Fixed bugs in PHP database code

php
Aadhavan Srinivasan 2 years ago
parent e37bf086dd
commit 1392c62d31

@ -1,10 +1,12 @@
<?php
require_once 'db.inc.php';
$email = $_GET['email'];
$password = $_GET['password'];
$session = init_cass_db();
$statement = $session->prepare('SELECT password FROM users WHERE email=? ALLOW FILTERING;');
$statement = $session->prepare('SELECT password_hash FROM users WHERE email=? ALLOW FILTERING;');
$result = $session->execute($statement,array('arguments' => array($email)));
@ -12,7 +14,7 @@ if ($result->count() <= 0) {
echo('Invalid email address or password.');
exit();
} else {
$hash = $row[0]['password'];
$hash = $result[0]['password_hash'];
if (password_verify($password,$hash) != true) {
echo('Invalid email address or password.');
@ -20,7 +22,7 @@ if ($result->count() <= 0) {
} else {
session_start();
$_SESSION['user'] = $email;
echo('Logged in successfully. You are ' . $_SESSION['user']);
header('Location: https://glink.zip?res=success');
}
}

@ -2,6 +2,7 @@
require_once 'db.inc.php';
$email = $_GET['email'];
$email = strval($email);
$username = $_GET['username'];
$password = $_GET['password'];
$id = rand(0,99999999);
@ -10,16 +11,16 @@ $hash = password_hash($password,PASSWORD_BCRYPT);
$session = init_cass_db();
$statement = $session->prepare('SELECT id FROM users WHERE email=? OR username=? ALLOW FILTERING;');
$result = $session->execute($statement, array('arguments' => array($email,$username)));
$statement = $session->prepare("SELECT id FROM users WHERE email=? ALLOW FILTERING;");
$result = $session->execute($statement, array('arguments' => array($email)));
if ($result->count() != 0) {
echo('The username or email address already exists. Please try another username/email address.');
echo('The username or email address already exists. Please try another email address.');
exit();
}
$statement = $session->prepare('INSERT INTO users (id,email_addr,username,password_hash) VALUES (?,?,?,?);');
$result = $session->execute($statement, array('arguments' => array($id,$email,$username,$hash)));
$statement = $session->prepare('INSERT INTO users (id,email,username,password_hash) VALUES (?,?,null,?);');
$result = $session->execute($statement, array('arguments' => array($id,$email,$hash)));
echo('Registration successful.');

Loading…
Cancel
Save