-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathprocess.php
More file actions
166 lines (157 loc) · 6.15 KB
/
Copy pathprocess.php
File metadata and controls
166 lines (157 loc) · 6.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
<?php
session_start();
// if user clicked on register
if(isset($_POST['action']) && $_POST['action']=='register'){
// gets inputs values to session
$_SESSION['first_name']=$_POST['first_name'];
$_SESSION['last_name']=$_POST['last_name'];
$_SESSION['email']=$_POST['email'];
$_SESSION['password']=$_POST['password'];
$_SESSION['confirm_password']=$_POST['confirm_password'];
$_SESSION['errors']='';
//validate inputs
if(empty($_SESSION['first_name'])){
$_SESSION['errors']=$_SESSION['errors'] . '<p class="red">first name is required</p>';
}
if(empty($_SESSION['last_name'])){
$_SESSION['errors']=$_SESSION['errors'] . '<p class="red">last name is required</p>';
}
if(empty($_SESSION['email'])){
$_SESSION['errors']=$_SESSION['errors'] . '<p class="red">email is required</p>';
}
elseif(!filter_var($_SESSION['email'], FILTER_VALIDATE_EMAIL)){
$_SESSION['errors']=$_SESSION['errors'] . '<p class="red">this email address is not valid</p>';
}
if(empty($_SESSION['password'])){
$_SESSION['errors']=$_SESSION['errors'] . '<p class="red">password is required</p>';
}
if(empty($_SESSION['confirm_password'])){
$_SESSION['errors']=$_SESSION['errors'] . '<p class="red">confirm password is required</p>';
}
if($_SESSION['password']!=$_SESSION['confirm_password']){
$_SESSION['errors']=$_SESSION['errors'] . '<p class="red">confirm password is not matching password</p>';
}
// if inputs are not valid, go back to index.php
if(!empty($_SESSION['errors'])){
header('location: index.php');
die();
}
// if inputs are valid, proceed
// connect to database
include_once('connection.php');
// treat data before inserting in the table
$first_name=escape_this_string($_SESSION['first_name']);
$last_name=escape_this_string($_SESSION['last_name']);
$email=escape_this_string($_SESSION['email']);
$password=escape_this_string($_SESSION['password']);
// insert new user data into table users
$query="INSERT INTO users (first_name, last_name, email, password, created_at, updated_at) " .
"VALUES ('" . $first_name . "', '" .$last_name . "', '" . $email . "', '" . $password . "', NOW(), NOW());";
run_mysql_query($query);
$_SESSION['success_message']='<p class="green">' . $_SESSION['first_name'] . ', you have succesfully registered!</p>';
unset($_SESSION['first_name']);
unset($_SESSION['last_name']);
unset($_SESSION['email']);
unset($_SESSION['password']);
header('location: index.php');
die();
}
// if user clicked on login
if(isset($_POST['action']) && $_POST['action']=='login'){
// connect to database
include_once('connection.php');
// get and treat inputs to variables
$_SESSION['email']=$_POST['email'];
$email = escape_this_string($_POST['email']);
$password = escape_this_string($_POST['password']);
$query="SELECT * FROM users WHERE email = '" . $email . "';";
$query_result = fetch_record($query);
// if query brings no results, write message and die
if(is_null($query_result['id'])){
$_SESSION['errors_login'] = '<p class="red">This email is not registered yet. Please register.</p>';
header('location: index.php');
die();
}
// if query bring a result, compare the passwords (input vs db)
if($password!=$query_result['password']){
$_SESSION['errors_login'] = '<p class="red">This is not the correct password. Please try again.</p>';
header('location: index.php');
die();
}
// if password is correct, proceed
$_SESSION['user_id'] = $query_result['id'];
$_SESSION['first_name']=$query_result['first_name'];
$_SESSION['last_name']=$query_result['last_name'];
$_SESSION['email']=$query_result['email'];
header('location: home.php');
die();
}
// if user clicked on logoff
if(isset($_GET['action']) && $_GET['action']=='logoff'){
session_destroy();
header('location: index.php');
die();
}
// if user clicked on create_incident
if(isset($_POST['action']) && ($_POST['action']=='create_incident')){
// gets inputs values to session
$_SESSION['new_incident_name']=$_POST['new_incident_name'];
$_SESSION['new_incident_date']=$_POST['new_incident_date'];
$_SESSION['errors']='';
//validate inputs
if(empty($_SESSION['new_incident_name'])){
$_SESSION['errors']=$_SESSION['errors'] . '<p class="red">incident name is required</p>';
}elseif(strlen($_SESSION['new_incident_name'])<10){
$_SESSION['errors']=$_SESSION['errors'] . '<p class="red">incident name must have at least 10 characters</p>';
}
if(empty($_SESSION['new_incident_date'])){
$_SESSION['errors']=$_SESSION['errors'] . '<p class="red">incident date is required</p>';
}
elseif(count(explode("/", $_SESSION['new_incident_date']))!=3){
$_SESSION['errors']=$_SESSION['errors'] . '<p class="red">incident date is not valid, use the format "yyyy/mm/dd"</p>';
}
// if inputs are not valid, display error messages
if(!empty($_SESSION['errors'])){
header('location: home.php');
die();
}
// if inputs are valid, proceed
// connect to database
include_once('connection.php');
// get user data to variable
$new_incident_name = escape_this_string($_POST['new_incident_name']);
$new_incident_date = escape_this_string($_POST['new_incident_date']);
$user_id = $_SESSION['user_id'];
// insert user data into database
$query = "INSERT INTO incidents (name, created_at, updated_at, creator_id) VALUES ('" .
$new_incident_name . "', '" . $new_incident_date . "', NOW(), " . $user_id . ");";
run_mysql_query($query);
header('location: home.php');
die();
}
// if user clicked on delete_message
if(isset($_POST['action']) && ($_POST['action']=='delete_incident')){
// connect to database
include_once('connection.php');
// get user data to variable
$incident_id = $_POST['incident_id'];
// delete data from database
$query = "DELETE FROM incidents WHERE (id=" . $incident_id . ");";
run_mysql_query($query);
header('location: home.php');
die();
};
// if user clicked on Yes
if(isset($_POST['action']) && ($_POST['action']=='Yes')){
// connect to database
include_once('connection.php');
// get user data to variable
$incident_id=$_POST['incident_id'];
$user_id = $_SESSION['user_id'];
// insert user data into database
$query = "INSERT INTO users_has_incidents (users_id, incidents_id) VALUES (" . $user_id . ", " . $incident_id . ");";
run_mysql_query($query);
header('location: home.php');
die();
}
?>