-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsession.php
More file actions
49 lines (47 loc) · 2.01 KB
/
session.php
File metadata and controls
49 lines (47 loc) · 2.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
<?php
require_once 'connect.php';
session_start();
function fix_string($mysqli, $string)
{
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
return $mysqli->real_escape_string($string);
}
if (!isset($_SESSION["is_auth"])) {
$_SESSION["is_auth"] = false;
}
if (isset($_POST["sign_in"])) {
if (isset($_POST["inputLogin"]) && isset($_POST["inputPassword"])) {
if (!preg_match("#^[A-Za-z0-9]$#", $_POST["inputLogin"]) &&
!preg_match("#^[A-Za-z0-9]$#", $_POST["inputPassword"])) {
$login = fix_string($mysqli, $_POST["inputLogin"]);
$password = md5($_POST['inputPassword']);
$count = $mysqli->query("SELECT * FROM `registered_users` WHERE `login` = '$login' AND `password` = '$password'");
if (mysqli_num_rows($count) > 0) {
$_SESSION["is_auth"] = true;
$_SESSION["login"] = $login;
}
} else {
echo '<div class="alert alert-warning">' . '<strong>Warning!</strong>' . ' Incorrectly entered data' . '</div>';
}
}
} else if (isset($_POST["sign_up"])) {
if (isset($_POST["inputLogin"]) && isset($_POST["inputPassword"]) && isset($_POST["inputEmail"])) {
if (!preg_match("/[^(\w)|(\@)|(\.)|(\-)]/", $_POST["inputEmail"]) &&
!preg_match("#^[A-Za-z0-9]$#", $_POST["inputLogin"]) &&
!preg_match("#^[A-Za-z0-9]$#", $_POST["inputPassword"])) {
$login = fix_string($mysqli, $_POST['inputLogin']);
$password = md5($_POST['inputPassword']);
$email = fix_string($mysqli, $_POST['inputEmail']);
$mysqli->query("INSERT INTO registered_users(login, password, email)" .
"VALUES('$login', '$password','$email');");
} else {
echo '<div class="alert alert-warning">' . '<strong>Warning!</strong>' . 'incorrectly entered data' . '</div>';
}
}
} else if (isset($_POST["log_out"])) {
$_SESSION = array();
$_SESSION["is_auth"] = false;
session_destroy();
}