-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fixed header/footer issues, removed https redirect, fixed logout buttons, implemented login,
- Loading branch information
Showing
8 changed files
with
105 additions
and
119 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,16 +1,42 @@ | ||
| <?php include($root."header.php"); ?> | ||
| <?php include_once("header.php"); ?> | ||
| <div class="clearfix"> | ||
| <div class="row clearfix"> | ||
| <div class="column full"> | ||
| <div class="content"> | ||
| <!-- login form --> | ||
| <form action="" method="post"><h2>Login</h2> | ||
| <p>Username: <input type="text" name="username" id="username"><br> | ||
| Password: <input type="password" name="password" id="password"><br> | ||
| <button id="login" class="loginbtn">Log In</button></p> | ||
| <form action="indextest.php" method="post"><h2>Login</h2> | ||
| <p>Username: <input placeholder="email" type="text" name="email" id="username"><br> | ||
| Password: <input placeholder="password" type="password" name="password" id="password"><br> | ||
| <button id="login" class="loginbtn" type="submit" name="submit">Log In</button></p> | ||
| </form> | ||
| <?php | ||
| if(isset($_POST['submit'])){ // was the form submitted? | ||
| $link = mysqli_connect("localhost", "admin", "CS4320FG7", "SEFinalProject") or die ("connection Error " . mysqli_error($link)); | ||
| $sql = "SELECT salt, hash, permission_level FROM user WHERE email=?"; | ||
| if($stmt = mysqli_prepare($link, $sql)) { | ||
| $user = $_POST['email']; | ||
| $password = $_POST['password']; | ||
| mysqli_stmt_bind_param($stmt, "s", $user) or die("bind param"); | ||
| if(mysqli_stmt_execute($stmt)){ | ||
| mysqli_stmt_bind_result($stmt, $salt ,$hpass, $uType); | ||
| if(mysqli_stmt_fetch($stmt)){ | ||
| if(password_verify($salt.$password, $hpass)){ | ||
| $_SESSION["email"] = $user; | ||
| $_SESSION["permission_level"] = $uType; | ||
| //echo "<h4>Session started</h4>"; | ||
| echo "<script> window.location.assign('view.php'); </script>"; | ||
| } else { | ||
| echo "<h4>Login failed</h4><br>wrong username or password..."; | ||
| } | ||
| } | ||
|
|
||
|
|
||
| } | ||
| } | ||
| } | ||
| ?> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| <?php include($root."footer.php"); ?> | ||
| <?php include_once("footer.php"); ?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,91 +1,52 @@ | ||
| <?php include($root."header.php"); ?> | ||
|
|
||
| <!-- STUB CALLS | ||
| Sections of code in this document will include: | ||
| calls to open the connection to the database: openConnection() | ||
| display login form: login() | ||
| take user input and parse and clean it: prepare() | ||
| check it against database records: checkUser() | ||
| display successful login and redirect: success() | ||
| display unsuccessful login: fail()--> | ||
|
|
||
| <!-- | ||
| This is code that my group from 3380 used to ensure that the user was always using https instead of http. | ||
| Granted, we may not really be worried about secure transfer of data. I do remember Zach making a certificate | ||
| for the site, though. | ||
| --> | ||
| <?php | ||
| if (!isset($_SERVER['HTTP']) || !$_SERVER['HTTPS']) { // if request is not secure, redirect to secure url | ||
| $url = 'https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; | ||
| header('Location: ' . $url); | ||
| //exit; | ||
| } | ||
| error_reporting(E_ALL); | ||
| session_start(); | ||
| function goView() { | ||
| header('Location: view.php'); | ||
| } | ||
| ?> | ||
| <div class="clearfix"> | ||
| <div class="row clearfix"> | ||
| <div class="column full"> | ||
| <div class="content"> | ||
| <!-- login form --> | ||
| <form action="" method="post"><h2>Login</h2> | ||
| <!--In order to not break any styling, id is left as username--> | ||
| <p>Username: <input type="text" name="email" id="username"><br> | ||
| Password: <input type="password" name="password" id="password"><br> | ||
| <button id="login" class="loginbtn" type="submit" name="submit">Log In</button></p> | ||
| </form> | ||
| </div> | ||
| <!-- | ||
| Again, this is borrowed code from my 3380 final project. | ||
| If we want to use this, we need user.hashed_password and user.salt in our DB. | ||
| It also assumes that we're using sessions and that the variables userid and usertype exist in our session | ||
|
|
||
| --> | ||
| <?php | ||
| if(isset($_POST['submit'])) { // Was the form submitted? | ||
| //connect to DB | ||
| $link = mysqli_connect("localhost", "root", "admin", "SEFinalProject") or die ("Connection Error " . mysqli_error($link)); | ||
| //Set up statement | ||
| $sql = "SELECT `user`.`salt`, `user`.`hashed_password`, `user`.`ID`, `user`.`permission_level` FROM `user` WHERE `user`.`email`=?;"; | ||
| //if it prepares | ||
| if ($stmt = mysqli_prepare($link, $sql)) { | ||
| //set user | ||
| $email = $_POST['email']; | ||
| //bind params into sql stmt | ||
| mysqli_stmt_bind_param($stmt, "s", $email) or die("bind param"); | ||
| //if it executes | ||
| if(mysqli_stmt_execute($stmt)) { //do nothing | ||
| } else { //error message | ||
| echo "<h4>Failed connecting to the database</h4>"; | ||
| } | ||
| //set result | ||
| $result = mysqli_stmt_get_result($stmt); | ||
| //get info out of result | ||
| $row = mysqli_fetch_array($result, MYSQLI_NUM); | ||
| //set salt and hpass | ||
| $salt = $row[0]; | ||
| $hpass = $row[1]; | ||
| $userid = $row[2]; | ||
| $usertype = $row[3]; | ||
| //if password is correct | ||
| if(password_verify($salt.$_POST['password'], $hpass)) { | ||
| echo "<h2>Login Sucessfull!</h2>"; | ||
| // Use session variables | ||
| $_SESSION['userid'] = $userid; | ||
| $_SESSION['permission_level'] = $usertype; | ||
| //goIndex(); //TODO determine function name to send to next page. | ||
| } | ||
| else | ||
| echo "<h2>Login Failed!</h2>"; | ||
| } else { //if it fails to prepare | ||
| die("prepare failed"); | ||
| } | ||
| } | ||
| ?> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| <?php include($root."footer.php"); ?> | ||
| <?php require_once('header.php'); ?> | ||
|
|
||
|
|
||
| <div class="clearfix"> | ||
| <div class="row clearfix"> | ||
| <div class="column full"> | ||
| <div class="content"> | ||
| <!-- login form --> | ||
| <form action="testlogin.php" method="post"><h2>Login</h2> | ||
| <!--In order to not break any styling, id is left as username--> | ||
| <p><input placeholder="email" type="text" name="email" id="username"><br> | ||
| <input placeholder="password" type="password" name="password" id="password"><br> | ||
|
|
||
| <button id="login" class="loginbtn" type="submit" name="submit">Log In</button></p> | ||
| </form> | ||
| </div> | ||
| <!-- | ||
|
|
||
|
|
||
| --> | ||
| <?php | ||
| if(isset($_POST['submit'])){ // was the form submitted? | ||
| $link = mysqli_connect("localhost", "admin", "CS4320FG7", "SEFinalProject") or die ("connection Error " . mysqli_error($link)); | ||
| $sql = "SELECT salt, hash, permission_level FROM user WHERE email=?"; | ||
| if($stmt = mysqli_prepare($link, $sql)) { | ||
| $user = $_POST['email']; | ||
| $password = $_POST['password']; | ||
| mysqli_stmt_bind_param($stmt, "s", $user) or die("bind param"); | ||
| if(mysqli_stmt_execute($stmt)){ | ||
| mysqli_stmt_bind_result($stmt, $salt ,$hpass, $uType); | ||
| if(mysqli_stmt_fetch($stmt)){ | ||
| if(password_verify($salt.$password, $hpass)){ | ||
| $_SESSION["email"] = $user; | ||
| $_SESSION["permission_level"] = $uType; | ||
| //echo "<h4>Session started</h4>"; | ||
| echo "<script> window.location.assign('view.php'); </script>"; | ||
| } else { | ||
| echo "<h4>Login failed</h4><br>wrong username or password..."; | ||
| } | ||
| } | ||
|
|
||
|
|
||
| } | ||
| } | ||
| } | ||
| ?> | ||
|
|
||
| </div> | ||
| </div> | ||
| </div> | ||
| <br> | ||
| <?php require_once('footer.php'); ?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters