diff --git a/assets/common/styles.css b/assets/common/styles.css
index 09c56a4..bfd7e00 100755
--- a/assets/common/styles.css
+++ b/assets/common/styles.css
@@ -72,6 +72,11 @@ code {
white-space: pre;
}
+.noborder-table td, .noborder-table th {
+ border: none;
+ text-align: left;
+}
+
#header {
border-bottom: double;
}
diff --git a/docs/common/config.php b/docs/common/config.php
new file mode 100644
index 0000000..fd2cf19
--- /dev/null
+++ b/docs/common/config.php
@@ -0,0 +1,19 @@
+
diff --git a/docs/common/header.php b/docs/common/header.php
index bf379aa..df41097 100755
--- a/docs/common/header.php
+++ b/docs/common/header.php
@@ -1,4 +1,41 @@
+setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+ } catch(PDOException $e) {
+ $conn = null;
+ return;
+ }
+}
+
+attempt_sql_connect();
+
+?>
diff --git a/docs/www/login.php b/docs/www/login.php
new file mode 100644
index 0000000..f704323
--- /dev/null
+++ b/docs/www/login.php
@@ -0,0 +1,146 @@
+
+
+ Failed DB connection, cannot proceed!
+ If you see this error in production,
+ please shoot me an email with helpful details.
+ ");
+ include_once($GLOBALS['COMMONS']."/footer.php");
+ die();
+ }
+
+ // Sanitize inputs
+ $email = sanitize_input($email);
+ $password = sanitize_input($password);
+
+ // Check if both fields are filled, if not, set appropriate error messages.
+ if (empty($email))
+ $emailErr = "Please enter your email";
+ if (empty($password))
+ $passwordErr = "Please enter your password";
+
+ // If either of the fields were empty,
+ // set old values for prefill and return.
+ if(!empty($emailErr) || !empty($passwordErr)) {
+ $emailOld = $email;
+ $passwordOld = $password;
+ return;
+ }
+
+ // Prepare and bind the sql statement
+ $stmt = $conn->prepare("SELECT user_id, username, email, password
+ FROM users WHERE email = :email;");
+ $stmt->bindParam(":email", $email);
+
+ // Execute the statement
+ $stmt->execute();
+
+ // Fetch the values
+ $result = $stmt->fetch(PDO::FETCH_ASSOC);
+
+ // If the user isn't in the database, set errors, old values, and return.
+ if(!$result) {
+ $emailOld = $email;
+ $passwordOld = $password;
+ $emailErr = "This user either doesn't exist,
+ or has a different password.";
+ return;
+ }
+
+ // Load results to variables
+ $db_id = $result["user_id"];
+ $db_username = $result["username"];
+ $db_email = $result["email"];
+ $db_password = $result["password"];
+
+ // If user entered incorrect password, set errors, old values, and return.
+ // Keep the error string the same as non-existing so that an attacker
+ // cannot asses whether a given user has an account.
+ if(!password_verify($password, $db_password)){
+ $emailOld = $email;
+ $passwordOld = $password;
+ $emailErr = "This user either doesn't exist,
+ or has a different password.";
+ return;
+ }
+
+ $_SESSION["user_id"] = $db_id;
+ $_SESSION["user_name"] = $db_username;
+ $_SESSION["user_email"] = $db_email;
+}
+
+/**
+ * If user sent the form, process it.
+ * Either login user or set error message variables.
+ */
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+ attempt_login($_POST["email"], $_POST["password"]);
+}
+?>
+
+
+
+
+
+