public function setUser(){$fullName = htmlspecialchars($_POST['fullName']);$e

1. public function setUser(){
2.  
3. $fullName = htmlspecialchars($_POST['fullName']);
4. $email = htmlspecialchars($_POST['email']);
5. $password = htmlspecialchars($_POST['password']);
6. $DOB = htmlspecialchars($_POST['DOB']);
7. $nationality = htmlspecialchars($_POST['nationality']);
8. $workTitle = htmlspecialchars($_POST['workTitle']);
9. $workPlace = htmlspecialchars($_POST['workPlace']);
10. $phoneNumber = htmlspecialchars($_POST['phoneNumber']);
11. $userType = htmlspecialchars($_POST['userType']);
12.  
13.  
14. //PASSWORD HASHING
15. $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
16.  
17. if($userType == "Investor"){
18. $accNumber = "A" . sprintf("%06d", mt_rand(1, 999999));
19. }else{
20. $accNumber = "B" . sprintf("%06d", mt_rand(1, 999999));
21. }
22.  
23. try {
24.  
25. $sql = "INSERT INTO user (fullName, email, password, DOB, nationality, workTitle, workPlace, phoneNumber, userType, accNumber) VALUES (?,?,?,?,?,?,?,?,?,?)";
26. $stmt = $this->connect()->prepare($sql);
27. $stmt->execute([$fullName, $email, $hashedPassword, $DOB, $nationality, $workTitle, $workPlace, $phoneNumber, $userType, $accNumber]);
28.  
29. } catch (PDOException $e) {
30. throw new Exception($e->getMessage());
31. }
32. header('location:login.php');
33.  
34. } //setUser()
35.  
36. //RETRIEVE HASHED PASSWORD FROM DB
37. public function getPassword($email){
38. $sql = "SELECT password FROM user WHERE email = ?";
39. $stmt = $this->connect()->prepare($sql);
40. $stmt->execute([$email]);
41.  
42. if($stmt->rowCount()){
43. while($row = $stmt->fetch()){
44. return $row['password'];
45. }
46. }
47. } //getPassword()
48.  
49. //LOGIN THE USER
50. public function loginUser(){
51.  
52. $email = htmlspecialchars($_POST['email']);
53. $password = htmlspecialchars($_POST['password']);
54. $hashedPassword = $this->getPassword($email);
55.  
56. //Check if hashed password is equal to password
57. if(password_verify($password,$hashedPassword)){
58. try {
59. $sql = "SELECT * FROM user WHERE email = ?";
60. $stmt = $this->connect()->prepare($sql);
61. $stmt->execute([$email]);
62.  
63. if($stmt->rowCount()){
64. while($row = $stmt->fetch()){
65. $_SESSION['userID'] = $row['userID'];
66. $_SESSION['fullName'] = $row['fullName'];
67. $_SESSION['email'] = $row['email'];
68. $_SESSION['DOB'] = $row['DOB'];
69. $_SESSION['nationality'] = $row['nationality'];
70. $_SESSION['workTitle'] = $row['workTitle'];
71. $_SESSION['workPlace'] = $row['workPlace'];
72. $_SESSION['phoneNumber'] = $row['phoneNumber'];
73. $_SESSION['userType'] = $row['userType'];
74. $_SESSION['accNumber'] = $row['accNumber'];
75. $_SESSION['status'] = $row['status'];
76. $_SESSION['profilePic'] = $row['profilePic'];
77. header('location:dashboard.php');
78. }
79. }
80.  
81. } catch (Exception $e) {
82. throw new Exception($e->getMessage);
83. }
84. }else{
85. echo"Invalid email or password";
86. }
87.  
88. } //loginUser()
89.  
90. const USER_FIELDS_TO_COPY_TO_SESSION = ['userID', 'fullName' ....];
91.  
92. if($stmt->rowCount() == 1){
93. $row = $stmt->fetch();
94. foreach(self::USER_FIELDS_TO_COPY_TO_SESSION as $field) {
95. $_SESSION[$field] = $row[$field];
96. }
97. }
98.  
99. if($stmt->rowCount() == 1){
100. $row = $stmt->fetch();
101. $_SESSION = array_merge($_SESSION, $row);
102. }
103.  
104. if($userType == "Investor"){
105. $accNumber = "A" . sprintf("%06d", mt_rand(1, 999999));
106. }else{
107. $accNumber = "B" . sprintf("%06d", mt_rand(1, 999999));
108. }
109.  
110. $prefix = 'B'; //default
111. if($userType == "Investor"){
112. $prefix = "A";
113. }
114. $accNumber = prefix . sprintf("%06d", mt_rand(1, 999999));
115.  
116. $accNumber = ($userType == "Investor" ? "A" : "B") . sprintf("%06d", mt_rand(1, 999999));
117.  
118. $accNumber = "A" . sprintf("%06d", mt_rand(1, 999999));
119.  
120. $fullName = htmlspecialchars($_POST['fullName']);
121. $email = htmlspecialchars($_POST['email']);
122. $password = htmlspecialchars($_POST['password']);
123. ...
124.  
125. throw new Exception($e->getMessage());
126.  
127. $this->connect()
128.  
129. header('location:login.php');
130.  
131. public function setUser($fullName, $email, $password, $DOB, $nationality, $workTitle, $workPlace, $phoneNumber, $userType) {
132.  
133. $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
134.  
135. if($userType == "Investor"){
136. $accNumber = "A";
137. }else{
138. $accNumber = "B";
139. }
140.  
141. $sql = "INSERT INTO user (fullName, email, password, DOB, nationality, workTitle, workPlace, phoneNumber, userType) VALUES (?,?,?,?,?,?,?,?,?,?)";
142. $stmt = $this->db->prepare($sql);
143. $stmt->execute([$fullName, $email, $hashedPassword, $DOB, $nationality, $workTitle, $workPlace, $phoneNumber, $userType]);
144. $id = $this->db->lastInsertId();
145. $sql = "UPDATE user SET accNumber = concat(?, id) WHERE id = ?";
146. $stmt = $this->db->prepare($sql)->execute([$accNumber, $id]);
147. }
148.  
149. public function getPassword($email){
150.  
151. if($stmt->rowCount()){
152.  
153. while($row = $stmt->fetch()){
154.  
155. $_SESSION['userID'] = $row['userID'];
156.  
157. $_SESSION['user'] = $row;
158.  
159. echo"Invalid email or password";
160.  
161. public function loginUser($email, $password){
162. $stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?");
163. $stmt->execute([$email]);
164. $user = $stmt->fetch();
165.  
166. if ($user && password_verify($password, $user['password']))
167. {
168. $_SESSION['user'] = $user;
169. return true;
170. }
171. }
172.  
173. if ($user->loginUser($_POST['email'], $_POST['password'])) {
174. header("Location: somewhere");
175. exit;
176. } else {
177. echo"Invalid email or password";
178. }