Migrated to Dev Branch, Implemented SQLI pretection and Login/Registration.
This commit is contained in:
parent
03e7feb247
commit
2606e02718
18
config/config.php
Normal file
18
config/config.php
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
<?php
|
||||||
|
ob_start(); // Starts the output buffering
|
||||||
|
session_start();
|
||||||
|
|
||||||
|
$timezone = date_default_timezone_set("America/New_York");
|
||||||
|
|
||||||
|
$env = parse_ini_file('.env');
|
||||||
|
$host = $env['DB_HOST'];
|
||||||
|
$user = $env['DB_USER'];
|
||||||
|
$pass = $env['DB_PASS'];
|
||||||
|
$db = $env['DB_NAME'];
|
||||||
|
|
||||||
|
$con = mysqli_connect($host, $user, $pass, $db);
|
||||||
|
|
||||||
|
if(mysqli_connect_errno()) {
|
||||||
|
echo "Failed to connect to database: " . mysqli_connect_errno();
|
||||||
|
}
|
||||||
|
?>
|
40
includes/form_handlers/login_handler.php
Normal file
40
includes/form_handlers/login_handler.php
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
<?php
|
||||||
|
if (isset($_POST["log_but"])) {
|
||||||
|
|
||||||
|
$errors = array(); // Used to hold any errors.
|
||||||
|
$email = filter_var($_POST['log_email'], FILTER_SANITIZE_EMAIL); // sanatizes email to ensure correct format.
|
||||||
|
|
||||||
|
$_SESSION['log_email'] = $email;
|
||||||
|
|
||||||
|
$pass = strip_tags($_POST['log_pass']);
|
||||||
|
$pass = str_replace(' ', '', $pass);
|
||||||
|
$pass = password_hash($pass, PASSWORD_BCRYPT); // Encrypts password
|
||||||
|
|
||||||
|
|
||||||
|
// Uses a prepared statement to check user login. Prevents SQL Injection using Binding.
|
||||||
|
$stmt = $con->prepare("SELECT username,user_closed FROM users WHERE email = ? AND password = ?");
|
||||||
|
$stmt->bind_param("ss", $email, $pass); // "ss" indicates two string parameters
|
||||||
|
$stmt->execute();
|
||||||
|
$stmt->bind_result($username,$closed);
|
||||||
|
$stmt->fetch();
|
||||||
|
|
||||||
|
if ($username != null) {
|
||||||
|
$_SESSION['username'] = $username;
|
||||||
|
|
||||||
|
if ($closed === 0) { // Reopens account if the account was closed.
|
||||||
|
$stmt = $con->prepare("UPDATE users SET user_closed = '0' WHERE email = ?");
|
||||||
|
$stmt->bind_param("s", $email); // Bind parameters for security
|
||||||
|
$stmt->execute();
|
||||||
|
$stmt->close(); // Close the statement for proper resource management
|
||||||
|
}
|
||||||
|
|
||||||
|
header("Location: index.php");
|
||||||
|
exit();
|
||||||
|
} else {
|
||||||
|
array_push($errors, "login_error");
|
||||||
|
}
|
||||||
|
|
||||||
|
$stmt->close();
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
188
includes/form_handlers/register_handler.php
Normal file
188
includes/form_handlers/register_handler.php
Normal file
@ -0,0 +1,188 @@
|
|||||||
|
<?php
|
||||||
|
// Variables declaration to prevent errors
|
||||||
|
$fname = "";
|
||||||
|
$lname = "";
|
||||||
|
$email = "";
|
||||||
|
$email_conf = "";
|
||||||
|
$pass = "";
|
||||||
|
$pass_conf = "";
|
||||||
|
$date = ""; // Registration Date
|
||||||
|
$errors = array(); // Used to hold any errors.
|
||||||
|
|
||||||
|
if(isset($_POST['register_but'])) {
|
||||||
|
// Variable Assignments
|
||||||
|
|
||||||
|
// *** strip_tags() is used to prevent html injection. *** //
|
||||||
|
$fname = strip_tags($_POST['reg_fname']); //Sets the value from the forum.
|
||||||
|
$fname = str_replace(' ', '', $fname); // Removes any spaces.
|
||||||
|
$fname = ucfirst(strtolower($fname)); // Capitalizes first letter, lowercases the rest.
|
||||||
|
$_SESSION['reg_fname'] = $fname; // Stores values into session variable.
|
||||||
|
|
||||||
|
$lname = strip_tags($_POST['reg_lname']);
|
||||||
|
$lname = str_replace(' ', '', $lname);
|
||||||
|
$lname = ucfirst(strtolower($lname));
|
||||||
|
$_SESSION['reg_lname'] = $lname;
|
||||||
|
|
||||||
|
$email = strip_tags($_POST['reg_email']);
|
||||||
|
$email = str_replace(' ', '', $email);
|
||||||
|
$email = strtolower($email);
|
||||||
|
$_SESSION['reg_email'] = $email;
|
||||||
|
|
||||||
|
$email_conf = strip_tags($_POST['reg_email_conf']);
|
||||||
|
$email_conf = str_replace(' ', '', $email_conf);
|
||||||
|
$email_conf = strtolower($email_conf);
|
||||||
|
$_SESSION['reg_email_conf'] = $email_conf;
|
||||||
|
|
||||||
|
$pass = strip_tags($_POST['reg_pass']);
|
||||||
|
$pass = str_replace(' ', '', $pass);
|
||||||
|
|
||||||
|
$pass_conf = strip_tags($_POST['reg_pass_conf']);
|
||||||
|
$pass_conf = str_replace(' ', '', $pass_conf);
|
||||||
|
|
||||||
|
$date = date("Y-m-d"); // Sets the registration date.
|
||||||
|
|
||||||
|
if ($email == $email_conf) {
|
||||||
|
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||||
|
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
|
||||||
|
$username_check = $con->prepare("SELECT COUNT(*) FROM users WHERE email = ?");
|
||||||
|
$username_check->bind_param("s", $email);
|
||||||
|
$username_check->bind_result($num_rows);
|
||||||
|
$username_check->execute();
|
||||||
|
$username_check->fetch();
|
||||||
|
if ($num_rows > 0) {
|
||||||
|
array_push($errors, "email_exists");
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
array_push($errors, "email_invalid");
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
array_push($errors, "email_mismatch");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (strlen($fname) > 25 || strlen($fname) < 2) {
|
||||||
|
array_push($errors, "fname_invalid");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (strlen($lname) > 25 || strlen($lname) < 2) {
|
||||||
|
array_push($errors, "lname_invalid");
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($pass != $pass_conf) {
|
||||||
|
array_push($errors, "pass_mismatch");
|
||||||
|
} else {
|
||||||
|
if(preg_match('/[^A-Za-z0-9]/', $pass)) {
|
||||||
|
array_push($errors, "pass_invalid_char");
|
||||||
|
} else {
|
||||||
|
if (strlen($pass) > 30 || strlen($pass) < 5) {
|
||||||
|
array_push($errors, "pass_invalid_length");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!file_exists('debug/logs')) {
|
||||||
|
mkdir('debug/logs', 0755, true); // Create recursively with appropriate permissions
|
||||||
|
}
|
||||||
|
|
||||||
|
if (empty($errors)) {
|
||||||
|
$pass = password_hash($pass, PASSWORD_BCRYPT); // Encrypts password
|
||||||
|
$username = strtolower($fname . "." . $lname);
|
||||||
|
|
||||||
|
$username_check = $con->prepare("SELECT COUNT(*) FROM users WHERE username = ?");
|
||||||
|
$temp = $username;
|
||||||
|
$username_check->bind_param("s", $temp);
|
||||||
|
$username_check->bind_result($count);
|
||||||
|
$username_check->execute();
|
||||||
|
$username_check->fetch();
|
||||||
|
$i = 0;
|
||||||
|
while ($count == 1) {
|
||||||
|
$i++;
|
||||||
|
$temp = $username;
|
||||||
|
if ($i > 0) {
|
||||||
|
$temp .= $i; // Use string concatenation directly with .=
|
||||||
|
}
|
||||||
|
$username_check->bind_param("s", $temp);
|
||||||
|
$username_check->bind_result($count);
|
||||||
|
$username_check->execute();
|
||||||
|
$username_check->fetch();
|
||||||
|
error_log("\nCounter=$i\nTemp = $temp\nNum Of Names: $count", 3, 'debug/logs/register_error.log');
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($i > 0) {
|
||||||
|
$username = $username . $i;
|
||||||
|
}
|
||||||
|
|
||||||
|
$username_check->close();
|
||||||
|
|
||||||
|
$rand = rand(1,16);
|
||||||
|
$profile_pic = random_profile_pic($rand);
|
||||||
|
|
||||||
|
$create_user = $con->prepare("INSERT INTO users VALUES (NULL,?,?,?,?,?,?,?,'0','0','0',',')");
|
||||||
|
$create_user->bind_param("sssssss", $fname,$lname,$username,$email,$pass,$date,$profile_pic);
|
||||||
|
$create_user->execute();
|
||||||
|
$create_user->close();
|
||||||
|
|
||||||
|
array_push($errors, "<span style='color: #14C800;'>You're all set! Go ahead and login!</span><br>");
|
||||||
|
|
||||||
|
$_SESSION['reg_fname'] = "";
|
||||||
|
$_SESSION['reg_lname'] = "";
|
||||||
|
$_SESSION['reg_email'] = "";
|
||||||
|
$_SESSION['reg_email_conf'] = "";
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function random_profile_pic($rand) {
|
||||||
|
$profile_pic = "assets/profile_pics/defaults/";
|
||||||
|
switch ($rand) {
|
||||||
|
case 1:
|
||||||
|
$profile_pic = $profile_pic . "head_alizarin.png";
|
||||||
|
break;
|
||||||
|
case 2:
|
||||||
|
$profile_pic = $profile_pic . "head_amethyst.png";
|
||||||
|
break;
|
||||||
|
case 3:
|
||||||
|
$profile_pic = $profile_pic . "head_belize_hole.png";
|
||||||
|
break;
|
||||||
|
case 4:
|
||||||
|
$profile_pic = $profile_pic . "head_carrot.png";
|
||||||
|
break;
|
||||||
|
case 5:
|
||||||
|
$profile_pic = $profile_pic . "head_deep_blue.png";
|
||||||
|
break;
|
||||||
|
case 6:
|
||||||
|
$profile_pic = $profile_pic . "head_emerald.png";
|
||||||
|
break;
|
||||||
|
case 7:
|
||||||
|
$profile_pic = $profile_pic . "head_green_sea.png";
|
||||||
|
break;
|
||||||
|
case 8:
|
||||||
|
$profile_pic = $profile_pic . "head_nephritis.png";
|
||||||
|
break;
|
||||||
|
case 9:
|
||||||
|
$profile_pic = $profile_pic . "head_pete_river.png";
|
||||||
|
break;
|
||||||
|
case 10:
|
||||||
|
$profile_pic = $profile_pic . "head_pomegranate.png";
|
||||||
|
break;
|
||||||
|
case 11:
|
||||||
|
$profile_pic = $profile_pic . "head_pumpkin.png";
|
||||||
|
break;
|
||||||
|
case 12:
|
||||||
|
$profile_pic = $profile_pic . "head_red.png";
|
||||||
|
break;
|
||||||
|
case 13:
|
||||||
|
$profile_pic = $profile_pic . "head_sun_flower.png";
|
||||||
|
break;
|
||||||
|
case 14:
|
||||||
|
$profile_pic = $profile_pic . "head_turqoise.png";
|
||||||
|
break;
|
||||||
|
case 15:
|
||||||
|
$profile_pic = $profile_pic . "head_wet_asphalt.png";
|
||||||
|
break;
|
||||||
|
case 16:
|
||||||
|
$profile_pic = $profile_pic . "head_wistera.png";
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
return $profile_pic;
|
||||||
|
}
|
||||||
|
?>
|
11
index.php
11
index.php
@ -1,14 +1,5 @@
|
|||||||
<?php
|
<?php
|
||||||
$env = parse_ini_file('.env');
|
require 'config/config.php';
|
||||||
$host = $env['DB_HOST'];
|
|
||||||
$user = $env['DB_USER'];
|
|
||||||
$pass = $env['DB_PASS'];
|
|
||||||
$db = $env['DB_NAME'];
|
|
||||||
$con = mysqli_connect($host, $user, $pass, $db);
|
|
||||||
|
|
||||||
if(mysqli_connect_errno()) {
|
|
||||||
echo "Failed to connect to database: " . mysqli_connect_errno();
|
|
||||||
}
|
|
||||||
?>
|
?>
|
||||||
|
|
||||||
|
|
||||||
|
182
register.php
182
register.php
@ -1,171 +1,7 @@
|
|||||||
<?php
|
<?php
|
||||||
session_start();
|
require 'config/config.php';
|
||||||
$env = parse_ini_file('.env');
|
require 'includes/form_handlers/register_handler.php';
|
||||||
$host = $env['DB_HOST'];
|
require 'includes/form_handlers/login_handler.php';
|
||||||
$user = $env['DB_USER'];
|
|
||||||
$pass = $env['DB_PASS'];
|
|
||||||
$db = $env['DB_NAME'];
|
|
||||||
$con = mysqli_connect($host, $user, $pass, $db);
|
|
||||||
|
|
||||||
if(mysqli_connect_errno()) {
|
|
||||||
echo "Failed to connect to database: " . mysqli_connect_errno();
|
|
||||||
}
|
|
||||||
|
|
||||||
// Variables declaration to prevent errors
|
|
||||||
$fname = "";
|
|
||||||
$lname = "";
|
|
||||||
$email = "";
|
|
||||||
$email_conf = "";
|
|
||||||
$pass = "";
|
|
||||||
$pass_conf = "";
|
|
||||||
$date = ""; // Registration Date
|
|
||||||
$errors = array(); // Used to hold any errors.
|
|
||||||
|
|
||||||
if(isset($_POST['register_but'])) {
|
|
||||||
// Variable Assignments
|
|
||||||
|
|
||||||
// *** strip_tags() is used to prevent html injection. *** //
|
|
||||||
$fname = strip_tags($_POST['reg_fname']); //Sets the value from the forum.
|
|
||||||
$fname = str_replace(' ', '', $fname); // Removes any spaces.
|
|
||||||
$fname = ucfirst(strtolower($fname)); // Capitalizes first letter, lowercases the rest.
|
|
||||||
$_SESSION['reg_fname'] = $fname; // Stores values into session variable.
|
|
||||||
|
|
||||||
$lname = strip_tags($_POST['reg_lname']);
|
|
||||||
$lname = str_replace(' ', '', $lname);
|
|
||||||
$lname = ucfirst(strtolower($lname));
|
|
||||||
$_SESSION['reg_lname'] = $lname;
|
|
||||||
|
|
||||||
$email = strip_tags($_POST['reg_email']);
|
|
||||||
$email = str_replace(' ', '', $email);
|
|
||||||
$email = strtolower($email);
|
|
||||||
$_SESSION['reg_email'] = $email;
|
|
||||||
|
|
||||||
$email_conf = strip_tags($_POST['reg_email_conf']);
|
|
||||||
$email_conf = str_replace(' ', '', $email_conf);
|
|
||||||
$email_conf = strtolower($email_conf);
|
|
||||||
$_SESSION['reg_email_conf'] = $email_conf;
|
|
||||||
|
|
||||||
$pass = strip_tags($_POST['reg_pass']);
|
|
||||||
$pass = str_replace(' ', '', $pass);
|
|
||||||
|
|
||||||
$pass_conf = strip_tags($_POST['reg_pass_conf']);
|
|
||||||
$pass_conf = str_replace(' ', '', $pass_conf);
|
|
||||||
|
|
||||||
$date = date("Y-m-d"); // Sets the registration date.
|
|
||||||
|
|
||||||
if ($email == $email_conf) {
|
|
||||||
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
|
||||||
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
|
|
||||||
$e_check = mysqli_query($con, "SELECT email FROM users WHERE email='$email'");
|
|
||||||
$num_rows = mysqli_num_rows($e_check);
|
|
||||||
if ($num_rows > 0) {
|
|
||||||
array_push($errors, "email_exists");
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
array_push($errors, "email_invalid");
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
array_push($errors, "email_mismatch");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (strlen($fname) > 25 || strlen($fname) < 2) {
|
|
||||||
array_push($errors, "fname_invalid");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (strlen($lname) > 25 || strlen($lname) < 2) {
|
|
||||||
array_push($errors, "lname_invalid");
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($pass != $pass_conf) {
|
|
||||||
array_push($errors, "pass_mismatch");
|
|
||||||
} else {
|
|
||||||
if(preg_match('/[^A-Za-z0-9]/', $pass)) {
|
|
||||||
array_push($errors, "pass_invalid_char");
|
|
||||||
} else {
|
|
||||||
if (strlen($pass) > 30 || strlen($pass) < 5) {
|
|
||||||
array_push($errors, "pass_invalid_length");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (empty($errors)) {
|
|
||||||
$pass = password_hash($pass, PASSWORD_BCRYPT); // Encrypts password
|
|
||||||
$username = strtolower($fname . "." . $lname);
|
|
||||||
$check_username_query = mysqli_query($con, "SELECT username FROM users WHERE username='$username'");
|
|
||||||
|
|
||||||
$i = 0;
|
|
||||||
$temp = $username;
|
|
||||||
while (mysqli_num_rows($check_username_query) != 0) {
|
|
||||||
$i++;
|
|
||||||
$temp = $username . $i;
|
|
||||||
$check_username_query = mysqli_query($con, "SELECT username FROM users WHERE username='$temp'");
|
|
||||||
}
|
|
||||||
if ($i > 0) {
|
|
||||||
$username = $username . $i;
|
|
||||||
}
|
|
||||||
|
|
||||||
$rand = rand(1,16);
|
|
||||||
$profile_pic = random_profile_pic($rand);
|
|
||||||
|
|
||||||
$query = mysqli_query($con, "INSERT INTO users VALUES (NULL,'$fname','$lname','$username','$email','$pass','$date','$profile_pic','0','0','0',',')");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function random_profile_pic($rand) {
|
|
||||||
$profile_pic = "assets/profile_pics/defaults/";
|
|
||||||
switch ($rand) {
|
|
||||||
case 1:
|
|
||||||
$profile_pic = $profile_pic . "head_alizarin.png";
|
|
||||||
break;
|
|
||||||
case 2:
|
|
||||||
$profile_pic = $profile_pic . "head_amethyst.png";
|
|
||||||
break;
|
|
||||||
case 3:
|
|
||||||
$profile_pic = $profile_pic . "head_belize_hole.png";
|
|
||||||
break;
|
|
||||||
case 4:
|
|
||||||
$profile_pic = $profile_pic . "head_carrot.png";
|
|
||||||
break;
|
|
||||||
case 5:
|
|
||||||
$profile_pic = $profile_pic . "head_deep_blue.png";
|
|
||||||
break;
|
|
||||||
case 6:
|
|
||||||
$profile_pic = $profile_pic . "head_emerald.png";
|
|
||||||
break;
|
|
||||||
case 7:
|
|
||||||
$profile_pic = $profile_pic . "head_green_sea.png";
|
|
||||||
break;
|
|
||||||
case 8:
|
|
||||||
$profile_pic = $profile_pic . "head_nephritis.png";
|
|
||||||
break;
|
|
||||||
case 9:
|
|
||||||
$profile_pic = $profile_pic . "head_pete_river.png";
|
|
||||||
break;
|
|
||||||
case 10:
|
|
||||||
$profile_pic = $profile_pic . "head_pomegranate.png";
|
|
||||||
break;
|
|
||||||
case 11:
|
|
||||||
$profile_pic = $profile_pic . "head_pumpkin.png";
|
|
||||||
break;
|
|
||||||
case 12:
|
|
||||||
$profile_pic = $profile_pic . "head_red.png";
|
|
||||||
break;
|
|
||||||
case 13:
|
|
||||||
$profile_pic = $profile_pic . "head_sun_flower.png";
|
|
||||||
break;
|
|
||||||
case 14:
|
|
||||||
$profile_pic = $profile_pic . "head_turqoise.png";
|
|
||||||
break;
|
|
||||||
case 15:
|
|
||||||
$profile_pic = $profile_pic . "head_wet_asphalt.png";
|
|
||||||
break;
|
|
||||||
case 16:
|
|
||||||
$profile_pic = $profile_pic . "head_wistera.png";
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
return $profile_pic;
|
|
||||||
}
|
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
||||||
|
|
||||||
@ -175,6 +11,18 @@ function random_profile_pic($rand) {
|
|||||||
</head>
|
</head>
|
||||||
|
|
||||||
<body>
|
<body>
|
||||||
|
|
||||||
|
<form action="register.php" method="POST">
|
||||||
|
<input type="email" name="log_email" placeholder="Email Address"
|
||||||
|
value ="<?php if(isset($_SESSION['log_email'])) {
|
||||||
|
echo $_SESSION['log_email'];
|
||||||
|
} ?>" required> <br>
|
||||||
|
<input type="password" name="log_pass" placeholder="Password" required> <br>
|
||||||
|
<?php if(in_array("login_error", $errors))
|
||||||
|
echo "Unknown email or incorrect password entered.<br>";?>
|
||||||
|
<input type="submit" name="log_but" value="Login">
|
||||||
|
</form>
|
||||||
|
|
||||||
<form action="register.php" method="POST">
|
<form action="register.php" method="POST">
|
||||||
<input type="text" name="reg_fname" placeholder="First Name"
|
<input type="text" name="reg_fname" placeholder="First Name"
|
||||||
value ="<?php if(isset($_SESSION['reg_fname'])) {
|
value ="<?php if(isset($_SESSION['reg_fname'])) {
|
||||||
|
Loading…
Reference in New Issue
Block a user