-
Notifications
You must be signed in to change notification settings - Fork 2
/
account.php
executable file
·127 lines (112 loc) · 3.89 KB
/
account.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?php
session_start();
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$currentpage="account";
include "pages.php";
?>
<?php include 'header.php';?>
<html>
<head>
<link rel="stylesheet" href="index.css">
</head>
<body>
<?php
$msg = "Login";
// change the value of $dbuser and $dbpass to your username and password
include 'connectvars.php';
$conn = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if (!$conn) {
die('Could not connect: ' . mysql_error());
}
if(checkAuth(0) == ""){
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// where is the user trying to get back to, after logging in?
$sendBackTo = isset($_REQUEST["sendBackTo"]) ? $_REQUEST["sendBackTo"] : "mychampion.php";
// Escape user inputs for security
$username = preg_replace('/[^A-Za-z0-9\. -]/', '', mysqli_real_escape_string($conn, $_POST['username']));
$userpassword = preg_replace('/[^A-Za-z0-9\. -]/', '', mysqli_real_escape_string($conn, $_POST['password']));
$queryIn = "SELECT * FROM Sponsors where username='$username' ";
$resultIn = mysqli_query($conn, $queryIn);
if($row = mysqli_fetch_assoc($resultIn)){
$salt = $row['salt'];
$password = md5($userpassword.$salt);
$saltSql = "SELECT * FROM Sponsors WHERE password='$password' ";
$resultIn = mysqli_query($conn, $saltSql);
if (mysqli_num_rows($resultIn) > 0) {
$msg = "Login Succesful";
$_SESSION["username"] = $username;
echo "<script>location.replace(".json_encode($sendBackTo).");</script>";
}else {
$msg = "<h2>Can't Login <br> Username or password doesn't match</h2> <p>";
}
} else {
$msg = "<h2>Can't Login <br> Username doesn't exist.</h2><p>";
}
}
// close connection
mysqli_close($conn);
?>
<section>
<h2> <?php echo $msg; ?> </h2>
<form method="post" id="addForm">
<fieldset>
<legend>User Info:</legend>
<p>
<label for="Username">Username:</label>
<input type="text" class="required" name="username" id="username">
</p>
<p>
<label for="Password">Password:</label>
<input type="text" class="required" name="password" id="password">
</p>
</fieldset>
<p>
<input type = "submit" value = "Submit" />
</p>
</form>
<p class = "white">
Don't have an account? Sign up <a href="signUp.php">here</a>
</p>
<?php }else{
$username = (string)($_SESSION['username']);
$queryIn = "SELECT wins, credits FROM Sponsors WHERE username = '$username'";
$resultIn = mysqli_query($conn, $queryIn);
$userdata = mysqli_fetch_assoc($resultIn);
echo "<div class='account'>";
echo "<div id='username'>".$username."</div>";
echo "<div id='stats'> <p> <bold>Stats:</bold> <br> Wins: ".$userdata['wins']." <br> credits: ".$userdata['credits']." </p> </div>";
$queryIn = "SELECT C.name, C.arena, C.level, C.exp, C.power, C.intelligence, C.endurance FROM Champions C WHERE C.username = '$username'";
$resultIn = mysqli_query($conn, $queryIn);
echo "<div id='champions'>";
echo "<h4>Champions</h4>";
echo "<div id='championtable'>";
echo "<table id='t01' border='t'><tr>";
$fields_num = mysqli_num_fields($resultIn);
for($i = 0;$i < $fields_num; $i++){
$field = mysqli_fetch_field($resultIn);
echo "<td><b>$field->name</b></td>";
}
echo "</tr>\n";
while($row = mysqli_fetch_assoc($resultIn)){
echo "<tr>";
echo "<div class='champion'>";
echo "<td>".$row['name']."</td>";
echo "<td>".(isset($row['arena']) ? $row['arena'] : "relaxing")."</td>";
echo "<td>".$row['level']."</td>";
echo "<td>".$row['exp']."</td>";
echo "<td>".$row['power']."</td>";
echo "<td>".$row['intelligence']."</td>";
echo "<td>".$row['endurance']."</td>";
echo "</div>";
echo "</tr>";
}
echo "</table>";
echo "</div>";
echo "</div>";
mysqli_close($conn);
}
?>
</body>
</html>