Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ---------------------------------------NEWUSER
- <!DOCTYPE html>
- <html>
- <p>Here are some results:</p>
- <?php
- $fname = $_POST["firstname"];
- $lname = $_POST["lastname"];
- $uname = $_POST["username"];
- $email = $_POST["email"];
- $pw = $_POST["password"];
- $host = "localhost";
- $database = "lab9";
- $user = "webuser";
- $password = "P@ssw0rd";
- $connection = mysqli_connect($host, $user, $password, $database);
- $error = mysqli_connect_error();
- if($error != null)
- {
- $output = "<p>Unable to connect to database!</p>";
- exit($output);
- }
- else
- {
- //good connection, so do you thing
- $sql = "SELECT * FROM users;";
- $results = mysqli_query($connection, $sql);
- //and fetch requsults
- $submit = true;
- while ($row = mysqli_fetch_assoc($results))
- {
- $usercompare = $row['username'];
- $emailcompare = $row['email'];
- if($usercompare == $uname){
- $submit = false;
- echo 'User already exists.';
- echo "\r\n";
- echo '<a href="lab9-1.html">Click here to return to account creation.</a>';
- }
- if($emailcompare == $email){
- $submit = false;
- echo 'Email already exists.';
- echo "\r\n";
- echo '<a href="lab9-1.html">Click here to return to account creation.</a>';
- }
- }
- if($submit){
- $hash = password_hash($pw, PASSWORD_BCRYPT);
- $sql = $connection->prepare("INSERT INTO users VALUES (?, ?, ?, ?, ?)");
- $sql->bind_param("sssss", $uname, $fname, $lname, $email, $hash);
- $sql->execute();
- echo "Your account has been created!";
- echo "\r\n";
- echo '<a href="lab9-1.html">Return to the main page.</a>';
- }
- mysqli_free_result($results);
- mysqli_close($connection);
- }
- ?>
- </html>
- --------------------------------------------------------------LOGIN
- <?php
- #notes:
- #didn't use md5 for hashing because it's objectively bad and hard to use, used better hasing algorithm
- $host = "localhost";
- $database = "lab9";
- $user = "webuser";
- $password = "P@ssw0rd";
- $connection = mysqli_connect($host, $user, $password, $database);
- $error = mysqli_connect_error();
- if($error != null){
- $output = "<p>Unable to connect to database!</p>";
- exit($output);
- }
- $uname = $_POST["username"];
- $pw = $_POST["password"];
- $sql = "SELECT username, password FROM users WHERE username = ?";
- if($stmt = $connection->prepare($sql)){
- $stmt->bind_param("s", $uname);
- $stmt->execute();
- $stmt->store_result();
- $results = $stmt->bind_result($userCompare, $passCompare);
- }
- while($stmt->fetch()){
- $verifyPass = password_verify ($pw, $passCompare);
- $verifyUser = false;
- if($userCompare == $uname){
- $verifyUser = true;
- }
- if($verifyUser){
- echo "Your username is correct!";
- echo ("<br>");
- }else{
- echo "Your username is incorrect!";
- echo ("<br>");
- }
- if($verifyPass){
- echo "Your password is correct!";
- echo ("<br>");
- }else{
- echo "Your password is incorrect!";
- echo ("<br>");
- }
- }
- $stmt->free_result();
- mysqli_close($connection);
- ?>
- ------------------------------CHANGEPW
- <?php
- #notes:
- #didn't use md5 for hashing because it's objectively bad and hard to use, used better hasing algorithm
- $host = "localhost";
- $database = "lab9";
- $user = "webuser";
- $password = "P@ssw0rd";
- $connection = mysqli_connect($host, $user, $password, $database);
- $error = mysqli_connect_error();
- if($error != null){
- $output = "<p>Unable to connect to database!</p>";
- exit($output);
- }
- $newPw = $_POST["newpassword"];
- $pwC = $_POST["newpassword-check"];
- $uname = $_POST["username"];
- $pw = $_POST["oldpassword"];
- $sql = "SELECT username, password FROM users WHERE username = ?";
- if($stmt = $connection->prepare($sql)){
- $stmt->bind_param("s", $uname);
- $stmt->execute();
- $stmt->store_result();
- $results = $stmt->bind_result($userCompare, $passCompare);
- }
- while($stmt->fetch()){
- $verifyPass = password_verify ($pw, $passCompare);
- $verifyUser = false;
- if($userCompare == $uname){
- $verifyUser = true;
- }
- if ($verifyPass && $verifyUser) {
- if ($newPw == $pwC) {
- $hash = password_hash($newPw, PASSWORD_BCRYPT);
- $sql2 = "UPDATE users SET password = ? where username = ?";
- if($stmt2 = $connection->prepare($sql2)){
- $stmt2->bind_param("ss", $hash, $uname);
- $stmt2->execute();
- echo "Password Updated!";
- }
- } else {
- echo "Passwords don't match.";
- }
- } else {
- echo "user or password incorrect";
- }
- }
- $stmt->free_result();
- mysqli_close($connection);
- ?>
- -----------------------------------FINDUSER
- <?php
- #notes:
- #didn't use md5 for hashing because it's objectively bad and hard to use, used better hasing algorithm
- $host = "localhost";
- $database = "lab9";
- $user = "webuser";
- $password = "P@ssw0rd";
- $connection = mysqli_connect($host, $user, $password, $database);
- $error = mysqli_connect_error();
- if($error != null){
- $output = "<p>Unable to connect to database!</p>";
- exit($output);
- }
- $uname = $_POST["username"];
- $sql = "SELECT username, firstName, lastName, email FROM users WHERE username = ?";
- if($stmt = $connection->prepare($sql)){
- $stmt->bind_param("s", $uname);
- $stmt->execute();
- $stmt->store_result();
- $results = $stmt->bind_result($userCompare, $fnameCompare, $lnameCompare, $emailCompare);
- }
- while($stmt->fetch()){
- $verifyUser = false;
- if($userCompare == $uname){
- $verifyUser = true;
- }
- if($verifyUser){
- echo "<fieldset>
- <legend>User: $uname</legend>
- <p>
- <label>First Name: $fnameCompare</label>
- </p>
- <p>
- <label>Last name: $lnameCompare</label>
- </p>
- <p>
- <label>Email: $emailCompare</label>
- </p>
- </fieldset>";
- echo ("<br>");
- }else{
- echo "User not found.";
- echo ("<br>");
- }
- }
- $stmt->free_result();
- mysqli_close($connection);
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement