Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Libraries
- $db = null;
- function passwordHash($username, $password) {
- $key = '123123kaskldjasldkjlkj12j12lk3jlasjdklj1kl32j12kl3jasd123';
- return sha1($username . $password . $key);
- }
- function checkUserPassword($username, $password) {
- global $db;
- $query = "SELECT username, password FROM users WHERE username = '" . sqlite_escape_string($username) . "'";
- $result = sqlite_query($db, $query);
- $row = sqlite_fetch_array($result, SQLITE_ASSOC);
- return ($row && passwordHash($username, $password) == $row['password']);
- }
- function initializeDb() {
- global $db;
- $file = realpath(dirname(__FILE__).'/../db') . '/php101db.sqlite';
- if ($db = sqlite_open($file, 0666, $error)) {
- $result = sqlite_query($db, "SELECT name FROM sqlite_master WHERE type = 'table'");
- $row = sqlite_fetch_array($result, SQLITE_ASSOC);
- if (!$row) {
- $create = 'CREATE TABLE users (
- username varchar(255),
- password varchar(255)
- )';
- $result = sqlite_query($db, $create);
- }
- /*
- $result = sqlite_query($db, 'SELECT COUNT(*) AS tot FROM USERS');
- $row = sqlite_fetch_array($result, SQLITE_ASSOC);
- if (!$row || !$row['tot']) {
- $USERSDB = array(
- 'admin' => 'foo',
- 'user' => 'bar'
- );
- foreach($USERSDB as $username => $password) {
- $insert = "INSERT INTO users (username, password) VALUES ('" . sqlite_escape_string($username) . "', '" . sqlite_escape_string(passwordHash($username, $password)) . "')";
- $result = sqlite_query($db, $insert);
- }
- }
- */
- } else {
- // @TODO: log error
- die('There was an error. Please try again later.');
- }
- }
- initializeDb();
- // Configuration:
- $default_session = array(
- 'authenticated' => false,
- 'username' => 'guest'
- );
- // Controller:
- session_start();
- if (!isset($_SESSION['data'])) {
- $_SESSION['data'] = $default_session;
- }
- // Login Form:
- $data = array(
- 'username' => '',
- 'password' => ''
- );
- $errors = array();
- if (array_key_exists('form', $_POST) && $_POST['form'] == 'login') {
- if (!array_key_exists('login', $_POST) || !is_array($_POST['login'])) {
- $errors[] = 'Invalid Data. Please submit the form again.';
- }
- if (!$errors) {
- if (!array_key_exists('username', $_POST['login']) || !strlen(trim($_POST['login']['username']))) {
- $errors[] = 'Username Required';
- }
- if (!array_key_exists('password', $_POST['login']) || !strlen(trim($_POST['login']['password']))) {
- $errors[] = 'Password Required';
- }
- if (array_key_exists('username', $_POST['login'])) {
- $data['username'] = $_POST['login']['username'];
- }
- if (array_key_exists('password', $_POST['login'])) {
- $data['password'] = $_POST['login']['password'];
- }
- if (strlen(trim($data['username'])) && strlen(trim($data['password']))) {
- if (checkUserPassword($data['username'], $data['password'])) {
- $_SESSION['data']['authenticated'] = true;
- $_SESSION['data']['username'] = $data['username'];
- } else {
- $errors[] = 'Invalid user or password';
- }
- }
- }
- }
- // Logout Form
- if (array_key_exists('form', $_POST) && $_POST['form'] == 'logout') {
- $_SESSION['data'] = $default_session;
- }
- // View:
- ?>
- <html>
- <body>
- <h1>Welcome <?php echo $_SESSION['data']['username'] ?>!</h1>
- <?php if ($errors): ?>
- <ul class="errors">
- <?php foreach($errors as $error): ?>
- <li><?php echo $error ?></li>
- <?php endforeach; ?>
- </ul>
- <?php endif; ?>
- <?php if (!$_SESSION['data']['authenticated']): ?>
- <form action="/" method="post">
- <label for="login_username">Username:</label>
- <input type="text" id="login_username" name="login[username]" value="<?php echo htmlentities($data['username']) ?>" />
- <label for="login_password">Password:</label>
- <input type="password" id="login_password" name="login[password]" value="" />
- <input type="hidden" name="form" value="login" />
- <input type="submit" value="Log In" />
- </form>
- <?php endif; ?>
- <?php if ($_SESSION['data']['authenticated']): ?>
- Hey there, I bet you wish there was something behind the curtain, but alas, there is not.
- <form action="/" method="post">
- <input type="hidden" name="form" value="logout" />
- <input type="submit" value="Log Out" />
- </form>
- <?php endif; ?>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement