Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /****
- Db schema
- create table users (id int(10) not null primary key auto_increment,
- username varchar(255) not null unique,
- password varchar(255) not null,
- email varchar(255) not null default '');
- ****/
- function get_dblink(){
- return mysqli_connect("localhost","db_username","db_password","db_name");
- }
- function register_form(){?>
- <form method="post" >
- Username :<input type = "text" name="username">
- Passwod: <input type = "password" name="pass">
- Retype Passwod:<input type = "password" name="pass2">
- <input type="hidden" name="action" value="register">
- <input type="submit" value="Login">
- </form>
- <?php
- }
- function login_form(){
- ?>
- <form method="post">
- Username :<input type = "text" name="username">
- Passwod: <input type = "password" name="pass">
- <input type="hidden" name="action" value="login">
- <input type="submit" value="Login">
- </form>
- <?php
- }
- function logout_form($username){ ?>
- <form method="post">
- <input type="hidden" name="action" value="logout">
- Logout <?=$username?> <input type="submit" value="Logout">
- </form>
- <?php
- }
- /**************************************************************/
- #Validators :
- function validate_username($username){
- if(preg_match('/^[a-zA-Z0-9]{5,}$/', $username)) {
- return true;
- }else{
- throw new Exception("The username should contain a-zA-Z0-9 and should be long 5 chars or more ") ;
- }
- }
- function validate_password($pass){
- if(preg_match('/^[a-zA-Z0-9]{5,}$/', $pass)) {
- return true;
- }else{
- throw new Exception("The password should contain a-zA-Z0-9 and should be long 5 chars or more ");
- }
- }
- function validate_password_dont_match_the_username($pass, $username){
- if($pass===$username){
- throw new Exception("The password can not be the same as the username");
- }else{
- return true;
- }
- }
- function validate_registration_passwords_match($pass, $pass2){
- if($pass===$pass2){
- return true;
- }
- throw new Exception("The passwords don't match");
- }
- # DB functions ################################################
- function authenticate_user($username, $password){
- $username= mysqli_real_escape_string(get_dblink(),$username);
- $qry = "select id, username, password from users where username='$username' ";
- $res= mysqli_query(get_dblink(), $qry);
- $rr= mysqli_fetch_assoc($res);
- return password_verify($password, $rr['password']);
- }
- # Register user
- function add_user_to_the_database($username,$pass){
- $dblink=get_dblink();
- $hashed_pass = password_hash($pass, PASSWORD_BCRYPT);
- $username= mysqli_real_escape_string(get_dblink(),$username);
- $qry = "insert into users(username, password) values ('$username', '$hashed_pass')";
- mysqli_query( $dblink ,$qry);
- if (mysqli_error($dblink)){
- throw new Exception("Error inserting into the DB ". mysqli_error($dblink));
- }
- }
- function register_user($username, $pass, $pass2){
- try{
- validate_username($username);
- validate_password_dont_match_the_username($pass,$username);
- validate_password($pass);
- validate_registration_passwords_match($pass, $pass2);
- # and finally
- add_user_to_the_database($username,$pass);
- # todo email validation
- # or
- # automaticaliy login the new user;
- login_user($username, $pass);
- } catch (Exception $e){
- print_r("<div style='color:red'>".$e->getMessage()."</div>");
- }
- }
- function get_user_id_by_username($username){
- $username= mysqli_real_escape_string(get_dblink(),$username);
- $qry = "select id from users where username='$username' ";
- $res= mysqli_query(get_dblink(), $qry);
- $rr= mysqli_fetch_assoc($res);
- return $rr['id'];
- }
- function login_user($username, $password){
- if(authenticate_user($username, $password)){
- $_SESSION['valid_user_id'] = get_user_id_by_username($username);
- $_SESSION['username']=$username;
- }
- }
- function loggedin_user(){
- return $_SESSION['valid_user_id'];
- }
- function logout_user(){
- session_destroy();
- }
- /***************************************************/
- session_start();
- # handle http post requests
- if(isset($_POST['action']))
- switch($_POST['action']){
- case "login":
- login_user($_POST['username'], $_POST['pass']);
- break;
- case "logout":
- logout_user();
- break;
- case "register":
- register_user($_POST['username'], $_POST['pass'], $_POST['pass2']);
- break;
- }
- # application
- if(!loggedin_user()){
- # show_some_content_for_NOT_logged_in_users_here();
- echo "<h1>You are not logged in. Please Login or Register</h1>";
- echo "<br><H2>Register:</H2>";
- register_form();
- echo "<br><H2>Login:</H2>";
- login_form();
- # not registered users exprience stops here
- exit(0);
- }
- # This content will be available only for logged in users
- echo "<h1>You are logged in as \"$_SESSION[username]\" </h1>";
- logout_form($_SESSION['username']);
- # show_content_for_logged_in_users_only();
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement