-
Notifications
You must be signed in to change notification settings - Fork 0
/
tasks.php
72 lines (60 loc) · 2.21 KB
/
tasks.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<?php
session_start();
include_once "config.php";
$connection = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
mysqli_set_charset($connection, "utf-8");
$action = $_POST['action'] ?? '';
$statusCode = 0;
if (!$connection) {
throw new Exception("Database Connection Error");
} else {
if ("register" == $action) {
$email = htmlspecialchars($_POST['email']) ?? '';
$pass = $_POST['password'] ?? '';
if ($email & $pass) {
$pass_hash = password_hash($pass, PASSWORD_BCRYPT);
$query = "INSERT INTO `users`( `email`, `pass`) VALUES ('$email','$pass_hash')";
mysqli_query($connection, $query);
$statusCode = 1;
if (mysqli_error($connection)) {
$statusCode = 2;
}
} else {
$statusCode = 3;
}
header("location:index.php?status={$statusCode}");
} else if ("login" == $action) {
$email = htmlspecialchars($_POST['email']) ?? '';
$pass = $_POST['password'] ?? '';
if ($email & $pass) {
$query = "SELECT * FROM `users` WHERE `email`='$email'";
$result = mysqli_query($connection, $query);
if (mysqli_num_rows($result) > 0) {
$data = mysqli_fetch_assoc($result);
$_pass = $data['pass'];
$id = $data['id'];
if (password_verify($pass, $_pass)) {
$_SESSION['id']= $id;
header("location:word.php");
die();
} else {
$statusCode = 6;
}
} else {
$statusCode = 4;
}
} else {
$statusCode = 5;
}
header("location:index.php?status={$statusCode}");
}else if("addword"==$action){
$word = htmlspecialchars($_REQUEST['word']) ?? '';
$meaning = htmlspecialchars($_REQUEST['meaning']) ?? '';
$user_id = $_SESSION['id'] ?? 0;
if($word && $meaning && $user_id){
$query = "INSERT INTO `words`( `user_id`, `words`, `meaning`) VALUES ($user_id,'$word','$meaning')";
mysqli_query($connection, $query);
}
header("location:word.php");
}
}