Basic auth implemented

public/auth/login/index.php

@@ -0,0 +1,36 @@
+<?php
+session_start();
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
+$root = realpath($_SERVER["DOCUMENT_ROOT"]);
+
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Login | Chiro - Canto</title>
+    <link rel="stylesheet" type="text/css" href="/styles/style.css">
+</head>
+<body>
+    <?php include("$root/menu.php");?>
+    <?php include("$root/header.php");?>
+    <section>
+        <h2>Login</h2>
+        <?=(isset($_SESSION['error_msg'])  and ! $_SESSION['error_msg'] == "" ) ? '<div class="error">'.$_SESSION['error_msg'].'</div>' : ""?>
+        <form action="login.php" method="post">
+            <label for="username">Username*</label>
+            <input id="username" type="text" name="username" placeholder="Enter your username.." required>
+            <label for="password">Password*</label>
+            <input type="password" name="password" id="password" placeholder="Enter your password.." required>
+            <input type="submit" name="submit" value="submit"><input type="reset" name="reset" value="reset">
+        </form>
+    </section>
+    <?php include("$root/footer.php");?>
+</body>
+<script src="/scripts/script.js"></script>
+</html>

public/auth/login/login.php

@@ -0,0 +1,80 @@
+<?php
+
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
+
+session_start();
+
+
+function check_credentials($username, $userpw) {
+    $root = realpath($_SERVER["DOCUMENT_ROOT"]);
+    require($root."/database/credentials.php");
+    // Connect the database
+    try{
+        $db = new PDO("mysql:host=$host;dbname=$database;charset=utf8", 
+            $user, 
+            $password, 
+            array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
+            ));
+    }catch (Exception $e){
+        die("Error : ".$e->getMessage());
+    }
+    $req = $db->prepare('SELECT password FROM `authors` WHERE `username`=:username');
+    $req->execute(array(
+        "username"=>$username,
+    ));
+    if ($data = $req->fetch()){
+        $password_hash =  $data['password'];
+        if (password_verify($userpw, $password_hash)) {
+            echo "Error 1";
+            return True;
+        } else {
+            echo "Error";
+            return False;
+        }
+    } else {
+        echo "Error 0";
+        return False;
+    }
+    
+}
+
+$_SESSION['error_msg'] = "";
+
+if (isset($_POST['submit']))
+{
+    if (isset($_POST['username']))
+    {
+        $username = $_POST['username'];
+    } else 
+    {
+        $_SESSION['error_msg'] .= "You did not enter a proper username.\n";
+    }
+    if (isset($_POST['password'])) {
+        $password = $_POST['password'];
+    } else {
+        $_SESSION['error_msg'] .= "You did not enter a proper password.\n";
+    }
+} else 
+{
+    $_SESSION['error_msg'] .= "You did not submit the register form.\n";
+}
+
+if ($_SESSION['error_msg'] == "")
+{
+
+    if (check_credentials($username, $password))
+    {
+        $_SESSION['logged'] = True;
+        $_SESSION['username'] = $username;
+        header('Location: '."/");
+    } else {
+        $_SESSION['error_msg'] = "Incorrect password, please try again.\n";
+        header('Location: '."../../auth/login");
+    }
+} else 
+{
+    // header('Location: '."../../auth/login");
+}
+?>

public/auth/register/index.php

@@ -0,0 +1,44 @@
+<?php
+session_start();
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
+$root = realpath($_SERVER["DOCUMENT_ROOT"]);
+
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Register | Chiro - Canto</title>
+    <link rel="stylesheet" type="text/css" href="/styles/style.css">
+</head>
+<body>
+    <?php include("$root/menu.php");?>
+    <?php include("$root/header.php");?>
+    <section>
+        <h2>Register</h2>
+        <?=(isset($_SESSION['error_msg']) and ! $_SESSION['error_msg'] == "") ? '<div class="error">'.$_SESSION['error_msg'].'</div>' : ""?>
+        <form action="register.php" method="post">
+            <label for="firstname">First Name*</label>
+            <input id="firstname" type="text" name="firstname" placeholder="John" required>
+            <label for="lastname">Last Name*</label>
+            <input id="lastname" type="text" name="lastname" placeholder="Doe" required>
+            <label for="username">Username*</label>
+            <input id="username" type="text" name="username" placeholder="jojo" required>
+            <label for="password">Password*</label>
+            <input type="password" name="password" id="password" placeholder="************" required>
+            <label for="email">Your email*</label>
+            <input type="email" name="email" id="email" placeholder="john.doe@example.com" required>
+            <label for="website">Your website (optional)</label>
+            <input type="url" name="website" id="website" placeholder="https://example.com">
+            <input type="submit" name="submit" value="submit"><input type="reset" name="reset" value="reset">
+        </form>
+    </section>
+    <?php include("$root/footer.php");?>
+</body>
+<script src="/scripts/script.js"></script>
+</html>

public/auth/register/register.php

@@ -0,0 +1,85 @@
+<?php
+session_start();
+
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
+
+
+
+function database_entry($fname, $lname, $username, $password_hash, $email, $website) {
+    $root = realpath($_SERVER["DOCUMENT_ROOT"]);
+    require($root."/database/credentials.php");
+    // Connect the database
+    try{
+        $db = new PDO("mysql:host=$host;dbname=$database;charset=utf8", 
+            $user, 
+            $password, 
+            array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
+            ));
+    }catch (Exception $e){
+        die("Error : ".$e->getMessage());
+    }
+    $req = $db->prepare('INSERT INTO `authors` (`id`, `firstname`, `lastname`, `username`, `email`, `website`, `password`, `entry_timestamp`) VALUES (NULL,  :fname, :lname, :username, :email, :website, :password, current_timestamp());');
+    $req->execute(array(
+        'fname' => $fname,
+        'lname' => $lname,
+        'username' => $username,
+        'email' => $email,
+        'website' => $website,
+        'password' => $password_hash
+    ));
+}
+
+$_SESSION['error_msg'] = "";
+
+if (isset($_POST['submit']))
+{
+    if (isset($_POST['firstname']))
+    {
+        $fname = $_POST['firstname'];
+    } else 
+    {
+        $_SESSION['error_msg'] .= "You did not enter a proper first name.\n";
+    }
+    if (isset($_POST['lastname']))
+    {
+        $lname = $_POST['lastname'];
+    } else 
+    {
+        $_SESSION['error_msg'] .= "You did not enter a proper last name.\n";
+    }
+    if (isset($_POST['username']))
+    {
+        $username = $_POST['username'];
+    } else 
+    {
+        $_SESSION['error_msg'] .= "You did not enter a proper username.\n";
+    }
+    if (isset($_POST['email']))
+    {
+        $email = $_POST['email'];
+    } else 
+    {
+        $_SESSION['error_msg'] .= "You did not enter a proper email address.\n";
+    }
+    $website = isset($_POST['website']) ? $_POST['website'] : "";
+    if (isset($_POST['password'])) {
+        $password_hash = password_hash($_POST['password'], PASSWORD_DEFAULT);
+    } else {
+        $_SESSION['error_msg'] .= "You did not enter a proper password.\n";
+    }
+} else 
+{
+    $_SESSION['error_msg'] .= "You did not submit the register form.\n";
+}
+
+if ($_SESSION['error_msg'] == "")
+{
+    database_entry($fname, $lname, $username, $password_hash, $email, $website, $password);
+    header('Location: '."../../auth/login");
+} else 
+{
+    header('Location: '."../../auth/register");
+}
+?>

public/database/create_authors.sql

@@ -0,0 +1,2 @@
+Preview SQL
+CREATE TABLE `chirocanto`.`authors` ( `id` INT NOT NULL AUTO_INCREMENT , `firstname` VARCHAR(125) NOT NULL , `lastname` VARCHAR(125) NOT NULL , `email` VARCHAR(125) NOT NULL , `website` VARCHAR(125) NOT NULL , `entry_timestamp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , PRIMARY KEY (`id`)) ENGINE = InnoDB; 

public/database/create_record.sql

@@ -0,0 +1,16 @@
+CREATE TABLE IF NOT EXISTS `chirocanto`.`records` 
+( `id` INT NOT NULL AUTO_INCREMENT , 
+ `entry_timestamp` INT NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT 'Timestamp when entered in database' ,
+ `author_id` INT NOT NULL COMMENT 'author_id associated with author table' , 
+ `file_name` VARCHAR(125) NOT NULL COMMENT 'Name of uploaded file.' , 
+ `license` VARCHAR(25) NOT NULL COMMENT 'License of uploaded file.' ,
+ `species` VARCHAR(50) NOT NULL COMMENT 'Species of uploaded sound.' , 
+ `subspecies` VARCHAR(50) NOT NULL COMMENT 'Subspecies of uploaded sound.' , 
+ `sound_type` VARCHAR(25) NOT NULL COMMENT 'Sound type of the file.' , 
+ `coordinates` POINT NOT NULL COMMENT 'Coordinates of the record.' , 
+ `country` VARCHAR NOT NULL COMMENT 'Country of the record.' , 
+ `date` DATE NOT NULL COMMENT 'Date of the record.' , 
+ `time` TIME NOT NULL COMMENT 'Time of the record.' , 
+ `remarks` TEXT NOT NULL COMMENT 'Remarks given for this record.' , 
+ PRIMARY KEY (`id`)) 
+ ENGINE = InnoDB; 

public/database/database entries.txt

@@ -0,0 +1,23 @@
+database entries:
+# records
+id 
+timestamp entry
+author_id
+recordist_name
+file_name
+license
+species
+subspecies
+sound type
+coordinates
+country
+date
+time
+remarks
+
+# authors
+id
+firstname
+lastname
+email
+website

public/styles/style.css

@@ -79,7 +79,7 @@ input {
 }
 
 /* Style inputs with type="text", select elements and textareas */
-input[type=text], input[type=email], input[type=url], select, textarea {
+input[type=text], input[type=email], input[type=url], input[type=password], select, textarea {
   width: 100%; /* Full width */
   padding: 12px; /* Some padding */ 
   border: 1px solid #ccc; /* Gray border */
@@ -239,4 +239,11 @@ div.coordinates input[type="text"] {
 
 .sci-name {
   font-style: italic;
+}
+
+.error {
+  border: solid red;
+  border-radius: 5px;
+  padding: 0.5em;
+  background-color: rgba(255, 0, 0, 0.4)
 }

public/upload/index.php

@@ -1,8 +1,10 @@
+
 <?php
 ini_set('display_errors', 1);
 ini_set('display_startup_errors', 1);
 error_reporting(E_ALL);
 session_start();
+
 if (! isset($_SESSION['error_msg'])) {
     $_SESSION['error_msg'] = "";
 }

public/upload/submitobservation.php

@@ -18,8 +18,9 @@ try{
 	die("Error : ".$e->getMessage());
 }
 
-/* Create Table if not exists */
-$req = $db->prepare('CREATE TABLE IF NOT EXISTS golden_book ( `id` INT NOT NULL AUTO_INCREMENT , `firstname` VARCHAR(25) NOT NULL , `lastname` VARCHAR(25) NOT NULL , `email` VARCHAR(125) NOT NULL, `date` DATE NOT NULL DEFAULT CURRENT_TIMESTAMP , `message` TEXT NOT NULL , `website` VARCHAR(125) NOT NULL , PRIMARY KEY (`id`)) ENGINE = InnoDB;');
-$req->execute();
+// /* Create Table if not exists */
+// $sql = file_get_contents($root."/database/create_record.sql");
+// $db->exec($sql);
+
 
 ?>

public/upload/verify.php

@@ -65,7 +65,7 @@
 <script src="scripts/checkmap.js">
 </script>
 
-<form action="submitobservation" method="post">
+<form action="submitobservation.php" method="post">
     <input type="checkbox" id="allok" name="allok">
     <label for="allok">All informations are ok.</label><br>
     <input type="submit" name="submit" value="submit">