-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathverify.user.php
71 lines (66 loc) · 2.63 KB
/
verify.user.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<?php
require ('core.inc.php');
include('connect.php');
if (isset($_GET['search_user'])&&!empty($_GET['search_user'])) {
$user = mysqli_real_escape_string($link, $_GET['search_user']);
/*What this page does is that, using a similar algorith like what is found in profile.find.php,
it saves a session using the search keyword as session variable, and then throws that session variable
to the account.php file to fetch user info. I'm using two search algorithms at the same time.
It seems like a waste, and I'm still trying to figure out a better way of doing it.*/
$sql= "SELECT * FROM registration WHERE first_name ='".$user."'";
$result = mysqli_query($link, $sql);
$count = mysqli_num_rows($result);
//from here onwards, the code does pretty much the same thing
//it checks to see if the user exists in the database then passes the user's email to the session variable and then calls the header for the access page
if ($count==1) {
while (@$row = mysqli_fetch_array($result)) {
$name = $row['email'];
$_SESSION['profile'] = $name;
header ('Location: profiles');
}
}else {
$sql= "SELECT * FROM registration WHERE last_name ='".$user."'";
$result = mysqli_query($link, $sql);
$count = mysqli_num_rows($result);
if ($count==1) {
while (@$row = mysqli_fetch_array($result)) {
$name = $row['email'];
$_SESSION['profile'] = $name;
header ('Location: profiles');
}
}else {
$sql= "SELECT * FROM registration WHERE email ='".$user."'";
$result = mysqli_query($link, $sql);
$count = mysqli_num_rows($result);
if ($count==1) {
while (@$row = mysqli_fetch_array($result)) {
$name = $row['email'];
$_SESSION['profile'] = $name;
header ('Location: profiles');
}
}else {
$sql= "SELECT * FROM registration WHERE PhoneNumber ='".$user."'";
$result = mysqli_query($link, $sql);
$count = mysqli_num_rows($result);
if ($count==1) {
while (@$row = mysqli_fetch_array($result)) {
$name = $row['email'];
$_SESSION['profile'] = $name;
header ('Location: profiles');
}
}else {
if(loggedin()) {
include ('headerlogin.php');
}else {
include_once ('header.php');
}
echo '<div class="alert alert-info">
Profile does not exist. Please try with another keyword
</div>';
include 'footer.php';
}
}
}
}
}
?>