Advertisement
Osher15151

functions

Jan 25th, 2020
352
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 5.19 KB | None | 0 0
  1. <?php
  2.     session_start();
  3.  
  4.     // connect to database
  5.     $db = mysqli_connect('localhost', 'root', '', 'webproject');
  6.  
  7.     // variable declaration
  8.     $username = "";
  9.     $email    = "";
  10.     $sup_name = "";
  11.     $sup_phone ="";
  12.     $sup_brand= "";
  13.     $errors   = array();
  14.  
  15.     // call the register() function if register_btn is clicked
  16.     if (isset($_POST['register_btn'])) {
  17.         register();
  18.        
  19.     }
  20.  
  21.     // call the login() function if register_btn is clicked
  22.     if (isset($_POST['login_btn'])) {
  23.         login();
  24.     }
  25.  
  26.     if (isset($_POST['add_sup'])) {
  27.         addsup();
  28.     }
  29.  
  30.     if (isset($_GET['logout'])) {
  31.         session_destroy();
  32.         unset($_SESSION['user']);
  33.         header("location: ../login.php");
  34.     }
  35.  
  36.     //Add Supplier
  37.     function addsup(){
  38.         global $db, $errors;
  39.  
  40.         $sup_name = e($_POST['supname']);
  41.         $sup_phone = e($_POST['phone']);
  42.         $sup_brand = e($_POST['brand']);
  43.         // form validation: ensure that the form is correctly filled
  44.         if (empty($sup_name)) {
  45.             array_push($errors, "Supplier name is required");
  46.         }
  47.         if (empty($sup_phone)) {
  48.             array_push($errors, "Supplier Phone is required");
  49.         }
  50.         if (empty($sup_brand)) {
  51.             array_push($errors, "Supplier Brand is required");
  52.         }
  53.         if (count($errors) == 0) {
  54.  
  55.             if (isset($_POST['add_sup'])) {
  56.                 $sup_name = e($_POST['add_sup']);
  57.                 $query = "INSERT INTO suplliers (sup_name, sup_phone, sup_brand)
  58.                           VALUES('$supname', '$phone', '$brand')";
  59.                 mysqli_query($db, $query);
  60.                 $_SESSION['success']  = "New Supplier successfully created!!";
  61.                 header('location: home.php');
  62.         }
  63.     }
  64.  
  65.     // REGISTER USER
  66.     function register(){
  67.         global $db, $errors;
  68.  
  69.         // receive all input values from the form
  70.         $username    =  e($_POST['username']);
  71.         $email       =  e($_POST['email']);
  72.         $password_1  =  e($_POST['password_1']);
  73.         $password_2  =  e($_POST['password_2']);
  74.  
  75.         // form validation: ensure that the form is correctly filled
  76.         if (empty($username)) {
  77.             array_push($errors, "Username is required");
  78.         }
  79.         if (empty($email)) {
  80.             array_push($errors, "Email is required");
  81.         }
  82.         if (empty($password_1)) {
  83.             array_push($errors, "Password is required");
  84.         }
  85.         if ($password_1 != $password_2) {
  86.             array_push($errors, "The two passwords do not match");
  87.         }
  88.  
  89.         // register user if there are no errors in the form
  90.         if (count($errors) == 0) {
  91.             $password = md5($password_1);//encrypt the password before saving in the database
  92.  
  93.             if (isset($_POST['user_type'])) {
  94.                 $user_type = e($_POST['user_type']);
  95.                 $query = "INSERT INTO users (username, email, user_type, password)
  96.                           VALUES('$username', '$email', '$user_type', '$password')";
  97.                 mysqli_query($db, $query);
  98.                 $_SESSION['success']  = "New user successfully created!!";
  99.                 header('location: home.php');
  100.             }else{
  101.                 $query = "INSERT INTO users (username, email, user_type, password)
  102.                           VALUES('$username', '$email', 'user', '$password')";
  103.                 mysqli_query($db, $query);
  104.  
  105.                 // get id of the created user
  106.                 $logged_in_user_id = mysqli_insert_id($db);
  107.  
  108.                 $_SESSION['user'] = getUserById($logged_in_user_id); // put logged in user in session
  109.                 $_SESSION['success']  = "You are now logged in";
  110.                 header('location: index.php');             
  111.             }
  112.  
  113.         }
  114.  
  115.     }
  116.  
  117.     // return user array from their id
  118.     function getUserById($id){
  119.         global $db;
  120.         $query = "SELECT * FROM users WHERE id=" . $id;
  121.         $result = mysqli_query($db, $query);
  122.  
  123.         $user = mysqli_fetch_assoc($result);
  124.         return $user;
  125.     }
  126.  
  127.     // LOGIN USER
  128.     function login(){
  129.         global $db, $username, $errors;
  130.  
  131.         // grap form values
  132.         $username = e($_POST['username']);
  133.         $password = e($_POST['password']);
  134.  
  135.         // make sure form is filled properly
  136.         if (empty($username)) {
  137.             array_push($errors, "Username is required");
  138.         }
  139.         if (empty($password)) {
  140.             array_push($errors, "Password is required");
  141.         }
  142.  
  143.         // attempt login if no errors on form
  144.         if (count($errors) == 0) {
  145.             $password = md5($password);
  146.  
  147.             $query = "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1";
  148.             $results = mysqli_query($db, $query);
  149.  
  150.             if (mysqli_num_rows($results) == 1) { // user found
  151.                 // check if user is admin or user
  152.                 $logged_in_user = mysqli_fetch_assoc($results);
  153.                 if ($logged_in_user['user_type'] == 'admin') {
  154.  
  155.                     $_SESSION['user'] = $logged_in_user;
  156.                     $_SESSION['success']  = "You are now logged in";
  157.                     header('location: admin/home.php');      
  158.                 }else{
  159.                     $_SESSION['user'] = $logged_in_user;
  160.                     $_SESSION['success']  = "You are now logged in";
  161.  
  162.                     header('location: index.php');
  163.                 }
  164.             }else {
  165.                 array_push($errors, "Wrong username/password combination");
  166.             }
  167.         }
  168.     }
  169.  
  170.     function isLoggedIn()
  171.     {
  172.         if (isset($_SESSION['user'])) {
  173.             return true;
  174.         }else{
  175.             return false;
  176.         }
  177.     }
  178.  
  179.     function isAdmin()
  180.     {
  181.         if (isset($_SESSION['user']) && $_SESSION['user']['user_type'] == 'admin' ) {
  182.             return true;
  183.         }else{
  184.             return false;
  185.         }
  186.     }
  187.  
  188.     // escape string
  189.     function e($val){
  190.         global $db;
  191.         return mysqli_real_escape_string($db, trim($val));
  192.     }
  193.  
  194.     function display_error() {
  195.         global $errors;
  196.  
  197.         if (count($errors) > 0){
  198.             echo '<div class="error">';
  199.                 foreach ($errors as $error){
  200.                     echo $error .'<br>';
  201.                 }
  202.             echo '</div>';
  203.         }
  204.     }
  205.  
  206. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement