From da57beb574fb9f756a7de036e8003f75ec47432c Mon Sep 17 00:00:00 2001
From: arf20 <aruizfernandez05@gmail.com>
Date: Sat, 16 Mar 2024 02:51:06 +0100
Subject: Email verification

---
 login.php | 84 +++++++++++++++++++++++++++++++--------------------------------
 1 file changed, 41 insertions(+), 43 deletions(-)

(limited to 'login.php')

diff --git a/login.php b/login.php
index 214eb2e..c7c4115 100755
--- a/login.php
+++ b/login.php
@@ -3,8 +3,8 @@
 session_start();
  
 // Check if the user is already logged in, if yes then redirect him to welcome page
-if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
-    header("location: welcome.php");
+if (isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true) {
+    header("location: /".$_SESSION["type"].".php");
     exit;
 }
  
@@ -18,35 +18,29 @@ $username_err = $password_err = "";
 // Processing form data when form is submitted
 if($_SERVER["REQUEST_METHOD"] == "POST"){
     // Validate username
-    if(empty(trim($_POST["username"]))){
-        $username_err = "Please enter username.";
-    } else{
-		if (preg_match("[a-zA-Z0-9_]+", $_POST["username"]) == 1) {
-			$username_err = "Invalid username.";
-		}
-		else {
-			$username = trim($_POST["username"]);
-		}
-    }
+    if (empty($_POST["username"]))
+        $username_err = "Enter a username.";
+    else if (preg_match("/[a-zA-Z0-9_]+/", $_POST["username"]) != 1)
+        $username_err = "Invalid username.";
+    else
+        $username = $_POST["username"];
     
-    // Validated password
-    if(empty(trim($_POST["password"]))){
-        $password_err = "Please enter your password.";
-    } else{
-		if (preg_match("[a-zA-Z0-9_]+", $_POST["password"]) == 1) {
-			$username_err = "Invalid password.";
-		}
-		else {
-			$password = trim($_POST["password"]);
-		}
-    }
+    // Validate password
+    if (empty($_POST["password"]))
+        $password_err = "Enter a password.";     
+    else if (strlen($_POST["password"]) < 8)
+        $password_err = "Password must have at least 8 characters.";
+    else if (preg_match("/[a-zA-Z0-9!@^*$%&)(=+çñÇ][}{\-.,_:;]+/", $_POST["password"]) != false)
+        $password_err = "Password must be in the format [a-zA-Z0-9!@^*$%&)(=+çñÇ][}{-.,_:;].";
+    else
+        $password = $_POST["password"];
     
     // Validate credentials
-    if(empty($username_err) && empty($password_err)){
+    if (empty($username_err) && empty($password_err)) {
         // Prepare a select statement
-        $sql = "SELECT id, username, password FROM users WHERE username = ?";
+        $sql = "SELECT id, username, password, status, type FROM users WHERE username = ?";
         
-        if($stmt = mysqli_prepare($link, $sql)){
+        if ($stmt = mysqli_prepare($link, $sql)) {
             // Bind variables to the prepared statement as parameters
             mysqli_stmt_bind_param($stmt, "s", $param_username);
             
@@ -54,29 +48,33 @@ if($_SERVER["REQUEST_METHOD"] == "POST"){
             $param_username = $username;
             
             // Attempt to execute the prepared statement
-            if(mysqli_stmt_execute($stmt)){
+            if (mysqli_stmt_execute($stmt)){
                 // Store result
                 mysqli_stmt_store_result($stmt);
                 
                 // Check if username exists, if yes then verify password
-                if(mysqli_stmt_num_rows($stmt) == 1){                    
+                if (mysqli_stmt_num_rows($stmt) == 1) {                    
                     // Bind result variables
-                    mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);
-                    if(mysqli_stmt_fetch($stmt)){
-                        if(password_verify($password, $hashed_password)){
-                            // Password is correct, so start a new session
-                            session_start();
-                            
-                            // Store data in session variables
-                            $_SESSION["loggedin"] = true;
-                            $_SESSION["id"] = $id;
-                            $_SESSION["username"] = $username;                            
+                    mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password, $status, $type);
+                    if (mysqli_stmt_fetch($stmt)){
+                        if (password_verify($password, $hashed_password)) {
+                            // Password is correct, check verification
+                            if ($status == "verified") {
+                                session_start();
                             
-                            // Redirect user to welcome page
-                            header("location: welcome.php");
-                        } else{
-                            // Display an error message if password is not valid
-                            $password_err = "The password you entered was not valid.";
+                                // Store data in session variables
+                                $_SESSION["loggedin"] = true;
+                                $_SESSION["id"] = $id;
+                                $_SESSION["username"] = $username;
+                                $_SESSION["type"] = $type;
+                                
+                                // Redirect user to appropiate page
+                                header("location: /".$type.".php");
+                            } else {
+                                $username_err = "Unverified account, check your email.";
+                            }
+                        } else {
+                            $password_err = "Incorrect password.";
                         }
                     }
                 } else{
-- 
cgit v1.2.3