comment code, add error report

5cb1cad4 · sopham · 142cce75 · 5cb1cad4 · 5cb1cad4 · 5cb1cad4
Commit 5cb1cad4 authored May 13, 2019 by sopham
Showing with 67 additions and 12 deletions
authentication.php
index.php
login_page.html → login_page.php
logout.php
--- a/authentication.php
+++ b/authentication.php
@@ -35,7 +35,7 @@ if ($stmt = $link->prepare('SELECT ID,password FROM users WHERE username= ?')) {
      echo "Incorrect password";
    }    
  }
-
+  else echo 'Incorrect username';
  //close the statement
  $stmt->close();
 }

--- a/index.php
+++ b/index.php
@@ -9,7 +9,7 @@ if(!isset($_SESSION['loggedin'])) {
  setcookie(session_name(), '', 0, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));	

  //redirect to the login page
-  header('Location: login_page.html');
+  header('Location: login_page.php');
 }
 ?>
 <!DOCTYPE html>

--- a/login_page.html
+++ b/login_page.html
+<?php
+session_start();
+
+//include the database connection data
+require_once "dbconnection.php";
+
+//define error variable
+$err = "";
+
+if($_SERVER["REQUEST_METHOD"] == "POST") {
+
+//make the query
+if ($stmt = $link->prepare('SELECT ID,password FROM users WHERE username= ?')) {
+  
+  //bind user input to query
+  $stmt->bind_param('s', trim($_POST['username']));
+  
+  //execute query
+  if($stmt->execute()){
+
+    //transfer a result set from last query
+    $stmt->store_result();
+
+    //if there is no matched result, no such user exists in the database 
+    if ($stmt->num_rows > 0) {
+
+      //bind variables to a prepared statement for result storage
+      $stmt->bind_result($id, $password);
+
+      //fetch results from the prepared statement to bound variables
+      $stmt->fetch();
+
+      //if password is correct, establish session
+      if (trim($_POST['password']) ===  $password) {
+        session_regenerate_id();
+        $_SESSION['loggedin'] = TRUE;
+        $_SESSION['name'] = $_POST['username'];
+        $_SESSION['id'] = $id;
+        header('Location:index.php');
+      } else {
+        $err = "Incorrect password!";
+      }    
+    }  
+  else $err = 'No user found!';
+  }
+
+  //close the statement
+  $stmt->close();
+}
+}
+//close the connection
+$link->close();
+?>
+
 <!DOCTYPE html>
 <html lang="en">
  <head>
@@ -8,15 +62,16 @@
    <div class="row">
        <div class="column">
          <div class="card">
-	  <form name="input" action="authentication.php" method="POST">
-                <label for="username">Username</label>
-		<input type="text" id="username" name="username" pattern="[a-zA-Z][a-zA-Z0-9-_\.]{1,20}" required>
-                <br>
-                <label for="password">Password&nbsp</label>
-                <input type="password" id="password" name="password" autocomplete="off" required>
-                <br>
-                <input type="submit" name="submit" value="Login">
-              </form>
+	  <form name="input" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="POST">
+            <span class="help-block"><?php echo $err;?></span><br> 
+            <label for="username">Username</label>
+	    <input type="text" id="username" name="username" pattern="[a-zA-Z][a-zA-Z0-9-_\.]{1,20}" required>
+	    <br>
+            <label for="password">Password&nbsp</label>
+            <input type="password" id="password" name="password" autocomplete="off" required>
+	    <br>
+            <input type="submit" name="submit" value="Login">
+          </form>
          </div>
        </div>
    </div>

--- a/logout.php
+++ b/logout.php
@@ -12,5 +12,5 @@ $params = session_get_cookie_params();
 setcookie(session_name(), '', 0, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));

 //redirect to login page
-header("Location: login_page.html");
+header("Location: login_page.php");
 ?>