From da57beb574fb9f756a7de036e8003f75ec47432c Mon Sep 17 00:00:00 2001 From: arf20 Date: Sat, 16 Mar 2024 02:51:06 +0100 Subject: Email verification --- login.php | 84 +++++++++++++++++++++++++++++++-------------------------------- 1 file changed, 41 insertions(+), 43 deletions(-) (limited to 'login.php') diff --git a/login.php b/login.php index 214eb2e..c7c4115 100755 --- a/login.php +++ b/login.php @@ -3,8 +3,8 @@ session_start(); // Check if the user is already logged in, if yes then redirect him to welcome page -if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){ - header("location: welcome.php"); +if (isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true) { + header("location: /".$_SESSION["type"].".php"); exit; } @@ -18,35 +18,29 @@ $username_err = $password_err = ""; // Processing form data when form is submitted if($_SERVER["REQUEST_METHOD"] == "POST"){ // Validate username - if(empty(trim($_POST["username"]))){ - $username_err = "Please enter username."; - } else{ - if (preg_match("[a-zA-Z0-9_]+", $_POST["username"]) == 1) { - $username_err = "Invalid username."; - } - else { - $username = trim($_POST["username"]); - } - } + if (empty($_POST["username"])) + $username_err = "Enter a username."; + else if (preg_match("/[a-zA-Z0-9_]+/", $_POST["username"]) != 1) + $username_err = "Invalid username."; + else + $username = $_POST["username"]; - // Validated password - if(empty(trim($_POST["password"]))){ - $password_err = "Please enter your password."; - } else{ - if (preg_match("[a-zA-Z0-9_]+", $_POST["password"]) == 1) { - $username_err = "Invalid password."; - } - else { - $password = trim($_POST["password"]); - } - } + // Validate password + if (empty($_POST["password"])) + $password_err = "Enter a password."; + else if (strlen($_POST["password"]) < 8) + $password_err = "Password must have at least 8 characters."; + else if (preg_match("/[a-zA-Z0-9!@^*$%&)(=+çñÇ][}{\-.,_:;]+/", $_POST["password"]) != false) + $password_err = "Password must be in the format [a-zA-Z0-9!@^*$%&)(=+çñÇ][}{-.,_:;]."; + else + $password = $_POST["password"]; // Validate credentials - if(empty($username_err) && empty($password_err)){ + if (empty($username_err) && empty($password_err)) { // Prepare a select statement - $sql = "SELECT id, username, password FROM users WHERE username = ?"; + $sql = "SELECT id, username, password, status, type FROM users WHERE username = ?"; - if($stmt = mysqli_prepare($link, $sql)){ + if ($stmt = mysqli_prepare($link, $sql)) { // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "s", $param_username); @@ -54,29 +48,33 @@ if($_SERVER["REQUEST_METHOD"] == "POST"){ $param_username = $username; // Attempt to execute the prepared statement - if(mysqli_stmt_execute($stmt)){ + if (mysqli_stmt_execute($stmt)){ // Store result mysqli_stmt_store_result($stmt); // Check if username exists, if yes then verify password - if(mysqli_stmt_num_rows($stmt) == 1){ + if (mysqli_stmt_num_rows($stmt) == 1) { // Bind result variables - mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password); - if(mysqli_stmt_fetch($stmt)){ - if(password_verify($password, $hashed_password)){ - // Password is correct, so start a new session - session_start(); - - // Store data in session variables - $_SESSION["loggedin"] = true; - $_SESSION["id"] = $id; - $_SESSION["username"] = $username; + mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password, $status, $type); + if (mysqli_stmt_fetch($stmt)){ + if (password_verify($password, $hashed_password)) { + // Password is correct, check verification + if ($status == "verified") { + session_start(); - // Redirect user to welcome page - header("location: welcome.php"); - } else{ - // Display an error message if password is not valid - $password_err = "The password you entered was not valid."; + // Store data in session variables + $_SESSION["loggedin"] = true; + $_SESSION["id"] = $id; + $_SESSION["username"] = $username; + $_SESSION["type"] = $type; + + // Redirect user to appropiate page + header("location: /".$type.".php"); + } else { + $username_err = "Unverified account, check your email."; + } + } else { + $password_err = "Incorrect password."; } } } else{ -- cgit v1.2.3