Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function login(){
- global $errors;
- // check login status
- if (!empty($_SESSION['user']) && $_SESSION['user']) {
- // logged in -> go away
- $_SESSION['notices'][]= "already logged in";
- header("Location: ?");
- exit(0);
- } else {
- $username="";
- if (!empty($_POST['username'])) $username=$_POST['username'];
- if ($_SERVER['REQUEST_METHOD']=="POST"){
- if (!empty($_POST['username']) && !empty($_POST['password'])){
- $_SESSION['user']=check_user($_POST['username'], $_POST['password']);
- if ($_SESSION['user']) {
- $_SESSION['notices'][]= "Successful login";
- header("Location: ?");
- exit(0);
- } else {
- $errors[]="unable to log in with that info";
- }
- } else {
- $errors[]='Please fill in your login information';
- }
- }
- include('views/login.html');
- }
- }
- function register(){
- global $errors;
- if (!empty($_SESSION['user']) && $_SESSION['user']) {
- // logged in -> go away
- $_SESSION['notices'][]= "already logged in";
- header("Location: ?");
- exit(0);
- } else {
- $username="";
- $email="";
- if ($_SERVER['REQUEST_METHOD']=="POST"){
- if (!empty($_POST['username'])) $username=$_POST['username'];
- else $errors[]='please specify an username';
- if (!empty($_POST['email'])) $email=$_POST['email'];
- else $errors[]='please specify an email address';
- if (empty($_POST['password']) || empty($_POST['password2'])) $errors[]='please fill in both passwords';
- if (empty($errors)){
- if ($_POST['password'] == $_POST['password2']) {
- if(add_user($_POST['username'], $_POST['password'], $_POST['email'])){
- $_SESSION['user']=check_user($_POST['username'], $_POST['password']);
- if ($_SESSION['user']){ // register successful?
- $_SESSION['notices'][]= "Successful register, you have been logged in";
- header("Location: ?");
- exit(0);
- } else {
- $errors[]="problem registering";
- }
- }
- } else {
- $errors[]="passwords dont match";
- }
- } // parameters exist
- }
- include('views/register.html');
- }
- }
- function logout(){
- $_SESSION = array();
- if (isset($_COOKIE[session_name()])) {
- setcookie(session_name(), '', time()-42000, '/');
- }
- session_destroy();
- header("Location: ?");
- exit(0);
- }
- function view_profile($id){
- global $user;
- $user = get_user($id);
- if ($user) {
- include('views/profile.html');
- } else {
- $_SESSION['alerts'][]= "Could not find user";
- header("Location: ?");
- exit(0);
- }
- }
- function edit_profile($id){
- global $connection, $user, $errors, $DB_usertable;
- $errors = [];
- $user = get_user($id);
- if ($user) {
- if (!empty($_POST)){
- if (!empty($_POST['password_old'])) {
- $password_old=mysqli_real_escape_string($connection,$_POST['password_old']);
- if (!check_user($user['username'], $password_old)){
- $errors[]='please enter your current password to confirm changes';
- }
- } else {
- $password_old='';
- $errors[]='please enter your password to confirm changes';
- }
- if (!empty($_REQUEST['id'])){
- $id=mysqli_real_escape_string($connection, $_REQUEST['id']) ;
- } else{
- $errors[]='please specify an user';
- }
- // validate inputs
- if (!empty($_POST['username'])){
- $username=mysqli_real_escape_string($connection, $_POST['username']) ;
- } else{
- $errors[]='please specify an username';
- }
- if (!empty($_POST['email'])) {
- $email=mysqli_real_escape_string($connection,$_POST['email']);
- } else {
- $errors[]='please specify an email address';
- }
- if ((empty($_POST['password']) && !empty($_POST['password2']) ) || (empty($_POST['password2']) && !empty($_POST['password'])) ) { // one not filled
- $errors[]='please fill in both passwords';
- } else if (!empty($_POST['password']) && !empty($_POST['password2'])) { // both filled
- if ($_POST['password'] == $_POST['password2']) {
- $newPass= mysqli_real_escape_string($connection,$_POST['password']);
- } else {
- $errors[]='Passwords do not match';
- $newPass = $password_old;
- }
- } else { // no passwords, use old
- $newPass = $password_old;
- }
- if (empty($errors)){
- $query ="UPDATE $DB_usertable set username='{$username}', email='{$email}', password = SHA1('$newPass') WHERE id=$id";
- $result = mysqli_query($connection, $query) or die("$query - ".mysqli_error($connection));
- if (mysqli_error($connection)==''){
- $_SESSION['notices'][]="User updated";
- header("Location: ?page=profile&id=$id");
- exit(0);
- } else {
- $errors[]="update failed";
- }
- }
- }
- include('views/edit_profile.html');
- } else {
- $_SESSION['alerts'][]= "Could not find user";
- header("Location: ?");
- exit(0);
- }
- }
- // upload image or resize
- function edit_image($id){
- global $connection, $user, $errors, $DB_usertable;
- $user = get_user($id);
- if ($user){
- $errors = array();
- $newfile = '';
- // try uploading
- if (!empty($_FILES['filename'])){
- $newfile = upload('filename','users', array('png', 'jpg', 'jpeg', 'JPG', 'JPEG', 'gif'), false);
- unset($errors['nofile']); // ignore no file upload error
- }
- if (!empty($_POST['uri'])){
- $newarg = escapeshellarg($_POST['uri']);
- $fileloc = 'pictures/'.end(explode('/', $_POST['uri']));
- $fileloc_esc = escapeshellarg($fileloc);
- exec("wget -O {$fileloc_esc} {$newarg}");
- $errors = array_merge($errors, $o);
- if ($r>0){
- $errors[] = "There was a problem while downloading the image";
- }
- }
- if (empty($errors)){
- if ($newfile==''){
- // no file uploaded, check for coordinates
- if (!empty($_GET['filename']) || !empty($_GET['x']) || !empty($_GET['y'])){
- if (empty($_GET['filename'])){
- $errors[] = 'filename missing';
- }
- if (empty($_GET['x'])){
- $errors[] = 'x-coordinate missing';
- }
- if (empty($_GET['y'])){
- $errors[] = 'y-coordinate missing';
- }
- if (empty($errors)){
- $temp = explode(".", $_GET['filename']);
- $extension = end($temp);
- $newname = str_replace(".".$extension, "_small.".$extension, $_GET['filename'] );
- echo exec("convert {$_GET['filename']} -crop 200x200+{$_GET['x']}+{$_GET['y']} {$newname}", $o, $r);
- if($r == 0){
- $query ="UPDATE $DB_usertable set avatar='{$newname}' WHERE id=$id";
- $result = mysqli_query($connection, $query) or die("$query - ".mysqli_error($connection));
- if (mysqli_error($connection)==''){
- $_SESSION['notices'][]="Avatar updated";
- header("Location: ?page=profile&id=$id");
- exit(0);
- } else {
- $errors[]="update failed";
- }
- } else {
- $errors = array_merge($errors, $o);
- $errors[] = 'crop failed';
- }
- }
- }
- } else {
- // new file uploaded. update user and redirect to the edit image
- $query ="UPDATE $DB_usertable set filename='{$newfile}' WHERE id=$id";
- $result = mysqli_query($connection, $query) or die("$query - ".mysqli_error($connection));
- if (mysqli_error($connection)==''){
- $_SESSION['notices'][]="Image updated";
- header("Location: ?page=profile_image&id=$id");
- exit(0);
- } else {
- $errors[]="update failed";
- }
- }
- include('views/profile_image.html');
- } else {
- include('views/profile.html');
- }
- } else {
- $_SESSION['alerts'][]="Could not find user";
- header("Location: ?");
- exit(0);
- }
- }
- function auth(){
- if (isset($_SESSION['user']) && $_SESSION['user']){
- // logged in
- return true;
- } else {
- // not logged in
- $_SESSION['alerts'][]="You need to be logged in";
- header("Location: ?page=login");
- exit(0);
- }
- }
- function check_availability($username){
- global $connection, $DB_usertable;
- $username = mysqli_real_escape_string($connection, $username);
- $query ="SELECT * FROM $DB_usertable WHERE username='$username'";
- $result = mysqli_query($connection, $query) or die("$query - ".mysqli_error($connection));
- if (mysqli_num_rows($result)>0) {
- return true;
- }else {
- return false;
- }
- }
- function add_user($username, $password, $email) {
- global $connection, $errors, $DB_usertable;
- $result=check_availability($username);
- if ($result) {
- $errors[]="the username is already in use";
- return false;
- }
- $username = mysqli_real_escape_string($connection, $username);
- $email = mysqli_real_escape_string($connection, $email);
- $password = mysqli_real_escape_string($connection, $password);
- $query ="INSERT INTO $DB_usertable (username, password, email, filename) VALUES ('$username', SHA1('$password'), '$email', 'uploads/users/default.png')";
- mysqli_query($connection, $query) or die("$query - ".mysqli_error($connection));
- return mysqli_insert_id($connection);
- }
- function check_user($username, $passwd) {
- global $connection, $DB_usertable;
- $query ="SELECT * FROM $DB_usertable WHERE username='$username' AND password=SHA1('$passwd')";
- $result = mysqli_query($connection, $query);
- if (!$result) {
- return false;
- }
- $user=mysqli_fetch_assoc($result);
- if (!empty($user)) {
- return $user;
- } else {
- return false;
- }
- }
- function get_user($id) {
- global $connection, $DB_usertable;
- $id = mysqli_real_escape_string($connection, $id);
- $query ="SELECT * FROM $DB_usertable WHERE id='$id'";
- $result = mysqli_query($connection, $query);
- if (!$result) {
- return false;
- }
- $user=mysqli_fetch_assoc($result);
- if (!empty($user)) {
- return $user;
- } else {
- return false;
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement