Login System - HTML5 game

1. ---------------------------------------------------------------------------------------------------------------------------------------
2. PHP (databaseHandler.php):
3. ---------------------------------------------------------------------------------------------------------------------------------------
4. <?php
5. $databaseServerName = "localhost";
6. $databaseUserName = "root";
7. $databasePassword = "";
8. $databaseName = "users";
9. $conn = mysqli_connect($databaseServerName, $databaseUserName, $databasePassword, $databaseName);
10. ?>
11. ---------------------------------------------------------------------------------------------------------------------------------------
12. HTML (game.php): (Security is bad, I know....) (I am attempting to pass the form data through to the PHP files which checks it and either confirms the login or adds a new user to the database. However I also need the variables to store the username etc as well as some more data which I need to pull from the database (when I have created it) and keep that in the javascript variables too. If that makes sense. However, at the moment, the code stores the users form inputs in the javascript variables, but the PHP isn't run - you can login with any username & password and a new user isn't pushed to the database. What am I doing wrong?
13. ---------------------------------------------------------------------------------------------------------------------------------------
14. <?php
15. //start a session
16. session_start();
17. ?>
18. <!DOCTYPE html>
19. <html>
20. <head>
21. <link rel="Stylesheet" type="text/css" href="style.css"></link>
22. <script src="jquery.js"></script>
23. <script>
24. $(document).ready(function(){
25. $("#login").click(function(){
26. let username = $("#username").val();
27. let password = $("#password").val();
28. $.post("login.php", {
29. username: username,
30. password: password,
31. loggedIn: true
32. }, function(data, status){
33. $("div").html(username);
34. });
35. });
36.  
37. $("#signUp").click(function(){
38. let username = $("#username").val();
39. let password = $("#password").val();
40. $.post("signUp.php", {
41. username: username,
42. password: password,
43. loggedIn: true
44. }, function(data, status){
45. $("div").html(username);
46. });
47. });
48.  
49. $("#playAsGuest").click(function(){
50. let loggedIn = false;
51. });
52. });
53. </script>
54. </head>
55. <body>
56. <img id="logo" src="Logo.png" alt="Escape From Death Logo" width="100%" height="33%">
57. <h1>WELCOME</h1>
58. <div>
59. <form>
60. <input id="username" type="text" name="username" placeholder="Username">
61. <br>
62. <input id="password" type="password" name="password" placeholder="Password">
63. <br>
64. <button id="login" type="button" name="signup">LOGIN</button>
65. <button id="signUp" type="button" name="signup">SIGN UP</button>
66. <button id="playAsGuest" type="button" name="playAsGuest">PLAY AS GUEST</button>
67. </form>
68. <div>
69. </body>
70. </html>
71. ---------------------------------------------------------------------------------------------------------------------------------------
72. PHP (login.php)
73. ---------------------------------------------------------------------------------------------------------------------------------------
74. <?php
75. //start a session
76. session_start();
77.  
78. //If the button is clicked
79. //if (isset($_POST['username']) && isset($_POST['password'])){
80. //The connection to the database
81. include_once 'databaseHandler.php';
82.  
83. //Gets the infomation submitted from the form
84. //Protects the database by converting everything to text...
85. //The database therefore cannot read the inputs as code
86. $username = mysqli_real_escape_string($conn, $_POST['username']);
87. $password = mysqli_real_escape_string($conn, $_POST['password']);
88. $loggedIn = mysqli_real_escape_string($conn, $_POST['loggedIn']);
89.  
90. //Error Handlers
91.  
92. //Checks everything has been filled out
93. //Checks for no empty fields
94. if (empty($username) || empty($password)){
95. //Takes you back to this page
96. //With a message at the end of the url
97. //header("Location: loginHome.php?login=empty");
98. exit();
99. }
100. else {
101. //Checks that username is in the database
102. $sql1 = "SELECT * FROM login_details WHERE username = '$username';";
103. $result = mysqli_query($conn, $sql1);
104. $resultCheck = mysqli_num_rows($result);
105. if ($resultCheck < 1){
106. //Takes you back to this page
107. //With a message at the end of the url
108. //header("Location: loginHome.php?login=error1");
109. exit();
110. }
111. else {
112. //Checks username with password
113. if ($row = mysqli_fetch_assoc($result)){
114. //De-hashing the password
115. $hashedPasswordCheck = password_verify($password, $row['password']);
116. if ($hashedPasswordCheck == false){
117. // header("Location: loginHome.php?login=error2");
118. exit();
119. }
120. else if ($hashedPasswordCheck == true){
121. //Log in the user here
122. //Use Sessions
123. $_SESSION['u_id'] = $row['user_id'];
124. $_SESSION['u_username'] = $row['username'];
125. $_SESSION['u_password'] = $row['password'];
126. echo $username;
127. echo $password;
128. echo $loggedIn;
129. // header("Location: game.php?login=success");
130. // exit();
131. }
132.  
133. }
134. }
135. }
136. // }
137. // else {
138. // // header("Location: loginHome.php");
139. // exit();
140. // }
141. ?>
142. ---------------------------------------------------------------------------------------------------------------------------------------
143. PHP (signUp.php)
144. ---------------------------------------------------------------------------------------------------------------------------------------
145. <?php
146.  
147. //start a session
148. session_start();
149.  
150. if (isset($_POST['signup'])){
151. //The connection to the database
152. include_once 'databaseHandler.php';
153.  
154. //Gets the infomation submitted from the form
155. //Protects the database by converting everything to text...
156. //The database therefore cannot read the inputs as code
157. $username = mysqli_real_escape_string($conn, $_POST['username']);
158. $password = mysqli_real_escape_string($conn, $_POST['password']);
159. $loggedIn = mysqli_real_escape_string($conn, $_POST['loggedIn']);
160.  
161. //Error Handlers
162.  
163. //Checks everything has been filled out
164. //Checks for no empty fields
165. if (empty($username) || empty($password)){
166. //Takes you back to this page
167. //With a message at the end of the url
168. //header("Location: signUpHome.php?signup=empty");
169. //exit();
170. }
171. else {
172. //Checks that input is valid
173. if (!preg_match("/[a-zA-Z0-9]/", $username) || !preg_match("/[a-zA-Z0-9]/", $password)){
174. //Takes you back to this page
175. //With a message at the end of the url
176. //header("Location: signUpHome.php?signup=invalid");
177. //exit();
178. }
179. else {
180. //Checks that username hasn't already been taken
181. $sql1 = "SELECT * FROM login_details WHERE username = '$username';";
182. $result = mysqli_query($conn, $sql1);
183. $resultCheck = mysqli_num_rows($result);
184. if ($resultCheck > 0){
185. //Takes you back to this page
186. //With a message at the end of the url
187. //header("Location: signUpHome.php?signup=usertaken");
188. //exit();
189. }
190. else {
191. //Hashing the password
192. $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
193. //Insert the user into the database
194. $sql2 = "INSERT INTO login_details (username, password) VALUES ('$username','$hashedPassword');";
195. mysqli_query($conn, $sql2);
196. // $row = mysqli_fetch_assoc($result);
197. // $_SESSION['u_id'] = $row['user_id'];
198. // $_SESSION['u_username'] = $row['username'];
199. // $_SESSION['u_password'] = $row['password'];
200. echo $username;
201. echo $password;
202. echo $loggedIn;
203. //Takes you back to this page
204. //header("Location: game.php?signup=success");
205. //exit();
206. }
207. }
208. }
209. }
210. else {
211. //header("Location: signUpHome.php");
212. //exit();
213. }
214. ?>
215. ---------------------------------------------------------------------------------------------------------------------------------------
216. CSS (style.css):
217. ---------------------------------------------------------------------------------------------------------------------------------------
218. body {
219. background-color: #443838;
220. }
221.  
222. h1 {
223. position: fixed;
224. font-family: "impact";
225. color: #FF0000;
226. font-size: 50px;
227. top: 50%;
228. left: 50%;
229. margin-top: -70px;
230. margin-left: -550px;
231. }
232.  
233. #username{
234. position: fixed;
235. width: 20%;
236. height: 5%;
237. border: none;
238. border-radius: 10px;
239. top: 50%;
240. left: 50%;
241. margin-top: 0px;
242. margin-left: -550px;
243. }
244.  
245. #password{
246. position: fixed;
247. width: 20%;
248. height: 5%;
249. border: none;
250. border-radius: 10px;
251. top: 50%;
252. left: 50%;
253. margin-top: 50px;
254. margin-left: -550px;
255. }
256.  
257. #login{
258. position: fixed;
259. height: 7%;
260. border: none;
261. border-radius: 10px;
262. top: 50%;
263. left: 50%;
264. margin-top: +100px;
265. margin-left: -550px;
266. font-family: "impact";
267. font-size: 30px;
268. text-align: left;
269. }
270.  
271. #signUp{
272. position: fixed;
273. height: 7%;
274. border: none;
275. border-radius: 10px;
276. top: 50%;
277. left: 50%;
278. margin-top: +100px;
279. margin-left: -450px;
280. font-family: "impact";
281. font-size: 30px;
282. text-align: left;
283. }
284.  
285. #playAsGuest{
286. position: fixed;
287. height: 7%;
288. border: none;
289. border-radius: 10px;
290. top: 50%;
291. left: 50%;
292. margin-top: 160px;
293. margin-left: -550px;
294. font-family: "impact";
295. color: #FFFFFF;
296. background-color: #000000;
297. font-size: 25px;
298. text-align: left;
299. }