<?php// Begin/resume sessionsession_start();// Include necessary fileinclud

1. <?php
2. // Begin/resume session
3. session_start();
4.  
5. // Include necessary file
6. include_once 'User.class.php';
7.  
8. // Define variable for custom error messages
9. $errors = [];
10.  
11. // Define key variables for connection
12. $db_host = 'localhost';
13. $db_user = 'root';
14. $db_pass = '';
15. $db_name = 'oop_login';
16.  
17. // Establish a new connection using PDO
18. try {
19. $db_conn = new PDO("mysql:host={$db_host};dbname={$db_name}", $db_user, $db_pass);
20. $db_conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
21. } catch (PDOException $e) {
22. array_push($errors, $e->getMessage());
23. }
24.  
25. // Make use of database with users
26. $user = new User($db_conn);
27.  
28. <?php
29. class User
30. {
31. // Refer to database connection
32. private $db;
33.  
34. // Instantiate object with database connection
35. public function __construct($db_conn)
36. {
37. $this->db = $db_conn;
38. }
39.  
40. // Register new users
41. public function register($user_name, $user_email, $user_password)
42. {
43. try {
44. // Hash password
45. $user_hashed_password = password_hash($user_password, PASSWORD_DEFAULT);
46.  
47. // Define query to insert values into the users table
48. $sql = "INSERT INTO users(user_name, user_email, user_password) VALUES(:user_name, :user_email, :user_password)";
49.  
50. // Prepare the statement
51. $query = $this->db->prepare($sql);
52.  
53. // Bind parameters
54. $query->bindParam(":user_name", $user_name);
55. $query->bindParam(":user_email", $user_email);
56. $query->bindParam(":user_password", $user_hashed_password);
57.  
58. // Execute the query
59. $query->execute();
60. } catch (PDOException $e) {
61. array_push($errors, $e->getMessage());
62. }
63. }
64.  
65. // Log in registered users with either their username or email and their password
66. public function login($user_name, $user_email, $user_password)
67. {
68. try {
69. // Define query to insert values into the users table
70. $sql = "SELECT * FROM users WHERE user_name=:user_name OR user_email=:user_email LIMIT 1";
71.  
72. // Prepare the statement
73. $query = $this->db->prepare($sql);
74.  
75. // Bind parameters
76. $query->bindParam(":user_name", $user_name);
77. $query->bindParam(":user_email", $user_email);
78.  
79. // Execute the query
80. $query->execute();
81.  
82. // Return row as an array indexed by both column name
83. $returned_row = $query->fetch(PDO::FETCH_ASSOC);
84.  
85. // Check if row is actually returned
86. if ($query->rowCount() > 0) {
87. // Verify hashed password against entered password
88. if (password_verify($user_password, $returned_row['user_password'])) {
89. // Define session on successful login
90. $_SESSION['user_session'] = $returned_row['user_id'];
91. return true;
92. } else {
93. // Define failure
94. return false;
95. }
96. }
97. } catch (PDOException $e) {
98. array_push($errors, $e->getMessage());
99. }
100. }
101.  
102. // Check if the user is already logged in
103. public function is_logged_in() {
104. // Check if user session has been set
105. if (isset($_SESSION['user_session'])) {
106. return true;
107. }
108. }
109.  
110. // Redirect user
111. public function redirect($url) {
112. header("Location: $url");
113. }
114.  
115. // Log out user
116. public function log_out() {
117. // Destroy and unset active session
118. session_destroy();
119. unset($_SESSION['user_session']);
120. return true;
121. }
122. }
123.  
124. <?php
125. // Include necessary file
126. include_once './includes/db.inc.php';
127.  
128. // Check if user is not logged in
129. if (!$user->is_logged_in()) {
130. $user->redirect('index.php');
131. }
132.  
133. try {
134. // Define query to select values from the users table
135. $sql = "SELECT * FROM users WHERE user_id=:user_id";
136.  
137. // Prepare the statement
138. $query = $db_conn->prepare($sql);
139.  
140. // Bind the parameters
141. $query->bindParam(':user_id', $_SESSION['user_session']);
142.  
143. // Execute the query
144. $query->execute();
145.  
146. // Return row as an array indexed by both column name
147. $returned_row = $query->fetch(PDO::FETCH_ASSOC);
148. } catch (PDOException $e) {
149. array_push($errors, $e->getMessage());
150. }
151.  
152. if (isset($_GET['logout']) && ($_GET['logout'] == 'true')) {
153. $user->log_out();
154. $user->redirect('index.php');
155. }
156.  
157. ?>
158.  
159. <!DOCTYPE html>
160. <html lang="en">
161. <head>
162. <meta charset="UTF-8">
163. <meta name="viewport" content="width=device-width, initial-scale=1.0">
164. <meta http-equiv="X-UA-Compatible" content="ie=edge">
165. <title>OOP PHP - Home</title>
166. </head>
167. <body>
168. <h1>Home</h1>
169.  
170. <?php if (count($errors > 0)): ?>
171. <p>Error(s):</p>
172. <ul>
173. <?php foreach ($errors as $error): ?>
174. <li><?= $error ?></li>
175. <?php endforeach ?>
176. </ul>
177. <?php endif ?>
178.  
179. <p>Welcome, <?= $returned_row['user_name']; ?>. <a href="?logout=true">Log out</a></p>
180. </body>
181. </html>
182.  
183. <?php
184. // Include necessary file
185. require_once('./includes/db.inc.php');
186.  
187. // Check if user is already logged in
188. if ($user->is_logged_in()) {
189. // Redirect logged in user to their home page
190. $user->redirect('home.php');
191. }
192.  
193. // Check if log-in form is submitted
194. if (isset($_POST['log_in'])) {
195. // Retrieve form input
196. $user_name = trim($_POST['user_name_email']);
197. $user_email = trim($_POST['user_name_email']);
198. $user_password = trim($_POST['user_password']);
199.  
200. // Check for empty and invalid inputs
201. if (empty($user_name) || empty($user_email)) {
202. array_push($errors, "Please enter a valid username or e-mail address");
203. } elseif (empty($user_password)) {
204. array_push($errors, "Please enter a valid password.");
205. } else {
206. // Check if the user may be logged in
207. if ($user->login($user_name, $user_email, $user_password)) {
208. // Redirect if logged in successfully
209. $user->redirect('home.php');
210. } else {
211. array_push($errors, "Incorrect log-in credentials.");
212. }
213. }
214. }
215.  
216. // Check if register form is submitted
217. if (isset($_POST['register'])) {
218. // Retrieve form input
219. $user_name = trim($_POST['user_name']);
220. $user_email = trim($_POST['user_email']);
221. $user_password = trim($_POST['user_password']);
222.  
223. // Check for empty and invalid inputs
224. if (empty($user_name)) {
225. array_push($errors, "Please enter a valid username.");
226. } elseif (empty($user_email)) {
227. array_push($errors, "Please enter a valid e-mail address.");
228. } elseif (empty($user_password)) {
229. array_push($errors, "Please enter a valid password.");
230. } elseif (!filter_var($user_email, FILTER_VALIDATE_EMAIL)) {
231. array_push($errors, "Please enter a valid e-mail address.");
232. } else {
233. try {
234. // Define query to select matching values
235. $sql = "SELECT user_name, user_email FROM users WHERE user_name=:user_name OR user_email=:user_email";
236.  
237. // Prepare the statement
238. $query = $db_conn->prepare($sql);
239.  
240. // Bind parameters
241. $query->bindParam(':user_name', $user_name);
242. $query->bindParam(':user_email', $user_email);
243.  
244. // Execute the query
245. $query->execute();
246.  
247. // Return clashes row as an array indexed by both column name
248. $returned_clashes_row = $query->fetch(PDO::FETCH_ASSOC);
249.  
250. // Check for usernames or e-mail addresses that have already been used
251. if ($returned_clashes_row['user_name'] == $user_name) {
252. array_push($errors, "That username is taken. Please choose something different.");
253. } elseif ($returned_clashes_row['user_email'] == $user_email) {
254. array_push($errors, "That e-mail address is taken. Please choose something different.");
255. } else {
256. // Check if the user may be registered
257. if ($user->register($user_name, $user_email, $user_password)) {
258. echo "Registered";
259. }
260. }
261. } catch (PDOException $e) {
262. array_push($errors, $e->getMessage());
263. }
264. }
265. }
266. ?>
267.  
268. <!DOCTYPE html>
269. <html lang="en">
270. <head>
271. <meta charset="UTF-8">
272. <meta name="viewport" content="width=device-width, initial-scale=1.0">
273. <meta http-equiv="X-UA-Compatible" content="ie=edge">
274. <title>OOP PHP - Login and Register</title>
275. </head>
276. <body>
277. <h1>Welcome</h1>
278.  
279. <?php if (count($errors > 0)): ?>
280. <p>Error(s):</p>
281. <ul>
282. <?php foreach ($errors as $error): ?>
283. <li><?= $error ?></li>
284. <?php endforeach ?>
285. </ul>
286. <?php endif ?>
287.  
288. <!-- Log in -->
289. <h2>Log in</h2>
290. <form action="index.php" method="POST">
291. <label for="user_name_email">Username or E-mail Address:</label>
292. <input type="text" name="user_name_email" id="user_name_email" required>
293.  
294. <label for="user_password_log_in">Password:</label>
295. <input type="password" name="user_password" id="user_password_log_in" required>
296.  
297. <input type="submit" name="log_in" value="Log in">
298. </form>
299.  
300. <!-- Register -->
301. <h2>Register</h2>
302. <form action="index.php" method="POST">
303. <label for="user_name">Username:</label>
304. <input type="text" name="user_name" id="user_name" required>
305.  
306. <label for="user_email">E-mail Address:</label>
307. <input type="email" name="user_email" id="user_email" required>
308.  
309. <label for="user_password">Password:</label>
310. <input type="password" name="user_password" id="user_password" required>
311.  
312. <input type="submit" name="register" value="Register">
313. </form>
314. </body>
315. </html>