<?phpif(isset($_POST['submit'])){ ///////////////////////DATABASE/////

1.  
2.  
3. <?php
4.  
5. if(isset($_POST['submit'])){
6. ///////////////////////DATABASE/////////////////////////////////
7. $servername = "localhost";
8. $username = "root";
9. $password = "";
10. $dbName="exc1";
11. // Create connection
12. $conn = new mysqli($servername, $username, $password,$dbName);
13.  
14. // Check connection
15. if (!$conn) {
16. die("Connection failed: " . mysqli_connect_error());
17. }
18.  
19. $dbUserInputName=fnSanitizeUserInputString($_POST["input-UserName"]); /////////////////////// USERNAME INPUT////////////////////////////
20. $dbUserInputPassword=fnSanitizeUserInputString($_POST["input-Password"]);
21. //var_dump(password_verify ($dbUserInputPassword.$peper,$hash));
22. ////////////////// PASSWORD INPUT//////////////////////
23. fnCompareLogin($dbUserInputName,$dbUserInputPassword,$conn);
24. }
25. else{
26. fnPrintHtml();
27. }
28.  
29.  
30. function fnPasswordHash($input){
31. $peper="best project ever!";
32. $hash= password_hash($input.$peper,PASSWORD_DEFAULT);
33. return $hash;
34. }
35.  
36.  
37. function fnBlockCount($username,$conn){// count wrong attempts and insert time to database after 3rd time
38. $sql="SELECT blockCounter, timeBlock FROM users WHERE username='$username'";
39. $result=$conn->query($sql);
40. while ($row = mysqli_fetch_object($result)) {
41. $result = $row->blockCounter;
42. if($result>=3){
43. $sql="UPDATE `users` SET `timeBlock`=NOW(), blockCounter=0 WHERE username='$username'";
44. $conn->query($sql);
45. return True;
46. }
47. else{
48. return False;
49. }
50. }
51. }
52.  
53. function fnCheckTime($usernameee,$conn){// check if its 5 minutes after the block time
54. $now = date("Y-m-d H:i:s");
55. $sql1="SELECT * FROM users WHERE username='$usernameee'";
56. $result1=$conn->query($sql1);
57.  
58. while ($row = mysqli_fetch_object($result1)) {
59. $result = $row->timeBlock;
60. $dResult = explode(":", $result);
61. $pointer=true;
62.  
63. $dResult[1]=$dResult[1]+5;
64. $dResult=join(":",$dResult);
65. if($dResult>=$now){
66. $pointer=False;
67. }
68. else{
69. $pointer=True;
70. }
71. return $pointer;
72.  
73. }
74. }
75.  
76. function fnCompareLogin($inputUsername,$inputPassword,$conn){
77. $isBlocked=fnCheckTime($inputUsername,$conn);
78. if($isBlocked==False){
79. echo("blocked");
80. fnPrintHtml();
81. }
82. else{
83. $blocker=fnBlockCount($inputUsername,$conn);
84. if($blocker){
85. echo("blocked");
86. fnPrintHtml();
87. }
88. else{
89.  
90. $sql="SELECT * FROM users WHERE username='$inputUsername'";
91. $results=$conn->query($sql);
92. while ($obj=mysqli_fetch_object($results))
93. {
94. $password=$obj->password;
95. }
96.  
97.  
98. $peper="best project ever!";
99. // input password && database password -> compare
100. $result=password_verify($inputPassword.$peper,$password);
101. if($result==false){
102. $sql="UPDATE `users` SET `blockCounter`=blockCounter+1,`timeBlock`=timeBlock WHERE username='$inputUsername'";
103. $conn->query($sql);
104. echo("incorrect credentials");
105. fnPrintHtml();
106. }
107. elseif ($result==true){
108. echo("correct credentials");
109. }
110. else{
111. echo("error");
112. }
113. }
114. }
115. }
116.  
117.  
118.  
119. function fnSanitizeUserInputString($input){
120.  
121. $newstr = filter_var($input, FILTER_SANITIZE_STRING);
122. return $newstr;
123.  
124. }
125. function fnPrintHtml(){
126. echo('<form action="" method="POST">
127. <label for="input-UserName">Username:</label>
128. <input id="input-UserName" name="input-UserName" type="text" value="test1">
129. <label for="input-Password">Password:</label>
130. <input id="input-Password" name="input-Password" type="password" value="tes1">
131. <input name="submit" value="Send" type="submit">
132. </form>');
133.  
134. }
135.  
136. ?>