Hi, I have a script that a friend has developed but I need to get it into a lower version of php... it is currently using the latest version of php... any idea's / help would be greatly appreciated... bit of a noob!
<?php
include('config.php');
$sitename = $settings->getVal('site_name')[0]['setting_val'];
if($session->sessionExists('email')){
header( 'Location: dashboard.php');
exit();
}
$errors = 0;
if(isset($_GET['a']) && $_GET['a'] === 'logout'){
$session->unsetSession('email');
}
if(isset($_POST['login_submit'])){//check if the register form is submitted
if(filter_var($_POST['login_email'], FILTER_VALIDATE_EMAIL)){//if valid email
$email = $_POST['login_email']; //get the email
}else{
echo 'Please enter a valid email';
$errors++;
}
$pass = $_POST['login_password']; // get the passowrd
//check if the user is registered.
//Build the PDO object using Database Class
$query = $db->prepare("SELECT * FROM users WHERE `email` = ?");
//Bind the Email Paramater to the SQL query.
$query->bindValue(1, $email);
//Execute the SQL
$query->execute();
// we could check to see what is wrong, email or password, but for the sake of security, you should not say what is wrong. If you say email is correct password is wrong, they know you have that email on your system.
// if you say it's always wrong, they don't know it's valid on your system.
if($query->rowCount() > 0){
//user present get the details
$row = $query->fetchAll(PDO::FETCH_ASSOC);
$row = $row[0];
$storedPass = $row['password'];
if(!$password->comparePassword($pass, $storedPass)){
//false password
echo 'Not a valid login. Please try again here.';
}else{
//store the email in the session so we have something to reference the login.
$session->setSession('email', $row['email']);
}
//
//we never store the persons password in a session!
}else{
// user not present
echo 'Not a valid login. Please try again.';
}
}
if(isset($_POST['register_submit'])){//check if the register form is submitted
//http://uk3.php.net/filter_var check for a valid email
if(filter_var($_POST['register_email'], FILTER_VALIDATE_EMAIL)){//if valid email
$email = $_POST['register_email']; //get the email
}else{
echo 'Please enter a valid email';
$errors++;
}
//if you want to make sure this is a valid number, look up regex's
$phone = $_POST['register_phone']; //get the phone number
//no need to filter as we are going to one way hash these.
$pass = $_POST['register_password']; // get the passowrd
//These are PrePared statements. Make sure you use this way, It's more secure and helps prevent MYSQL Injections.
//You should still filter and check all user supplied input. Everyone is out to get you!
if($errors == 0){//if no errors process
//Build the PDO object using Database Class
$query = $db->prepare("SELECT `email` FROM users WHERE `email` = ?");
//Bind the Email Paramater to the SQL query.
$query->bindValue(1, $email);
//Execute the SQL
$query->execute();
//if the email exists
if($query->rowCount() > 0){
echo 'Email is already registered';
}else{//if the email doesn't exists
//generate a PHP 5.5 Passowrd - Really secure, make sure you use the latest PHP 5.5 Hashing method.
//incase you can't use a 5.5 host use this compat library https://github.com/ircmaxell/password_compat
$pass = $password->generatePasswordHash($pass);
//prepare the sql query
$query = $db->prepare("INSERT INTO users (email, password, phone) VALUES (?,?,?);");
// as we are using PDO we use try/catch for error handling.
try{
$query->execute(array($email, $pass, $phone));
//echo $db->lastInsertId();
if($db->lastInsertId()){
echo 'You succesfully registered';
}
}catch(Exception $e){
echo 'something went wrong';
//make sure you log this to a log file, outputting it to the user will allow an attacked to compromise your server.
//return $e->getMessage();
}
}
}
}
if($session->sessionExists('email')){
header( 'Location: dashboard.php');
exit();
}
?><!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
<link rel="stylesheet" href="assets/css/bootstrap.min.css">
<link rel="stylesheet" href="assets/css/bootstrap-theme.min.css">
</head>
<body>
<div class="container">
<div class="row">
<div class="col-md-12">
<?=$sitename;?>
</div>
</div>
<div class="row">
<a href="index.php">homepage</a>
<a href="about.php">about</a>
</div>
<div class="row">
<div class="col-md-6">
<form class="form" action="/" method="post" name="login">
<h2>Login</h2>
<div class="form-group">
<label for="login_email">email</label>
<input type="email" id="login_email" name="login_email" class="form-control">
</div>
<div class="form-group">
<label for="login_password">Password</label>
<input type="password" id="login_password" name="login_password" class="form-control">
</div>
<div class="form-group">
<input type="submit" name="login_submit" value="Login!">
</div>
</form>
</div>
<div class="col-md-6">
<form class="form" action="/" method="post" name="register">
<h2>Register</h2>
<div class="form-group">
<label for="register_email">email</label>
<input type="text" id="register_email" name="register_email" class="form-control">
</div>
<div class="form-group">
<label for="email">phone</label>
<input type="text" id="register_phone" name="register_phone" class="form-control">
</div>
<div class="form-group">
<label for="register_password">Password</label>
<input type="password" id="register_password" name="register_password" class="form-control">
</div>
<div class="form-group">
<input type="submit" name="register_submit" value="register!">
</div>
</form>
</div>
</div>
<div class="row">
<div class="col-md-8">
<?php
$page = $pages->getPages()[0];
echo $page['page_content'];
?>
</div>
<div class="col-md-4">
<ul>
<?php
foreach($event->getEvents() as $row){
?>
<li><?=$row['event_name'];?></li>
<ul>
<li><?=$row['event_desc'];?></li>
</ul>
<?php
}
?></ul>
</div>
</div>
</div>
</body>
</html>