-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserver.php
176 lines (154 loc) · 5.54 KB
/
server.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
<?php
session_start();
$email = "";
$errors = array();
$successfuls = array();
$user = 'root';
$pass = '';
$db = 'website';
$link = new mysqli('localhost', $user, $pass, $db) or die("Unable to connect");
//establish connection with database
$admin = '[email protected]';
//saves appropriate data in the table when register button is clicked
if (isset($_POST['register'])) {
$email = mysqli_real_escape_string($link, $_POST['email']);
$password_1 = mysqli_real_escape_string($link, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($link, $_POST['password_2']);
//ensures that the registration/login form is filled in properly
if (empty($email)) {
//adding the error messages to the errors array
array_push($errors, "Please type in your email");
}
if (empty($password_1)) {
//adding the error messages to the errors array
array_push($errors, "Please type in a password");
}
if ($password_1 != $password_2) {
array_push($errors, "The entered passwords do not match");
}
$emailused="SELECT * FROM users WHERE email='$email'";
$result1=mysqli_query($link, $emailused);
$count=mysqli_num_rows($result1);
if($count>0) {
array_push($errors, "This e-mail has already been taken");
}
//if there are no errors then save details in table
if (count($errors) == 0) {
$password = sha1($password_1); // hashes password for security
$sql = "INSERT INTO users (email, password) VALUES ('$email', '$password')"; // stores data in table
mysqli_query($link, $sql);
$_SESSION['email'] = $email;
$_SESSION['success'] = "Welcome to Intern's Portal $email";
if ($email==$admin) {
header('location: index1.php'); //redirect to admin home page
}
else{
header('location: index.php'); //redirect to home page
}
}
}
//login from login page
if (isset($_POST['login'])) {
$email = mysqli_real_escape_string($link, $_POST['email']);
$password = mysqli_real_escape_string($link, $_POST['password']);
//errors when filling in
if (empty($email)) {
//adding the error messages to the errors array
array_push($errors, "Please type in your email");
}
if (empty($password)) {
//adding the error messages to the errors array
array_push($errors, "Please type in your password");
}
if (count($errors) == 0) {
$password = sha1($password);
$query = "SELECT * FROM users WHERE email='$email' AND password='$password'";
$result = mysqli_query($link, $query);
if (mysqli_num_rows($result) == 1) {
//log user in
$_SESSION['email'] = $email;
$_SESSION['success'] = "Welcome to Intern's Portal $email";
if ($email==$admin) {
header('location: index1.php'); //redirect to admin home page
}
else{
header('location: index.php'); //redirect to home page
}
}else{
array_push($errors, "The email and/or password is incorrect");
}
}
}
//logout
if (isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['email']);
header('location: login.php');
}
if (isset($_POST['submit'])) {
$email = $_SESSION['email'];
$reflection = mysqli_real_escape_string($link, $_POST['reflection']);
$user = "SELECT userid FROM users WHERE email='$email'";
$row = mysqli_fetch_assoc(mysqli_query($link, $user));
$userid = $row['userid'];
$date = date("Y-m-d H:i:s");
$sql = "INSERT INTO reflections (reflection, dateandtime, userid) VALUES ('$reflection', '$date', '$userid')";
if (empty($reflection)) {
//adding the error messages to the errors array
array_push($errors, "Please type in a reflection");
}
else{
$link->query($sql);
array_push($successfuls, "Reflection successfully added");
}
}
if (isset($_POST['changepassword'])) {
$email = $_SESSION['email'];
$oldpwd1=$_POST['oldpwd'];
$oldpwd=sha1($oldpwd1);
$newpwd=$_POST['newpwd'];
$confirmpwd=$_POST['confirmpwd'];
$newpwd1=sha1($newpwd);
$query="SELECT password FROM users WHERE email='$email'";
$result=mysqli_query($link, $query);
while($row=mysqli_fetch_assoc($result)) {
$pass=$row['password'];
if (empty($oldpwd1) or empty($newpwd) or empty($confirmpwd)) {
array_push($errors, "Please fill in the required fields");
}
elseif ($oldpwd==$pass) {
if ($newpwd==$confirmpwd) {
$updatequery="UPDATE users SET password='$newpwd1' WHERE email='$email'";
$update=mysqli_query($link, $updatequery);
array_push($successfuls, "Password changed successfully");
}else{
array_push($errors, "The entered passwords do not match");
}
}else{
array_push($errors, "Old password is incorrect");
}
}
}
if (isset($_POST['student'])) {
$email = $_POST['email'];
}
if (isset($_POST['feedbacksubmit'])) {
error_reporting(E_PARSE);
$email = $_SESSION['email'];
$reflectionID = $_SESSION['varname'];
$feedback = mysqli_real_escape_string($link, $_POST['feedback']);
$user = "SELECT userid FROM users WHERE email='$email'";
$row = mysqli_fetch_assoc(mysqli_query($link, $user));
$userid = $row['userid'];
$date = date("Y-m-d H:i:s");
$sql = "INSERT INTO feedbacks (feedback, dateandtime1, reflectionID1, userid) VALUES ('$feedback', '$date', '$reflectionID', '$userid')";
if (empty($feedback)) {
//adding the error messages to the errors array
array_push($errors, "Please type in a reflection");
}
else{
$link->query($sql);
array_push($successfuls, "Feedback successfully added");
}
}
?>