-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathuser.php
More file actions
83 lines (73 loc) · 2.58 KB
/
user.php
File metadata and controls
83 lines (73 loc) · 2.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
<?php
require_once "./include/config.php";
require_once "./include/inursql.php";
session_start();
$db = new inursql();
$c = $db->connect($hostname, $username, $password, $database);
$_GET = sanitize($_GET);
$_POST = sanitize($_POST);
if(isset($_GET['do']) && $_GET['do'] == 'login') {
if(empty($_POST['username']) OR empty($_POST['password'])) {
header("Location: http://neighbr.net/");
} else {
$username = $_POST['username'];
$pass = md5($_POST['password']);
$sql = "SELECT password FROM users WHERE username = '$username'";
$result = $db->query($sql);
if(mysql_result($result, 0) != $pass) {
header("Location: http://neighbr.net/");
} else {
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = $db->query($sql);
while($user = $db->grab($result)) {
$_SESSION['loggedin'] = TRUE;
$_SESSION['username'] = $user['username'];
$_SESSION['useridno'] = $user['id'];
}
header("Location: http://neighbr.net/");
}
}
}
if(isset($_GET['do']) && $_GET['do'] == 'logout') {
unset($_SESSION['loggedin']);
unset($_SESSION['username']);
header("Location: http://neighbr.net/");
}
if(isset($_GET['do']) && $_GET['do'] == 'register') {
$username = $_POST['r_username'];
$password = md5($_POST['r_password']);
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = $db->query($sql);
if(mysql_num_rows($result) == 0) {
$sql = "INSERT INTO users (email, username, password, permissions) VALUES ('$_POST[email]', '$username', '$password', 'guest')";
$result = $db->query($sql);
if($result) {
$sql = "SELECT * FROM users WHERE username = '$username'";
$result = $db->query($sql);
while($user = $db->grab($result)) {
$_SESSION['loggedin'] = TRUE;
$_SESSION['username'] = $username;
$_SESSION['useridno'] = $user['id'];
}
header("Location: http://neighbr.net/");
} else {
header("Location: http://neighbr.net/");
}
} else {
header("Location: http://neighbr.net/");
}
}
if(isset($_GET['befriend'])) {
$sql = "SELECT friends FROM users WHERE username = '$_SESSION[username]'";
$result = $db->query($sql);
$friends = mysql_result($result, 0);
if(in_array($_GET[befriend], explode(",", $friends))) {
header("Location: http://neighbr.net/$_GET[befriend]/");
} else {
$friends = $friends . ",$_GET[befriend]";
$sql = "UPDATE users SET friends='$friends' WHERE username = '$_SESSION[username]'";
$result = $db->query($sql);
echo ($result) ? header("Location: http://neighbr.net/$_GET[befriend]/") : "Unable to befriend this neighbr :(";
}
}
?>