Untitled
unknown
php
3 years ago
5.5 kB
9
Indexable
<?php
//error_reporting(0);
ob_start();
//ARRAY
$welcome = array("Welcome","Hola","Aloha","Bonjour","Hallo","Ciao","Konnichiwa",);
$error_msg = [];// this is new variable. mark as array.
//VARIABLES
$error = $username = $password = $errors = $username2 = $password2 = $confpassword = $code = "";
$salt = "akdf9834kjaf9p2t1ewfpqd9zn;";
//DATABASE CONNECTION INFO
define('HOST', 'localhost');
define('USER', 'user');
define('PASS', 'pass');
define('DB', 'dbname');
//CONNECT TO DATABASE
$conn = new mysqli(HOST, USER, PASS, DB);
//CHECK CONNECTION
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
if(isset($_POST['reset']))
{
$error_msg = []; // since you reset these variables, I think this should be reset to empty array.
$username ="";
$password ="";
$_POST['username'] ="";
$_POST['password'] ="";
header('location: .');
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<link type="text/css" rel="stylesheet" href="css\style.css">
<script src="js\script.js"defer></script>
<title>Relatively Secure Login</title>
</head>
<body>
<?php
$username = ($_POST['username'] ?? '');
$password = ($_POST['password'] ?? '');
//LOGIN FORM
$login_form =
'<nav>
<ul class="menu">
<li><a href="create-account.php">Create Account</a></li>
</ul>
</nav>
<div class="output">
<form method="post">
<div>
<h1>Login</h1>
<p>
<label for="username">Username:</label>
<input type="text" name="username" value="'.$username.'">
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" value="'.$password.'">
</p>
<p>
<button type="submit" class="button" name="login">Login</button>
<button type="submit" class="button" name="reset">Clear</button>
</p>
</div>
</form>';
//IF LOGIN HAS BEEN CLICKED
if(isset($_POST['login']))
{
//$username = $_POST['username'];
//$password = $_POST['password'];
if (empty($username)) //USERNAME IS BLANK - ERROR
{
$error_msg[] = 'Please enter your username.';
}
if (empty($password)) //PASSWORD IS BLANK - ERROR
{
$error_msg[] = 'Please enter your password.';
}
elseif ((!empty($_POST['username'])) && (!empty($_POST['password'])))
{
$query = "SELECT * FROM rdb_users WHERE user_login='$username' ;";
$connect = mysqli_query($conn,$query);
$row = mysqli_num_rows($connect);
$userrow = mysqli_fetch_assoc($connect);
if ($row >= 1 && password_verify($_POST['password'], $userrow['user_password'])) {
$passwordOk = true;
} else {
$passwordOk = false;
}
if($row >= 1 && true === $passwordOk) //IF USERNAME AND PASSWORD MATCH -- ACCESS GRANTED
{
header('location:test.php?welcome='.$username);
$username = "";
$password = "";
$error_msg = [];
}
else //USERNAME AND PASSWORD DON'T MATCH
{
$error_msg[] = "Username and password not found.";
}
}
}
if(isset($_GET['welcome']))
{
$name = $_GET['welcome'];
echo '<nav>
<ul class="menu">
<li><a href="test.php?welcome='.$name.'&db">Users</a></li>
<li><a href="test.php">Logout</a></li>
</ul>
</nav>';
echo '<div class="welcomeoutput"><h1>Access Granted!</h1>
<h2 class="welcomemsg">';
echo $welcome[mt_rand(0, count($welcome)-1)];
echo ", $name!</h2></div>";
$login_form = "";
}
if(isset($_GET['new']))
{
echo '<div class="outputnew">
<p class="newlink">
<h2 class="congrats">Congratulations!
<p>Your account has been created.</p></h2>
<p class="newaccount">
<a href="index.php">Login Here</a>
</p>
</p>
</div>';
$login_form = "";
}
?>
<?php
echo $login_form;
?>
<?php
if (isset($_POST['login']) && (!empty($error_msg)))
{
echo '<br><hr><div class="error"><h3>Access Denied!</h3>';
foreach ($error_msg as $errors)
{
echo '<p>'.$errors.'</p>';
}
echo '</div></div>';
}
?>
<?php
echo '</div>';
//DATABASE VIEW
if(isset($_GET['db']))
{
$sqldb = "SELECT id, username, password FROM user;";
$result=mysqli_query($conn,$sqldb);
echo "<div class='table'><table>";
echo "<tr>
<th>ID</th>
<th>Username</th>
<th>Password</th>
</tr>";
while ($row = mysqli_fetch_array($result))
{
echo "<tr><td>".($row['id'])."</td>";
echo "<td>".($row['username'])."</td>";
echo "<td>".($row['password'])."</td></tr>";
}
echo "</table></div>";
mysqli_close($conn);
}
?>
</body>
</html>Editor is loading...