aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorarf20 <aruizfernandez05@gmail.com>2024-03-15 04:04:16 +0100
committerarf20 <aruizfernandez05@gmail.com>2024-03-15 04:04:16 +0100
commit8bca2f7e966883cd1e73bf8df384a0aa21a271ba (patch)
tree2393a6793fc7d5f2b81ec162efc39ba829c4cee8
downloadarfnet2-cstims-8bca2f7e966883cd1e73bf8df384a0aa21a271ba.tar.gz
arfnet2-cstims-8bca2f7e966883cd1e73bf8df384a0aa21a271ba.zip
Initial commit
-rw-r--r--.gitignore1
-rw-r--r--README.md2
-rw-r--r--config.php.example17
-rw-r--r--dbinit.sql2
-rwxr-xr-xlogin.php130
-rwxr-xr-xlogout.php14
-rwxr-xr-xregister.php139
7 files changed, 305 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4f4773f
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+config.php
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ce1811d
--- /dev/null
+++ b/README.md
@@ -0,0 +1,2 @@
+# arfnet2-cst
+ARFNET2 Customer, Service manager and Ticketing system
diff --git a/config.php.example b/config.php.example
new file mode 100644
index 0000000..5057641
--- /dev/null
+++ b/config.php.example
@@ -0,0 +1,17 @@
+<?php
+// Example config.php
+/* Database credentials. Assuming you are running MySQL
+server with default setting (user 'root' with no password) */
+define('DB_SERVER', 'hostname');
+define('DB_USERNAME', 'username');
+define('DB_PASSWORD', 'password');
+define('DB_NAME', 'dbname');
+
+/* Attempt to connect to MySQL database */
+$link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);
+
+// Check connection
+if($link === false){
+ die("ERROR: Could not connect. " . mysqli_connect_error());
+}
+?>
diff --git a/dbinit.sql b/dbinit.sql
new file mode 100644
index 0000000..271eb2b
--- /dev/null
+++ b/dbinit.sql
@@ -0,0 +1,2 @@
+CREATE DATABASE arfnet2;
+
diff --git a/login.php b/login.php
new file mode 100755
index 0000000..c26b2e7
--- /dev/null
+++ b/login.php
@@ -0,0 +1,130 @@
+<?php
+// Initialize the session
+session_start();
+
+// Check if the user is already logged in, if yes then redirect him to welcome page
+if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
+ header("location: welcome.php");
+ exit;
+}
+
+// Include config file
+require_once "config.php";
+
+// Define variables and initialize with empty values
+$username = $password = "";
+$username_err = $password_err = "";
+
+// Processing form data when form is submitted
+if($_SERVER["REQUEST_METHOD"] == "POST"){
+ // Validate username
+ if(empty(trim($_POST["username"]))){
+ $username_err = "Please enter username.";
+ } else{
+ if (preg_match("[a-zA-Z0-9_]+", $_POST["username"]) == 1) {
+ $username_err = "Invalid username.";
+ }
+ else {
+ $username = trim($_POST["username"]);
+ }
+ }
+
+ // Validated password
+ if(empty(trim($_POST["password"]))){
+ $password_err = "Please enter your password.";
+ } else{
+ if (preg_match("[a-zA-Z0-9_]+", $_POST["password"]) == 1) {
+ $username_err = "Invalid password.";
+ }
+ else {
+ $password = trim($_POST["password"]);
+ }
+ }
+
+ // Validate credentials
+ if(empty($username_err) && empty($password_err)){
+ // Prepare a select statement
+ $sql = "SELECT id, username, password FROM users WHERE username = ?";
+
+ if($stmt = mysqli_prepare($link, $sql)){
+ // Bind variables to the prepared statement as parameters
+ mysqli_stmt_bind_param($stmt, "s", $param_username);
+
+ // Set parameters
+ $param_username = $username;
+
+ // Attempt to execute the prepared statement
+ if(mysqli_stmt_execute($stmt)){
+ // Store result
+ mysqli_stmt_store_result($stmt);
+
+ // Check if username exists, if yes then verify password
+ if(mysqli_stmt_num_rows($stmt) == 1){
+ // Bind result variables
+ mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);
+ if(mysqli_stmt_fetch($stmt)){
+ if(password_verify($password, $hashed_password)){
+ // Password is correct, so start a new session
+ session_start();
+
+ // Store data in session variables
+ $_SESSION["loggedin"] = true;
+ $_SESSION["id"] = $id;
+ $_SESSION["username"] = $username;
+
+ // Redirect user to welcome page
+ header("location: welcome.php");
+ } else{
+ // Display an error message if password is not valid
+ $password_err = "The password you entered was not valid.";
+ }
+ }
+ } else{
+ // Display an error message if username doesn't exist
+ $username_err = "No account found with that username.";
+ }
+ } else{
+ echo "Oops! Something went wrong. Please try again later.";
+ }
+
+ // Close statement
+ mysqli_stmt_close($stmt);
+ }
+ }
+
+ // Close connection
+ mysqli_close($link);
+}
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8">
+ <title>Login</title>
+ <link rel="stylesheet" type="text/css" href="arfCloud.css">
+ <link rel="stylesheet" type="text/css" href="/style.css">
+</head>
+<body>
+ <div class="wrapper">
+ <h2>arfCloud Login</h2>
+ <p>For those who don't want their data sold by Google</p>
+ <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
+ <div class="form-group row <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
+ <div class="column"><label>Username</label></div>
+ <div class="column"><input type="text" name="username" class="form-control" pattern="[a-zA-Z0-9_]+" value="<?php echo $username; ?>"></div>
+ <span class="help-block"><?php echo $username_err; ?></span>
+ </div>
+ <div class="form-group row <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
+ <div class="column"><label>Password</label></div>
+ <div class="column"><input type="password" name="password" pattern="[a-zA-Z0-9_]+" class="form-control"></div>
+ <span class="help-block"><?php echo $password_err; ?></span>
+ </div>
+ <div class="form-group">
+ <input type="submit" class="btn btn-primary" value="Login">
+ </div>
+ <p>Don't have an account? <a href="register.php">Sign up now</a>.</p>
+ </form>
+ </div>
+</body>
+</html>
diff --git a/logout.php b/logout.php
new file mode 100755
index 0000000..d2ae1dd
--- /dev/null
+++ b/logout.php
@@ -0,0 +1,14 @@
+<?php
+// Initialize the session
+session_start();
+
+// Unset all of the session variables
+$_SESSION = array();
+
+// Destroy the session.
+session_destroy();
+
+// Redirect to login page
+header("location: login.php");
+exit;
+?> \ No newline at end of file
diff --git a/register.php b/register.php
new file mode 100755
index 0000000..d7265b7
--- /dev/null
+++ b/register.php
@@ -0,0 +1,139 @@
+<?php
+// Include config file
+require_once "config.php";
+
+// Define variables and initialize with empty values
+$username = $password = $confirm_password = "";
+$username_err = $password_err = $confirm_password_err = "";
+
+// Processing form data when form is submitted
+if ($_SERVER["REQUEST_METHOD"] == "POST"){
+ // Validate username
+ if (empty($_POST["username"]))
+ $username_err = "Enter a username.";
+ else if (preg_match("[a-zA-Z0-9_]+", $_POST["username"]) != false)
+ $username_err = "Invalid username.";
+ else {
+ // Prepare a select statement
+ $sql = "SELECT id FROM users WHERE username = ?";
+
+ if ($stmt = mysqli_prepare($link, $sql)){
+ // Bind variables to the prepared statement as parameters
+ mysqli_stmt_bind_param($stmt, "s", $param_username);
+
+ // Set parameters
+ $param_username = trim($_POST["username"]);
+
+ // Attempt to execute the prepared statement
+ if(mysqli_stmt_execute($stmt)){
+ // store result
+ mysqli_stmt_store_result($stmt);
+
+ if(mysqli_stmt_num_rows($stmt) == 1){
+ $username_err = "This username is already taken.";
+ } else{
+ $username = trim($_POST["username"]);
+ }
+ } else{
+ echo "SQL failed. Idk, ask arf20.";
+ }
+
+ // Close statement
+ mysqli_stmt_close($stmt);
+ }
+ }
+
+ // Validate email
+ if (empty($_POST["email"]))
+ $username_err = "Enter a username.";
+ else if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL))
+ $username_err = "Invalid username.";
+
+ // Validate password
+ if (empty($_POST["password"]))
+ $password_err = "Enter a password.";
+ else if (length($_POST["password"]) < 8)
+ $password_err = "Password must have at least 8 characters.";
+ else if (preg_match("[a-zA-Z0-9!@^*$%&)(=+çñÇ[]{}-.,_:;]+", $_POST["password"]) != false)
+ $password_err = "Password must be in the format [a-zA-Z0-9!@^*$%&)(=+çñÇ[]{}-.,_:;].";
+ else
+ $password = $_POST["password"];
+
+ // Validate confirm password
+ if (empty($password_err) && ($password != $_POST["confirm_password"])) {
+ $confirm_password_err = "Password did not match.";
+ }
+
+ // Check input errors before inserting in database
+ if (empty($username_err) && empty($password_err) && empty($confirm_password_err)) {
+ // Prepare an insert statement
+ $sql = "INSERT INTO users (username, password) VALUES (?, ?)";
+
+ if ($stmt = mysqli_prepare($link, $sql)){
+ // Bind variables to the prepared statement as parameters
+ mysqli_stmt_bind_param($stmt, "ss", $param_username, $param_password);
+
+ // Set parameters
+ $param_username = $username;
+ $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash
+
+ // Attempt to execute the prepared statement
+ if (mysqli_stmt_execute($stmt)){
+ // Redirect to login page
+ header("location: login.php");
+ } else {
+ echo "SQL failed. Idk ask arf20.";
+ }
+
+ // Close statement
+ mysqli_stmt_close($stmt);
+ }
+ }
+
+ // Close connection
+ mysqli_close($link);
+}
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="UTF-8">
+ <title>Register</title>
+ <link rel="stylesheet" type="text/css" href="arfCloud.css">
+ <link rel="stylesheet" type="text/css" href="/style.css">
+ </head>
+ <body>
+ <div class="wrapper">
+ <h2>ARFNET2 Register</h2>
+ <p>For those who don't want their data sold</p>
+ <form action="register.php" method="post">
+ <div class="form-group row <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
+ <div class="column"><label>Username</label></div>
+ <div class="column"><input type="text" name="username" class="form-control" pattern="[a-zA-Z0-9_]+" value="<?php echo $username; ?>"></div>
+ <span class="help-block"><?php echo $username_err; ?></span>
+ </div>
+ <div class="form-group row <?php echo (!empty($mail_err)) ? 'has-error' : ''; ?>">
+ <div class="column"><label>Email address</label></div>
+ <div class="column"><input type="email" name="email" class="form-control" value="<?php echo $email; ?>"></div>
+ <span class="help-block"><?php echo $email_err; ?></span>
+ </div>
+ <div class="form-group row <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
+ <div class="column"><label>Password</label></div>
+ <div class="column"><input type="password" name="password" class="form-control" pattern="[a-zA-Z0-9!@^*$%&)(=+çñÇ[]{}-.,_:;]+" value="<?php echo $password; ?>"></div>
+ <span class="help-block"><?php echo $password_err; ?></span>
+ </div>
+ <div class="form-group row <?php echo (!empty($confirm_password_err)) ? 'has-error' : ''; ?>">
+ <div class="column"><label>Confirm Password</label></div>
+ <div class="column"><input type="password" name="confirm_password" class="form-control" pattern="[a-zA-Z0-9!@^*$%&)(=+çñÇ[]{}-.,_:;]+" value="<?php echo $confirm_password; ?>"></div>
+ <span class="help-block"><?php echo $confirm_password_err; ?></span>
+ </div>
+ <div class="form-group">
+ <input type="submit" class="btn btn-primary" value="Submit">
+ <input type="reset" class="btn btn-default" value="Reset">
+ </div>
+ <p><a href="login.php">Login</a>.</p>
+ </form>
+ </div>
+ </body>
+</html>