Login/Register/confirm and new comment feature
This commit is contained in:
@@ -1,31 +1,25 @@
|
||||
<?php
|
||||
include_once "../../../base/settings.php";
|
||||
include_once "../../../base/headers.php";
|
||||
include_once "../../../base/database.php";
|
||||
include_once "../queries.php";
|
||||
|
||||
session_name("PHP_SESSION_guestBook");
|
||||
session_start();
|
||||
$user = $_SESSION["user"] ?? null;
|
||||
$_SESSION["error"] = [];
|
||||
|
||||
if (!isset($_POST["title"])) {
|
||||
array_push($_SESSION["error"], "Title was not among the data sent.");
|
||||
}
|
||||
if (!isset($_POST["name"])) {
|
||||
array_push($_SESSION["error"], "Name was not among the data sent.");
|
||||
if (!isset($user)) {
|
||||
Headers::redirect("../login");
|
||||
return;
|
||||
}
|
||||
|
||||
if (!isset($_POST["comment"])) {
|
||||
array_push($_SESSION["error"], "Comment was not among the data sent.");
|
||||
}
|
||||
|
||||
$title = trim($_POST["title"]);
|
||||
$name = trim($_POST["name"]);
|
||||
$comment = substr(trim($_POST["comment"]), 0, 250);
|
||||
$time = time();
|
||||
|
||||
if ($title === "") {
|
||||
array_push($_SESSION["error"], "The title was empty.");
|
||||
}
|
||||
if ($name === "") {
|
||||
array_push($_SESSION["error"], "The name was empty.");
|
||||
}
|
||||
if ($comment === "") {
|
||||
array_push($_SESSION["error"], "The comment was empty.");
|
||||
}
|
||||
@@ -35,11 +29,13 @@ if (count($_SESSION["error"]) > 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
$string = file_get_contents("../data/data.json") ?? "[]";
|
||||
$json = json_decode($string);
|
||||
$db = DB::openConnection();
|
||||
|
||||
array_push($json, ["time" => $time, "title" => $title, "name" => $name, "comment" => $comment]);
|
||||
$stmt = $db->prepare($insertCommentQuery);
|
||||
$stmt->bindValue(":UID", $user["id"]);
|
||||
$stmt->bindValue(":COM", $comment);
|
||||
$stmt->execute();
|
||||
|
||||
file_put_contents("../data/data.json", json_encode($json));
|
||||
DB::closeConnection($db);
|
||||
|
||||
Headers::redirect("../");
|
||||
|
||||
@@ -0,0 +1,74 @@
|
||||
<?php
|
||||
include_once "../../../base/settings.php";
|
||||
include_once "../../../base/headers.php";
|
||||
include_once "../../../base/database.php";
|
||||
include_once "../queries.php";
|
||||
|
||||
session_name("PHP_SESSION_guestBook");
|
||||
session_start();
|
||||
|
||||
if (isset($_SESSION["user"])) {
|
||||
Headers::redirect("../");
|
||||
return;
|
||||
}
|
||||
|
||||
$_SESSION["error"] = [];
|
||||
unset($_SESSION["user"]);
|
||||
|
||||
if (!isset($_POST["username"])) {
|
||||
array_push($_SESSION["error"], "username was not among the data sent.");
|
||||
}
|
||||
if (!isset($_POST["password"])) {
|
||||
array_push($_SESSION["error"], "password was not among the data sent.");
|
||||
}
|
||||
|
||||
$username = trim($_POST["username"]);
|
||||
$password = trim($_POST["password"]);
|
||||
|
||||
if ($username === "") {
|
||||
array_push($_SESSION["error"], "The username was empty.");
|
||||
}
|
||||
if ($password === "") {
|
||||
array_push($_SESSION["error"], "The password was empty.");
|
||||
}
|
||||
|
||||
if (count($_SESSION["error"]) > 0) {
|
||||
Headers::redirect("../login");
|
||||
return;
|
||||
}
|
||||
|
||||
$db = DB::openConnection();
|
||||
|
||||
$stmt = $db->prepare($loginQuery);
|
||||
$stmt->bindValue(":USR", $username);
|
||||
$stmt->execute();
|
||||
$user = $stmt->fetch();
|
||||
|
||||
if ($user) {
|
||||
if (password_verify($password, $user["passwort"])) {
|
||||
$_SESSION["user"] = $user;
|
||||
// REHASH for safety should it somehow change
|
||||
if (password_needs_rehash($user["passwort"], PASSWORD_DEFAULT)) {
|
||||
$newHash = password_hash($password, PASSWORD_DEFAULT);
|
||||
$stmt = $db->prepare($updatePasswordQuery);
|
||||
$stmt->bindValue(":PAS", $newHash);
|
||||
$stmt->bindValue(":UID", $user["id"]);
|
||||
$stmt->execute();
|
||||
}
|
||||
unset($_SESSION["user"]["passwort"]);
|
||||
unset($_SESSION["user"]["confirmationcode"]);
|
||||
} else {
|
||||
array_push($_SESSION["error"], "Username or Password incorrect.");
|
||||
}
|
||||
} else {
|
||||
array_push($_SESSION["error"], "Username or Password incorrect.");
|
||||
}
|
||||
|
||||
DB::closeConnection($db);
|
||||
|
||||
if (count($_SESSION["error"]) > 0) {
|
||||
Headers::redirect("../login");
|
||||
return;
|
||||
}
|
||||
|
||||
Headers::redirect("../");
|
||||
@@ -0,0 +1,24 @@
|
||||
<?php
|
||||
include_once "../../../base/headers.php";
|
||||
|
||||
session_name("PHP_SESSION_guestBook");
|
||||
session_start();
|
||||
|
||||
$_SESSION = array();
|
||||
|
||||
if (ini_get("session.use_cookies")) {
|
||||
$params = session_get_cookie_params();
|
||||
setcookie(
|
||||
session_name(),
|
||||
'',
|
||||
time() - 42000,
|
||||
$params["path"],
|
||||
$params["domain"],
|
||||
$params["secure"],
|
||||
$params["httponly"]
|
||||
);
|
||||
}
|
||||
|
||||
session_destroy();
|
||||
|
||||
Headers::redirect("../");
|
||||
@@ -0,0 +1,87 @@
|
||||
<?php
|
||||
include_once "../../../base/settings.php";
|
||||
include_once "../../../base/headers.php";
|
||||
include_once "../../../base/database.php";
|
||||
include_once "../../../base/helpers.php";
|
||||
include_once "../queries.php";
|
||||
|
||||
session_name("PHP_SESSION_guestBook");
|
||||
session_start();
|
||||
|
||||
if (isset($_SESSION["user"])) {
|
||||
Headers::redirect("../");
|
||||
return;
|
||||
}
|
||||
|
||||
$_SESSION["error"] = [];
|
||||
$_SESSION["message"] = [];
|
||||
unset($_SESSION["user"]);
|
||||
|
||||
if (!isset($_POST["username"])) {
|
||||
array_push($_SESSION["error"], "username was not among the data sent.");
|
||||
}
|
||||
if (!isset($_POST["email"])) {
|
||||
array_push($_SESSION["error"], "email was not among the data sent.");
|
||||
}
|
||||
if (!isset($_POST["password"])) {
|
||||
array_push($_SESSION["error"], "password was not among the data sent.");
|
||||
}
|
||||
if (!isset($_POST["passwordConfirm"])) {
|
||||
array_push($_SESSION["error"], "passwordConfirm was not among the data sent.");
|
||||
}
|
||||
|
||||
$username = trim($_POST["username"]);
|
||||
$email = trim($_POST["email"]);
|
||||
$password = trim($_POST["password"]);
|
||||
$passwordConfirm = trim($_POST["passwordConfirm"]);
|
||||
|
||||
if ($username === "") {
|
||||
array_push($_SESSION["error"], "The username was empty.");
|
||||
}
|
||||
if ($email === "") {
|
||||
array_push($_SESSION["error"], "The email was empty.");
|
||||
}
|
||||
if ($password === "") {
|
||||
array_push($_SESSION["error"], "The password was empty.");
|
||||
}
|
||||
if ($passwordConfirm === "" || $password !== $passwordConfirm) {
|
||||
array_push($_SESSION["error"], "The passwords do not match.");
|
||||
}
|
||||
|
||||
if (count($_SESSION["error"]) > 0) {
|
||||
Headers::redirect("../register");
|
||||
return;
|
||||
}
|
||||
|
||||
$db = DB::openConnection();
|
||||
|
||||
try {
|
||||
$guid = guidv4();
|
||||
|
||||
$stmt = $db->prepare($insertUserQuery);
|
||||
$stmt->bindValue(":USR", $username);
|
||||
$stmt->bindValue(":PAS", password_hash($password, PASSWORD_DEFAULT));
|
||||
$stmt->bindValue(":EMA", $email);
|
||||
$stmt->bindValue(":COD", $guid);
|
||||
$stmt->execute();
|
||||
|
||||
mail(
|
||||
$email,
|
||||
"Account activation GuestBookDB",
|
||||
"Hello $username. To activate your account, visit https://userpage.fu-berlin.de/khofmann/phpCourse/tasks/guestBookDB/confirm?c=$guid"
|
||||
);
|
||||
|
||||
array_push($_SESSION["message"], "Please confirm your account using the mail we sent you.");
|
||||
} catch (PDOException $e) {
|
||||
if ($e->getCode() === "23000") {
|
||||
array_push($_SESSION["error"], "A user with this username or email already exists");
|
||||
} else {
|
||||
array_push($_SESSION["error"], "SQL Error: {$e->getMessage()}");
|
||||
}
|
||||
Headers::redirect("../register");
|
||||
return;
|
||||
}
|
||||
|
||||
DB::closeConnection($db);
|
||||
|
||||
Headers::redirect("../login");
|
||||
Reference in New Issue
Block a user