· 5 years ago · Jun 28, 2020, 03:26 PM
1<?php
2require_once "../config.php";
3$username = $password = $confirm_password = $email = "";
4$username_err = $password_err = $confirm_password_err = $email_err = "";
5 $loginusername = $loginpassword = "";
6 $loginusername_err = $loginpassword_err = "";
7
8if(($_SERVER["REQUEST_METHOD"] == "POST") && ($_POST['reg'] == "register")) {
9 $secretKey = '6Lfw7qkZAAAAACSOyiGU-_Y3gcfYrWZq_BIIJhP3';
10 $captcha = $_POST['g-recaptcha-response'];
11 if(!$captcha) {
12 echo '<script>
13 alert("Please check the captcha form.");
14 window.location.href="../login.php";
15 </script>';
16 exit;
17 }
18
19
20 if(empty(trim($_POST["username"]))) {
21 $username_err = "Please enter a username.";
22 } elseif(!preg_match("/^[A-Za-z0-9]{8,16}$/", trim($_POST["username"]))) {
23 $username_err = "Must contain between 8 and 16 characters or numbers.";
24 } else {
25 $sql = "SELECT id FROM users WHERE username = ?";
26 if($stmt = $mysqli->prepare($sql)) {
27 $stmt->bind_param("s", $param_username);
28 $param_username = trim($_POST["username"]);
29 if($stmt->execute()) {
30 $stmt->store_result();
31 if($stmt->num_rows == 1) {
32 $username_err = "This username is already taken.";
33 } else {
34 $username = trim($_POST["username"]);
35 }
36 } else {
37 echo '<script>
38 alert("Something went wrong, please try again later.");
39 </script>';
40 }
41 $stmt->close();
42 }
43 }
44 // Validate email
45 if(empty(trim($_POST["email"]))) {
46 $email_err = "Please confirm email.";
47 } elseif(!(filter_var(trim($_POST["email"]), FILTER_VALIDATE_EMAIL))) {
48 $email_err = "Email not valid.";
49 } else {
50 $sql1 = "SELECT id FROM users WHERE email = ?";
51 if($stmt = $mysqli->prepare($sql1)) {
52 $stmt->bind_param("s", $param_email);
53 $param_email = trim($_POST["email"]);
54 if($stmt->execute()) {
55 $stmt->store_result();
56 if($stmt->num_rows == 1) {
57 $email_err = "This email is already in use.";
58 } else {
59 $email = trim($_POST["email"]);
60 }
61 } else {
62 echo '<script>
63 alert("Something went wrong, please try again later.");
64 </script>';
65 }
66 $stmt->close();
67 }
68 }
69
70 if(empty(trim($_POST["password"]))) {
71 $password_err = "Please enter a password.";
72 } elseif(!preg_match("^(?=\P{Ll}*\p{Ll})(?=\P{Lu}*\p{Lu})(?=\P{N}*\p{N})[\s\S]{8,}$^", trim($_POST["password"]))) {
73 $password_err = "At least 8 characters, must contain at least 1 of uppercase, lowercase and number";
74 } else {
75 $password = trim($_POST["password"]);
76 }
77
78 if(empty(trim($_POST["confirm_password"]))) {
79 $confirm_password_err = "Please confirm password.";
80 } else {
81 $confirm_password = trim($_POST["confirm_password"]);
82 if(empty($password_err) && ($password != $confirm_password)) {
83 $confirm_password_err = "Password did not match.";
84 }
85 }
86 if(!empty($username_err) || !empty($password_err) || !empty($confirm_password_err) || !empty($email_err)) {
87
88 echo '<script>alert("Creation failed:\n'.$username_err.'\n'.$email_err.'");
89 </script>';
90 }
91 if(empty($username_err) && empty($password_err) && empty($confirm_password_err) && empty($email_err)) {
92 $sql = "INSERT INTO users (username, password, email) VALUES (?, ?, ?)";
93 if($stmt = $mysqli->prepare($sql)) {
94 $stmt->bind_param("sss", $param_username, $param_password, $param_email);
95 $param_username = $username;
96 $param_password = password_hash($password, PASSWORD_DEFAULT);
97 $param_email = $email;
98 if($stmt->execute()) {
99 $EmailSubject = 'test account created';
100 $from = "From: test.com\r\n";
101 $from .= "Content-type: text/html; charset=iso-8859-1\r\n";
102 $from .= 'Reply-To: info@test.com';
103 $MESSAGE_BODY = "Username: ".$username."<br>";
104 $MESSAGE_BODY .= "Password: ".$password."<br>";
105 mail($email, $EmailSubject, $MESSAGE_BODY , $from, '-finfo@test.com');
106 echo '<script>
107 alert("Account successfully created.");
108 </script>';
109 } else {
110 echo '<script>
111 alert("Creation failed, please try again.");
112 </script>';
113 }
114 $stmt->close();
115 }
116} elseif (($_SERVER["REQUEST_METHOD"] == "POST") && ($_POST['logg'] == "login")) {
117
118 // access
119 $secretKey = '6Lfw7qkZAAAAACSOyiGU-_Y3gcfYrWZq_BIIJhP3';
120 $captcha = $_POST['g-recaptcha-response'];
121
122 if(!$captcha){
123 echo '<script>
124 alert("Please check the captcha form.");
125 window.location.href="../login.php";
126 </script>';
127 exit;
128 }
129 session_start();
130
131 // Check if the user is already logged in, if yes then redirect him to welcome page
132 if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
133 header("location: ../welcome.php");
134 exit;
135 }
136 // Check if username is empty
137 if(empty(trim($_POST["username"]))){
138 $loginusername_err = "Please enter username.";
139 } else{
140 $loginusername = trim($_POST["username"]);
141 }
142
143 // Check if password is empty
144 if(empty(trim($_POST["password"]))){
145 $loginpassword_err = "Please enter your password.";
146 } else{
147 $loginpassword = trim($_POST["password"]);
148 }
149 // Validate credentials
150 if(empty($loginusername_err) && empty($loginpassword_err)){
151 // Prepare a select statement
152 $sql = "SELECT id, username, password FROM users WHERE username = ?";
153
154 if($stmt = $mysqli->prepare($sql)){
155 // Bind variables to the prepared statement as parameters
156 $stmt->bind_param("s", $param_username);
157
158 // Set parameters
159 $param_username = $loginusername;
160
161 // Attempt to execute the prepared statement
162 if($stmt->execute()){
163 // Store result
164 $stmt->store_result();
165
166 // Check if username exists, if yes then verify password
167 if($stmt->num_rows == 1){
168 // Bind result variables
169 $stmt->bind_result($id, $loginusername, $hashed_password);
170 if($stmt->fetch()){
171 if(password_verify($loginpassword, $hashed_password)){
172 // Password is correct, so start a new session
173 session_start();
174
175 // Store data in session variables
176 $_SESSION["loggedin"] = true;
177 $_SESSION["id"] = $id;
178 $_SESSION["username"] = $loginusername;
179
180 // Redirect user to welcome page
181 header("location: ../welcome.php");
182 } else{
183 // Display an error message if password is not valid
184 echo '<script>
185 alert("Invalid password.");
186 </script>';
187 }
188 }
189 } else{
190 // Display an error message if username doesn't exist
191 $loginusername_err = "No account found with that username.";
192 echo '<script>
193 alert($loginusername_err);
194 </script>';
195 }
196 } else{
197 echo '<script>
198 alert("Something went wrong. Please try again later.");
199 </script>';
200 }
201
202 // Close statement
203 $stmt->close();
204 }
205 }
206 }
207 // Close connection
208 $mysqli->close();
209}
210?>