Untitled
unknown
php
3 years ago
5.5 kB
9
Indexable
<?php //error_reporting(0); ob_start(); //ARRAY $welcome = array("Welcome","Hola","Aloha","Bonjour","Hallo","Ciao","Konnichiwa",); $error_msg = [];// this is new variable. mark as array. //VARIABLES $error = $username = $password = $errors = $username2 = $password2 = $confpassword = $code = ""; $salt = "akdf9834kjaf9p2t1ewfpqd9zn;"; //DATABASE CONNECTION INFO define('HOST', 'localhost'); define('USER', 'user'); define('PASS', 'pass'); define('DB', 'dbname'); //CONNECT TO DATABASE $conn = new mysqli(HOST, USER, PASS, DB); //CHECK CONNECTION if (!$conn) { die("Connection failed: " . mysqli_connect_error()); } if(isset($_POST['reset'])) { $error_msg = []; // since you reset these variables, I think this should be reset to empty array. $username =""; $password =""; $_POST['username'] =""; $_POST['password'] =""; header('location: .'); } ?> <!DOCTYPE html> <html lang="en"> <head> <link type="text/css" rel="stylesheet" href="css\style.css"> <script src="js\script.js"defer></script> <title>Relatively Secure Login</title> </head> <body> <?php $username = ($_POST['username'] ?? ''); $password = ($_POST['password'] ?? ''); //LOGIN FORM $login_form = '<nav> <ul class="menu"> <li><a href="create-account.php">Create Account</a></li> </ul> </nav> <div class="output"> <form method="post"> <div> <h1>Login</h1> <p> <label for="username">Username:</label> <input type="text" name="username" value="'.$username.'"> </p> <p> <label for="password">Password:</label> <input type="password" name="password" value="'.$password.'"> </p> <p> <button type="submit" class="button" name="login">Login</button> <button type="submit" class="button" name="reset">Clear</button> </p> </div> </form>'; //IF LOGIN HAS BEEN CLICKED if(isset($_POST['login'])) { //$username = $_POST['username']; //$password = $_POST['password']; if (empty($username)) //USERNAME IS BLANK - ERROR { $error_msg[] = 'Please enter your username.'; } if (empty($password)) //PASSWORD IS BLANK - ERROR { $error_msg[] = 'Please enter your password.'; } elseif ((!empty($_POST['username'])) && (!empty($_POST['password']))) { $query = "SELECT * FROM rdb_users WHERE user_login='$username' ;"; $connect = mysqli_query($conn,$query); $row = mysqli_num_rows($connect); $userrow = mysqli_fetch_assoc($connect); if ($row >= 1 && password_verify($_POST['password'], $userrow['user_password'])) { $passwordOk = true; } else { $passwordOk = false; } if($row >= 1 && true === $passwordOk) //IF USERNAME AND PASSWORD MATCH -- ACCESS GRANTED { header('location:test.php?welcome='.$username); $username = ""; $password = ""; $error_msg = []; } else //USERNAME AND PASSWORD DON'T MATCH { $error_msg[] = "Username and password not found."; } } } if(isset($_GET['welcome'])) { $name = $_GET['welcome']; echo '<nav> <ul class="menu"> <li><a href="test.php?welcome='.$name.'&db">Users</a></li> <li><a href="test.php">Logout</a></li> </ul> </nav>'; echo '<div class="welcomeoutput"><h1>Access Granted!</h1> <h2 class="welcomemsg">'; echo $welcome[mt_rand(0, count($welcome)-1)]; echo ", $name!</h2></div>"; $login_form = ""; } if(isset($_GET['new'])) { echo '<div class="outputnew"> <p class="newlink"> <h2 class="congrats">Congratulations! <p>Your account has been created.</p></h2> <p class="newaccount"> <a href="index.php">Login Here</a> </p> </p> </div>'; $login_form = ""; } ?> <?php echo $login_form; ?> <?php if (isset($_POST['login']) && (!empty($error_msg))) { echo '<br><hr><div class="error"><h3>Access Denied!</h3>'; foreach ($error_msg as $errors) { echo '<p>'.$errors.'</p>'; } echo '</div></div>'; } ?> <?php echo '</div>'; //DATABASE VIEW if(isset($_GET['db'])) { $sqldb = "SELECT id, username, password FROM user;"; $result=mysqli_query($conn,$sqldb); echo "<div class='table'><table>"; echo "<tr> <th>ID</th> <th>Username</th> <th>Password</th> </tr>"; while ($row = mysqli_fetch_array($result)) { echo "<tr><td>".($row['id'])."</td>"; echo "<td>".($row['username'])."</td>"; echo "<td>".($row['password'])."</td></tr>"; } echo "</table></div>"; mysqli_close($conn); } ?> </body> </html>
Editor is loading...