Kilian/PHP-Course
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Login/Register/confirm and new comment feature

Browse Source
This commit is contained in:
Kilian Hofmann
2024-06-21 12:47:08 +02:00
parent 70da3e66fd
commit 5f573a468f
15 changed files with 516 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tasks/guestBookDB/actions/login.php
+74
View File
@@ -0,0 +1,74 @@
<?php
include_once "../../../base/settings.php";
include_once "../../../base/headers.php";
include_once "../../../base/database.php";
include_once "../queries.php";
session_name("PHP_SESSION_guestBook");
session_start();
if (isset($_SESSION["user"])) {
Headers::redirect("../");
return;
}
$_SESSION["error"] = [];
unset($_SESSION["user"]);
if (!isset($_POST["username"])) {
array_push($_SESSION["error"], "username was not among the data sent.");
}
if (!isset($_POST["password"])) {
array_push($_SESSION["error"], "password was not among the data sent.");
}
$username = trim($_POST["username"]);
$password = trim($_POST["password"]);
if ($username === "") {
array_push($_SESSION["error"], "The username was empty.");
}
if ($password === "") {
array_push($_SESSION["error"], "The password was empty.");
}
if (count($_SESSION["error"]) > 0) {
Headers::redirect("../login");
return;
}
$db = DB::openConnection();
$stmt = $db->prepare($loginQuery);
$stmt->bindValue(":USR", $username);
$stmt->execute();
$user = $stmt->fetch();
if ($user) {
if (password_verify($password, $user["passwort"])) {
$_SESSION["user"] = $user;
// REHASH for safety should it somehow change
if (password_needs_rehash($user["passwort"], PASSWORD_DEFAULT)) {
$newHash = password_hash($password, PASSWORD_DEFAULT);
$stmt = $db->prepare($updatePasswordQuery);
$stmt->bindValue(":PAS", $newHash);
$stmt->bindValue(":UID", $user["id"]);
$stmt->execute();
}
unset($_SESSION["user"]["passwort"]);
unset($_SESSION["user"]["confirmationcode"]);
} else {
array_push($_SESSION["error"], "Username or Password incorrect.");
}
} else {
array_push($_SESSION["error"], "Username or Password incorrect.");
}
DB::closeConnection($db);
if (count($_SESSION["error"]) > 0) {
Headers::redirect("../login");
return;
}
Headers::redirect("../");