API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 17th, 2018
112
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.13 KB | None | 0 0
raw download clone embed print report
  1. ---------------------------------------NEWUSER
  2. <!DOCTYPE html>
  3. <html>
  4.  
  5. <p>Here are some results:</p>
  6.  
  7. <?php
  8. $fname = $_POST["firstname"];
  9. $lname = $_POST["lastname"];
  10. $uname = $_POST["username"];
  11. $email = $_POST["email"];
  12. $pw = $_POST["password"];
  13.  
  14.  
  15. $host = "localhost";
  16. $database = "lab9";
  17. $user = "webuser";
  18. $password = "P@ssw0rd";
  19.  
  20. $connection = mysqli_connect($host, $user, $password, $database);
  21.  
  22. $error = mysqli_connect_error();
  23. if($error != null)
  24. {
  25. $output = "<p>Unable to connect to database!</p>";
  26. exit($output);
  27. }
  28. else
  29. {
  30. //good connection, so do you thing
  31. $sql = "SELECT * FROM users;";
  32.  
  33. $results = mysqli_query($connection, $sql);
  34.  
  35. //and fetch requsults
  36. $submit = true;
  37. while ($row = mysqli_fetch_assoc($results))
  38. {
  39. $usercompare = $row['username'];
  40. $emailcompare = $row['email'];
  41. if($usercompare == $uname){
  42. $submit = false;
  43. echo 'User already exists.';
  44. echo "\r\n";
  45. echo '<a href="lab9-1.html">Click here to return to account creation.</a>';
  46. }
  47. if($emailcompare == $email){
  48. $submit = false;
  49. echo 'Email already exists.';
  50. echo "\r\n";
  51. echo '<a href="lab9-1.html">Click here to return to account creation.</a>';
  52. }
  53. }
  54.  
  55. if($submit){
  56. $hash = password_hash($pw, PASSWORD_BCRYPT);
  57. $sql = $connection->prepare("INSERT INTO users VALUES (?, ?, ?, ?, ?)");
  58. $sql->bind_param("sssss", $uname, $fname, $lname, $email, $hash);
  59. $sql->execute();
  60. echo "Your account has been created!";
  61. echo "\r\n";
  62. echo '<a href="lab9-1.html">Return to the main page.</a>';
  63. }
  64.  
  65. mysqli_free_result($results);
  66. mysqli_close($connection);
  67. }
  68. ?>
  69. </html>
  70.  
  71. --------------------------------------------------------------LOGIN
  72.  
  73. <?php
  74. #notes:
  75. #didn't use md5 for hashing because it's objectively bad and hard to use, used better hasing algorithm
  76.  
  77. $host = "localhost";
  78. $database = "lab9";
  79. $user = "webuser";
  80. $password = "P@ssw0rd";
  81.  
  82. $connection = mysqli_connect($host, $user, $password, $database);
  83. $error = mysqli_connect_error();
  84.  
  85. if($error != null){
  86. $output = "<p>Unable to connect to database!</p>";
  87. exit($output);
  88. }
  89.  
  90. $uname = $_POST["username"];
  91. $pw = $_POST["password"];
  92.  
  93. $sql = "SELECT username, password FROM users WHERE username = ?";
  94. if($stmt = $connection->prepare($sql)){
  95. $stmt->bind_param("s", $uname);
  96. $stmt->execute();
  97. $stmt->store_result();
  98. $results = $stmt->bind_result($userCompare, $passCompare);
  99. }
  100.  
  101. while($stmt->fetch()){
  102. $verifyPass = password_verify ($pw, $passCompare);
  103. $verifyUser = false;
  104. if($userCompare == $uname){
  105. $verifyUser = true;
  106. }
  107.  
  108. if($verifyUser){
  109. echo "Your username is correct!";
  110. echo ("<br>");
  111. }else{
  112. echo "Your username is incorrect!";
  113. echo ("<br>");
  114. }
  115.  
  116. if($verifyPass){
  117. echo "Your password is correct!";
  118. echo ("<br>");
  119. }else{
  120. echo "Your password is incorrect!";
  121. echo ("<br>");
  122. }
  123. }
  124.  
  125. $stmt->free_result();
  126. mysqli_close($connection);
  127. ?>
  128.  
  129. ------------------------------CHANGEPW
  130.  
  131. <?php
  132. #notes:
  133. #didn't use md5 for hashing because it's objectively bad and hard to use, used better hasing algorithm
  134.  
  135. $host = "localhost";
  136. $database = "lab9";
  137. $user = "webuser";
  138. $password = "P@ssw0rd";
  139.  
  140. $connection = mysqli_connect($host, $user, $password, $database);
  141. $error = mysqli_connect_error();
  142.  
  143. if($error != null){
  144. $output = "<p>Unable to connect to database!</p>";
  145. exit($output);
  146. }
  147.  
  148. $newPw = $_POST["newpassword"];
  149. $pwC = $_POST["newpassword-check"];
  150. $uname = $_POST["username"];
  151. $pw = $_POST["oldpassword"];
  152.  
  153. $sql = "SELECT username, password FROM users WHERE username = ?";
  154. if($stmt = $connection->prepare($sql)){
  155. $stmt->bind_param("s", $uname);
  156. $stmt->execute();
  157. $stmt->store_result();
  158. $results = $stmt->bind_result($userCompare, $passCompare);
  159. }
  160.  
  161. while($stmt->fetch()){
  162. $verifyPass = password_verify ($pw, $passCompare);
  163. $verifyUser = false;
  164. if($userCompare == $uname){
  165. $verifyUser = true;
  166. }
  167.  
  168. if ($verifyPass && $verifyUser) {
  169. if ($newPw == $pwC) {
  170. $hash = password_hash($newPw, PASSWORD_BCRYPT);
  171. $sql2 = "UPDATE users SET password = ? where username = ?";
  172. if($stmt2 = $connection->prepare($sql2)){
  173. $stmt2->bind_param("ss", $hash, $uname);
  174. $stmt2->execute();
  175. echo "Password Updated!";
  176. }
  177. } else {
  178. echo "Passwords don't match.";
  179. }
  180. } else {
  181. echo "user or password incorrect";
  182. }
  183.  
  184. }
  185.  
  186.  
  187. $stmt->free_result();
  188. mysqli_close($connection);
  189. ?>
  190. -----------------------------------FINDUSER
  191.  
  192. <?php
  193. #notes:
  194. #didn't use md5 for hashing because it's objectively bad and hard to use, used better hasing algorithm
  195.  
  196. $host = "localhost";
  197. $database = "lab9";
  198. $user = "webuser";
  199. $password = "P@ssw0rd";
  200.  
  201. $connection = mysqli_connect($host, $user, $password, $database);
  202. $error = mysqli_connect_error();
  203.  
  204. if($error != null){
  205. $output = "<p>Unable to connect to database!</p>";
  206. exit($output);
  207. }
  208.  
  209. $uname = $_POST["username"];
  210.  
  211. $sql = "SELECT username, firstName, lastName, email FROM users WHERE username = ?";
  212. if($stmt = $connection->prepare($sql)){
  213. $stmt->bind_param("s", $uname);
  214. $stmt->execute();
  215. $stmt->store_result();
  216. $results = $stmt->bind_result($userCompare, $fnameCompare, $lnameCompare, $emailCompare);
  217. }
  218.  
  219. while($stmt->fetch()){
  220. $verifyUser = false;
  221. if($userCompare == $uname){
  222. $verifyUser = true;
  223. }
  224.  
  225. if($verifyUser){
  226. echo "<fieldset>
  227. <legend>User: $uname</legend>
  228.  
  229. <p>
  230. <label>First Name: $fnameCompare</label>
  231. </p>
  232.  
  233. <p>
  234. <label>Last name: $lnameCompare</label>
  235. </p>
  236.  
  237. <p>
  238. <label>Email: $emailCompare</label>
  239. </p>
  240. </fieldset>";
  241. echo ("<br>");
  242. }else{
  243. echo "User not found.";
  244. echo ("<br>");
  245. }
  246. }
  247.  
  248. $stmt->free_result();
  249. mysqli_close($connection);
  250. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!