API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 29th, 2017
80
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 4.28 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. // Libraries
  3. $db = null;
  4. function passwordHash($username, $password) {
  5.   $key = '123123kaskldjasldkjlkj12j12lk3jlasjdklj1kl32j12kl3jasd123';
  6.   return sha1($username . $password . $key);
  7. }
  8. function checkUserPassword($username, $password) {
  9.   global $db;
  10.   $query = "SELECT username, password FROM users WHERE username = '" . sqlite_escape_string($username) . "'";
  11.   $result = sqlite_query($db, $query);
  12.   $row = sqlite_fetch_array($result, SQLITE_ASSOC);
  13.   return ($row && passwordHash($username, $password) == $row['password']);
  14. }
  15. function initializeDb() {
  16.   global $db;
  17.   $file = realpath(dirname(__FILE__).'/../db') . '/php101db.sqlite';
  18.   if ($db = sqlite_open($file, 0666, $error)) {
  19.     $result = sqlite_query($db, "SELECT name FROM sqlite_master WHERE type = 'table'");
  20.     $row = sqlite_fetch_array($result, SQLITE_ASSOC);
  21.     if (!$row) {
  22.       $create = 'CREATE TABLE users (
  23.          username varchar(255),
  24.          password varchar(255)
  25.        )';
  26.       $result = sqlite_query($db, $create);
  27.     }
  28. /*
  29.     $result = sqlite_query($db, 'SELECT COUNT(*) AS tot FROM USERS');
  30.     $row = sqlite_fetch_array($result, SQLITE_ASSOC);
  31.     if (!$row || !$row['tot']) {
  32.       $USERSDB = array(
  33.         'admin' => 'foo',
  34.         'user' => 'bar'
  35.       );
  36.       foreach($USERSDB as $username => $password) {
  37.         $insert = "INSERT INTO users (username, password) VALUES ('" . sqlite_escape_string($username) . "', '" . sqlite_escape_string(passwordHash($username, $password)) . "')";
  38.         $result = sqlite_query($db, $insert);
  39.       }
  40.     }
  41. */
  42.   } else {
  43.     // @TODO: log error
  44.     die('There was an error. Please try again later.');
  45.   }
  46. }
  47.  
  48. initializeDb();
  49.  
  50. // Configuration:
  51. $default_session = array(
  52.   'authenticated' => false,
  53.   'username' => 'guest'
  54. );
  55.  
  56.  
  57. // Controller:
  58. session_start();
  59. if (!isset($_SESSION['data'])) {
  60.   $_SESSION['data'] = $default_session;
  61. }
  62.  
  63. // Login Form:
  64. $data = array(
  65.   'username' => '',
  66.   'password' => ''
  67. );
  68. $errors = array();
  69. if (array_key_exists('form', $_POST) && $_POST['form'] == 'login') {
  70.   if (!array_key_exists('login', $_POST) || !is_array($_POST['login'])) {
  71.     $errors[] = 'Invalid Data. Please submit the form again.';
  72.   }
  73.   if (!$errors) {
  74.     if (!array_key_exists('username', $_POST['login']) || !strlen(trim($_POST['login']['username']))) {
  75.       $errors[] = 'Username Required';
  76.     }
  77.     if (!array_key_exists('password', $_POST['login']) || !strlen(trim($_POST['login']['password']))) {
  78.       $errors[] = 'Password Required';
  79.     }
  80.     if (array_key_exists('username', $_POST['login'])) {
  81.       $data['username'] = $_POST['login']['username'];
  82.     }
  83.     if (array_key_exists('password', $_POST['login'])) {
  84.       $data['password'] = $_POST['login']['password'];
  85.     }
  86.     if (strlen(trim($data['username'])) && strlen(trim($data['password']))) {
  87.       if (checkUserPassword($data['username'], $data['password'])) {
  88.         $_SESSION['data']['authenticated'] = true;
  89.         $_SESSION['data']['username'] = $data['username'];
  90.       } else {
  91.         $errors[] = 'Invalid user or password';
  92.       }
  93.     }
  94.   }
  95. }
  96.  
  97. // Logout Form
  98. if (array_key_exists('form', $_POST) && $_POST['form'] == 'logout') {
  99.   $_SESSION['data'] = $default_session;
  100. }
  101.  
  102. // View:
  103. ?>
  104. <html>
  105. <body>
  106. <h1>Welcome <?php echo $_SESSION['data']['username'] ?>!</h1>
  107. <?php if ($errors): ?>
  108. <ul class="errors">
  109. <?php foreach($errors as $error): ?>
  110.   <li><?php echo $error ?></li>
  111. <?php endforeach; ?>
  112. </ul>
  113. <?php endif; ?>
  114.  
  115. <?php if (!$_SESSION['data']['authenticated']): ?>
  116. <form action="/" method="post">
  117.   <label for="login_username">Username:</label>
  118.   <input type="text" id="login_username" name="login[username]" value="<?php echo htmlentities($data['username']) ?>" />
  119.   <label for="login_password">Password:</label>
  120.   <input type="password" id="login_password" name="login[password]" value="" />
  121.   <input type="hidden" name="form" value="login" />
  122.   <input type="submit" value="Log In" />
  123. </form>
  124. <?php endif; ?>
  125.  
  126. <?php if ($_SESSION['data']['authenticated']): ?>
  127. Hey there, I bet you wish there was something behind the curtain, but alas, there is not.
  128.  
  129. <form action="/" method="post">
  130.   <input type="hidden" name="form" value="logout" />
  131.   <input type="submit" value="Log Out" />
  132. </form>
  133. <?php endif; ?>
  134. </body>
  135. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!