Created
November 29, 2016 16:21
-
-
Save dtb49/67c56211cbe8ec7d9d7d49344fe7930b to your computer and use it in GitHub Desktop.
Website-secure sign in, sign up, view users, edit users, logout
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| require ('../mysqli_connect.php'); | |
| $q1 = "SELECT last_name, first_name FROM users WHERE user_id=$id LIMIT 1"; | |
| $r1 = @mysqli_query ($dbc, $q1); | |
| $row1 = mysqli_fetch_array ($r1, MYSQLI_NUM); | |
| $page_title = "$row1[0], $row1[1]"; | |
| //include ('includes/header.html'); | |
| echo '<h1>Edit a User</h1>'; | |
| // Check for a valid user ID, through GET or POST: | |
| if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { // From view_users.php | |
| $id = $_GET['id']; | |
| } elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { // Form submission. | |
| $id = $_POST['id']; | |
| } else { // No valid ID, kill the script. | |
| echo '<p class="error">This page has been accessed in error.</p>'; | |
| include ('includes/footer.html'); | |
| exit(); | |
| } | |
| // Check if the form has been submitted: | |
| if ($_SERVER['REQUEST_METHOD'] == 'POST') { | |
| $errors = array(); | |
| // Check for a first name: | |
| if (empty($_POST['first_name'])) { | |
| $errors[] = 'You forgot to enter your first name.'; | |
| } else { | |
| $fn = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); | |
| } | |
| // Check for a last name: | |
| if (empty($_POST['last_name'])) { | |
| $errors[] = 'You forgot to enter your last name.'; | |
| } else { | |
| $ln = mysqli_real_escape_string($dbc, trim($_POST['last_name'])); | |
| } | |
| // Check for an email address: | |
| if (empty($_POST['email'])) { | |
| $errors[] = 'You forgot to enter your email address.'; | |
| } else { | |
| $e = mysqli_real_escape_string($dbc, trim($_POST['email'])); | |
| } | |
| if (empty($errors)) { // If everything's OK. | |
| //update the password | |
| if (!empty ($_POST['pass1']) && ($_POST['pass1'] == $_POST['pass2'])){ | |
| $q = "UPDATE users SET pass=SHA1('$pass1') WHERE user_id='$id'"; | |
| $r = @mysqli_query($dbc, $q); | |
| if (mysqli_affected_rows($dbc) == 1) { | |
| echo '<h1>Thank you!</h1> | |
| <p>Your password has been updated.</p><p><br /></p>'; | |
| } | |
| } | |
| // Test for unique email address: | |
| $q = "SELECT user_id FROM users WHERE email='$e' AND user_id != $id"; | |
| $r = @mysqli_query($dbc, $q); | |
| if (mysqli_num_rows($r) == 0) { | |
| // Make the query: | |
| $q = "UPDATE users SET first_name='$fn', last_name='$ln', email='$e' WHERE user_id=$id LIMIT 1"; | |
| $r = @mysqli_query ($dbc, $q); | |
| if (mysqli_affected_rows($dbc) == 1) { // If it ran OK. | |
| // Print a message: | |
| echo '<p>The user has been edited.</p>'; | |
| } else { // If it did not run OK. | |
| echo '<p class="error">The user could not be edited due to a system error. We apologize for any inconvenience.</p>'; // Public message. | |
| echo '<p>' . mysqli_error($dbc) . '<br />Query: ' . $q . '</p>'; // Debugging message. | |
| } | |
| } else { // Already registered. | |
| echo '<p class="error">The email address has already been registered.</p>'; | |
| } | |
| } else { // Report the errors. | |
| echo '<p class="error">The following error(s) occurred:<br />'; | |
| foreach ($errors as $msg) { // Print each error. | |
| echo " - $msg<br />\n"; | |
| } | |
| echo '</p><p>Please try again.</p>'; | |
| } // End of if (empty($errors)) IF. | |
| } | |
| // End of submit conditional. | |
| // Retrieve the user's information: | |
| $q = "SELECT first_name, last_name, email FROM users WHERE user_id=$id"; | |
| $r = @mysqli_query ($dbc, $q); | |
| if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form. | |
| // Get the user's information: | |
| $row = mysqli_fetch_array ($r, MYSQLI_NUM); | |
| // Create the form: | |
| echo '<form action="edit_user1.php" method="post"> | |
| <p>First Name: <input type="text" name="first_name" size="15" maxlength="15" value="' . $row[0] . '" /></p> | |
| <p>Last Name: <input type="text" name="last_name" size="15" maxlength="30" value="' . $row[1] . '" /></p> | |
| <p>Email Address: <input type="text" name="email" size="20" maxlength="60" value="' . $row[2] . '" /> </p> | |
| <p>New Password: <input type="password" name="pass1" size="20" maxlength="60" value="' . $row[3] . '" /> </p> | |
| <p>Confirm New Password: <input type="password" name="pass2" size="20" maxlength="60" value="' . $row[4] . '" /> </p> | |
| <p><input type="submit" name="submit" value="Submit" /></p> | |
| <input type="hidden" name="id" value="' . $id . '" /> | |
| </form>'; | |
| } else { // Not a valid user ID. | |
| echo '<p class="error">This page has been accessed in error.</p>'; | |
| } | |
| mysqli_close($dbc); | |
| //include ('includes/footer.html'); | |
| ?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| include '../mysqli_connect.php'; | |
| function sec_session_start() { | |
| $session_name= 'sec_session_id'; //Set a custom session id | |
| $secure = false; //set to true if using https | |
| $httponly = true; //This stops javascript from being able to access the session id | |
| ini_set('session.use_only_cookies', 1); //Forces sessions to only use cookies | |
| $cookieParams = session_get_cookie_params(); //Gets current cookies param | |
| session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); | |
| session_name($session_name); //Sets the session name to the one set above. | |
| session_start(); //start the php session | |
| session_regenerate_id(); //regenerated the session, deleted the old one | |
| } | |
| function login($username, $password, $mysqli) { | |
| //Using prepared statements means that sql injection is not possible | |
| if($stmt = $mysqli->prepare("SELECT user_id, username, pass FROM `term_users` WHERE username = ? LIMIT 1")) | |
| { | |
| $stmt->bind_param('s', $username); //bind username to parameter | |
| $stmt->execute(); //Execute the prepared statement | |
| $stmt->store_result(); | |
| $stmt->bind_result($user_id, $username, $db_password); //get variables from result | |
| $stmt->fetch(); | |
| $password = sha1("$password"); | |
| if($stmt->num_rows == 1) //if the user exists | |
| { | |
| //check if the account is locked from too many login attempts | |
| // if(checkbrute($user_id, $mysqli) == true) | |
| // { | |
| //Account locked | |
| // echo "Account locked!Try again later!"; | |
| //run a function/email script to tell the user their account is locked | |
| // return false; | |
| // }else { | |
| if($db_password == $password) | |
| { | |
| //check if the password matches the one in the database | |
| //password is correct | |
| $_SESSION['user_id'] = $user_id; | |
| return true; | |
| } | |
| else | |
| { | |
| return false; | |
| } | |
| //} | |
| } | |
| else | |
| { | |
| return false; | |
| } | |
| } | |
| else | |
| { | |
| return false; | |
| } | |
| } | |
| /*function checkbrute($user_id, $mysqli) | |
| { | |
| //Get timestamp of current time | |
| $now = time(); | |
| //All login attempts are counted from the past 2 hours. | |
| $valid_attempts = $now - (2*60*60); | |
| if($stmt.prepare("SELECT time FROM login_attempts WHERE user_id = ? AND time > '{$valid_attempts}'")) | |
| { | |
| $stmt->bind_param('i', user_id); | |
| //execute the prepared query | |
| $stmt->execute(); | |
| $stmt->store_result(); | |
| //If there has been more than 5 failed logins | |
| if($stmt->num_rows > 5) | |
| { | |
| return true; | |
| } else { | |
| return false; | |
| } | |
| } | |
| }*/ | |
| function login_check($mysqli) { | |
| //check if all session variables are set | |
| if(isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) | |
| { | |
| $user_id = $_SESSION['user_id']; | |
| $login_string = $_SESSION['login_string']; | |
| $username = $_SESSION['username']; | |
| $user_browser = $SESSION['HTTP_USER_AGENT']; //Get the user-agent string of the user | |
| if($stmt = $mysqli->prepare("SELECT password FROM term_users WHERE user_id = ? LIMIT 1")) | |
| { | |
| $stmt->bind_param('i', $user_id); //Bind user id to parameter | |
| $stmt->execute(); | |
| $stmt->store_result(); | |
| if($stmt->num_rows == 1) | |
| { | |
| //if user exists | |
| $stmt->bind_result($password);//get variables from result | |
| $stmt->fetch(); | |
| $login_check = hash('sha1', $password.$user_browser); | |
| if($login_check == $login_string) | |
| { | |
| //Logged in!! | |
| return true; | |
| } | |
| } | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <meta charset="utf-8" /> | |
| <title>Welcome to NerdIslander!</title> | |
| <link rel="stylesheet" href="http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.css" /> | |
| <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> | |
| <script src="http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.js"></script> | |
| <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /> | |
| <style> | |
| img.fullscreen { | |
| max-height: 100%; | |
| max-width: 100%; | |
| } | |
| </style> | |
| </head> | |
| <body> | |
| <div data-role="page" id="start"> | |
| <div data-role="content"> | |
| <img src="http://www.logomaker.com/logo-images/08d67462ded8fc69.gif"/> | |
| <img src="http://www.logomaker.com/images/logos.gif" alt="logo design" border="0"/> | |
| <center><p><font size="3" color="black">This is a place where people can come and share their ideas and opinions and knowledge about survival, | |
| and different ways that you can prepare yourself whether it be because you got lost in the woods or maybe in case the world ends, or maybe for that little prepper inside you, | |
| who knows. Its knowledge and people are going to be putting it out there. The only thing I ask is that you retain | |
| some of this knowledge with you in order to be better prepared if you should ever need it to survive out on your own.</font></p></center><br> | |
| <a href="facebook_login.php" data-role="button" data-inline="true" data-theme="b" data-mini="true">Login with Facebook!</a> | |
| <a href="login_v2.php" data-role="button" data-inline="true" data-theme="b" data-mini="true">Login with us!</a> | |
| </div> | |
| <footer data-role="footer" data-position="fixed"> | |
| <nav data-role="navbar"> | |
| <ul> | |
| <li><a href="signup_valid.php" data-icon="gear">New User? Sign up!</a></li> | |
| </ul> | |
| </nav> | |
| </footer> | |
| </div> | |
| </body> | |
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <meta charset="utf-8" /> | |
| <title>Welcome to NerdIslander!</title> | |
| <link rel="stylesheet" href="http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.css" /> | |
| <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> | |
| <script src="http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.js"></script> | |
| <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /> | |
| <style> | |
| img.fullscreen { | |
| max-height: 100%; | |
| max-width: 100%; | |
| } | |
| </style> | |
| </head> | |
| <body> | |
| <div data-role="page" id="login"> | |
| <header data-role="header"> | |
| <h1>Login!</h1> | |
| </header> | |
| <?php | |
| if(isset($_POST['saveform1']) && $_POST['saveform1'] == 'TRUE') | |
| { | |
| require_once("../mysqli_connect.php"); | |
| //set the username and password variables from the form | |
| $username = $_POST['usernameLog']; | |
| $password = $_POST['passLog']; | |
| $password_hash = sha1($password); | |
| //create sql string to retrieve the string from the database table "users" | |
| $sql = "SELECT * FROM `term_users` WHERE username = '$username' AND password = '$password_hash'"; | |
| $result = mysqli_query($sql); | |
| $count=mysql_num_rows($result); | |
| // If result matched $myusername and $mypassword, table row must be 1 row | |
| if($count==1){ | |
| $return = "**Successful Login**"; | |
| echo "<script type='text/javascript'>alert('$return');</script>"; | |
| } | |
| else { | |
| $return = "**Failed Login**"; | |
| echo "<script type='text/javascript'>alert('$return');</script>"; | |
| }/* | |
| if ($result == true) | |
| { | |
| $return = "**Successful Login**"; | |
| echo "<script type='text/javascript'>alert('$return');</script>"; | |
| header("Location: newsfeed.php"); | |
| } | |
| else | |
| { | |
| $return = "**Failed Login**"; | |
| echo "<script type='text/javascript'>alert('$return');</script>"; | |
| }*/ | |
| } | |
| ?> | |
| <div data-role="content"> | |
| Login with us!<br /> | |
| <form> | |
| <div data-role="fieldcontain"> | |
| Username: <input type="text" id="usernameLog" name="usernameLog"/></div><br /> | |
| <div data-role="fieldcontain"> | |
| Password: <input type="password" id="passLog" name="passLog"/></div><br /> | |
| <input type="hidden" name="saveform1" value="FALSE" /> | |
| <input type="submit" value="Login!" id="log_in" onclick="document.forms[0].saveform1.value='TRUE'; document.forms[0].submit();" /> | |
| </form> | |
| </div> | |
| <footer data-role="footer" data-position="fixed"> | |
| <nav data-role="navbar"> | |
| <ul> | |
| <li><a href="signup.php" data-icon="gear">New User? Sign up!</a></li> | |
| <li><a href="newsfeed.php" data-icon="home">Newsfeed</a></li> | |
| </ul> | |
| </nav> | |
| </footer> | |
| </div> <!-- page --> | |
| </body> | |
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <meta charset="utf-8" /> | |
| <title>Welcome to NerdIslander!</title> | |
| <link rel="stylesheet" href="http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.css" /> | |
| <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> | |
| <script src="http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.js"></script> | |
| <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /> | |
| <style> | |
| img.fullscreen { | |
| max-height: 100%; | |
| max-width: 100%; | |
| } | |
| </style> | |
| <link href="data:image/x-icon;base64,AAABAAEAEBAQAAAAAAAoAQAAFgAAACgAAAAQAAAAIAAAAAEABAAAAAAAgAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAB0qKAAyC8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEAEQARAAAAERARAREAAAABEREREAAAAAAREREAAAAAACIiIgAAAAACIiIiIAAAAAIiIiIgAAAAACIiIiAAAAAAIiIiIAAAAAACAiACAAAAAAICIAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMzwAAxI8AAOAfAADwPwAA8D8AAOAfAADgHwAA8B8AAPAfAAD6bwAA+n8AAP+/AAD//wAA//8AAP//AAD//wAA" rel="icon" type="image/x-icon" /> | |
| </head> | |
| <body> | |
| <div data-role="page" id="login"> | |
| <header data-role="header"> | |
| <h1>Login!</h1> | |
| </header> | |
| <div data-role="content"> | |
| Login with us!<br /> | |
| <form action="process_login.php" method="post"> | |
| <div data-role="fieldcontain"> | |
| Username: <input type="text" name="username"/></div><br /> | |
| <div data-role="fieldcontain"> | |
| Password: <input type="password" name="password"/></div><br /> | |
| <input type="button" value="Login!" onclick="document.forms[0].submit();"/> | |
| </form> | |
| </div> | |
| <footer data-role="footer" data-position="fixed"> | |
| <nav data-role="navbar"> | |
| <ul> | |
| <li><a href="signup_valid.php" data-icon="gear">New User? Sign up!</a></li> | |
| <li><a href="newsfeed.php" data-icon="home">Newsfeed</a></li> | |
| </ul> | |
| </nav> | |
| </footer> | |
| </div> <!-- page --> | |
| </body> | |
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <meta charset="utf-8" /> | |
| <title>Welcome to NerdIslander!</title> | |
| <link rel="stylesheet" href="http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.css" /> | |
| <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> | |
| <script src="http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.js"></script> | |
| <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /> | |
| <style> | |
| img.fullscreen { | |
| max-height: 100%; | |
| max-width: 100%; | |
| } | |
| </style> | |
| </head> | |
| <body> | |
| <?php | |
| include 'functions.php'; | |
| sec_session_start(); | |
| //Unset all session values | |
| $_SESSION = array(); | |
| //get session parameters | |
| $params = session_get_cookie_params(); | |
| //delete the actual cookie | |
| if (ini_get("session.use_cookies")) | |
| { | |
| setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]); | |
| } | |
| //Destroy session | |
| session_destroy(); | |
| header('Location: ./Main.html'); | |
| ?> | |
| <div data-role="page" id="newsfeed"> | |
| <header data-role="header"> | |
| <h1>Come Back Soon!</h1> | |
| </header> | |
| <div data-role="content"> | |
| <h2><b>You have been logged out successfully!</b></h2><br /> | |
| </div> | |
| <footer data-role="footer" data-position="fixed"> | |
| <nav data-role="navbar"> | |
| <ul> | |
| <li><a href="Main.html" data-icon="home">Log back in?</a></li> | |
| </ul> | |
| </nav> | |
| </footer> | |
| </div> <!-- page --> | |
| </body> | |
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| include '../mysqli_connect.php'; | |
| include 'functions.php'; | |
| sec_session_start(); | |
| if(isset($_POST['username'], $_POST['password'])) | |
| { | |
| $username = $_POST['username']; | |
| $password = $_POST['password']; | |
| $_SESSION['user_id'] = $user_id; | |
| if(login($username, $password, $mysqli) == true) | |
| { | |
| //Login success | |
| header('Location: newsfeed.php'); | |
| echo 'Success: You have been logged in!'; | |
| } | |
| else | |
| { | |
| //Login failed | |
| header('Location: ./login_v2.php?error=1'); | |
| $message = "Please make sure the password and username you entered are correct."; | |
| echo "<script type='text/javascript'>alert('$message');</script>"; | |
| } | |
| } | |
| else | |
| { | |
| //the correct POST variables were not sent to this page. | |
| echo 'Invalid Request'; | |
| } | |
| ?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <meta charset="utf-8" /> | |
| <title>Welcome to NerdIslander!</title> | |
| <link rel="stylesheet" href="http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.css" /> | |
| <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> | |
| <script src="http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.js"></script> | |
| <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /> | |
| <style> | |
| img.fullscreen { | |
| max-height: 100%; | |
| max-width: 100%; | |
| } | |
| </style> | |
| </head> | |
| <body> | |
| <div data-role="page" id="signup"> | |
| <header data-role="header"> | |
| <h1>Sign up!</h1> | |
| </header> | |
| <?php | |
| if(isset($_POST['saveform']) && $_POST['saveform'] == 'TRUE') | |
| { | |
| require_once("../mysqli_connect.php"); | |
| $wholename = $POST['first_name']." ".$POST['last_name']; | |
| $name=mysqli_real_escape_string($dbc, $wholename); | |
| $first_name=mysqli_real_escape_string($dbc, $_POST['first_name']); | |
| $last_name=mysqli_real_escape_string($dbc, $_POST['last_name']); | |
| $username=mysqli_real_escape_string($dbc, $_POST['username']); | |
| $email=mysqli_real_escape_string($dbc, $_POST['email']); | |
| $pass=mysqli_real_escape_string($dbc, $_POST['pass']); | |
| $securepass = sha1($pass); | |
| $q = "INSERT INTO term_users (name, first_name, last_name, username, email, password, date) ". | |
| "VALUES ('$name', '$first_name', '$last_name', '$username', '$email', '$securepass', NOW() )"; | |
| //echo $q."<br>"; //debug echo - comment out of finished version | |
| $r = @mysqli_query($dbc, $q); | |
| if($r) | |
| { | |
| //send validation email | |
| echo ($r); | |
| } | |
| } | |
| ?> | |
| <div data-role="content"> | |
| Create a Profile with us!<br> | |
| <form> | |
| <div data-role="fieldcontain"> | |
| First Name: <input type="text" id="first_name" /></div><br /> | |
| <div data-role="fieldcontain"> | |
| Last Name: <input type="text" id="last_name" /></div><br /> | |
| <div data-role="fieldcontain"> | |
| Username:<input type="text" id="username" /></div><br /> | |
| <div data-role="fieldcontain"> | |
| Email:<input type="text" id="email" /></div><br /> | |
| <div data-role="fieldcontain"> | |
| Password:<input type="password" id="pass" /></div><br /> | |
| <input type="hidden" name="saveform" value="FALSE" /> | |
| <input type="submit" value="Sign up!" id="sign_up" onclick="document.forms[0].saveform.value='TRUE'; document.forms[0].submit();" /> | |
| </form> | |
| </div> | |
| <footer data-role="footer" data-position="fixed"> | |
| <nav data-role="navbar"> | |
| <ul> | |
| <li><a href= "login.php" data-icon="back">Already a user?</a></li> | |
| </ul> | |
| </nav> | |
| </footer> | |
| </div> <!-- page --> | |
| </body> | |
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| include '../mysqli_connect.php'; | |
| ?> | |
| <!DOCTYPE HTML> | |
| <html> | |
| <head> | |
| <meta charset="utf-8" /> | |
| <title>Welcome to NerdIslander!</title> | |
| <link rel="stylesheet" href="http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.css" /> | |
| <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> | |
| <script src="http://code.jquery.com/mobile/1.3.2/jquery.mobile-1.3.2.min.js"></script> | |
| <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /> | |
| <style> | |
| img.fullscreen { | |
| max-height: 100%; | |
| max-width: 100%; | |
| } | |
| .error {color: #FF0000;} | |
| </style> | |
| </head> | |
| <body> | |
| <div data-role="page" id="signup_valid"> | |
| <header data-role="header"> | |
| <h1>Sign up!</h1> | |
| </header> | |
| <?php | |
| // define variables and set to empty values | |
| $first_nameErr = $last_nameErr = $emailErr = $passwordErr = $usernameErr = $descriptionErr = ""; | |
| $first_name = $last_name = $email = $password = $username = $description = ""; | |
| if ($_SERVER["REQUEST_METHOD"] == "POST") | |
| { | |
| //validate first name | |
| if (empty($_POST["first_name"])) | |
| {$first_nameErr = "first name is required";} | |
| else | |
| { | |
| $first_name = test_input($_POST["first_name"]); | |
| // check if name only contains letters and whitespace | |
| if (!preg_match("/^[a-zA-Z ]*$/",$first_name)) | |
| { | |
| $first_nameErr = "Only letters and white space allowed"; | |
| } | |
| } | |
| //Validate last name | |
| if (empty($_POST["last_name"])) | |
| {$last_nameErr = "last name is required";} | |
| else | |
| { | |
| $last_name = test_input($_POST["last_name"]); | |
| // check if name only contains letters and whitespace | |
| if (!preg_match("/^[a-zA-Z ]*$/",$last_name)) | |
| { | |
| $last_nameErr = "Only letters and white space allowed"; | |
| } | |
| } | |
| if (empty($_POST["username"])) | |
| {$usernameErr = "Username is required";} | |
| else | |
| { | |
| $username = test_input($_POST["username"]); | |
| } | |
| if (empty($_POST["email"])) | |
| {$emailErr = "Email is required";} | |
| else | |
| { | |
| $email = test_input($_POST["email"]); | |
| // check if e-mail address syntax is valid | |
| if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) | |
| { | |
| $emailErr = "Invalid email format"; | |
| } | |
| } | |
| //validate description | |
| if (empty($_POST["description"])) | |
| {$descriptionErr = "Description is required";} | |
| else | |
| { | |
| $description = test_input($_POST["description"]); | |
| } | |
| //Validate password | |
| if (empty($_POST["password"])) | |
| {$passwordErr = "Password is required";} | |
| else | |
| { | |
| if($_POST["password"] != $_POST["password2"]) | |
| { | |
| $passwordErr = "Your passwords do not match"; | |
| } | |
| else | |
| { | |
| $password = test_input($_POST["password"]); | |
| } | |
| } | |
| /* | |
| if (empty($_POST["website"])) | |
| {$website = "";} | |
| else | |
| { | |
| $website = test_input($_POST["website"]); | |
| // check if URL address syntax is valid (this regular expression also allows dashes in the URL) | |
| if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i",$website)) | |
| { | |
| $websiteErr = "Invalid URL"; | |
| } | |
| } | |
| if (empty($_POST["comment"])) | |
| {$comment = "";} | |
| else | |
| {$comment = test_input($_POST["comment"]);} */ | |
| /*if (empty($_POST["gender"])) | |
| {$genderErr = "Gender is required";} | |
| else | |
| {$gender = test_input($_POST["gender"]);}*/ | |
| } | |
| function test_input($data) | |
| { | |
| $data = trim($data); | |
| $data = stripslashes($data); | |
| $data = htmlspecialchars($data); | |
| return $data; | |
| } | |
| //if(!empty($_POST)) | |
| if($_SERVER['REQUEST_METHOD'] == 'POST') | |
| { | |
| $name = $first_name." ".$last_name; | |
| $passwordEncrypt = sha1($password); | |
| $q = "INSERT INTO term_users (name, first_name, last_name, username, email, date, pass, description) VALUES ('$name','$first_name','$last_name','$username','$email', NOW(),'$passwordEncrypt','$description')"; | |
| $r = mysqli_query($dbc, $q); | |
| if($r) | |
| { | |
| $message = "You have successfully signed up with us. Log in and take a look around! If you have any problems, please send us an email at nerdislander@gmail.com"; | |
| echo "<script type='text/javascript'>alert('$message');</script>"; | |
| header("Location: http://nerdislander.com/apps/TermProject/login_v2.php"); | |
| exit(); | |
| } | |
| else | |
| { | |
| $message = "There was a problem when we were putting your information into our database! Please make sure all fields have been correctly filled out! If this problem persists, please send us an email at nerdislander@gmail.com"; | |
| echo "<script type='text/javascript'>alert('$message');</script>"; | |
| } | |
| } | |
| ?> | |
| <div data-role="content"> | |
| <h2>Sign up!</h2> | |
| <p><span class="error">* required field.</span></p> | |
| <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> | |
| <div data-role="fieldcontain"> | |
| First name: <input type="text" name="first_name" value="<?php echo $first_name;?>"><br> | |
| <span class="error">* <?php echo $first_nameErr;?></span></div> | |
| <br><br> | |
| <div data-role="fieldcontain"> | |
| Last name: <input type="text" name="last_name" value="<?php echo $last_name;?>"><br> | |
| <span class="error">* <?php echo $last_nameErr;?></span></div> | |
| <br><br> | |
| <div data-role="fieldcontain"> | |
| Username: <input type="text" name="username" value="<?php echo $username;?>"><br> | |
| <span class="error">*<?php echo $usernameErr;?></span></div> | |
| <br><br> | |
| <div data-role="fieldcontain"> | |
| E-mail: <input type="text" name="email" value="<?php echo $email;?>"><br> | |
| <span class="error">* <?php echo $emailErr;?></span></div> | |
| <br><br> | |
| <div data-role="fieldcontain"> | |
| Description: <input type="text" name="description" value="<?php echo $description;?>"><br> | |
| <span class="error">* <?php echo $descriptionErr;?></span></div> | |
| <br><br> | |
| <div data-role="fieldcontain"> | |
| Password: <input type="password" name="password" value=""><br> | |
| <span class="error">* <?php echo $passwordErr;?></span></div> | |
| <br><br> | |
| <div data-role="fieldcontain"> | |
| Re-enter Password: <input type="password" name="password2" value=""><br> | |
| <span class="error">*</span></div> | |
| <br><br> | |
| <!--<fieldset data-role="controlgroup" data-type="horizontal"> | |
| <legend>Gender:</legend> | |
| <input type="radio" name="gender" id="gender1" if (isset($gender) && $gender=="male") echo "checked";?> value="male" /> | |
| <label for="gender1">Male</label> | |
| <input type="radio" name="gender" id="gender2" <php if (isset($gender) && $gender=="female") echo "checked";?> value="female" /><br> | |
| <label for="gender2">Female</label><br> | |
| <input type="radio" name="gender" <php if (isset($gender) && $gender=="female") echo "checked";?> value="female">Female | |
| <input type="radio" name="gender" <php if (isset($gender) && $gender=="male") echo "checked";?> value="male">Male | |
| <span class="error">* php echo $genderErr;?></span> | |
| </fieldset> onclick="document.forms[0].saveform.value='TRUE'; document.forms[0].submit();"> | |
| <br><br>--> | |
| <input type="hidden" name="saveform" value="FALSE" /> | |
| <input type="submit" name="submit" value="Submit"> | |
| </form> | |
| </div> | |
| <footer data-role="footer" data-position="fixed"> | |
| <nav data-role="navbar"> | |
| <ul> | |
| <li><a href= "login.php" data-icon="back">Already a user?</a></li> | |
| </ul> | |
| </nav> | |
| </footer> | |
| </div> <!-- page --> | |
| </body> | |
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php # Script 10.5 - #5 | |
| // This script retrieves all the records from the users table. | |
| // This new version allows the results to be sorted in different ways. | |
| $page_title = 'View the Current Users'; | |
| //include ('includes/header.html'); | |
| echo '<h1>Registered Users</h1>'; | |
| require ('../mysqli_connect.php'); | |
| // Number of records to show per page: | |
| $display = 10; | |
| // Determine how many pages there are... | |
| if (isset($_GET['p']) && is_numeric($_GET['p'])) { // Already been determined. | |
| $pages = $_GET['p']; | |
| } else { // Need to determine. | |
| // Count the number of records: | |
| $q = "SELECT COUNT(user_id) FROM users"; | |
| $r = @mysqli_query ($dbc, $q); | |
| $row = @mysqli_fetch_array ($r, MYSQLI_NUM); | |
| $records = $row[0]; | |
| // Calculate the number of pages... | |
| if ($records > $display) { // More than 1 page. | |
| $pages = ceil ($records/$display); | |
| } else { | |
| $pages = 1; | |
| } | |
| } // End of p IF. | |
| // Determine where in the database to start returning results... | |
| if (isset($_GET['s']) && is_numeric($_GET['s'])) { | |
| $start = $_GET['s']; | |
| } else { | |
| $start = 0; | |
| } | |
| // Determine the sort... | |
| // Default is by registration date. | |
| $sort = (isset($_GET['sort'])) ? $_GET['sort'] : 'rd'; | |
| // Determine the sorting order: | |
| switch ($sort) { | |
| case 'ln': | |
| $order_by = 'last_name ASC'; | |
| break; | |
| case 'fn': | |
| $order_by = 'first_name ASC'; | |
| break; | |
| case 'rd': | |
| $order_by = 'registration_date ASC'; | |
| break; | |
| default: | |
| $order_by = 'registration_date ASC'; | |
| $sort = 'rd'; | |
| break; | |
| } | |
| // Define the query: | |
| $q = "SELECT last_name, first_name, DATE_FORMAT(registration_date, '%M %d, %Y') AS dr, user_id FROM users ORDER BY $order_by LIMIT $start, $display"; | |
| $r = @mysqli_query ($dbc, $q); // Run the query. | |
| // Table header: | |
| echo '<table align="center" cellspacing="0" cellpadding="5" width="75%"> | |
| <tr> | |
| <td align="left"><b>Edit</b></td> | |
| <td align="left"><b>Delete</b></td> | |
| <td align="left"><b><a href="view_users.php?sort=ln">Last Name</a></b></td> | |
| <td align="left"><b><a href="view_users.php?sort=fn">First Name</a></b></td> | |
| <td align="left"><b><a href="view_users.php?sort=rd">Date Registered</a></b></td> | |
| </tr> | |
| '; | |
| // Fetch and print all the records.... | |
| $bg = '#eeeeee'; | |
| while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) { | |
| $bg = ($bg=='#eeeeee' ? '#ffffff' : '#eeeeee'); | |
| echo '<tr bgcolor="' . $bg . '"> | |
| <td align="left"><a href="edit_user1.php?id=' . $row['user_id'] . '">Edit</a></td> | |
| <td align="left"><a href="delete_user.php?id=' . $row['user_id'] . '">Delete</a></td> | |
| <td align="left">' . $row['last_name'] . '</td> | |
| <td align="left">' . $row['first_name'] . '</td> | |
| <td align="left">' . $row['dr'] . '</td> | |
| </tr> | |
| '; | |
| } // End of WHILE loop. | |
| echo '</table>'; | |
| mysqli_free_result ($r); | |
| mysqli_close($dbc); | |
| // Make the links to other pages, if necessary. | |
| if ($pages > 1) { | |
| echo '<br /><p>'; | |
| $current_page = ($start/$display) + 1; | |
| // If it's not the first page, make a Previous button: | |
| if ($current_page != 1) { | |
| echo '<a href="view_users.php?s=' . ($start - $display) . '&p=' . $pages . '&sort=' . $sort . '">Previous</a> '; | |
| } | |
| // Make all the numbered pages: | |
| for ($i = 1; $i <= $pages; $i++) { | |
| if ($i != $current_page) { | |
| echo '<a href="view_users.php?s=' . (($display * ($i - 1))) . '&p=' . $pages . '&sort=' . $sort . '">' . $i . '</a> '; | |
| } else { | |
| echo $i . ' '; | |
| } | |
| } // End of FOR loop. | |
| // If it's not the last page, make a Next button: | |
| if ($current_page != $pages) { | |
| echo '<a href="view_users.php?s=' . ($start + $display) . '&p=' . $pages . '&sort=' . $sort . '">Next</a>'; | |
| } | |
| echo '</p>'; // Close the paragraph. | |
| } // End of links section. | |
| //include ('includes/footer.html'); | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment