Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- public function setUser(){
- $fullName = htmlspecialchars($_POST['fullName']);
- $email = htmlspecialchars($_POST['email']);
- $password = htmlspecialchars($_POST['password']);
- $DOB = htmlspecialchars($_POST['DOB']);
- $nationality = htmlspecialchars($_POST['nationality']);
- $workTitle = htmlspecialchars($_POST['workTitle']);
- $workPlace = htmlspecialchars($_POST['workPlace']);
- $phoneNumber = htmlspecialchars($_POST['phoneNumber']);
- $userType = htmlspecialchars($_POST['userType']);
- //PASSWORD HASHING
- $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
- if($userType == "Investor"){
- $accNumber = "A" . sprintf("%06d", mt_rand(1, 999999));
- }else{
- $accNumber = "B" . sprintf("%06d", mt_rand(1, 999999));
- }
- try {
- $sql = "INSERT INTO user (fullName, email, password, DOB, nationality, workTitle, workPlace, phoneNumber, userType, accNumber) VALUES (?,?,?,?,?,?,?,?,?,?)";
- $stmt = $this->connect()->prepare($sql);
- $stmt->execute([$fullName, $email, $hashedPassword, $DOB, $nationality, $workTitle, $workPlace, $phoneNumber, $userType, $accNumber]);
- } catch (PDOException $e) {
- throw new Exception($e->getMessage());
- }
- header('location:login.php');
- } //setUser()
- //RETRIEVE HASHED PASSWORD FROM DB
- public function getPassword($email){
- $sql = "SELECT password FROM user WHERE email = ?";
- $stmt = $this->connect()->prepare($sql);
- $stmt->execute([$email]);
- if($stmt->rowCount()){
- while($row = $stmt->fetch()){
- return $row['password'];
- }
- }
- } //getPassword()
- //LOGIN THE USER
- public function loginUser(){
- $email = htmlspecialchars($_POST['email']);
- $password = htmlspecialchars($_POST['password']);
- $hashedPassword = $this->getPassword($email);
- //Check if hashed password is equal to password
- if(password_verify($password,$hashedPassword)){
- try {
- $sql = "SELECT * FROM user WHERE email = ?";
- $stmt = $this->connect()->prepare($sql);
- $stmt->execute([$email]);
- if($stmt->rowCount()){
- while($row = $stmt->fetch()){
- $_SESSION['userID'] = $row['userID'];
- $_SESSION['fullName'] = $row['fullName'];
- $_SESSION['email'] = $row['email'];
- $_SESSION['DOB'] = $row['DOB'];
- $_SESSION['nationality'] = $row['nationality'];
- $_SESSION['workTitle'] = $row['workTitle'];
- $_SESSION['workPlace'] = $row['workPlace'];
- $_SESSION['phoneNumber'] = $row['phoneNumber'];
- $_SESSION['userType'] = $row['userType'];
- $_SESSION['accNumber'] = $row['accNumber'];
- $_SESSION['status'] = $row['status'];
- $_SESSION['profilePic'] = $row['profilePic'];
- header('location:dashboard.php');
- }
- }
- } catch (Exception $e) {
- throw new Exception($e->getMessage);
- }
- }else{
- echo"Invalid email or password";
- }
- } //loginUser()
- const USER_FIELDS_TO_COPY_TO_SESSION = ['userID', 'fullName' ....];
- if($stmt->rowCount() == 1){
- $row = $stmt->fetch();
- foreach(self::USER_FIELDS_TO_COPY_TO_SESSION as $field) {
- $_SESSION[$field] = $row[$field];
- }
- }
- if($stmt->rowCount() == 1){
- $row = $stmt->fetch();
- $_SESSION = array_merge($_SESSION, $row);
- }
- if($userType == "Investor"){
- $accNumber = "A" . sprintf("%06d", mt_rand(1, 999999));
- }else{
- $accNumber = "B" . sprintf("%06d", mt_rand(1, 999999));
- }
- $prefix = 'B'; //default
- if($userType == "Investor"){
- $prefix = "A";
- }
- $accNumber = prefix . sprintf("%06d", mt_rand(1, 999999));
- $accNumber = ($userType == "Investor" ? "A" : "B") . sprintf("%06d", mt_rand(1, 999999));
- $accNumber = "A" . sprintf("%06d", mt_rand(1, 999999));
- $fullName = htmlspecialchars($_POST['fullName']);
- $email = htmlspecialchars($_POST['email']);
- $password = htmlspecialchars($_POST['password']);
- ...
- throw new Exception($e->getMessage());
- $this->connect()
- header('location:login.php');
- public function setUser($fullName, $email, $password, $DOB, $nationality, $workTitle, $workPlace, $phoneNumber, $userType) {
- $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
- if($userType == "Investor"){
- $accNumber = "A";
- }else{
- $accNumber = "B";
- }
- $sql = "INSERT INTO user (fullName, email, password, DOB, nationality, workTitle, workPlace, phoneNumber, userType) VALUES (?,?,?,?,?,?,?,?,?,?)";
- $stmt = $this->db->prepare($sql);
- $stmt->execute([$fullName, $email, $hashedPassword, $DOB, $nationality, $workTitle, $workPlace, $phoneNumber, $userType]);
- $id = $this->db->lastInsertId();
- $sql = "UPDATE user SET accNumber = concat(?, id) WHERE id = ?";
- $stmt = $this->db->prepare($sql)->execute([$accNumber, $id]);
- }
- public function getPassword($email){
- if($stmt->rowCount()){
- while($row = $stmt->fetch()){
- $_SESSION['userID'] = $row['userID'];
- $_SESSION['user'] = $row;
- echo"Invalid email or password";
- public function loginUser($email, $password){
- $stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?");
- $stmt->execute([$email]);
- $user = $stmt->fetch();
- if ($user && password_verify($password, $user['password']))
- {
- $_SESSION['user'] = $user;
- return true;
- }
- }
- if ($user->loginUser($_POST['email'], $_POST['password'])) {
- header("Location: somewhere");
- exit;
- } else {
- echo"Invalid email or password";
- }
Add Comment
Please, Sign In to add comment