-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathuser.php
More file actions
157 lines (147 loc) · 4.8 KB
/
Copy pathuser.php
File metadata and controls
157 lines (147 loc) · 4.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<?php
function login ($email,$password) {
require "db.php";
$sql = 'SELECT * FROM users WHERE email=:email';
$sth = $db->prepare ($sql);
$sth->bindParam (':email', $email);
$sth->execute ();
if ($row = $sth->fetch()) {
$fromUser = convertPlainTextToEncrypted($password,$row['id']);
if($row['password'] == convertPlainTextToEncrypted($password,$row['id'])){
$_SESSION['id'] = $row['id'];
$_SESSION['userLevel'] = $row['userLevel'];
header( 'Location: mypage.php' );
} else{
throw new Exception(' Not logged in,wrong username/password');
}
}
}
function changePassword($old,$new){
require 'db.php';
// calculate hashes of passwords
$oldhash = convertPlainTextToEncrypted($old,$_SESSION['id']);
$newhash = convertPlainTextToEncrypted($new,$_SESSION['id']);
$db->beginTransaction();
$db->query('LOCK TABLES users WRITE');
$sql = 'SELECT * FROM users WHERE id=:id';
$sth = $db->prepare ($sql);
$sth->bindParam (':id', $_SESSION['id']);
$sth->execute ();
if ($row = $sth->fetch()) {
if($row['password'] == $oldhash){
$sql = 'update users set password = :password where id = :id';
$sth = $db->prepare ($sql);
$sth->bindValue (':password',$newhash);
$sth->bindValue (':id',$_SESSION['id']);
$sth->execute ();
if ($sth->rowCount()==0) {
$db->rollBack();
$db->query('UNLOCK TABLES');
throw new Exception('Unable to set new password');
}
}else{
throw new Exception('Wrong password');
}
}
}
function convertPlainTextToEncrypted($password,$uid){
// Convert a password from plaintext into a encrypted one
$salt = "c63b03f38470b6c30abdb8d2b7e59b14ddeb6a0d6e56956b0df44a0a8dd3cf6980dcbd907cb9aa1ea9edccb37739e20e240ddeafd68d386d289cd68ee9343167";
$hash = sha1($salt.$uid.$password);
return $hash;
}
function registerUser($db,$name, $streetAddress,$postCode,$country, $email, $password, $userLevel=0,$login=1){
require_once 'sessionStart.php';
$db->beginTransaction();
$db->query('LOCK TABLES users WRITE');
// Add user, then read back and update it with the encrypted one.
$sql = 'INSERT INTO users (name, streetAddress,postCode,country, email, password, blacklisted, userLevel)VALUES (:name, :streetAddress,:postCode,:country, :email, :password, :blacklisted, :userLevel)';
$sth = $db->prepare ($sql);
$sth->bindValue (':name', $name);
$sth->bindValue (':streetAddress', $streetAddress);
$sth->bindValue (':postCode', $postCode);
$sth->bindValue (':country', $country);
$sth->bindValue (':email', $email);
$sth->bindValue (':password',"hei");
$sth->bindValue (':blacklisted', 0);
$sth->bindValue (':userLevel', $userLevel);
$sth->execute ();
if($sth->rowCount() == 0){
// In case of error, rollback
$db->rollBack();
$db->query ('UNLOCK TABLES');
throw new Exception('email not unique');
}
$uid = $db->lastInsertId();
echo "<p>OK<br>";
// Update users password to an encrypted one
$sql = 'update users set password = :password where id = :id';
$sth = $db->prepare ($sql);
$sth->bindValue (':password',convertPlainTextToEncrypted($password,$uid));
$sth->bindValue (':id',$uid);
$sth->execute ();
if ($sth->rowCount()==0) {
$db->rollBack();
$db->query('UNLOCK TABLES');
throw new Exception('Unable to set new password');
}
$db->commit();
// new user created, then log him in
if($login===1){
$_SESSION['id'] = $uid;
$_SESSION['userLevel'] = $userLevel;
}
}
function isUserBlacklisted(){
require "db.php";
$sql = 'SELECT * FROM users WHERE id=:id';
$sth = $db->prepare ($sql);
$sth->bindParam (':id', $_SESSION['id']);
$sth->execute ();
if ($row = $sth->fetch()) {
if($row['blacklisted'] == 0)
return false;
else
return true;
}else
return true;
}
// Check if user,worker or admin logged in, if not then redirect to login page.
function CheckIfUserLoggedIn(){
require_once 'sessionStart.php';
if(!isset($_SESSION['id'])){
header( 'Location: index.php' );
}
}
// Return true if user logged in
function isUserLoggedIn(){
require_once 'sessionStart.php';
if(!isset($_SESSION['id'])){
return false;
}
return true;
}
// Check that an admin is logged in
function CheckIfAdminLoggedIn(){
require_once 'sessionStart.php';
if($_SESSION['userLevel'] != 2){
header( 'Location: index.php' );
}
}
// Check that a worker is logged in
function CheckIfWorkerLoggedIn(){
require_once 'sessionStart.php';
if($_SESSION['userLevel'] != 1){
header( 'Location: index.php' );
}
}
function emptyBasket(){
require_once 'sessionStart.php';
// Empty out the shoppingbasket
foreach ($_SESSION as $key => $quantity){
if($key ==="id" || $key === "userLevel")
continue;
unset($_SESSION[$key]);
}
}
?>