errors', 1);
215. ini_set('display_startup_errors', 1);
216. error_reporting(E_ALL);
217. $mysql = mysqli_connect('localhost', 'root', '');
218. mysqli_select_db($mysql, "mysite");
219. date_default_timezone_set('Europe/Amsterdam');
220.  
221. if (isset($_COOKIE['MySite_Session_ID'])) {
222. $usersession = $_COOKIE['MySite_Session_ID'];
223. $sql = "SELECT SESSION_USER_ID,SESSION_EXPIRES FROM sessions WHERE SESSION_ID = ? AND SESSION_ACTIVE = '1' AND SESSION_AGENT = ?";
224. $stmt = $mysql->prepare($sql);
225. $stmt->bind_param('ss', $usersession, $_SERVER['HTTP_USER_AGENT']);
226. $stmt->execute();
227. $dasdasresult = $stmt->get_result();
228. $results = $dasdasresult->num_rows;
229. if ($results >= 1) {
230. // Is logged in
231.  
232. $row = $dasdasresult->fetch_assoc();
233. $userid = $row["SESSION_USER_ID"];
234. $expiretime = $row["SESSION_EXPIRES"];
235.  
236. if ($expiretime > time()) {
237. // Session did not expire
238.  
239. $sql = "SELECT * from users WHERE id=?";
240. $stmt = $mysql->prepare($sql);
241. $stmt->bind_param('s', $userid);
242. $stmt->execute();
243. $dasdasresultx = $stmt->get_result();
244. $results = $dasdasresultx->num_rows;
245. if ($results >= 1) {
246. // User exists
247.  
248. $row = $dasdasresultx->fetch_assoc();
249.  
250. $username = $row["username"];
251. $name = $row["name"];
252. $userid = $row["id"];
253. $email = $row["email"];
254. $loggedin = 1;
255. } else {
256. // User does not exist
257.  
258. header("Location: /login");
259. exit();
260. }
261. } else {
262. // Session expired
263.  
264. $sql = "UPDATE sessions SET SESSION_ACTIVE = '0' WHERE SESSION_ID = ?";
265. $stmt = $mysql->prepare($sql);
266. $stmt->bind_param('s', $usersession);
267. $stmt->execute();
268.  
269. header("Location: /login");
270. exit();
271. }
272. } else {
273. header("Location: /login");
274. exit();
275. }
276. } else {
277. header("Location: /login");
278. exit();
279. }