Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Initialize the session
- session_start();
- // Check if the user is logged in, if not then redirect him to login page
- if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){
- header("location: login.php");
- exit;
- }
- ?>
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="UTF-8">
- <title>Welcome</title>
- <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
- <style type="text/css">
- body{ font: 14px sans-serif; text-align: center; }
- </style>
- </head>
- <body>
- <div class="page-header">
- <h1>Hi, <b><?php echo htmlspecialchars($_SESSION["username"]); ?></b>. Welcome to our site.</h1>
- </div>
- <p>
- <a href="reset-password.php" class="btn btn-warning">Reset Your Password</a>
- <a href="logout.php" class="btn btn-danger">Sign Out of Your Account</a>
- </p>
- </body>
- </html>
- <?php
- error_reporting(E_ALL); ini_set('display_errors', 1);
- // Initialize the secure session
- session_start();
- // Check if the user is already logged in, if yes then redirect him to welcome page
- if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
- header("location: welcome.php");
- exit;
- }
- // Include config file
- require_once "config.php";
- // Define variables and initialize with empty values
- $username = $password = "";
- $username_err = $password_err = "";
- // Processing form data when form is submitted
- if($_SERVER["REQUEST_METHOD"] == "POST"){
- // Check if username is empty
- if(empty(trim($_POST["username"]))){
- $username_err = "Please enter username.";
- } else{
- $username = trim($_POST["username"]);
- }
- // Check if password is empty
- if(empty(trim($_POST["password"]))){
- $password_err = "Please enter your password.";
- } else{
- $password = trim($_POST["password"]);
- }
- // Validate credentials
- if(empty($username_err) && empty($password_err)){
- // Prepare a select statement
- $sql = "SELECT id, username, password FROM users WHERE username = :username";
- if($stmt = $pdo->prepare($sql)){
- // Bind variables to the prepared statement as parameters
- $stmt->bindParam(":username", $param_username, PDO::PARAM_STR);
- // Set parameters
- $param_username = trim($_POST["username"]);
- // Attempt to execute the prepared statement
- if($stmt->execute()){
- // Check if username exists, if yes then verify password
- if($stmt->rowCount() == 1){
- if($row = $stmt->fetch()){
- $id = $row["id"];
- $username = $row["username"];
- $hashed_password = $row["password"];
- if(password_verify($password, $hashed_password)){
- // Password is correct, so start a new session
- session_start();
- // Store data in session variables
- $_SESSION["loggedin"] = true;
- $_SESSION["id"] = $id;
- $_SESSION["username"] = $username;
- // Redirect user to welcome page
- header("location: welcome.php");
- } else{
- // Display an error message if password is not valid
- $password_err = "The password you entered was not valid.";
- }
- }
- } else{
- // Display an error message if username doesn't exist
- $username_err = "No account found with that username.";
- }
- } else{
- echo "Oops! Something went wrong. Please try again later.";
- }
- }
- // Close statement
- unset($stmt);
- }
- // Close connection
- unset($pdo);
- }
- ?>
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="UTF-8">
- <title>Login</title>
- <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
- <style type="text/css">
- body{ font: 14px sans-serif; }
- .wrapper{ width: 350px; padding: 20px; }
- </style>
- </head>
- <body>
- <div class="wrapper">
- <h2>Login</h2>
- <p>Please fill in your credentials to login.</p>
- <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
- <div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
- <label>Username</label>
- <input type="text" name="username" class="form-control" value="<?php echo $username; ?>">
- <span class="help-block"><?php echo $username_err; ?></span>
- </div>
- <div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
- <label>Password</label>
- <input type="password" name="password" class="form-control">
- <span class="help-block"><?php echo $password_err; ?></span>
- </div>
- <div class="form-group">
- <input type="submit" class="btn btn-primary" value="Login">
- </div>
- <p>Don't have an account? <a href="register.php">Sign up now</a>.</p>
- </form>
- </div>
- </body>
- </html>
- <?php
- // Include config file
- require_once "config.php";
- // Define variables and initialize with empty values
- $username = $password = $confirm_password = "";
- $username_err = $password_err = $confirm_password_err = "";
- // Processing form data when form is submitted
- if($_SERVER["REQUEST_METHOD"] == "POST"){
- // Validate username
- if(empty(trim($_POST["username"]))){
- $username_err = "Please enter a username.";
- } else{
- // Prepare a select statement
- $sql = "SELECT id FROM users WHERE username = :username";
- if($stmt = $pdo->prepare($sql)){
- // Bind variables to the prepared statement as parameters
- $stmt->bindParam(":username", $param_username, PDO::PARAM_STR);
- // Set parameters
- $param_username = trim($_POST["username"]);
- // Attempt to execute the prepared statement
- if($stmt->execute()){
- if($stmt->rowCount() == 1){
- $username_err = "This username is already taken.";
- } else{
- $username = trim($_POST["username"]);
- }
- } else{
- echo "Oops! Something went wrong. Please try again later.";
- }
- }
- // Close statement
- unset($stmt);
- }
- // Validate password
- if(empty(trim($_POST["password"]))){
- $password_err = "Please enter a password.";
- } elseif(strlen(trim($_POST["password"])) < 6){
- $password_err = "Password must have atleast 6 characters.";
- } else{
- $password = trim($_POST["password"]);
- }
- // Validate confirm password
- if(empty(trim($_POST["confirm_password"]))){
- $confirm_password_err = "Please confirm password.";
- } else{
- $confirm_password = trim($_POST["confirm_password"]);
- if(empty($password_err) && ($password != $confirm_password)){
- $confirm_password_err = "Password did not match.";
- }
- }
- // Check input errors before inserting in database
- if(empty($username_err) && empty($password_err) && empty($confirm_password_err)){
- // Prepare an insert statement
- $sql = "INSERT INTO users (username, password) VALUES (:username, :password)";
- if($stmt = $pdo->prepare($sql)){
- // Bind variables to the prepared statement as parameters
- $stmt->bindParam(":username", $param_username, PDO::PARAM_STR);
- $stmt->bindParam(":password", $param_password, PDO::PARAM_STR);
- // Set parameters
- $param_username = $username;
- $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash
- // Attempt to execute the prepared statement
- if($stmt->execute()){
- // Redirect to login page
- header("location: login.php");
- } else{
- echo "Something went wrong. Please try again later.";
- }
- }
- // Close statement
- unset($stmt);
- }
- // Close connection
- unset($pdo);
- }
- ?>
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="UTF-8">
- <title>Sign Up</title>
- <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
- <style type="text/css">
- body{ font: 14px sans-serif; }
- .wrapper{ width: 350px; padding: 20px; }
- </style>
- </head>
- <body>
- <div class="wrapper">
- <h2>Sign Up</h2>
- <p>Please fill this form to create an account.</p>
- <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
- <div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
- <label>Username</label>
- <input type="text" name="username" class="form-control" value="<?php echo $username; ?>">
- <span class="help-block"><?php echo $username_err; ?></span>
- </div>
- <div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
- <label>Password</label>
- <input type="password" name="password" class="form-control" value="<?php echo $password; ?>">
- <span class="help-block"><?php echo $password_err; ?></span>
- </div>
- <div class="form-group <?php echo (!empty($confirm_password_err)) ? 'has-error' : ''; ?>">
- <label>Confirm Password</label>
- <input type="password" name="confirm_password" class="form-control" value="<?php echo $confirm_password; ?>">
- <span class="help-block"><?php echo $confirm_password_err; ?></span>
- </div>
- <div class="form-group">
- <input type="submit" class="btn btn-primary" value="Submit">
- <input type="reset" class="btn btn-default" value="Reset">
- </div>
- <p>Already have an account? <a href="login.php">Login here</a>.</p>
- </form>
- </div>
- </body>
- </html>
- <?php
- /* Database credentials. Assuming you are running MySQL
- server with default setting (user 'root' with no password) */
- define('DB_SERVER', 'localhost');
- define('DB_USERNAME', 'root');
- define('DB_PASSWORD', 'SECRETE');
- define('DB_NAME', 'mySite');
- /* Attempt to connect to MySQL database */
- try{
- $pdo = new PDO("mysql:host=" . DB_SERVER . ";dbname=" . DB_NAME, DB_USERNAME, DB_PASSWORD);
- // Set the PDO error mode to exception
- $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- } catch(PDOException $e){
- die("ERROR: Could not connect. " . $e->getMessage());
- }
- ?>
- <?php
- // Initialize the session
- session_start();
- // Unset all of the session variables
- $_SESSION = array();
- // Destroy the session.
- session_destroy();
- // Redirect to login page
- header("location: login.php");
- exit;
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
