Added logging in
This commit is contained in:
parent
b6f5698309
commit
249a668a53
4 changed files with 207 additions and 0 deletions
|
@ -72,6 +72,11 @@ code {
|
|||
white-space: pre;
|
||||
}
|
||||
|
||||
.noborder-table td, .noborder-table th {
|
||||
border: none;
|
||||
text-align: left;
|
||||
}
|
||||
|
||||
#header {
|
||||
border-bottom: double;
|
||||
}
|
||||
|
|
19
docs/common/config.php
Normal file
19
docs/common/config.php
Normal file
|
@ -0,0 +1,19 @@
|
|||
<?php
|
||||
/**
|
||||
* This file is for storing your personal information (such as database login).
|
||||
* These constants will be most likely used in header.php
|
||||
* for logging in to different internal services.
|
||||
* It is critical that if you enter your details here,
|
||||
* you do not commit the changes into any public repository.
|
||||
* In the original repository [https://github.com/Zeftax/personal-homepage.git]
|
||||
* this file is set to not track any changes, but it is better to check and
|
||||
* be safe, than leak your internal logins and have people screwing with
|
||||
* your database.
|
||||
*/
|
||||
|
||||
// SQL database login info (Place your info here).
|
||||
define("SQL_HOSTNAME", "");
|
||||
define("SQL_USERNAME", "");
|
||||
define("SQL_PASSWORD", "");
|
||||
define("SQL_DATABASE", "");
|
||||
?>
|
|
@ -1,4 +1,41 @@
|
|||
<!DOCTYPE html>
|
||||
<?php
|
||||
// Include config file
|
||||
include_once("config.php");
|
||||
|
||||
// Start session
|
||||
session_start();
|
||||
|
||||
// PDO Mysql connection object
|
||||
$conn = "";
|
||||
|
||||
/** Attempt to connect to sql database
|
||||
*/
|
||||
function attempt_sql_connect() {
|
||||
// access global $conn
|
||||
global $conn;
|
||||
|
||||
// Load the global login constants
|
||||
$sql_hostname = SQL_HOSTNAME;
|
||||
$sql_database = SQL_DATABASE;
|
||||
$sql_username = SQL_USERNAME;
|
||||
$sql_password = SQL_PASSWORD;
|
||||
|
||||
try {
|
||||
//Try connecting to the SQL database
|
||||
$conn = new PDO("mysql:host=$sql_hostname;dbname=$sql_database",
|
||||
$sql_username, $sql_password);
|
||||
// set the PDO error mode to exception
|
||||
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||
} catch(PDOException $e) {
|
||||
$conn = null;
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
attempt_sql_connect();
|
||||
|
||||
?>
|
||||
|
||||
<html lang="en">
|
||||
<head>
|
||||
|
|
146
docs/www/login.php
Normal file
146
docs/www/login.php
Normal file
|
@ -0,0 +1,146 @@
|
|||
|
||||
<?php
|
||||
$PageTitle="Login";
|
||||
|
||||
$COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
|
||||
|
||||
include_once($COMMONS."/header.php");
|
||||
|
||||
// Define previous attempt and error variables and set to empty values.
|
||||
$emailOld = $passwordOld = "";
|
||||
$emailErr = $passwordErr = "";
|
||||
|
||||
/**
|
||||
* Sanitize a given input string to be safe to display and process.
|
||||
*/
|
||||
function sanitize_input($data) {
|
||||
// Remove unnecessary whitespace characters
|
||||
$data = trim($data);
|
||||
// Remove backslashes
|
||||
$data = stripslashes($data);
|
||||
// Escape all special characters to HTML entities
|
||||
$data = htmlspecialchars($data);
|
||||
return $data;
|
||||
}
|
||||
|
||||
/**
|
||||
* Process the information, and if there are no errors, log the user in.
|
||||
*/
|
||||
function attempt_login($email, $password) {
|
||||
// Access global variables
|
||||
global $emailOld;
|
||||
global $passwordOld;
|
||||
global $emailErr;
|
||||
global $passwordErr;
|
||||
global $conn;
|
||||
|
||||
// Check DB connection
|
||||
if($conn == null){
|
||||
printf("
|
||||
<article>
|
||||
<h1>Failed DB connection, cannot proceed!</h1>
|
||||
If you see this error in production,
|
||||
please shoot me an email with helpful details.
|
||||
</article>");
|
||||
include_once($GLOBALS['COMMONS']."/footer.php");
|
||||
die();
|
||||
}
|
||||
|
||||
// Sanitize inputs
|
||||
$email = sanitize_input($email);
|
||||
$password = sanitize_input($password);
|
||||
|
||||
// Check if both fields are filled, if not, set appropriate error messages.
|
||||
if (empty($email))
|
||||
$emailErr = "Please enter your email";
|
||||
if (empty($password))
|
||||
$passwordErr = "Please enter your password";
|
||||
|
||||
// If either of the fields were empty,
|
||||
// set old values for prefill and return.
|
||||
if(!empty($emailErr) || !empty($passwordErr)) {
|
||||
$emailOld = $email;
|
||||
$passwordOld = $password;
|
||||
return;
|
||||
}
|
||||
|
||||
// Prepare and bind the sql statement
|
||||
$stmt = $conn->prepare("SELECT user_id, username, email, password
|
||||
FROM users WHERE email = :email;");
|
||||
$stmt->bindParam(":email", $email);
|
||||
|
||||
// Execute the statement
|
||||
$stmt->execute();
|
||||
|
||||
// Fetch the values
|
||||
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
// If the user isn't in the database, set errors, old values, and return.
|
||||
if(!$result) {
|
||||
$emailOld = $email;
|
||||
$passwordOld = $password;
|
||||
$emailErr = "This user either doesn't exist,
|
||||
or has a different password.";
|
||||
return;
|
||||
}
|
||||
|
||||
// Load results to variables
|
||||
$db_id = $result["user_id"];
|
||||
$db_username = $result["username"];
|
||||
$db_email = $result["email"];
|
||||
$db_password = $result["password"];
|
||||
|
||||
// If user entered incorrect password, set errors, old values, and return.
|
||||
// Keep the error string the same as non-existing so that an attacker
|
||||
// cannot asses whether a given user has an account.
|
||||
if(!password_verify($password, $db_password)){
|
||||
$emailOld = $email;
|
||||
$passwordOld = $password;
|
||||
$emailErr = "This user either doesn't exist,
|
||||
or has a different password.";
|
||||
return;
|
||||
}
|
||||
|
||||
$_SESSION["user_id"] = $db_id;
|
||||
$_SESSION["user_name"] = $db_username;
|
||||
$_SESSION["user_email"] = $db_email;
|
||||
}
|
||||
|
||||
/**
|
||||
* If user sent the form, process it.
|
||||
* Either login user or set error message variables.
|
||||
*/
|
||||
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||
attempt_login($_POST["email"], $_POST["password"]);
|
||||
}
|
||||
?>
|
||||
|
||||
<article>
|
||||
<form method="post" action="<?php
|
||||
echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
|
||||
<h2> Login: </h2>
|
||||
<table class="noborder-table"><tr>
|
||||
<td> Email: </td>
|
||||
<td>
|
||||
<input type="text" name="email" tabindex="1"
|
||||
autofocus="autofocus" value="<?php echo $emailOld;?>">
|
||||
</td>
|
||||
<td>
|
||||
<?php echo $emailErr; ?>
|
||||
</td>
|
||||
</tr><tr>
|
||||
<td> Password: </td>
|
||||
<td>
|
||||
<input type="password" name="password" tabindex="2"
|
||||
value="<?php echo $passwordOld?>">
|
||||
</td><td>
|
||||
<?php echo $passwordErr; ?>
|
||||
</td>
|
||||
</tr></table>
|
||||
<input type="submit" tabindex="3" value="Send">
|
||||
</form>
|
||||
</article>
|
||||
|
||||
<?php
|
||||
include_once($COMMONS."/footer.php");
|
||||
?>
|
Loading…
Reference in a new issue