-
Notifications
You must be signed in to change notification settings - Fork 6
/
user-login.php
211 lines (174 loc) · 7.04 KB
/
user-login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
<?php
// Fetching all the Navbar Data
require('./includes/nav.inc.php');
// Checking if the User is logged in already
if(isset($_SESSION['USER_LOGGED_IN']) && $_SESSION['USER_LOGGED_IN'] == "YES") {
// Redirected to home page
redirect('./index.php');
}
// Whenever login button is pressed
if(isset($_POST['login-submit'])) {
// Fetching values via POST and passing them to user defined function
// to get rid of special characters used in SQL
$loginEmail = get_safe_value($_POST['login-email']);
$loginPassword = get_safe_value($_POST['login-password']);
// Login Query to check if the email submitted is present or registered
$loginQuery = " SELECT * FROM user
WHERE user_email = '{$loginEmail}'";
// Running the Login Query
$result = mysqli_query($con, $loginQuery);
// Returns the number of rows from the result retrieved.
$rows = mysqli_num_rows($result);
// If query has any result (records) => If any user with the email exists
if($rows > 0) {
// Fetching the data of particular record as an Associative Array
while($data = mysqli_fetch_assoc($result)) {
// Verifing whether the password matches the hash from DB
$password_check = password_verify($loginPassword, $data['user_password']);
// If password matches with the data from DB
if($password_check) {
// Setting user specific session variables
$_SESSION['USER_NAME'] = $data['user_name'];
$_SESSION['USER_LOGGED_IN'] = "YES";
$_SESSION['USER_ID'] = $data['user_id'];
$_SESSION['USER_EMAIL'] = $data['user_email'];
// Unsetting all the author specific session variables
unset($_SESSION['AUTHOR_NAME']);
unset($_SESSION['AUTHOR_LOGGED_IN']);
unset($_SESSION['AUTHOR_ID']);
unset($_SESSION['AUTHOR_EMAIL']);
// Redirected to home page
redirect('./index.php');
}
// If the password fails to match
else {
// Redirected to login page along with a message
alert("Wrong Password");
redirect('./user-login.php');
}
}
}
// If the email is not registered
else {
// Redirected to signup page along with a message
alert("This Email is not registered. Please Register");
redirect('./user-login.php');
}
}
// Whenever login button is pressed
if(isset($_POST['signup-submit'])) {
// Fetching values via POST and passing them to user defined
// function to get rid of special characters used in SQL
$signupName = get_safe_value($_POST['signup-name']);
$signupEmail = get_safe_value($_POST['signup-email']);
$signupPassword = get_safe_value($_POST['signup-password']);
// Creating new password hash using a strong one-way hashing algorithm => CRYPT_BLOWFISH algorithm
$strg_pass = password_hash($signupPassword,PASSWORD_BCRYPT);
// Check Query to check if the email submitted is present or registered already
$check_sql = "SELECT user_email FROM user
WHERE user_email = '{$signupEmail}'";
// Running the Check Query
$check_result = mysqli_query($con,$check_sql);
// Returns the number of rows from the result retrieved.
$check_row = mysqli_num_rows($check_result);
// If query has any result (records) => If any user with the email exists
if($check_row > 0) {
// Redirecting to the login page along with a message
alert("Email Already Exists");
redirect('./user-login.php');
}
// If the query has no records => No user with the email exists (New User)
else {
// Signup Query to insert values into the DB
$signupQuery = "INSERT INTO user
(user_name, user_email, user_password)
VALUES
('{$signupName}', '{$signupEmail}', '{$strg_pass}')";
// Running the signup query
$result = mysqli_query($con, $signupQuery);
//If Query ran successfully
if($result) {
// Redirected to login page with a message
alert("Signup Successful, Please Login");
redirect('./user-login.php');
}
// If the Query failed
else {
// Print the error
echo "Error: ".mysqli_error($con);
}
}
}
?>
<div class="container p-2">
<!-- Container to store two form divs -->
<div class="forms-container">
<!-- Left div for login -->
<div class="left">
<div class="form-title">
<h4>User Login</h4>
</div>
<div class="login-form-container">
<!-- Form for Login -->
<form method="POST" class="login-form" id="login-form">
<div class="input-field">
<input type="email" name="login-email" id="login-email" placeholder=" Email Address" autocomplete="off"
required>
</div>
<div class="input-field">
<input type="password" name="login-password" id="login-password" placeholder=" Password" autocomplete="off"
required>
</div>
<div class="input-field">
<button type="submit" name="login-submit">Login</button>
</div>
</form>
</div>
<!-- Div to display the errors from the Login form -->
<div class="form-errors">
<p class="errors" id="login-errors"></p>
</div>
</div>
<!-- Right div for Signup -->
<div class="right">
<div class="form-title">
<h4>User Signup</h4>
</div>
<div class="signup-form-container">
<!-- Form for Signup -->
<form method="POST" class="signup-form" id="signup-form">
<div class="input-field">
<input type="text" name="signup-name" id="signup-name" placeholder=" Name" autocomplete="off" required>
</div>
<div class="input-field">
<input type="email" name="signup-email" id="signup-email" placeholder=" Email Address" autocomplete="off"
required>
</div>
<div class="input-field">
<input type="password" name="signup-password" id="signup-password" placeholder=" Password"
autocomplete="off" required>
</div>
<div class="input-field">
<input type="password" name="signup-confirm-password" id="signup-confirm-password"
placeholder=" Confirm Password" autocomplete="off" required>
</div>
<div class="input-field">
<button type="submit" name="signup-submit">Signup</button>
</div>
</form>
</div>
<!-- Div to display the errors from the Signup form -->
<div class="form-errors d-flex">
<p class="errors" id="signup-errors">
Password must be 6 to 20 characters long with aleast 1 number, 1 uppercase and 1 lowecase
</p>
</div>
</div>
</div>
</div>
<!-- Script for form Validation -->
<script src="./assets/js/form-validate.js"></script>
<?php
// Fetching all the Footer Data
require('./includes/footer.inc.php');
?>