Untitled

 avatar
unknown
php
3 years ago
5.5 kB
9
Indexable
<?php
  //error_reporting(0);
ob_start();
    //ARRAY
    $welcome = array("Welcome","Hola","Aloha","Bonjour","Hallo","Ciao","Konnichiwa",);
  $error_msg = [];// this is new variable. mark as array.

  //VARIABLES
  $error = $username = $password = $errors = $username2 = $password2 = $confpassword = $code = "";
  $salt = "akdf9834kjaf9p2t1ewfpqd9zn;";

  //DATABASE CONNECTION INFO
      define('HOST', 'localhost');
      define('USER', 'user');
      define('PASS', 'pass');
      define('DB', 'dbname');
  //CONNECT TO DATABASE
  $conn = new mysqli(HOST, USER, PASS, DB);

  //CHECK CONNECTION
  if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
  }

  if(isset($_POST['reset']))
  {
    $error_msg = []; // since you reset these variables, I think this should be reset to empty array.
    $username ="";
    $password ="";
    $_POST['username'] ="";
    $_POST['password'] ="";
    header('location: .');
  }
  ?>

<!DOCTYPE html>
<html lang="en">
    <head>
        <link type="text/css" rel="stylesheet" href="css\style.css">        
        <script src="js\script.js"defer></script>
    <title>Relatively Secure Login</title>
  </head>
  <body>
    <?php
      $username = ($_POST['username'] ?? '');
      $password = ($_POST['password'] ?? '');
      //LOGIN FORM
      $login_form = 
        '<nav>
          <ul class="menu">
            <li><a href="create-account.php">Create Account</a></li>
          </ul>
        </nav>
        <div class="output">
          <form method="post">
            <div>
              <h1>Login</h1>
              <p>
                <label for="username">Username:</label>
                  <input type="text" name="username" value="'.$username.'">
              </p>
              <p>
                <label for="password">Password:</label>
                  <input type="password" name="password" value="'.$password.'">
              </p>
              <p>
                <button type="submit" class="button" name="login">Login</button>
                <button type="submit" class="button" name="reset">Clear</button>
              </p>
            </div>
          </form>';
    
      //IF LOGIN HAS BEEN CLICKED
      if(isset($_POST['login']))
      {
        //$username = $_POST['username'];
        //$password = $_POST['password'];
    
        if (empty($username))  //USERNAME IS BLANK - ERROR
        {
          $error_msg[] = 'Please enter your username.';
        }
        if (empty($password))  //PASSWORD IS BLANK - ERROR
        {
          $error_msg[] = 'Please enter your password.';
        }
        
        elseif ((!empty($_POST['username'])) && (!empty($_POST['password'])))
        {
          
          $query = "SELECT * FROM rdb_users WHERE user_login='$username' ;";
          $connect = mysqli_query($conn,$query);
          $row = mysqli_num_rows($connect);
          $userrow = mysqli_fetch_assoc($connect);
            if ($row >= 1 && password_verify($_POST['password'], $userrow['user_password'])) {
                $passwordOk = true;
            } else {
                $passwordOk = false;
            }

          if($row >= 1 && true === $passwordOk)  //IF USERNAME AND PASSWORD MATCH -- ACCESS GRANTED
          {  
            header('location:test.php?welcome='.$username);
            $username = "";
            $password = "";
            $error_msg = [];
          }
          else  //USERNAME AND PASSWORD DON'T MATCH
          {
            $error_msg[] = "Username and password not found.";
          }
        }
      }
    
      
      if(isset($_GET['welcome']))
      {
        $name = $_GET['welcome'];
        echo '<nav>
                <ul class="menu">
                  <li><a href="test.php?welcome='.$name.'&db">Users</a></li>
                  <li><a href="test.php">Logout</a></li>
                </ul>
              </nav>';
        echo '<div class="welcomeoutput"><h1>Access Granted!</h1>
              <h2 class="welcomemsg">';
        echo $welcome[mt_rand(0, count($welcome)-1)];
        echo ", $name!</h2></div>";
        $login_form = "";
      }

      if(isset($_GET['new']))
      {
        echo '<div class="outputnew">
        <p class="newlink">
        <h2 class="congrats">Congratulations! 
        <p>Your account has been created.</p></h2> 
        <p class="newaccount">
          <a href="index.php">Login Here</a>
        </p>
        </p>
        </div>';
        $login_form = "";
      }
    ?>
    <?php
      echo $login_form;
    ?>
    <?php
      if (isset($_POST['login']) && (!empty($error_msg)))
      {
        echo '<br><hr><div class="error"><h3>Access Denied!</h3>';
        foreach ($error_msg as $errors) 
        {
            echo '<p>'.$errors.'</p>';
        }
        echo '</div></div>';
      }
    ?>
    <?php
    echo '</div>';
      //DATABASE VIEW
      if(isset($_GET['db']))
      {
        $sqldb = "SELECT id, username, password FROM user;";
        $result=mysqli_query($conn,$sqldb);
        
        echo "<div class='table'><table>";
        echo "<tr>
                <th>ID</th>
                <th>Username</th>
                <th>Password</th>
              </tr>";
        while ($row = mysqli_fetch_array($result)) 
        {
          echo "<tr><td>".($row['id'])."</td>";
          echo "<td>".($row['username'])."</td>";
          echo "<td>".($row['password'])."</td></tr>";
        }
        echo "</table></div>";
        mysqli_close($conn);
      }
    ?>
  </body>
</html>
Editor is loading...