<?phprequire '../lib/config.inc';require '../lib/User.inc';?><!DOCTYPE h

1. <?php
2. require '../lib/config.inc';
3. require '../lib/User.inc';
4. ?>
5. <!DOCTYPE html>
6. <html>
7. <head>
8. <meta http-equiv="content-type" content="text/html;charset=utf-8"/>
9. <title>Assignment2</title>
10. <link href="<?=DOCROOT?>/css/reset.css" type="text/css" rel="stylesheet" media="screen" />
11. <link href="<?=DOCROOT?>/css/bp/blueprint/screen.css" type="text/css" rel="stylesheet" media="screen" />
12. <link rel="stylesheet" href="<?=DOCROOT?>/css/all.css" media="all"/>
13. <script type="text/javascript" src="<?=DOCROOT?>/js/jquery-1.5.min.js"></script>
14. <style type="text/css">
15. @import url('css/all.css');
16.  
17. @font-face {
18.     font-family: "Molot";
19.     src: url('css/Molot.ttf');
20. }
21. #header h1{
22.   display:block;
23.   width:400px;
24.   position:relative;
25.   top:50px;
26.   left:20px;
27. }
28. #header h1 span {
29.   color:#fff;
30.   font-family:"Molot", sans-serif;
31.   font-variant:small-caps;
32. }
33. label, input{float:left; clear:left;}
34. </style>
35. </head>
36. <?php
37. require '../lib/header.inc';
38.  
39. # unset AUTH error and reassign after each GET request    
40. if (isset($_SESSION['AUTH']['error'])) {
41.     $error = $_SESSION['AUTH']['error'];
42.     unset($_SESSION['AUTH']['error']);
43. }
44. /*
45.     this file handles auth, error validation, and your basic post,redirect,get pattern:
46.     on a whole /user/index.php on a whole is probably responsible for too much, but
47.     each root if block could probably be cleaned up as a case
48. */
49. # if block determines if the user is logged in and which form to output
50. if (isset($_GET['q'])):
51.     if (isset($_SESSION['AUTH']['active']) && $_GET['q'] === 'logout'):
52.         session_destroy();
53.         $_SESSION = array();
54.         setcookie('SID', '', time() - 24*60*60);
55.         header('Location: '.$_SERVER['PHP_SELF'].'/?q=logged_out');
56.         die();
57.     elseif (!isset($_SESSION['AUTH']['active']) && $_GET['q'] === 'logged_out'):
58.         $msg = '<p>You have logged out.</p>';
59.     elseif (isset($_POST['_register']) || (!isset($_SESSION['AUTH']['active']) && $_GET['q'] === 'register')):
60.         $form =
61. <<< REGISTERFORM
62. <form name="register" method="post" action="{$_SERVER['PHP_SELF']}?q=register">
63.     <label for="email">Email:</label>
64.     <input type="text" name="email" id="email" />
65.     <label for="username">Username:</label>
66.     <input type="text" name="username" id="username" />
67.     <label for="fn">First name:</label>
68.     <input type="text" name="fn" id="fn" />
69.     <label for="ln">Last name:</label>
70.     <input type="text" name="ln" id="ln" />
71.     <label for="password">Password:</label>
72.     <input type="password" name="password" id="password" />
73.     <label for="password_confirm">Password:</label>
74.     <input type="password" name="password_confirm" id="password_confirm" />
75.     <input type="submit" name="_register" id="register" value="Register" />
76. </form>
77. REGISTERFORM;
78.     elseif (isset($_POST['_login']) || (!isset($_SESSION['AUTH']['active']) && $_GET['q'] === 'login')):
79.         $form =
80. <<< LOGINFORM
81. <form name="login" method="post" action="{$_SERVER['PHP_SELF']}?q=login">
82.     <label for="username">Username or Email:</label>
83.     <input type="text" name="username" id="username" />
84.     <label for="password">Password:</label>
85.     <input type="password" name="password" id="password" />
86.     <input type="submit" name="_login" id="login" value="Login" />
87. </form>
88. LOGINFORM;
89.     else:
90.         $msg = "Page not found.";
91.     endif;
92. else:
93.   if(isset($_SESSION['AUTH']['active'])):
94.     $msg = print_r($_SESSION['USER']);
95.   else:
96.     $_SESSION['AUTH']['error'] = "You must be logged in to view that page.";
97.     header("Location: ".DOCROOT."/user?q=login");
98.     exit();
99.   endif;
100. endif;
101. ?>
102. <div id="container">
103. <div class="content">
104. <?php
105. # if block handles login request and login error validation
106. if (isset($_POST['_login']) && !empty($_POST['username']) && !empty($_POST['password'])):
107.     $user = new User();
108.     if($user->login()):
109.         $_SESSION['USER'] = $user->login();
110.         $_SESSION['AUTH']['active'] = 1;
111.         header("Location: ".DOCROOT);
112.         die();
113.     else:
114.         $_SESSION['AUTH']['error'] = "Invalid login attempt; user not found or invalid user password.";
115.         header("Location: ".$_SERVER['PHP_SELF'].'?q=login');
116.         die();
117.     endif;
118. elseif (isset($_POST['_login'])):
119.     $_SESSION['AUTH']['error'] = "Invalid login attempt; required fields are missing values.";
120.     header("Location: ".$_SERVER['PHP_SELF'].'?q=login');
121.     die();
122. endif;
123. # if block handles register requrests and register error validation
124. if (isset($_POST['_register'])):
125.     if(!empty($_POST['email']) && !empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['password_confirm'])):
126.         $user = new User();
127.  
128.         if(preg_match('/^[^@]+@[a-zA-Z0-9._-]+\.[a-zA-Z]+$/', $_POST['email'])):
129.             if($user->record_exists($_POST['email'], 'email')
130.             || $user->record_exists($_POST['username'], 'user_name')):
131.                 $_SESSION['AUTH']['error'] = "Invalid register attempt; username or email already exists.";
132.                 header("Location: ".$_SERVER['PHP_SELF'].'?q=register');
133.                 die();
134.             else:
135.                 if(($_POST['password'] === $_POST['password_confirm'])
136.                 && strlen($_POST['password']) >= 5):
137.                     $user->register();
138.                     $_SESSION['USER'] = $user->login();
139.                     $_SESSION['AUTH']['active'] = 1;
140.                     header("Location: ".DOCROOT);
141.                 else:
142.                     $_SESSION['AUTH']['error'] = "Invalid register attempt; passwords don't match or aren't long enough.";
143.                     header("Location: ".$_SERVER['PHP_SELF'].'?q=register');
144.                     die();
145.                 endif;
146.             endif;
147.         else:
148.             $_SESSION['AUTH']['error'] = 'Invalid register attempt; bad email expression.';
149.             header("Location: ".$_SERVER['PHP_SELF'].'?q=register');
150.             die();
151.         endif;
152.     else:
153.         $_SESSION['AUTH']['error'] = "Invalid register attempt; required fields are missing values.";
154.         header("Location: ".$_SERVER['PHP_SELF'].'?q=register');
155.         die();
156.     endif;
157. endif;
158. # output view based on if blocks
159. if (isset($error))
160.     echo '<p style="color:#f00"><em>'.$error.'</em></p>';
161.  
162. if (isset($msg))
163.     echo $msg;
164.  
165. if (isset($form))
166.     echo $form;
167. ?>
168. </div>
169. </div>
170. <div id="footer">
171. <p><small>Copyright &copy; 2010-2011 / StockTradeToy LLC / All rights reserved.</small></p>
172. </div>
173. </body>
174. </html>