<?phpdefine('DB_HOST', 'localhost');define('DB_USER', 'root');define('DB_PASS

1. <?php
2. define('DB_HOST', 'localhost');
3. define('DB_USER', 'root');
4. define('DB_PASS', '');
5. define('DB_NAME', 'database');
6. ?>
7.  
8. <?php
9. class DB_Connect {
10. private $con;
11.  
12. public function connect() {
13. require_once dirname(__FILE__) . '/config.php';
14.  
15. $this->con = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
16.  
17. return $this->con;
18. }
19. }
20. ?>
21.  
22. <?php
23.  
24. class DB_Functions {
25.  
26. private $con;
27.  
28. function __construct() {
29. require_once dirname(__FILE__) . '/../database/connect.php';
30.  
31. $db = new DB_Connect();
32. $this->con = $db->connect();
33. }
34.  
35. function __destruct() {
36.  
37. }
38.  
39. public function storeUser($username, $email, $password) {
40. $uuid = uniqid('', true);
41. $email_code = md5($_POST['username'] + microtime());
42. $hash = $this->hashSSHA($password);
43. $encrypted_password = $hash['encrypted'];
44. $salt = $hash['salt'];
45.  
46. $stmt = $this->con->prepare("INSERT INTO users(unique_id, username, email, email_code, encrypted_password, salt, created_at) VALUES(?, ?, ?, ?, ?, ?, NOW())");
47.  
48. $stmt->bind_param('ssssss', $uuid, $username, $email, $email_code, $encrypted_password, $salt);
49.  
50. $result = $stmt->execute();
51.  
52. $stmt->close();
53.  
54. if ($result) {
55. $stmt = $this->con->prepare("SELECT * FROM users WHERE email = ?");
56. $stmt->bind_param('s', $email);
57. $stmt->execute();
58. $user = $stmt->get_result()->fetch_assoc();
59. $stmt->close();
60.  
61. return $user;
62. } else {
63. return false;
64. }
65. }
66.  
67. public function getUserByUsernameAndPassword($username, $password) {
68. $stmt = $this->con->prepare("SELECT * FROM users WHERE username = ?");
69.  
70. $stmt->bind_param('s', $username);
71.  
72. if ($stmt->execute()) {
73. $user = $stmt->get_result()->fetch_assoc();
74. $stmt->close();
75.  
76. $salt = $user['salt'];
77. $encrypted_password = $user['encrypted_password'];
78. $hash = $this->checkhashSSHA($salt, $password);
79.  
80. if ($encrypted_password == $hash) {
81. return $user;
82. }
83. } else {
84. return NULL;
85. }
86. }
87.  
88. public function doesUserEmailExist($email) {
89. $stmt = $this->con->prepare("SELECT email FROM users WHERE email = ?");
90.  
91. $stmt->bind_param('s', $email);
92.  
93. $stmt->execute();
94.  
95. $stmt->store_result();
96.  
97. if ($stmt->num_rows > 0) {
98. $stmt->close();
99. return true;
100. } else {
101. $stmt->close();
102. return false;
103. }
104. }
105.  
106. public function doesUsernameExist($username) {
107. $stmt = $this->con->prepare("SELECT username FROM users WHERE username = ?");
108.  
109. $stmt->bind_param('s', $username);
110.  
111. $stmt->execute();
112.  
113. $stmt->store_result();
114.  
115. if ($stmt->num_rows > 0) {
116. $stmt->close();
117. return true;
118. } else {
119. $stmt->close();
120. return false;
121. }
122. }
123.  
124. public function isActive($username) {
125. $stmt = $this->con->prepare("SELECT COUNT user_id FROM users WHERE username = ? AND active = 1");
126.  
127. $stmt->bind_param('s', $username);
128.  
129. $stmt->execute();
130.  
131. $stmt->store_result();
132.  
133. if ($stmt->num_rows > 0) {
134. $stmt->close();
135. return true;
136. } else {
137. $stmt->close();
138. return false;
139. }
140. }
141.  
142. public function hashSSHA($password) {
143. $salt = sha1(rand());
144. $salt = substr($salt, 0, 10);
145. $encrypted = base64_encode(sha1($password . $salt, true) . $salt);
146. $hash = array('salt' => $salt, 'encrypted' => $encrypted);
147. return $hash;
148. }
149.  
150. public function checkhashSSHA($salt, $password) {
151. $hash = base64_encode(sha1($password . $salt, true) . $salt);
152.  
153. return $hash;
154. }
155.  
156. }
157.  
158. ?>
159.  
160. <?php
161. ?>
162. <!doctype html>
163. <html>
164. <head>
165. <meta name="viewport" content="width=device-width, initial-scale=1">
166. <title>Website</title>
167. <link href='https://fonts.googleapis.com/css?family=Oswald' rel='stylesheet' type='text/css'>
168. <link rel="stylesheet" href="css/main.css">
169. </head>
170. <body background='img/main_bg.jpg'>
171. <div id="header">
172. <div id="login-div">
173. <form action="login.php" method="post">
174. <ul id="login">
175. <li>
176. <input type="text" name="username" placeholder="Username">
177. </li>
178. <li>
179. <input type="password" name="password" placeholder="Password">
180. </li>
181. <li>
182. <input type="submit" value="Login">
183. </li>
184. </ul>
185. </form>
186. </div>
187. </div>
188. <div id="container">
189. <h1 id="main-title">Website</h1>
190. <div id="register-div">
191. <form action="register.php" method="post">
192. <ul id="register">
193. <li>
194. <input type="text" name="username" placeholder="Username">
195. </li>
196. <li>
197. <input type="text" name="email" placeholder="Email">
198. </li>
199. <li>
200. <input type="password" name="password" placeholder="Password">
201. </li>
202. <li>
203. <input type="password" name="confirm-password" placeholder="Confirm Password">
204. </li>
205. <li>
206. <input type="checkbox" id="agreement" name="agreement" value="agreement">
207. <label for="agreement" id="agreement-label">I have read and agree to the terms of service.</label>
208. </li>
209. <li>
210. <input type="submit" value="Register">
211. </li>
212. </ul>
213. </form>
214. </div>
215. </div>
216. <div id="footer">
217. FOOTER
218. </div>
219. </body>
220. </html>
221.  
222. <?php
223.  
224. require_once dirname(__FILE__) . '/includes/functions/functions.php';
225. $db = new DB_Functions();
226.  
227. $errors = array();
228.  
229. if (!empty($_POST['username']) && !empty($_POST['email']) && !empty($_POST['password']) && !empty($_POST['confirm-password'])) {
230. if (isset($_POST['agreement'])) {
231. $username = $_POST['username'];
232. $email = $_POST['email'];
233. $password = $_POST['password'];
234. $confirm_password = $_POST['confirm-password'];
235.  
236. if ($password == $confirm_password) {
237. if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
238. $errors[] = 'You must use a valid email address.';
239. }
240. if ($db->doesUserEmailExist($email)) {
241. $errors[] = 'The email ' . $email . ' is already in use.';
242. }
243. if (preg_match("/\s/", $username) == true) {
244. $errors[] = 'Your username cannot contain spaces.';
245. }
246. if ($db->doesUsernameExist($username)) {
247. $errors[] = 'The username ' . $username . ' is already in use.';
248. }
249. if (strlen($password) < 6) {
250. $errors[] = 'Password must contain at least 6 characters.';
251. }
252. } else {
253. $errors[] = 'Your passwords do not match.';
254. }
255. } else {
256. $errors[] = 'You must accept terms agreement before registering.';
257. }
258. } else {
259. $errors[] = 'All fields are required.';
260. }
261.  
262. if (isset($_GET['success']) && empty($_GET['success'])) {
263. echo 'YOU HAVE REGISTERED SUCCESSFULLY';
264. } else {
265. if (!empty($_POST) && empty($errors)) {
266. $user = $db->storeUser($username, $email, $password);
267. if ($user) {
268. header('Location: register.php?success');
269. exit();
270. }
271. } else if (!empty($errors)) {
272. echo json_encode($errors);
273. }
274. }
275.  
276. ?>
277.  
278. <?php
279.  
280. require_once dirname(__FILE__) . '/includes/functions/functions.php';
281. $db = new DB_Functions();
282.  
283. $errors = array();
284.  
285. if (!empty($_POST['username']) && !empty($_POST['password'])) {
286. if (!$db->doesUsernameExist($_POST['username'])) {
287. $errors[] = 'We can't find this username. Have you registered?';
288. } else {
289. if (!$db->getUserByUsernameAndPassword($_POST['username'], $_POST['password'])) {
290. $errors[] = 'The username/password combination is incorrect.';
291. } else {
292. if (isActive($username)) {
293. $user = $db->getUserByUsernameAndPassword($_POST['username'], $_POST['password']);
294. $_SESSION['user_id'] = $user['user_id'];
295. header('Location: home.php');
296. exit();
297. } else {
298. $errors[] = 'You have not activated your account.';
299. }
300. }
301. }
302. } else {
303. $errors[] = 'Username and password are required.';
304. }
305.  
306. echo json_encode($errors);
307.  
308. ?>
309.  
310. <?php
311. class DB_Connect {
312. // I most always use protected visibility when starting a class
313. // unless I know for sure I will not ever extend it.
314. // This is static property as it will only be called statically
315. // Name the variable to be clear as to what it will hold - in
316. // this case a mysqli object.
317. protected static $mysqli;
318.  
319. // Make a private constructor as you do not want to allow
320. // a concrete instantiation of this class
321. private function __construct() {}
322.  
323. // make static function to get mysqli instance
324. public static function get_mysqli() {
325. // do we already have a connection available?
326. if(self::$mysqli instanceof mysqli) {
327. // No we don't, so let's instantiate.
328. // Note that I have removed your require for config.
329. // If you are going to have a common app config file it
330. // should be included up the call stack, not have
331. // some class require it.
332. $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
333. // throw Exception if connection failed
334. if($mysqli->connect_error) {
335. thrown new Exception(
336. 'MySQL connection failed with "' .
337. $mysqli->connect_error . '"'
338. );
339. }
340. // Set the instance to class property.
341. // This will only happen once per code execution
342. // regardless as to how many times this method is
343. // called.
344. self::$mysqli = $mysqli;
345. }
346. // return mysqli object to caller
347. return self::$mysqli;
348. }
349. }
350. ?>
351.  
352. <?php
353. // Not shown - require config here
354. // Not shown - require all classes here
355.  
356. // instantiate DB connection
357. $mysqli = DB_Connect::get_mysqli();
358. // instantiate your user login object, passing it the mysqli object
359. $user_login = new User_Login($mysqli);
360. ...