forked from AnkDos/The-Canteen-Project
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathac.php
93 lines (64 loc) · 2.21 KB
/
ac.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<?php
ob_start();
session_start();
require_once 'dbconnect.php';
$res=mysql_query("SELECT * FROM users WHERE userId=".$_SESSION['user']);
$userRow=mysql_fetch_array($res);
// it will never let you open index(login) page if session is set
// if ( isset($_SESSION['user'])!="" ) {
// header("Location: home.php");
// exit;
// }
if( isset($_POST['btn-login']) ) {
$email = $_POST['email'];
$upass = $_POST['pass'];
$REG = $_POST['REG'];
$email = strip_tags(trim($email));
$upass = strip_tags(trim($upass));
$REG = strip_tags(trim($REG));
$password = hash('sha256', $upass); // password hashing using SHA256
$res=mysql_query("SELECT userId, userName, userPass FROM users WHERE userEmail='$email' AND REG_NUM='$REG'");
$row=mysql_fetch_array($res);
$count = mysql_num_rows($res); // if uname/pass correct it returns must be 1 row
if( $count == 1 && $row['userPass']==$password ) {
$_SESSION['user'] = $row['userId'];
header("Location: home.php");
} else {
$errMSG = "Wrong Credentials, Try again...";
}
}
if(isset($_GET['up'])&&isset($_GET['uname'])&&isset($_GET['eemail'])&&isset($_GET['passs'])&&isset($_GET['REGe'])) {
$unamee = trim($_GET['uname']);
$emaill = trim($_GET['eemail']);
$upasss = trim($_GET['passs']);
$REGg = trim($_GET['REGe']);
$unamee = strip_tags($unamee);
$emaill = strip_tags($emaill);
$upasss = strip_tags($upasss);
$REGg = strip_tags($REGg);
// password encrypt using SHA256();
$password = hash('sha256', $upasss);
// check email exist or not
$query = "SELECT userEmail FROM users WHERE userEmail='$emaill' ";
$result = mysql_query($query);
$count = mysql_num_rows($result); // if email not found then proceed
if ($count==0) {
$query = "INSERT INTO users(userName,userEmail,userPass,REG_NUM) VALUES('$unamee','$emaill','$password','$REGg')";
$res = mysql_query($query);
if ($res) {
$errTyp = "success";
$errMSGa = "successfully registered, you may login now";
} else {
$errTyp = "danger";
$errMSGa = "Something went wrong, try again later...";
}
} else {
$errTyp = "warning";
$errMSGa = "Sorry Email already in use ...";
}
}
if (isset($_GET['gd']))
{
header("Location: getorder.php");
}
?>