From 2d8d09b0f3070f2a4390ecb01d81a6806700ce41 Mon Sep 17 00:00:00 2001
From: Samuel ORTION <samuel.ortion@orange.fr>
Date: Mon, 29 Mar 2021 19:35:47 +0200
Subject: [PATCH] Basic auth implemented

---
 public/auth/login/index.php          |  36 ++++++++++++
 public/auth/login/login.php          |  80 +++++++++++++++++++++++++
 public/auth/register/index.php       |  44 ++++++++++++++
 public/auth/register/register.php    |  85 +++++++++++++++++++++++++++
 public/database/chiro-canto.odb      | Bin 2582 -> 0 bytes
 public/database/create_authors.sql   |   2 +
 public/database/create_record.sql    |  16 +++++
 public/database/database entries.txt |  23 ++++++++
 public/styles/style.css              |   9 ++-
 public/upload/characteristics.php    |   0
 public/upload/index.php              |   2 +
 public/upload/submitobservation.php  |   7 ++-
 public/upload/verify.php             |   2 +-
 13 files changed, 301 insertions(+), 5 deletions(-)
 create mode 100644 public/auth/login/index.php
 create mode 100644 public/auth/login/login.php
 create mode 100644 public/auth/register/index.php
 create mode 100644 public/auth/register/register.php
 delete mode 100644 public/database/chiro-canto.odb
 create mode 100644 public/database/create_authors.sql
 create mode 100644 public/database/create_record.sql
 create mode 100644 public/database/database entries.txt
 delete mode 100644 public/upload/characteristics.php

diff --git a/public/auth/login/index.php b/public/auth/login/index.php
new file mode 100644
index 0000000..e1cab54
--- /dev/null
+++ b/public/auth/login/index.php
@@ -0,0 +1,36 @@
+<?php
+session_start();
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
+$root = realpath($_SERVER["DOCUMENT_ROOT"]);
+
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Login | Chiro - Canto</title>
+    <link rel="stylesheet" type="text/css" href="/styles/style.css">
+</head>
+<body>
+    <?php include("$root/menu.php");?>
+    <?php include("$root/header.php");?>
+    <section>
+        <h2>Login</h2>
+        <?=(isset($_SESSION['error_msg'])  and ! $_SESSION['error_msg'] == "" ) ? '<div class="error">'.$_SESSION['error_msg'].'</div>' : ""?>
+        <form action="login.php" method="post">
+            <label for="username">Username*</label>
+            <input id="username" type="text" name="username" placeholder="Enter your username.." required>
+            <label for="password">Password*</label>
+            <input type="password" name="password" id="password" placeholder="Enter your password.." required>
+            <input type="submit" name="submit" value="submit"><input type="reset" name="reset" value="reset">
+        </form>
+    </section>
+    <?php include("$root/footer.php");?>
+</body>
+<script src="/scripts/script.js"></script>
+</html>
\ No newline at end of file
diff --git a/public/auth/login/login.php b/public/auth/login/login.php
new file mode 100644
index 0000000..f16228e
--- /dev/null
+++ b/public/auth/login/login.php
@@ -0,0 +1,80 @@
+<?php
+
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
+
+session_start();
+
+
+function check_credentials($username, $userpw) {
+    $root = realpath($_SERVER["DOCUMENT_ROOT"]);
+    require($root."/database/credentials.php");
+    // Connect the database
+    try{
+        $db = new PDO("mysql:host=$host;dbname=$database;charset=utf8", 
+            $user, 
+            $password, 
+            array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
+            ));
+    }catch (Exception $e){
+        die("Error : ".$e->getMessage());
+    }
+    $req = $db->prepare('SELECT password FROM `authors` WHERE `username`=:username');
+    $req->execute(array(
+        "username"=>$username,
+    ));
+    if ($data = $req->fetch()){
+        $password_hash =  $data['password'];
+        if (password_verify($userpw, $password_hash)) {
+            echo "Error 1";
+            return True;
+        } else {
+            echo "Error";
+            return False;
+        }
+    } else {
+        echo "Error 0";
+        return False;
+    }
+    
+}
+
+$_SESSION['error_msg'] = "";
+
+if (isset($_POST['submit']))
+{
+    if (isset($_POST['username']))
+    {
+        $username = $_POST['username'];
+    } else 
+    {
+        $_SESSION['error_msg'] .= "You did not enter a proper username.\n";
+    }
+    if (isset($_POST['password'])) {
+        $password = $_POST['password'];
+    } else {
+        $_SESSION['error_msg'] .= "You did not enter a proper password.\n";
+    }
+} else 
+{
+    $_SESSION['error_msg'] .= "You did not submit the register form.\n";
+}
+
+if ($_SESSION['error_msg'] == "")
+{
+
+    if (check_credentials($username, $password))
+    {
+        $_SESSION['logged'] = True;
+        $_SESSION['username'] = $username;
+        header('Location: '."/");
+    } else {
+        $_SESSION['error_msg'] = "Incorrect password, please try again.\n";
+        header('Location: '."../../auth/login");
+    }
+} else 
+{
+    // header('Location: '."../../auth/login");
+}
+?>
\ No newline at end of file
diff --git a/public/auth/register/index.php b/public/auth/register/index.php
new file mode 100644
index 0000000..f9034c0
--- /dev/null
+++ b/public/auth/register/index.php
@@ -0,0 +1,44 @@
+<?php
+session_start();
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
+$root = realpath($_SERVER["DOCUMENT_ROOT"]);
+
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Register | Chiro - Canto</title>
+    <link rel="stylesheet" type="text/css" href="/styles/style.css">
+</head>
+<body>
+    <?php include("$root/menu.php");?>
+    <?php include("$root/header.php");?>
+    <section>
+        <h2>Register</h2>
+        <?=(isset($_SESSION['error_msg']) and ! $_SESSION['error_msg'] == "") ? '<div class="error">'.$_SESSION['error_msg'].'</div>' : ""?>
+        <form action="register.php" method="post">
+            <label for="firstname">First Name*</label>
+            <input id="firstname" type="text" name="firstname" placeholder="John" required>
+            <label for="lastname">Last Name*</label>
+            <input id="lastname" type="text" name="lastname" placeholder="Doe" required>
+            <label for="username">Username*</label>
+            <input id="username" type="text" name="username" placeholder="jojo" required>
+            <label for="password">Password*</label>
+            <input type="password" name="password" id="password" placeholder="************" required>
+            <label for="email">Your email*</label>
+            <input type="email" name="email" id="email" placeholder="john.doe@example.com" required>
+            <label for="website">Your website (optional)</label>
+            <input type="url" name="website" id="website" placeholder="https://example.com">
+            <input type="submit" name="submit" value="submit"><input type="reset" name="reset" value="reset">
+        </form>
+    </section>
+    <?php include("$root/footer.php");?>
+</body>
+<script src="/scripts/script.js"></script>
+</html>
\ No newline at end of file
diff --git a/public/auth/register/register.php b/public/auth/register/register.php
new file mode 100644
index 0000000..4092825
--- /dev/null
+++ b/public/auth/register/register.php
@@ -0,0 +1,85 @@
+<?php
+session_start();
+
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
+
+
+
+function database_entry($fname, $lname, $username, $password_hash, $email, $website) {
+    $root = realpath($_SERVER["DOCUMENT_ROOT"]);
+    require($root."/database/credentials.php");
+    // Connect the database
+    try{
+        $db = new PDO("mysql:host=$host;dbname=$database;charset=utf8", 
+            $user, 
+            $password, 
+            array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
+            ));
+    }catch (Exception $e){
+        die("Error : ".$e->getMessage());
+    }
+    $req = $db->prepare('INSERT INTO `authors` (`id`, `firstname`, `lastname`, `username`, `email`, `website`, `password`, `entry_timestamp`) VALUES (NULL,  :fname, :lname, :username, :email, :website, :password, current_timestamp());');
+    $req->execute(array(
+        'fname' => $fname,
+        'lname' => $lname,
+        'username' => $username,
+        'email' => $email,
+        'website' => $website,
+        'password' => $password_hash
+    ));
+}
+
+$_SESSION['error_msg'] = "";
+
+if (isset($_POST['submit']))
+{
+    if (isset($_POST['firstname']))
+    {
+        $fname = $_POST['firstname'];
+    } else 
+    {
+        $_SESSION['error_msg'] .= "You did not enter a proper first name.\n";
+    }
+    if (isset($_POST['lastname']))
+    {
+        $lname = $_POST['lastname'];
+    } else 
+    {
+        $_SESSION['error_msg'] .= "You did not enter a proper last name.\n";
+    }
+    if (isset($_POST['username']))
+    {
+        $username = $_POST['username'];
+    } else 
+    {
+        $_SESSION['error_msg'] .= "You did not enter a proper username.\n";
+    }
+    if (isset($_POST['email']))
+    {
+        $email = $_POST['email'];
+    } else 
+    {
+        $_SESSION['error_msg'] .= "You did not enter a proper email address.\n";
+    }
+    $website = isset($_POST['website']) ? $_POST['website'] : "";
+    if (isset($_POST['password'])) {
+        $password_hash = password_hash($_POST['password'], PASSWORD_DEFAULT);
+    } else {
+        $_SESSION['error_msg'] .= "You did not enter a proper password.\n";
+    }
+} else 
+{
+    $_SESSION['error_msg'] .= "You did not submit the register form.\n";
+}
+
+if ($_SESSION['error_msg'] == "")
+{
+    database_entry($fname, $lname, $username, $password_hash, $email, $website, $password);
+    header('Location: '."../../auth/login");
+} else 
+{
+    header('Location: '."../../auth/register");
+}
+?>
\ No newline at end of file
diff --git a/public/database/chiro-canto.odb b/public/database/chiro-canto.odb
deleted file mode 100644
index 4d9d43d6b1bf243e9f44d3687d34b5661723cf7c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2582
zcmaJ@2{=@H8$Y(pwM5qJ5|PT<*rIEj7#iV*tk;;Cm}15(4Ks2R8Kaw&n?hvG5)xfu
zvV_RKMM@fb)^br1Ztj`xC%&Gq?>*;z&Uwyre(&@CfB*mcdtZB7E^aXZfB=AxQ>f!g
zs^GFJ003+UKLG*Q01TNLh(QJh`eRW@G8T{1q~OpRcq9o+(!d8|aA-X0TmS|~*6=}+
zF!uim1_4ySU_Dbu1p2`s5}W`a06s|=G8v2WC20f)_{YZ~;=;9rk1gK`Z}AGx<cCMU
zH?D2tF!$3^A-j`>CqFd;62CzC2k$<g&+q?im@JQwdy|f_O^8M$Gay~|$l{i#oy*iJ
z$(*qnQw&xxH~e@%z=TGS<VTvGT^FYyb_VQYN{C}0{br^Aq(us*|73sm4rZ6#!?i*)
zo}u!@3nHD+4fxWV*bu_|?5w%9qwmYKOXJsV;w)ELm!#@?oNZxTCjG`|e(&F~ynPsf
znX=1GEvDbi20CGuA6`_hjC{$_eK&4jGi`q;J_ax4KSuk+@yJ|0^<M%Y5Xe_H!8Ly~
zA@B{2BqP~0X_8PxY#<rhUdvafC46Zl<c?3X=v2d+vg?4UKRU>w+jcsg*NmoC{qwP>
zOXus0{BL+e?6XhVUYszxt~t9_k$MaHx(pRcm5f9lm$s@7#~r#M`%`<P`sanUtgxTY
zwwMpdot#vUt_+IsF40uV4<!w>K17eH5NcC2RF^sIZFwPIpsspBU`8>Z|2SvS?KuY$
z!R;oJu^5u4Lou#iQEc#UaqCyt2};nIr@fXlT>?(bOy6M2oy)a6vdw?5_9#<iih}0f
zm!m$?Xctf+*7g>bl)yuV=x{u>8RlAWl~uf#+u20d;ho;BX9ZF->N#(Ii;dXi3I@>*
zozlI>Pq${lYg2<=(e%u-=eu%!__F@E{2@jslEXJ;o@RaW^~Pwj@xqJQ6Mfe_bMIpv
zEE*eV=5kaFG3IqBm!8jppY)DfxfZN5Fb!mRSiBTWi}h+jgW9xGniMWEUD1;A>Pyw5
zDkm}0#aynB@Ck7vYa(4xPwQpY;*_Ccj7dv=VdBp7Y3oAXk`Ku&dkepDM)As5=Deii
zB0ht>FggAobL`{(ZMXgLzR&xKdc8eD6hQ}w(4qh#CW!EnaOI@dFlV#@oxXBpZEclC
zS1UJM<$j#OPv?$g5;?$a;f1tDaKd!KP-dY2cWoKVS>{-90f06?0Dw1u!sE#7Dg;X_
z#Th|*ttecz>=N8Neck)nyW<7XDefnl?;?C@urTFph?wck_4&tXLbg{Ya;u(R48`B_
zWZe%we}=EZh=_`GUh^ZBU3K<wXus6*sk^9uergZR=sc|#tF9KCnC(;>Z*lSfZ_NSk
z12PZM3Qorwl1?E}Fg_g03gt=c(;eLjmxVJX2#ntM4rj}73KJdi+KuNthx%S03D8+z
z<qDA@RuamseCgU$!O$8nJb@m{O%|*CGN_w0DDEP4`wcECqBJUdKn!t<U$(lHiD2lf
z=+{k}qYI$I*G}&jv4>=~uFQESyQ3P~T=iF$TbE8GEro{(%`!47eG?ZwVwVhQZ}t6y
z^I~SZuk0Ky(b0LbyTOBa;neT?LATRshgBO7RTTj8zNpw&jvA(B$}o7c_4qh5anDDe
z3P9q9L3W7t!Mh=I3Hhbj`h08RzbH*#D>wqLHt-axhByrgILUC-O^@&dp|J;JQ~Zwe
zef0GjV$ohK_bA51tM%!+K$_pQ6?zIyJ#dpQpRI`Ye&k;PdWJ;Y!J4Ol{6i-v<-zq<
z|B#{xGIjLHV+CpP8^O-ZW_tJS85=X@-TnP<<8m5Ah34-O))pxSVU6vyKOVTEVy71z
zH=d<GKA=EN@Tk!^ZI!D~w?36Km=;*8;;vT<RiB$!`7}4Zep;b(K0P|R)pzwTj+!v-
zbt+Z<Lcq;?V~h1ZdAlY?&0c1xMpL6G`^rKFlQNxLYPz|QGIFc^rn7yc$i0y+95z2q
zFbL{aI~)xK`*w*%?vQd7X}7D-xF9Dh?<ykEG}F>W5j?T8A+KL}F}u~I-hED8pwd8J
z)~K`OQlo5Af_BH~U^V=vrCeQ#O@e^4m`alzZ;+#}dEu}E(g9vjSc)88DHNec>~vHL
z2pdft)7qQn*hHKh&c{@#hLl{DoT@8{Rl<L$P|9XH!38|_H0}DFZ~4fkK=eK_{VxlD
zAg<&_IGtjiiMmp6&Y2$T?h=>ZHer34v)a%?DgT8y<8Hmkeum%`?JPw>9VXp6p0hUK
z#jIL##zdBRU9^>qxr1x*0Xl_iW@gw*uKJR?7c}PJEtZDiyAEC+teL3ENYLeaQM1uR
z-uV&DA4{S*SZfH_NwY(6yJMOGNF4SwhV-@S3ggUh5n95qWka4t`N4a)Tf))(qJQ!R
zwkKRgH{LX{9RCDW<G#n2mshgXG^W3?K?s!&aY^2@??W$Rat1DD+E`}ox%Vh*sKtd~
zBtPRN>SkSV)8hJ&12aBmx6=M1(S0yxRMty1g)lcfU7pd``5W{E6FiNYqn9c2jgc}(
zO2Y~ia{H1W7e#mr2osn+cGR=oVFSW%;m<6J-5yM(wY^&?;d>B4!gQ_oK`Qdk3Uavh
zs{G1%*gR^ut1Wyyao|ix+JIZp(Q}-8=DV+j8R8Y4UNv=ibg;(Bp^^rwIjV*_iHwUu
zFE`NigaE5!*0B>tLnhpQ#tVPO)<n9s{+jw_MUX97QErkfZcrOFL2<IT<=_+pemq@(
zTyC??Sz`<JzsHCz2m*ZFK2&TXH~a7QF30Y_TV@Al_)VYx?Z)4Ow+lVH5pEeLIL~|o
zZ?(nm18f&>c0brMW00F~0l@CCi3Gs8fju~VFYa5&JP^4}>NkO#3*JsX`=oA}IPVY6
Wt-USJ4)$-n;FSfk;=vyKfPVm>WCOnd

diff --git a/public/database/create_authors.sql b/public/database/create_authors.sql
new file mode 100644
index 0000000..cb7c415
--- /dev/null
+++ b/public/database/create_authors.sql
@@ -0,0 +1,2 @@
+Preview SQL
+CREATE TABLE `chirocanto`.`authors` ( `id` INT NOT NULL AUTO_INCREMENT , `firstname` VARCHAR(125) NOT NULL , `lastname` VARCHAR(125) NOT NULL , `email` VARCHAR(125) NOT NULL , `website` VARCHAR(125) NOT NULL , `entry_timestamp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , PRIMARY KEY (`id`)) ENGINE = InnoDB; 
\ No newline at end of file
diff --git a/public/database/create_record.sql b/public/database/create_record.sql
new file mode 100644
index 0000000..3321ef4
--- /dev/null
+++ b/public/database/create_record.sql
@@ -0,0 +1,16 @@
+CREATE TABLE IF NOT EXISTS `chirocanto`.`records` 
+( `id` INT NOT NULL AUTO_INCREMENT , 
+ `entry_timestamp` INT NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT 'Timestamp when entered in database' ,
+ `author_id` INT NOT NULL COMMENT 'author_id associated with author table' , 
+ `file_name` VARCHAR(125) NOT NULL COMMENT 'Name of uploaded file.' , 
+ `license` VARCHAR(25) NOT NULL COMMENT 'License of uploaded file.' ,
+ `species` VARCHAR(50) NOT NULL COMMENT 'Species of uploaded sound.' , 
+ `subspecies` VARCHAR(50) NOT NULL COMMENT 'Subspecies of uploaded sound.' , 
+ `sound_type` VARCHAR(25) NOT NULL COMMENT 'Sound type of the file.' , 
+ `coordinates` POINT NOT NULL COMMENT 'Coordinates of the record.' , 
+ `country` VARCHAR NOT NULL COMMENT 'Country of the record.' , 
+ `date` DATE NOT NULL COMMENT 'Date of the record.' , 
+ `time` TIME NOT NULL COMMENT 'Time of the record.' , 
+ `remarks` TEXT NOT NULL COMMENT 'Remarks given for this record.' , 
+ PRIMARY KEY (`id`)) 
+ ENGINE = InnoDB; 
diff --git a/public/database/database entries.txt b/public/database/database entries.txt
new file mode 100644
index 0000000..3e6d9c3
--- /dev/null
+++ b/public/database/database entries.txt	
@@ -0,0 +1,23 @@
+database entries:
+# records
+id 
+timestamp entry
+author_id
+recordist_name
+file_name
+license
+species
+subspecies
+sound type
+coordinates
+country
+date
+time
+remarks
+
+# authors
+id
+firstname
+lastname
+email
+website
diff --git a/public/styles/style.css b/public/styles/style.css
index 75af274..ae79add 100644
--- a/public/styles/style.css
+++ b/public/styles/style.css
@@ -79,7 +79,7 @@ input {
 }
 
 /* Style inputs with type="text", select elements and textareas */
-input[type=text], input[type=email], input[type=url], select, textarea {
+input[type=text], input[type=email], input[type=url], input[type=password], select, textarea {
   width: 100%; /* Full width */
   padding: 12px; /* Some padding */ 
   border: 1px solid #ccc; /* Gray border */
@@ -239,4 +239,11 @@ div.coordinates input[type="text"] {
 
 .sci-name {
   font-style: italic;
+}
+
+.error {
+  border: solid red;
+  border-radius: 5px;
+  padding: 0.5em;
+  background-color: rgba(255, 0, 0, 0.4)
 }
\ No newline at end of file
diff --git a/public/upload/characteristics.php b/public/upload/characteristics.php
deleted file mode 100644
index e69de29..0000000
diff --git a/public/upload/index.php b/public/upload/index.php
index 4c25eae..e006018 100644
--- a/public/upload/index.php
+++ b/public/upload/index.php
@@ -1,8 +1,10 @@
+
 <?php
 ini_set('display_errors', 1);
 ini_set('display_startup_errors', 1);
 error_reporting(E_ALL);
 session_start();
+
 if (! isset($_SESSION['error_msg'])) {
     $_SESSION['error_msg'] = "";
 }
diff --git a/public/upload/submitobservation.php b/public/upload/submitobservation.php
index 7f1e757..472b03f 100644
--- a/public/upload/submitobservation.php
+++ b/public/upload/submitobservation.php
@@ -18,8 +18,9 @@ try{
 	die("Error : ".$e->getMessage());
 }
 
-/* Create Table if not exists */
-$req = $db->prepare('CREATE TABLE IF NOT EXISTS golden_book ( `id` INT NOT NULL AUTO_INCREMENT , `firstname` VARCHAR(25) NOT NULL , `lastname` VARCHAR(25) NOT NULL , `email` VARCHAR(125) NOT NULL, `date` DATE NOT NULL DEFAULT CURRENT_TIMESTAMP , `message` TEXT NOT NULL , `website` VARCHAR(125) NOT NULL , PRIMARY KEY (`id`)) ENGINE = InnoDB;');
-$req->execute();
+// /* Create Table if not exists */
+// $sql = file_get_contents($root."/database/create_record.sql");
+// $db->exec($sql);
+
 
 ?>
diff --git a/public/upload/verify.php b/public/upload/verify.php
index e3898fb..5924134 100644
--- a/public/upload/verify.php
+++ b/public/upload/verify.php
@@ -65,7 +65,7 @@
 <script src="scripts/checkmap.js">
 </script>
 
-<form action="submitobservation" method="post">
+<form action="submitobservation.php" method="post">
     <input type="checkbox" id="allok" name="allok">
     <label for="allok">All informations are ok.</label><br>
     <input type="submit" name="submit" value="submit">