diff options
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | config.php.example | 17 | ||||
-rw-r--r-- | dbinit.sql | 2 | ||||
-rwxr-xr-x | login.php | 130 | ||||
-rwxr-xr-x | logout.php | 14 | ||||
-rwxr-xr-x | register.php | 139 |
7 files changed, 305 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4f4773f --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +config.php diff --git a/README.md b/README.md new file mode 100644 index 0000000..ce1811d --- /dev/null +++ b/README.md @@ -0,0 +1,2 @@ +# arfnet2-cst +ARFNET2 Customer, Service manager and Ticketing system diff --git a/config.php.example b/config.php.example new file mode 100644 index 0000000..5057641 --- /dev/null +++ b/config.php.example @@ -0,0 +1,17 @@ +<?php +// Example config.php +/* Database credentials. Assuming you are running MySQL +server with default setting (user 'root' with no password) */ +define('DB_SERVER', 'hostname'); +define('DB_USERNAME', 'username'); +define('DB_PASSWORD', 'password'); +define('DB_NAME', 'dbname'); + +/* Attempt to connect to MySQL database */ +$link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME); + +// Check connection +if($link === false){ + die("ERROR: Could not connect. " . mysqli_connect_error()); +} +?> diff --git a/dbinit.sql b/dbinit.sql new file mode 100644 index 0000000..271eb2b --- /dev/null +++ b/dbinit.sql @@ -0,0 +1,2 @@ +CREATE DATABASE arfnet2; + diff --git a/login.php b/login.php new file mode 100755 index 0000000..c26b2e7 --- /dev/null +++ b/login.php @@ -0,0 +1,130 @@ +<?php
+// Initialize the session
+session_start();
+
+// Check if the user is already logged in, if yes then redirect him to welcome page
+if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
+ header("location: welcome.php");
+ exit;
+}
+
+// Include config file
+require_once "config.php";
+
+// Define variables and initialize with empty values
+$username = $password = "";
+$username_err = $password_err = "";
+
+// Processing form data when form is submitted
+if($_SERVER["REQUEST_METHOD"] == "POST"){
+ // Validate username
+ if(empty(trim($_POST["username"]))){
+ $username_err = "Please enter username.";
+ } else{
+ if (preg_match("[a-zA-Z0-9_]+", $_POST["username"]) == 1) {
+ $username_err = "Invalid username.";
+ }
+ else {
+ $username = trim($_POST["username"]);
+ }
+ }
+
+ // Validated password
+ if(empty(trim($_POST["password"]))){
+ $password_err = "Please enter your password.";
+ } else{
+ if (preg_match("[a-zA-Z0-9_]+", $_POST["password"]) == 1) {
+ $username_err = "Invalid password.";
+ }
+ else {
+ $password = trim($_POST["password"]);
+ }
+ }
+
+ // Validate credentials
+ if(empty($username_err) && empty($password_err)){
+ // Prepare a select statement
+ $sql = "SELECT id, username, password FROM users WHERE username = ?";
+
+ if($stmt = mysqli_prepare($link, $sql)){
+ // Bind variables to the prepared statement as parameters
+ mysqli_stmt_bind_param($stmt, "s", $param_username);
+
+ // Set parameters
+ $param_username = $username;
+
+ // Attempt to execute the prepared statement
+ if(mysqli_stmt_execute($stmt)){
+ // Store result
+ mysqli_stmt_store_result($stmt);
+
+ // Check if username exists, if yes then verify password
+ if(mysqli_stmt_num_rows($stmt) == 1){
+ // Bind result variables
+ mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);
+ if(mysqli_stmt_fetch($stmt)){
+ if(password_verify($password, $hashed_password)){
+ // Password is correct, so start a new session
+ session_start();
+
+ // Store data in session variables
+ $_SESSION["loggedin"] = true;
+ $_SESSION["id"] = $id;
+ $_SESSION["username"] = $username;
+
+ // Redirect user to welcome page
+ header("location: welcome.php");
+ } else{
+ // Display an error message if password is not valid
+ $password_err = "The password you entered was not valid.";
+ }
+ }
+ } else{
+ // Display an error message if username doesn't exist
+ $username_err = "No account found with that username.";
+ }
+ } else{
+ echo "Oops! Something went wrong. Please try again later.";
+ }
+
+ // Close statement
+ mysqli_stmt_close($stmt);
+ }
+ }
+
+ // Close connection
+ mysqli_close($link);
+}
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8">
+ <title>Login</title>
+ <link rel="stylesheet" type="text/css" href="arfCloud.css">
+ <link rel="stylesheet" type="text/css" href="/style.css">
+</head>
+<body>
+ <div class="wrapper">
+ <h2>arfCloud Login</h2>
+ <p>For those who don't want their data sold by Google</p>
+ <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
+ <div class="form-group row <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
+ <div class="column"><label>Username</label></div>
+ <div class="column"><input type="text" name="username" class="form-control" pattern="[a-zA-Z0-9_]+" value="<?php echo $username; ?>"></div>
+ <span class="help-block"><?php echo $username_err; ?></span>
+ </div>
+ <div class="form-group row <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
+ <div class="column"><label>Password</label></div>
+ <div class="column"><input type="password" name="password" pattern="[a-zA-Z0-9_]+" class="form-control"></div>
+ <span class="help-block"><?php echo $password_err; ?></span>
+ </div>
+ <div class="form-group">
+ <input type="submit" class="btn btn-primary" value="Login">
+ </div>
+ <p>Don't have an account? <a href="register.php">Sign up now</a>.</p>
+ </form>
+ </div>
+</body>
+</html>
diff --git a/logout.php b/logout.php new file mode 100755 index 0000000..d2ae1dd --- /dev/null +++ b/logout.php @@ -0,0 +1,14 @@ +<?php
+// Initialize the session
+session_start();
+
+// Unset all of the session variables
+$_SESSION = array();
+
+// Destroy the session.
+session_destroy();
+
+// Redirect to login page
+header("location: login.php");
+exit;
+?>
\ No newline at end of file diff --git a/register.php b/register.php new file mode 100755 index 0000000..d7265b7 --- /dev/null +++ b/register.php @@ -0,0 +1,139 @@ +<?php
+// Include config file
+require_once "config.php";
+
+// Define variables and initialize with empty values
+$username = $password = $confirm_password = "";
+$username_err = $password_err = $confirm_password_err = "";
+
+// Processing form data when form is submitted
+if ($_SERVER["REQUEST_METHOD"] == "POST"){
+ // Validate username
+ if (empty($_POST["username"]))
+ $username_err = "Enter a username.";
+ else if (preg_match("[a-zA-Z0-9_]+", $_POST["username"]) != false)
+ $username_err = "Invalid username.";
+ else {
+ // Prepare a select statement
+ $sql = "SELECT id FROM users WHERE username = ?";
+
+ if ($stmt = mysqli_prepare($link, $sql)){
+ // Bind variables to the prepared statement as parameters
+ mysqli_stmt_bind_param($stmt, "s", $param_username);
+
+ // Set parameters
+ $param_username = trim($_POST["username"]);
+
+ // Attempt to execute the prepared statement
+ if(mysqli_stmt_execute($stmt)){
+ // store result
+ mysqli_stmt_store_result($stmt);
+
+ if(mysqli_stmt_num_rows($stmt) == 1){
+ $username_err = "This username is already taken.";
+ } else{
+ $username = trim($_POST["username"]);
+ }
+ } else{
+ echo "SQL failed. Idk, ask arf20.";
+ }
+
+ // Close statement
+ mysqli_stmt_close($stmt);
+ }
+ }
+
+ // Validate email
+ if (empty($_POST["email"]))
+ $username_err = "Enter a username.";
+ else if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL))
+ $username_err = "Invalid username.";
+
+ // Validate password
+ if (empty($_POST["password"]))
+ $password_err = "Enter a password.";
+ else if (length($_POST["password"]) < 8)
+ $password_err = "Password must have at least 8 characters.";
+ else if (preg_match("[a-zA-Z0-9!@^*$%&)(=+çñÇ[]{}-.,_:;]+", $_POST["password"]) != false)
+ $password_err = "Password must be in the format [a-zA-Z0-9!@^*$%&)(=+çñÇ[]{}-.,_:;].";
+ else
+ $password = $_POST["password"];
+
+ // Validate confirm password
+ if (empty($password_err) && ($password != $_POST["confirm_password"])) {
+ $confirm_password_err = "Password did not match.";
+ }
+
+ // Check input errors before inserting in database
+ if (empty($username_err) && empty($password_err) && empty($confirm_password_err)) {
+ // Prepare an insert statement
+ $sql = "INSERT INTO users (username, password) VALUES (?, ?)";
+
+ if ($stmt = mysqli_prepare($link, $sql)){
+ // Bind variables to the prepared statement as parameters
+ mysqli_stmt_bind_param($stmt, "ss", $param_username, $param_password);
+
+ // Set parameters
+ $param_username = $username;
+ $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash
+
+ // Attempt to execute the prepared statement
+ if (mysqli_stmt_execute($stmt)){
+ // Redirect to login page
+ header("location: login.php");
+ } else {
+ echo "SQL failed. Idk ask arf20.";
+ }
+
+ // Close statement
+ mysqli_stmt_close($stmt);
+ }
+ }
+
+ // Close connection
+ mysqli_close($link);
+}
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="UTF-8">
+ <title>Register</title>
+ <link rel="stylesheet" type="text/css" href="arfCloud.css">
+ <link rel="stylesheet" type="text/css" href="/style.css">
+ </head>
+ <body>
+ <div class="wrapper">
+ <h2>ARFNET2 Register</h2>
+ <p>For those who don't want their data sold</p>
+ <form action="register.php" method="post">
+ <div class="form-group row <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
+ <div class="column"><label>Username</label></div>
+ <div class="column"><input type="text" name="username" class="form-control" pattern="[a-zA-Z0-9_]+" value="<?php echo $username; ?>"></div>
+ <span class="help-block"><?php echo $username_err; ?></span>
+ </div>
+ <div class="form-group row <?php echo (!empty($mail_err)) ? 'has-error' : ''; ?>">
+ <div class="column"><label>Email address</label></div>
+ <div class="column"><input type="email" name="email" class="form-control" value="<?php echo $email; ?>"></div>
+ <span class="help-block"><?php echo $email_err; ?></span>
+ </div>
+ <div class="form-group row <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
+ <div class="column"><label>Password</label></div>
+ <div class="column"><input type="password" name="password" class="form-control" pattern="[a-zA-Z0-9!@^*$%&)(=+çñÇ[]{}-.,_:;]+" value="<?php echo $password; ?>"></div>
+ <span class="help-block"><?php echo $password_err; ?></span>
+ </div>
+ <div class="form-group row <?php echo (!empty($confirm_password_err)) ? 'has-error' : ''; ?>">
+ <div class="column"><label>Confirm Password</label></div>
+ <div class="column"><input type="password" name="confirm_password" class="form-control" pattern="[a-zA-Z0-9!@^*$%&)(=+çñÇ[]{}-.,_:;]+" value="<?php echo $confirm_password; ?>"></div>
+ <span class="help-block"><?php echo $confirm_password_err; ?></span>
+ </div>
+ <div class="form-group">
+ <input type="submit" class="btn btn-primary" value="Submit">
+ <input type="reset" class="btn btn-default" value="Reset">
+ </div>
+ <p><a href="login.php">Login</a>.</p>
+ </form>
+ </div>
+ </body>
+</html>
|