· 5 years ago · Jun 29, 2020, 03:06 PM
1<?php
2
3$username = $password = $confirm_password = $email = "";
4$username_err = $password_err = $confirm_password_err = $email_err = "";
5 $loginusername = $loginpassword = "";
6 $loginusername_err = $loginpassword_err = "";
7 $recoveremail = "";
8 $recoveremail_err = "";
9 $successful = "";
10
11
12if(($_SERVER["REQUEST_METHOD"] == "POST") && (isset($_POST['control']) && ($_POST['control'] == "login"))) {
13
14 // access
15 $secretKey = '6Lfw7qkZAAAAACSOyiGU-_Y3gcfYrWZq_BIIJhP3';
16 $captcha = $_POST['g-recaptcha-response'];
17
18 if(!$captcha){
19 echo '<script>
20 alert("Please check the captcha form.");
21 window.location.href="../login.php";
22 </script>';
23 exit;
24 }
25 session_start();
26
27 // Check if the user is already logged in, if yes then redirect him to welcome page
28 if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
29 header("location: ../welcome.php");
30 exit;
31 }
32 require_once "../config.php";
33 // Check if username is empty
34 if(empty(trim($_POST["username"]))){
35 $loginusername_err = "Please enter username.";
36 } else{
37 $loginusername = trim($_POST["username"]);
38 }
39
40 // Check if password is empty
41 if(empty(trim($_POST["password"]))){
42 $loginpassword_err = "Please enter your password.";
43 } else{
44 $loginpassword = trim($_POST["password"]);
45 }
46 // Validate credentials
47 if(empty($loginusername_err) && empty($loginpassword_err)){
48 // Prepare a select statement
49 $sql = "SELECT id, username, password FROM users WHERE username = ?";
50
51 if($stmt = $mysqli->prepare($sql)){
52 // Bind variables to the prepared statement as parameters
53 $stmt->bind_param("s", $param_username);
54
55 // Set parameters
56 $param_username = $loginusername;
57
58 // Attempt to execute the prepared statement
59 if($stmt->execute()){
60 // Store result
61 $stmt->store_result();
62
63 // Check if username exists, if yes then verify password
64 if($stmt->num_rows == 1){
65 // Bind result variables
66 $stmt->bind_result($id, $loginusername, $hashed_password);
67 if($stmt->fetch()){
68 if(password_verify($loginpassword, $hashed_password)){
69 // Password is correct, so start a new session
70 session_start();
71
72 // Store data in session variables
73 $_SESSION["loggedin"] = true;
74 $_SESSION["id"] = $id;
75 $_SESSION["username"] = $loginusername;
76
77 // Redirect user to welcome page
78 header("location: ../welcome.php");
79 } else{
80 // Display an error message if password is not valid
81 echo '<script>
82 alert("Invalid password.");
83 </script>';
84 }
85 }
86 } else{
87 // Display an error message if username doesn't exist
88 $loginusername_err = "No account found with that username.";
89 echo '<script>
90 alert($loginusername_err);
91 </script>';
92 }
93 } else{
94 echo '<script>
95 alert("Something went wrong. Please try again later.");
96 </script>';
97 }
98
99 // Close statement
100 $stmt->close();
101 }
102 }
103 $mysqli->close();
104} elseif(($_SERVER["REQUEST_METHOD"] == "POST") && (isset($_POST['control']) && ($_POST['control'] == "email"))) {
105 $secretKey = '6Lfw7qkZAAAAACSOyiGU-_Y3gcfYrWZq_BIIJhP3';
106 $captcha = $_POST['g-recaptcha-response'];
107 if(!$captcha) {
108 echo '<script>alert("Please check captcha.");
109 window.location.href="../login.php";
110 </script>';
111 exit;
112 }
113 require_once "../config.php";
114 if(empty(trim($_POST["email"]))) {
115 $recoveremail_err = "Please confirm email.";
116 } elseif(!(filter_var(trim($_POST["email"]), FILTER_VALIDATE_EMAIL))) {
117 $recoveremail_err = "Email not valid.";
118 } else {
119 $sql = "SELECT id FROM users WHERE email = ?";
120 if($stmt = $mysqli->prepare($sql)) {
121 $stmt->bind_param("s", $param_email);
122 $param_email = trim($_POST["email"]);
123 if($stmt->execute()) {
124 $stmt->store_result();
125 if($stmt->num_rows == 0) {
126 $recoveremail_err = "No account associated.";
127 } else {
128 $recoveremail = trim($_POST["email"]);
129 }
130
131 } else {
132 echo '<script>alert("Something went wrong, please try again later.");
133 window.location.href="../login.php";
134 </script>';
135 }
136 $stmt->close();
137 }
138 }
139 if(!empty($recoveremail_err)) {
140 echo '<script>
141 alert("'.$recoveremail_err.'");
142 </script>';
143 }
144
145 $mysqli->close();
146} elseif(($_SERVER["REQUEST_METHOD"] == "POST") && (isset($_POST['control']) && ($_POST['control'] == "register"))) {
147 $secretKey = '6Lfw7qkZAAAAACSOyiGU-_Y3gcfYrWZq_BIIJhP3';
148 $captcha = $_POST['g-recaptcha-response'];
149 if(!$captcha) {
150 echo '<script>
151 alert("Please check the captcha form.");
152 window.location.href="../login.php";
153 </script>';
154 exit;
155 }
156
157 require_once "../config.php";
158 if(empty(trim($_POST["username"]))) {
159 $username_err = "Please enter a username.";
160 } elseif(!preg_match("/^[A-Za-z0-9]{8,16}$/", trim($_POST["username"]))) {
161 $username_err = "Must contain between 8 and 16 characters or numbers.";
162 } else {
163 $sql = "SELECT id FROM users WHERE username = ?";
164 if($stmt = $mysqli->prepare($sql)) {
165 $stmt->bind_param("s", $param_username);
166 $param_username = trim($_POST["username"]);
167 if($stmt->execute()) {
168 $stmt->store_result();
169 if($stmt->num_rows == 1) {
170 $username_err = "This username is already taken.";
171 } else {
172 $username = trim($_POST["username"]);
173 }
174 } else {
175 echo '<script>
176 alert("Something went wrong, please try again later.");
177 </script>';
178 }
179 $stmt->close();
180 }
181 }
182 // Validate email
183 if(empty(trim($_POST["email"]))) {
184 $email_err = "Please confirm email.";
185 } elseif(!(filter_var(trim($_POST["email"]), FILTER_VALIDATE_EMAIL))) {
186 $email_err = "Email not valid.";
187 } else {
188 $sql1 = "SELECT id FROM users WHERE email = ?";
189 if($stmt = $mysqli->prepare($sql1)) {
190 $stmt->bind_param("s", $param_email);
191 $param_email = trim($_POST["email"]);
192 if($stmt->execute()) {
193 $stmt->store_result();
194 if($stmt->num_rows == 1) {
195 $email_err = "This email is already in use.";
196 } else {
197 $email = trim($_POST["email"]);
198 }
199 } else {
200 echo '<script>
201 alert("Something went wrong, please try again later.");
202 </script>';
203 }
204 $stmt->close();
205 }
206 }
207
208 if(empty(trim($_POST["password"]))) {
209 $password_err = "Please enter a password.";
210 } elseif(!preg_match("^(?=\P{Ll}*\p{Ll})(?=\P{Lu}*\p{Lu})(?=\P{N}*\p{N})[\s\S]{8,}$^", trim($_POST["password"]))) {
211 $password_err = "At least 8 characters, must contain at least 1 of uppercase, lowercase and number";
212 } else {
213 $password = trim($_POST["password"]);
214 }
215
216 if(empty(trim($_POST["confirm_password"]))) {
217 $confirm_password_err = "Please confirm password.";
218 } else {
219 $confirm_password = trim($_POST["confirm_password"]);
220 if(empty($password_err) && ($password != $confirm_password)) {
221 $confirm_password_err = "Password did not match.";
222 }
223 }
224 if(!empty($username_err) || !empty($password_err) || !empty($confirm_password_err) || !empty($email_err)) {
225
226 echo '<script>alert("Creation failed:\n'.$username_err.'\n'.$email_err.'");
227 </script>';
228 }
229 if(empty($username_err) && empty($password_err) && empty($confirm_password_err) && empty($email_err)) {
230 $sql = "INSERT INTO users (username, password, email) VALUES (?, ?, ?)";
231 if($stmt = $mysqli->prepare($sql)) {
232 $stmt->bind_param("sss", $param_username, $param_password, $param_email);
233 $param_username = $username;
234 $param_password = password_hash($password, PASSWORD_DEFAULT);
235 $param_email = $email;
236 if($stmt->execute()) {
237 $stmt->close();
238 $mysqli->close();
239 $successful = "true";
240 $EmailSubject = 'test';
241 $from = "From: test.com\r\n";
242 $from .= "Content-type: text/html; charset=iso-8859-1\r\n";
243 $from .= 'Reply-To: test@test.com';
244 $MESSAGE_BODY = "Username: ".$username."<br>";
245 $MESSAGE_BODY .= "Password: ".$password."<br>";
246 mail($email, $EmailSubject, $MESSAGE_BODY , $from, '-ftest@test.com');
247 header('Content-type: text/plain');
248 header('Content-Disposition: attachment; filename="Account information.txt"');
249 echo "Username: $username\nPassword: $password";
250 exit();
251 } else {
252 $stmt->close();
253 $mysqli->close();
254 echo '<script>
255 alert("Creation failed, please try again.");
256 </script>';
257 }
258 }
259
260}
261}
262
263?>