WebServ/www/public/M6/04/userManipulation.php

82 lines
2.4 KiB
PHP
Raw Normal View History

2024-09-19 13:47:33 +02:00
<?php
if (isset($_POST['login'])) login();
else if (isset($_POST['signup'])) signup();
else if (isset($_POST['logout'])) logout();
else header("Location: login.php");
function login()
{
if (!isset($_POST['username'], $_POST['password'])) header("Location: login.php");
include_once('../inc/egytalk_connect.php');
$username = filter_input(INPUT_POST, 'username', FILTER_UNSAFE_RAW);
$password = $_POST['password'];
$stmt = $db->prepare("SELECT * FROM user WHERE username = :username");
$stmt->bindValue(":username", $username);
$stmt->execute();
if ($stmt->rowCount() != 1) header("Location: login.php");
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if (password_verify($password, $user['password'])) {
$_SESSION = array();
session_start();
$_SESSION['uid'] = $user['uid'];
$_SESSION['username'] = $user['username'];
$_SESSION['name'] = $user['surname'] . " " . $user['firstname'];
$_SESSION['logged_in'] = true;
header("Location: index.php");
}
}
function signup()
{
if (!isset($_POST['firstName'], $_POST['surName'], $_POST['username'], $_POST['password'])) {
header("Location: login.php");
exit();
}
include_once('../inc/egytalk_connect.php');
$firstName = filter_input(INPUT_POST, 'firstName', FILTER_SANITIZE_SPECIAL_CHARS);
$surName = filter_input(INPUT_POST, 'surName', FILTER_SANITIZE_SPECIAL_CHARS);
$username = filter_input(INPUT_POST, 'username', FILTER_UNSAFE_RAW);
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$stmt = $db->prepare("INSERT INTO user(uid, firstname, surname, username, password) VALUES(UUID(), :fn, :sn,:user,:pwd)");
$stmt->bindValue(":fn", $firstName);
$stmt->bindValue(":sn", $surName);
$stmt->bindValue(":user", $username);
$stmt->bindValue(":pwd", $password);
try {
$stmt->execute();
$_SESSION = array();
session_start();
$_SESSION['logged_in'] = true;
header("Location: index.php");
} catch (Exception $e) {
header("Location: login.php");
exit();
}
}
function logout()
{
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$_POST = array();
$_SESSION = array(); // Tömmer sessionsarrayen
session_regenerate_id(true);
header("Location: index.php");
exit();
}