Add files via upload

Author: codeshackio

assets/screenshot.png

@@ -0,0 +1,56 @@
+<?php
+// Start the session
+session_start();
+// Change the below variables to reflect your MySQL database details
+$DATABASE_HOST = 'localhost';
+$DATABASE_USER = 'root';
+$DATABASE_PASS = '';
+$DATABASE_NAME = 'phplogin';
+// Try and connect using the info above
+$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
+// Check for connection errors
+if (mysqli_connect_errno()) {
+	// If there is an error with the connection, stop the script and display the error
+	exit('Failed to connect to MySQL: ' . mysqli_connect_error());
+}
+// Now we check if the data from the login form was submitted, isset() will check if the data exists
+if (!isset($_POST['username'], $_POST['password'])) {
+	// Could not get the data that should have been sent
+	exit('Please fill both the username and password fields!');
+}
+// Prepare our SQL, which will prevent SQL injection
+if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) {
+	// Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
+	$stmt->bind_param('s', $_POST['username']);
+	$stmt->execute();
+	// Store the result so we can check if the account exists in the database
+	$stmt->store_result();
+    // Check if account exists with the input username
+    if ($stmt->num_rows > 0) {
+        // Account exists, so bind the results to variables
+        $stmt->bind_result($id, $password);
+        $stmt->fetch();
+        // Note: remember to use password_hash in your registration file to store the hashed passwords
+        if (password_verify($_POST['password'], $password)) {
+            // Password is correct! User has logged in!
+            // Regenerate the session ID to prevent session fixation attacks
+            session_regenerate_id();
+            // Declare session variables (they basically act like cookies but the data is remembered on the server)
+            $_SESSION['account_loggedin'] = TRUE;
+            $_SESSION['account_name'] = $_POST['username'];
+            $_SESSION['account_id'] = $id;
+            // Redirect to the home page
+            header('Location: home.php');
+            exit;
+        } else {
+            // Incorrect password
+            echo 'Incorrect username and/or password!';
+        }
+    } else {
+        // Incorrect username
+        echo 'Incorrect username and/or password!';
+    }
+    // Close the prepared statement
+	$stmt->close();
+}
+?>

authenticate.php

@@ -0,0 +1,57 @@
+<?php
+// We need to use sessions, so you should always initialize sessions using the below function
+session_start();
+// If the user is not logged in, redirect to the login page
+if (!isset($_SESSION['account_loggedin'])) {
+	header('Location: index.php');
+	exit;
+}
+?>
+<!DOCTYPE html>
+<html>
+	<head>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width,minimum-scale=1">
+		<title>Home</title>
+		<link href="style.css" rel="stylesheet" type="text/css">
+	</head>
+    <body>
+
+		<header class="header">
+
+			<div class="wrapper">
+
+				<h1>Website Title</h1>
+				
+				<nav class="menu">
+					<a href="home.php">Home</a>
+					<a href="profile.php">Profile</a>
+					<a href="logout.php">
+						<svg width="12" height="12" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--!Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free Copyright 2024 Fonticons, Inc.--><path d="M377.9 105.9L500.7 228.7c7.2 7.2 11.3 17.1 11.3 27.3s-4.1 20.1-11.3 27.3L377.9 406.1c-6.4 6.4-15 9.9-24 9.9c-18.7 0-33.9-15.2-33.9-33.9l0-62.1-128 0c-17.7 0-32-14.3-32-32l0-64c0-17.7 14.3-32 32-32l128 0 0-62.1c0-18.7 15.2-33.9 33.9-33.9c9 0 17.6 3.6 24 9.9zM160 96L96 96c-17.7 0-32 14.3-32 32l0 256c0 17.7 14.3 32 32 32l64 0c17.7 0 32 14.3 32 32s-14.3 32-32 32l-64 0c-53 0-96-43-96-96L0 128C0 75 43 32 96 32l64 0c17.7 0 32 14.3 32 32s-14.3 32-32 32z"/></svg>
+						Logout
+					</a>
+				</nav>
+
+			</div>
+
+		</header>
+
+		<div class="content">
+
+			<div class="page-title">
+				<div class="wrap">
+					<h2>Home</h2>
+					<p>Welcome back, <?=htmlspecialchars($_SESSION['account_name'], ENT_QUOTES)?>!</p>
+				</div>
+			</div>
+
+			<div class="block">
+
+				<p>This is the home page. You are logged in!</p>
+
+			</div>
+			
+		</div>
+
+    </body>
+</html>

home.php

@@ -0,0 +1,45 @@
+<?php
+// We need to use sessions, so you should always initialize sessions using the below function
+session_start();
+// If the user is logged in, redirect to the home page
+if (isset($_SESSION['account_loggedin'])) {
+	header('Location: home.php');
+	exit;
+}
+?>
+<!DOCTYPE html>
+<html>
+	<head>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width,minimum-scale=1">
+		<title>Login</title>
+		<link href="style.css" rel="stylesheet" type="text/css">
+	</head>
+    <body>
+		<div class="login">
+
+			<h1>Member Login</h1>
+
+			<form action="authenticate.php" method="post" class="form login-form">
+
+				<label class="form-label" for="username">Username</label>
+				<div class="form-group">
+					<svg class="form-icon-left" width="14" height="14" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--!Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free Copyright 2024 Fonticons, Inc.--><path d="M224 256A128 128 0 1 0 224 0a128 128 0 1 0 0 256zm-45.7 48C79.8 304 0 383.8 0 482.3C0 498.7 13.3 512 29.7 512H418.3c16.4 0 29.7-13.3 29.7-29.7C448 383.8 368.2 304 269.7 304H178.3z"/></svg>
+					<input class="form-input" type="text" name="username" placeholder="Username" id="username" required>
+				</div>
+
+				<label class="form-label" for="password">Password</label>
+				<div class="form-group mar-bot-5">
+					<svg class="form-icon-left" xmlns="http://www.w3.org/2000/svg" width="14" height="14" viewBox="0 0 448 512"><!--!Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free Copyright 2024 Fonticons, Inc.--><path d="M144 144v48H304V144c0-44.2-35.8-80-80-80s-80 35.8-80 80zM80 192V144C80 64.5 144.5 0 224 0s144 64.5 144 144v48h16c35.3 0 64 28.7 64 64V448c0 35.3-28.7 64-64 64H64c-35.3 0-64-28.7-64-64V256c0-35.3 28.7-64 64-64H80z"/></svg>
+					<input class="form-input" type="password" name="password" placeholder="Password" id="password" required>
+				</div>
+
+				<button class="btn blue" type="submit">Login</button>
+
+				<p class="register-link">Don't have an account? <a href="register.php" class="form-link">Register</a></p>
+
+			</form>
+
+		</div>
+    </body>
+</html>

index.php

@@ -0,0 +1,9 @@
+<?php
+// Start the session
+session_start();
+// Destroy the active session, which logs the user out
+session_destroy();
+// Redirect to the login pag
+header('Location: index.php');
+exit;
+?>

logout.php

@@ -0,0 +1,13 @@
+CREATE DATABASE IF NOT EXISTS `phplogin` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+USE `phplogin`;
+
+CREATE TABLE IF NOT EXISTS `accounts` (
+	`id` int(11) NOT NULL AUTO_INCREMENT,
+  	`username` varchar(50) NOT NULL,
+  	`password` varchar(255) NOT NULL,
+  	`email` varchar(100) NOT NULL,
+	`registered` datetime NOT NULL,
+    PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+
+INSERT INTO `accounts` (`id`, `username`, `password`, `email`, `registered`) VALUES (1, 'test', '$2y$10$SfhYIDtn.iOuCW7zfoFLuuZHX6lja4lF4XA4JqNmpiH/.P3zB8JCa', 'test@example.com', '2025-01-01 00:00:00');

phplogin.sql

@@ -0,0 +1,89 @@
+<?php
+// We need to use sessions, so you should always initialize sessions using the below function
+session_start();
+// If the user is not logged in, redirect to the login page
+if (!isset($_SESSION['account_loggedin'])) {
+	header('Location: index.php');
+	exit;
+}
+// Change the below variables to reflect your MySQL database details
+$DATABASE_HOST = 'localhost';
+$DATABASE_USER = 'root';
+$DATABASE_PASS = '';
+$DATABASE_NAME = 'phplogin';
+// Try and connect using the info above
+$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
+// Ensure there are no connection errors
+if (mysqli_connect_errno()) {
+	exit('Failed to connect to MySQL: ' . mysqli_connect_error());
+}
+// We don't have the email or registered info stored in sessions so instead we can get the results from the database
+$stmt = $con->prepare('SELECT email, registered FROM accounts WHERE id = ?');
+// In this case, we can use the account ID to get the account info
+$stmt->bind_param('i', $_SESSION['account_id']);
+$stmt->execute();
+$stmt->bind_result($email, $registered);
+$stmt->fetch();
+$stmt->close();
+?>
+<!DOCTYPE html>
+<html>
+	<head>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width,minimum-scale=1">
+		<title>Home</title>
+		<link href="style.css" rel="stylesheet" type="text/css">
+	</head>
+    <body>
+
+		<header class="header">
+
+			<div class="wrapper">
+
+				<h1>Website Title</h1>
+				
+				<nav class="menu">
+					<a href="home.php">Home</a>
+					<a href="profile.php">Profile</a>
+					<a href="logout.php">
+						<svg width="12" height="12" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--!Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free Copyright 2024 Fonticons, Inc.--><path d="M377.9 105.9L500.7 228.7c7.2 7.2 11.3 17.1 11.3 27.3s-4.1 20.1-11.3 27.3L377.9 406.1c-6.4 6.4-15 9.9-24 9.9c-18.7 0-33.9-15.2-33.9-33.9l0-62.1-128 0c-17.7 0-32-14.3-32-32l0-64c0-17.7 14.3-32 32-32l128 0 0-62.1c0-18.7 15.2-33.9 33.9-33.9c9 0 17.6 3.6 24 9.9zM160 96L96 96c-17.7 0-32 14.3-32 32l0 256c0 17.7 14.3 32 32 32l64 0c17.7 0 32 14.3 32 32s-14.3 32-32 32l-64 0c-53 0-96-43-96-96L0 128C0 75 43 32 96 32l64 0c17.7 0 32 14.3 32 32s-14.3 32-32 32z"/></svg>
+						Logout
+					</a>
+				</nav>
+
+			</div>
+
+		</header>
+
+		<div class="content">
+
+			<div class="page-title">
+				<div class="wrap">
+					<h2>Profile</h2>
+					<p>View your profile details below.</p>
+				</div>
+			</div>
+
+			<div class="block">
+
+				<div class="profile-detail">
+					<strong>Username</strong>
+					<?=htmlspecialchars($_SESSION['account_name'])?>
+				</div>
+
+				<div class="profile-detail">
+					<strong>Email</strong>
+					<?=htmlspecialchars($email)?>
+				</div>
+
+				<div class="profile-detail">
+					<strong>Registered</strong>
+					<?=htmlspecialchars($registered)?>
+				</div>
+
+			</div>
+
+		</div>
+
+    </body>
+</html>

profile.php

@@ -0,0 +1,72 @@
+<?php
+// Change the below variables to reflect your MySQL database details
+$DATABASE_HOST = 'localhost';
+$DATABASE_USER = 'root';
+$DATABASE_PASS = '';
+$DATABASE_NAME = 'phplogin';
+// Try and connect using the info above
+$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
+// Check for connection errors
+if (mysqli_connect_errno()) {
+	// If there is an error with the connection, stop the script and display the error
+	exit('Failed to connect to MySQL: ' . mysqli_connect_error());
+}
+// We can utilize the isset() function to check if the form has been submitted
+if (!isset($_POST['username'], $_POST['password'], $_POST['email'])) {
+	// Could not get the data that should have been sent
+	exit('Please complete the registration form!');
+}
+// Make sure the submitted registration values are not empty
+if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['email'])) {
+	// One or more values are empty.
+	exit('Please complete the registration form');
+}
+// Validate email address
+if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
+	exit('Email is not valid!');
+}
+// Validate username (must be alphanumeric)
+if (preg_match('/^[a-zA-Z0-9]+$/', $_POST['username']) == 0) {
+    exit('Username is not valid!');
+}
+// Validate password (between 5 and 20 characters long)
+if (strlen($_POST['password']) > 20 || strlen($_POST['password']) < 5) {
+	exit('Password must be between 5 and 20 characters long!');
+}
+// Check if the username already exists
+if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) {
+	// Bind parameters (s = string, i = int, b = blob, etc)
+	$stmt->bind_param('s', $_POST['username']);
+	$stmt->execute();
+	// Store the result so we can check if the account exists in the database
+	$stmt->store_result();
+	// Check if the account exists
+	if ($stmt->num_rows > 0) {
+		// Username already exists
+		echo 'Username already exists! Please choose another!';
+	} else {
+		// Declare variables
+		$registered = date('Y-m-d H:i:s');
+		// We do not want to expose passwords in our database, so hash the password and use password_verify when a user logs in
+		$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
+        // Username does not exist, insert new account
+        if ($stmt = $con->prepare('INSERT INTO accounts (username, password, email, registered) VALUES (?, ?, ?, ?)')) {
+			// Bind POST data to the prepared statement
+            $stmt->bind_param('ssss', $_POST['username'], $password, $_POST['email'], $registered);
+            $stmt->execute();
+			// Output success message
+            echo 'You have successfully registered! You can now login!';
+        } else {
+            // Something is wrong with the SQL statement, check to make sure the accounts table exists with all 3 fields
+            echo 'Could not prepare statement!';
+        }
+	}
+	// Close the statement
+	$stmt->close();
+} else {
+	// Something is wrong with the SQL statement, check to make sure the accounts table exists with all 3 fields.
+	echo 'Could not prepare statement!';
+}
+// Close the connection
+$con->close();
+?>