added register, login and logout functions, also added new database

Author: RichardHpaYoobee

auth/login.php

@@ -1,5 +1,31 @@
 <?php
     require '../templates/header.php';
+
+    if($_POST){
+        extract($_POST);
+        $errors = array();
+
+        // validation
+
+        if(empty($errors)){
+            $sql = "SELECT * FROM `users` WHERE username = '$username'";
+            $result = mysqli_query($dbc, $sql);
+            if($result && mysqli_affected_rows($dbc) > 0){
+                $user = mysqli_fetch_array($result, MYSQLI_ASSOC);
+                if(password_verify($password, $user['password'])){
+                    $_SESSION['valid'] = true;
+                    $_SESSION['timeout'] = time();
+                    $_SESSION['username'] = $user['username'];
+                    header("Location:../index.php");
+                } else {
+                    array_push($errors, "Incorrect username or password");
+                }
+            } else {
+                array_push($errors, "Sorry there is no username matching that request");
+            }
+
+        }
+    }
  ?>
 
  <div class="container py-5">

auth/logout.php

@@ -0,0 +1,9 @@
+<?php
+
+    require '../templates/header.php';
+
+    unset($_SESSION['valid']);
+    unset($_SESSION['timeout']);
+    unset($_SESSION['username']);
+
+    header("Location: ../index.php");

auth/register.php

@@ -1,5 +1,40 @@
 <?php
     require '../templates/header.php';
+
+    if($_POST){
+        extract($_POST);
+        $errors = array();
+
+        //validation
+        //We need to write an sql query to check to see if the username Email are already there
+
+        if(empty($errors)){
+            $name = mysqli_real_escape_string($dbc, $name);
+            $username = mysqli_real_escape_string($dbc, $username);
+            $email = mysqli_real_escape_string($dbc, $email);
+
+            $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
+
+            $sql = "INSERT INTO `users` VALUES (NULL, '$name', '$username', '$email', '$hashedPassword')";
+            $result = mysqli_query($dbc, $sql);
+            if($result && mysqli_affected_rows($dbc) > 0){
+                header("Location: ../index.php");
+            } else {
+                array_push($errors, 'Something went wrong, Cannot register user at this time');
+            }
+
+        }
+
+
+
+    }
+
+
+
+
+
+
+
  ?>
 
  <div class="container py-5">

library.sql

@@ -3,8 +3,8 @@
 -- http://www.phpmyadmin.net
 --
 -- Host: localhost
--- Generation Time: Oct 19, 2018 at 10:36 AM
--- Server version: 5.7.23-0ubuntu0.16.04.1
+-- Generation Time: Nov 02, 2018 at 11:58 AM
+-- Server version: 5.7.24-0ubuntu0.16.04.1
 -- PHP Version: 7.2.3-1+ubuntu16.04.1+deb.sury.org+1
 
 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
@@ -36,7 +36,8 @@ CREATE TABLE `authors` (
 --
 
 INSERT INTO `authors` (`id`, `author_name`) VALUES
-(1, 'J. K. Rowling');
+(1, 'J. K. Rowling'),
+(3, 'Suzanne Collins');
 
 -- --------------------------------------------------------
 
@@ -52,6 +53,27 @@ CREATE TABLE `books` (
   `image_name` varchar(20) NOT NULL DEFAULT 'bookDefault.jpg'
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
+--
+-- Dumping data for table `books`
+--
+
+INSERT INTO `books` (`id`, `book_name`, `author_id`, `description`, `image_name`) VALUES
+(20, 'Harry Potter and the Philosopher\'s Stone', 1, 'Harry Potter has been living an ordinary life, constantly abused by his surly and cold aunt and uncle, Vernon and Petunia Dursley and bullied by their spoiled son Dudley since the death of his parents ten years prior. His life changes on the day of his eleventh birthday when he receives a letter of acceptance into a Hogwarts School of Witchcraft and Wizardry, delivered by a half-giant named Rubeus Hagrid after previous letters had been destroyed by Harry’s Uncle Vernon and his Aunt Petunia. Hagrid explains Harry\'s hidden past as the wizard son of James and Lily Potter, who were a wizard and witch respectively, and how they were murdered by the most evil and powerful dark wizard of all time, Lord Voldemort, which resulted in the one-year-old Harry being sent to live with his aunt and uncle. The strangest bit of the murder was how Voldemort was unable to kill him, but instead had his own powers removed and blasted away, sparking Harry\'s immense fame among the magical community.', '5bc903fa6e202.jpg');
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `users`
+--
+
+CREATE TABLE `users` (
+  `id` tinyint(3) UNSIGNED NOT NULL,
+  `name` varchar(100) NOT NULL,
+  `username` varchar(100) NOT NULL,
+  `email` varchar(100) NOT NULL,
+  `password` varchar(100) NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
 --
 -- Indexes for dumped tables
 --
@@ -70,6 +92,14 @@ ALTER TABLE `books`
   ADD UNIQUE KEY `image_name` (`image_name`),
   ADD KEY `author_id` (`author_id`);
 
+--
+-- Indexes for table `users`
+--
+ALTER TABLE `users`
+  ADD PRIMARY KEY (`id`),
+  ADD UNIQUE KEY `username` (`username`),
+  ADD UNIQUE KEY `email` (`email`);
+
 --
 -- AUTO_INCREMENT for dumped tables
 --
@@ -78,12 +108,17 @@ ALTER TABLE `books`
 -- AUTO_INCREMENT for table `authors`
 --
 ALTER TABLE `authors`
-  MODIFY `id` tinyint(6) UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=2;
+  MODIFY `id` tinyint(6) UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=4;
 --
 -- AUTO_INCREMENT for table `books`
 --
 ALTER TABLE `books`
-  MODIFY `id` tinyint(6) UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=18;
+  MODIFY `id` tinyint(6) UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=21;
+--
+-- AUTO_INCREMENT for table `users`
+--
+ALTER TABLE `users`
+  MODIFY `id` tinyint(3) UNSIGNED NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=2;
 --
 -- Constraints for dumped tables
 --

templates/connection.php

@@ -10,4 +10,6 @@
         die("ERROR, connection couldn't be made, Please check your enviroment files and include the right host, username, password and table.");
     }
 
+    ob_start();
+    session_start();
  ?>

templates/header.php

@@ -37,12 +37,21 @@
                     <div class="col-6 text-center">
                         <a class="blog-header-logo text-light" href="./">Yoobee School of Design Library</a>
                     </div>
-                    <div class="col-3 d-flex justify-content-end align-items-center">
-                        <a class="text-light" href="#">
-                            <i class="fas fa-search mx-3"></i>
-                        </a>
-                        <a class="btn btn-sm btn-outline-light" href="./auth/login.php">Sign up</a>
-                    </div>
+
+                        <div class="col-3 d-flex justify-content-end align-items-center">
+                            <a class="text-light" href="#">
+                                <i class="fas fa-search mx-3"></i>
+                            </a>
+                            <?php if(isset($_SESSION['valid'])): ?>
+                                <a class="btn btn-sm btn-outline-light" href="./"><?= $_SESSION['username'];  ?></a>
+                                <a class="btn btn-sm btn-outline-light" href="./auth/logout.php">Logout</a>
+                            <?php else: ?>
+                                <a class="btn btn-sm btn-outline-light" href="./auth/login.php">Sign up</a>
+                            <?php endif; ?>
+                        </div>
+
+
+
                 </div>
             </div>
         </header>