-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprocess.php
130 lines (118 loc) · 4.08 KB
/
process.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
<?php
session_start();
require_once('connection.php');
function login($loginemail, $loginpassword) {
$query = "SELECT email, password FROM users WHERE '$loginemail' = email AND '$loginpassword' = password;";
$loggeduser = fetch_record($query);
if($loggeduser) {
$sql = "SELECT first_name, id FROM users WHERE email = '$loginemail';";
$row = fetch_record($sql);
$name = $row['first_name'];
$id = $row['id'];
$_SESSION['first_name'] = $name;
$_SESSION['id'] = $id;
header("Location: main.php");
}
else {
echo "Wrong email or password";
}
}
function redirect() {
$loginemail = escape_this_string($_POST['email']);
$loginpassword = escape_this_string($_POST['password']);
if(empty($loginemail)) {
$_SESSION['loginerror'] = "Please insert email";
header("Location: index.php");
}
else if(empty($loginpassword)) {
$_SESSION['loginerror'] = "Please insert your password";
header("Location: index.php");
}
else {
login($loginemail, $loginpassword);
}
}
if(isset($_POST['login'])) {
redirect();
}
if(isset($_POST['register'])) {
$name = $_POST['name'];
$surname = $_POST['surname'];
$email = $_POST['email'];
$password = $_POST['password'];
if(empty($name) && empty($surname)) {
$_SESSION['reg_error'] = "Name and surname are required";
header("Location: index.php");
}
else if(empty($name)) {
$_SESSION['reg_error'] = "Name is required";
header("Location: index.php");
}
else if(empty($surname)) {
$_SESSION['reg_error'] = "Surname is required";
header("Location: index.php");
}
else if(empty($email)) {
$_SESSION['reg_error'] = "Email is required";
header("Location: index.php");
}
else if(empty($password)) {
$_SESSION['reg_error'] = "Password is required";
header("Location: index.php");
}
else if (strlen($password) < 6) {
$_SESSION['reg_error'] = "Password must be at least 6 characters long";
header("Location: index.php");
}
else {
$sql = "INSERT INTO users (first_name, last_name, email, password, created_at, updated_at) VALUES ('$name', '$surname', '$email', '$password', NOW(), NOW());";
if(run_mysql_query($sql)) {
$_SESSION['message'] = "New user added";
$_SESSION['first_name'] = $name;
}
else {
$_SESSION['message'] = "Failed to add user";
}
header("Location: main.php");
}
}
if(isset($_POST['logoff'])) {
header("Location: index.php");
session_destroy();
}
if(isset($_POST['post_message'])) {
$message = $_POST['message'];
$sql = "SELECT id FROM users WHERE id = '{$_SESSION['id']}';";
$row = fetch_record($sql);
$userid = $row['id'];
$query = "INSERT INTO messages (message, created_at, updated_at, user_id) VALUES ('$message', NOW(), NOW(), '$userid');";
if(run_mysql_query($query)) {
$_SESSION['message'] = "New message added";
}
else {
$_SESSION['message'] = "Failed to add message";
}
header("Location: main.php");
}
if(isset($_POST['post_comment'])) {
$comment = $_POST['comment'];
$mess_id = $_POST['message_id'];
$sql_user = "SELECT id AS user_id FROM users
WHERE id = '{$_SESSION['id']}';";
$results = fetch_record($sql_user);
$user_id = $results['user_id'];
$sql_message = "SELECT id AS message_id FROM messages WHERE id = '$mess_id';";
$res = fetch_record($sql_message);
$mess_id = $res['message_id'];
echo $user_id;
echo $mess_id;
$query = "INSERT INTO comments (comment, created_at, updated_at, message_id, user_id) VALUES ('$comment', NOW(), NOW(), '$mess_id', '$user_id');";
if(run_mysql_query($query)) {
$_SESSION['message_comm'] = "New comment added";
}
else {
$_SESSION['message_comm'] = "Failed to add comment";
}
header("Location: main.php");
}
?>