Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require '../lib/config.inc';
- require '../lib/User.inc';
- ?>
- <!DOCTYPE html>
- <html>
- <head>
- <meta http-equiv="content-type" content="text/html;charset=utf-8"/>
- <title>Assignment2</title>
- <link href="<?=DOCROOT?>/css/reset.css" type="text/css" rel="stylesheet" media="screen" />
- <link href="<?=DOCROOT?>/css/bp/blueprint/screen.css" type="text/css" rel="stylesheet" media="screen" />
- <link rel="stylesheet" href="<?=DOCROOT?>/css/all.css" media="all"/>
- <script type="text/javascript" src="<?=DOCROOT?>/js/jquery-1.5.min.js"></script>
- <style type="text/css">
- @import url('css/all.css');
- @font-face {
- font-family: "Molot";
- src: url('css/Molot.ttf');
- }
- #header h1{
- display:block;
- width:400px;
- position:relative;
- top:50px;
- left:20px;
- }
- #header h1 span {
- color:#fff;
- font-family:"Molot", sans-serif;
- font-variant:small-caps;
- }
- label, input{float:left; clear:left;}
- </style>
- </head>
- <?php
- require '../lib/header.inc';
- # unset AUTH error and reassign after each GET request
- if (isset($_SESSION['AUTH']['error'])) {
- $error = $_SESSION['AUTH']['error'];
- unset($_SESSION['AUTH']['error']);
- }
- /*
- this file handles auth, error validation, and your basic post,redirect,get pattern:
- on a whole /user/index.php on a whole is probably responsible for too much, but
- each root if block could probably be cleaned up as a case
- */
- # if block determines if the user is logged in and which form to output
- if (isset($_GET['q'])):
- if (isset($_SESSION['AUTH']['active']) && $_GET['q'] === 'logout'):
- session_destroy();
- $_SESSION = array();
- setcookie('SID', '', time() - 24*60*60);
- header('Location: '.$_SERVER['PHP_SELF'].'/?q=logged_out');
- die();
- elseif (!isset($_SESSION['AUTH']['active']) && $_GET['q'] === 'logged_out'):
- $msg = '<p>You have logged out.</p>';
- elseif (isset($_POST['_register']) || (!isset($_SESSION['AUTH']['active']) && $_GET['q'] === 'register')):
- $form =
- <<< REGISTERFORM
- <form name="register" method="post" action="{$_SERVER['PHP_SELF']}?q=register">
- <label for="email">Email:</label>
- <input type="text" name="email" id="email" />
- <label for="username">Username:</label>
- <input type="text" name="username" id="username" />
- <label for="fn">First name:</label>
- <input type="text" name="fn" id="fn" />
- <label for="ln">Last name:</label>
- <input type="text" name="ln" id="ln" />
- <label for="password">Password:</label>
- <input type="password" name="password" id="password" />
- <label for="password_confirm">Password:</label>
- <input type="password" name="password_confirm" id="password_confirm" />
- <input type="submit" name="_register" id="register" value="Register" />
- </form>
- REGISTERFORM;
- elseif (isset($_POST['_login']) || (!isset($_SESSION['AUTH']['active']) && $_GET['q'] === 'login')):
- $form =
- <<< LOGINFORM
- <form name="login" method="post" action="{$_SERVER['PHP_SELF']}?q=login">
- <label for="username">Username or Email:</label>
- <input type="text" name="username" id="username" />
- <label for="password">Password:</label>
- <input type="password" name="password" id="password" />
- <input type="submit" name="_login" id="login" value="Login" />
- </form>
- LOGINFORM;
- else:
- $msg = "Page not found.";
- endif;
- else:
- if(isset($_SESSION['AUTH']['active'])):
- $msg = print_r($_SESSION['USER']);
- else:
- $_SESSION['AUTH']['error'] = "You must be logged in to view that page.";
- header("Location: ".DOCROOT."/user?q=login");
- exit();
- endif;
- endif;
- ?>
- <div id="container">
- <div class="content">
- <?php
- # if block handles login request and login error validation
- if (isset($_POST['_login']) && !empty($_POST['username']) && !empty($_POST['password'])):
- $user = new User();
- if($user->login()):
- $_SESSION['USER'] = $user->login();
- $_SESSION['AUTH']['active'] = 1;
- header("Location: ".DOCROOT);
- die();
- else:
- $_SESSION['AUTH']['error'] = "Invalid login attempt; user not found or invalid user password.";
- header("Location: ".$_SERVER['PHP_SELF'].'?q=login');
- die();
- endif;
- elseif (isset($_POST['_login'])):
- $_SESSION['AUTH']['error'] = "Invalid login attempt; required fields are missing values.";
- header("Location: ".$_SERVER['PHP_SELF'].'?q=login');
- die();
- endif;
- # if block handles register requrests and register error validation
- if (isset($_POST['_register'])):
- if(!empty($_POST['email']) && !empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['password_confirm'])):
- $user = new User();
- if(preg_match('/^[^@]+@[a-zA-Z0-9._-]+\.[a-zA-Z]+$/', $_POST['email'])):
- if($user->record_exists($_POST['email'], 'email')
- || $user->record_exists($_POST['username'], 'user_name')):
- $_SESSION['AUTH']['error'] = "Invalid register attempt; username or email already exists.";
- header("Location: ".$_SERVER['PHP_SELF'].'?q=register');
- die();
- else:
- if(($_POST['password'] === $_POST['password_confirm'])
- && strlen($_POST['password']) >= 5):
- $user->register();
- $_SESSION['USER'] = $user->login();
- $_SESSION['AUTH']['active'] = 1;
- header("Location: ".DOCROOT);
- else:
- $_SESSION['AUTH']['error'] = "Invalid register attempt; passwords don't match or aren't long enough.";
- header("Location: ".$_SERVER['PHP_SELF'].'?q=register');
- die();
- endif;
- endif;
- else:
- $_SESSION['AUTH']['error'] = 'Invalid register attempt; bad email expression.';
- header("Location: ".$_SERVER['PHP_SELF'].'?q=register');
- die();
- endif;
- else:
- $_SESSION['AUTH']['error'] = "Invalid register attempt; required fields are missing values.";
- header("Location: ".$_SERVER['PHP_SELF'].'?q=register');
- die();
- endif;
- endif;
- # output view based on if blocks
- if (isset($error))
- echo '<p style="color:#f00"><em>'.$error.'</em></p>';
- if (isset($msg))
- echo $msg;
- if (isset($form))
- echo $form;
- ?>
- </div>
- </div>
- <div id="footer">
- <p><small>Copyright © 2010-2011 / StockTradeToy LLC / All rights reserved.</small></p>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement