Skip to content
Snippets Groups Projects
Commit c8595226 authored by Silas Meister's avatar Silas Meister
Browse files

Check credentials upon login

parent b144dcaa
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Assignments/Assignment 3.pdf 0 → 100644
+ 0
0
View file @ c8595226
File added
php/Login.php
+ 39
3
View file @ c8595226
...@@ -63,14 +63,50 @@ EOT; ...@@ -63,14 +63,50 @@ EOT;
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST[self::USERNAME]) && isset($_POST[self::PASSWORD])) { if (isset($_POST[self::USERNAME]) && isset($_POST[self::PASSWORD])) {
$_SESSION[EXPIRES] = time(); $username = $_POST[self::USERNAME];
$password = $_POST[self::PASSWORD];
header('Location: Admin.php'); $isValid = $this->checkValidityOfCredentials($username, $password);
die();
if (!$isValid) {
$this->alert('Username or password is wrong!');
} else {
$_SESSION[EXPIRES] = time();
header('Location: Admin.php');
die();
}
} }
} }
} }
private function checkValidityOfCredentials(string $username, string $password):bool {
$isValid = false;
$password = hash("sha3-256", $password);
// Alternative to prepared statements is real_escape_string function on mysqli object
$stmt = $this->database->prepare("SELECT * FROM users u WHERE u.username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
$resultSet = $stmt->get_result();
if ($row = $resultSet->fetch_assoc()) {
$hashedPassword = $row[self::PASSWORD];
$isValid = $password == $hashedPassword;
}
$resultSet->free();
$stmt->close();
return $isValid;
}
private function alert(string $message):void {
echo "<script>alert('$message');</script>";
}
public static function main():void public static function main():void
{ {
try { try {
......
php/Page.php
+ 2
13
View file @ c8595226
...@@ -5,20 +5,9 @@ abstract class Page { ...@@ -5,20 +5,9 @@ abstract class Page {
protected mysqli $database; protected mysqli $database;
protected function __construct() { protected function __construct() {
return;
error_reporting(E_ALL); error_reporting(E_ALL);
$host = "localhost"; $this->database = new mysqli("localhost","root","","nasa");
/********************************************/
// This code switches from the the local installation (XAMPP) to the docker installation
if (gethostbyname('mariadb') != "mariadb") { // mariadb is known?
$host = "mariadb";
}
/********************************************/
$this->database = new mysqli("localhost","my_user","my_password","my_db");
// Check connection // Check connection
if ($this->database->connect_errno) { if ($this->database->connect_errno) {
...@@ -33,7 +22,7 @@ abstract class Page { ...@@ -33,7 +22,7 @@ abstract class Page {
} }
protected function __destruct() { protected function __destruct() {
/*$this->database->close();*/
} }
protected function generatePageHeader(string $title = ""):void protected function generatePageHeader(string $title = ""):void
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment