PHP Verification Form - mySQLi - old - v2

1. // ------------------------------ //
2. // https://pastebin.com/996xp0kj  //
3. // ------------------------------ //
4.  
5. require '../php/session.php';
6. require '../php/config.php';
7. $token      = trim($_GET['auth_token']);
8. $invalid    = "login.php";
9. // CONFIRMATION FORM
10. if(isset($_POST['auth'])){
11.     // INPUTS
12.     $username = trim($_POST['auth_username']);
13.     $userpass = $_POST['auth_userpass'];
14.    
15.     // ERRORS ARRAY
16.     $errors = [];
17.    
18.     // Username Check
19.     if(!$username){
20.         $errors[] = "Empty Username";
21.     }elseif(!filter_var($username, FILTER_SANITIZE_STRING) || !preg_match("/^[\w]{4,16}$/", $username)){
22.         $errors[] = "Invalid Username";
23.         $username = "";
24.     }
25.     // Password Check
26.     if(!$userpass){
27.         $errors[] = "Empty Password";
28.     }
29.    
30.     // Verify Account Existence
31.     if($username && $userpass){
32.         $sql        = "SELECT user_id,user_name,user_pass,user_type FROM users WHERE user_name = ?";
33.         $verify = 1;
34.         $stmt   = prepareQuery($con, $sql, [$username]);
35.         $stmt   -> store_result();
36.         $num        = $stmt -> num_rows();
37.         // Check if account exists
38.         if($num === $verify){
39.             // Bind results to variables
40.             $stmt -> bind_result($uid, $uname, $uhash, $utype);
41.             while($stmt -> fetch()){
42.                 $userid     = $uid;
43.                 $username = $uname;
44.                 $userhash = $uhash;
45.                 $usertype = $utype;
46.             }
47.            
48.             // Finally check the password
49.             if(password_verify($userpass, $userhash)){
50.                 $stmt -> close();
51.                 // LOGIN ACCOUNT
52.                 $_SESSION['uID']    = $userid;
53.                 $_SESSION['pID']    = $username;
54.                 $_SESSION['TYPE']   = $usertype;
55.                 $_SESSION['LOGIN']  = $date;
56.                 $errors[]   = "Successfully verified and logged in!";
57.                 // LOG ACTIVITY
58.                 $sql    = "UPDATE users SET user_status = ?, user_lastlogin = ?, user_verified = ? WHERE user_name = ?";
59.                 $stmt = prepareQuery($con, $sql, [$verify, $date, $verify, $username]);
60.                 redir("/dashboard/cpanel.php", $errors);
61.             }
62.         }
63.         $errors[] = "Username or password does not match our records";
64.         $con -> close();
65.     }
66.     // CHECK FOR ERRORS
67.     if($errors){
68.         $mins   = time() + 120;
69.         $path   = "confirmation.php?auth_token=".$token;
70.         setcookie("username", $username, $mins, $path);
71.         redir($path, $errors);
72.     }
73. // CONFIRMATION TOKEN
74. }elseif($token){
75.     $verify = 0;
76.     // Check token pattern [ONLY letters, numbers, and 16-char long]
77.     if(!filter_var($token, FILTER_SANITIZE_STRING) || !preg_match("/^[\w]{16}$/", $token)){
78.         redir($invalid, ["Invalid Token"]);
79.     }
80.     // Check token in Database
81.     $sql    = "SELECT user_name, user_token, user_verified FROM users WHERE user_token = ? AND user_verified = ?";
82.     $stmt = prepareQuery($con, $sql, [$token, $verify]);
83.     $stmt -> store_result();
84.     // If matches, allow access
85.     if($stmt -> num_rows()){
86.         $con -> close();
87.         $_SESSION['ERROR'] = ["Please enter your username and passsword"];
88.     }else{
89.         redir($invalid, ["Invalid Token"]);
90.     }
91. }else{
92.     redir($invalid, ["Page Unavailable"]);
93. }