Basic auth implemented
This commit is contained in:
parent
371d12af32
commit
2d8d09b0f3
36
public/auth/login/index.php
Normal file
36
public/auth/login/index.php
Normal file
@ -0,0 +1,36 @@
|
||||
<?php
|
||||
session_start();
|
||||
ini_set('display_errors', 1);
|
||||
ini_set('display_startup_errors', 1);
|
||||
error_reporting(E_ALL);
|
||||
$root = realpath($_SERVER["DOCUMENT_ROOT"]);
|
||||
|
||||
?>
|
||||
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Login | Chiro - Canto</title>
|
||||
<link rel="stylesheet" type="text/css" href="/styles/style.css">
|
||||
</head>
|
||||
<body>
|
||||
<?php include("$root/menu.php");?>
|
||||
<?php include("$root/header.php");?>
|
||||
<section>
|
||||
<h2>Login</h2>
|
||||
<?=(isset($_SESSION['error_msg']) and ! $_SESSION['error_msg'] == "" ) ? '<div class="error">'.$_SESSION['error_msg'].'</div>' : ""?>
|
||||
<form action="login.php" method="post">
|
||||
<label for="username">Username*</label>
|
||||
<input id="username" type="text" name="username" placeholder="Enter your username.." required>
|
||||
<label for="password">Password*</label>
|
||||
<input type="password" name="password" id="password" placeholder="Enter your password.." required>
|
||||
<input type="submit" name="submit" value="submit"><input type="reset" name="reset" value="reset">
|
||||
</form>
|
||||
</section>
|
||||
<?php include("$root/footer.php");?>
|
||||
</body>
|
||||
<script src="/scripts/script.js"></script>
|
||||
</html>
|
80
public/auth/login/login.php
Normal file
80
public/auth/login/login.php
Normal file
@ -0,0 +1,80 @@
|
||||
<?php
|
||||
|
||||
ini_set('display_errors', 1);
|
||||
ini_set('display_startup_errors', 1);
|
||||
error_reporting(E_ALL);
|
||||
|
||||
session_start();
|
||||
|
||||
|
||||
function check_credentials($username, $userpw) {
|
||||
$root = realpath($_SERVER["DOCUMENT_ROOT"]);
|
||||
require($root."/database/credentials.php");
|
||||
// Connect the database
|
||||
try{
|
||||
$db = new PDO("mysql:host=$host;dbname=$database;charset=utf8",
|
||||
$user,
|
||||
$password,
|
||||
array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
|
||||
));
|
||||
}catch (Exception $e){
|
||||
die("Error : ".$e->getMessage());
|
||||
}
|
||||
$req = $db->prepare('SELECT password FROM `authors` WHERE `username`=:username');
|
||||
$req->execute(array(
|
||||
"username"=>$username,
|
||||
));
|
||||
if ($data = $req->fetch()){
|
||||
$password_hash = $data['password'];
|
||||
if (password_verify($userpw, $password_hash)) {
|
||||
echo "Error 1";
|
||||
return True;
|
||||
} else {
|
||||
echo "Error";
|
||||
return False;
|
||||
}
|
||||
} else {
|
||||
echo "Error 0";
|
||||
return False;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
$_SESSION['error_msg'] = "";
|
||||
|
||||
if (isset($_POST['submit']))
|
||||
{
|
||||
if (isset($_POST['username']))
|
||||
{
|
||||
$username = $_POST['username'];
|
||||
} else
|
||||
{
|
||||
$_SESSION['error_msg'] .= "You did not enter a proper username.\n";
|
||||
}
|
||||
if (isset($_POST['password'])) {
|
||||
$password = $_POST['password'];
|
||||
} else {
|
||||
$_SESSION['error_msg'] .= "You did not enter a proper password.\n";
|
||||
}
|
||||
} else
|
||||
{
|
||||
$_SESSION['error_msg'] .= "You did not submit the register form.\n";
|
||||
}
|
||||
|
||||
if ($_SESSION['error_msg'] == "")
|
||||
{
|
||||
|
||||
if (check_credentials($username, $password))
|
||||
{
|
||||
$_SESSION['logged'] = True;
|
||||
$_SESSION['username'] = $username;
|
||||
header('Location: '."/");
|
||||
} else {
|
||||
$_SESSION['error_msg'] = "Incorrect password, please try again.\n";
|
||||
header('Location: '."../../auth/login");
|
||||
}
|
||||
} else
|
||||
{
|
||||
// header('Location: '."../../auth/login");
|
||||
}
|
||||
?>
|
44
public/auth/register/index.php
Normal file
44
public/auth/register/index.php
Normal file
@ -0,0 +1,44 @@
|
||||
<?php
|
||||
session_start();
|
||||
ini_set('display_errors', 1);
|
||||
ini_set('display_startup_errors', 1);
|
||||
error_reporting(E_ALL);
|
||||
$root = realpath($_SERVER["DOCUMENT_ROOT"]);
|
||||
|
||||
?>
|
||||
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Register | Chiro - Canto</title>
|
||||
<link rel="stylesheet" type="text/css" href="/styles/style.css">
|
||||
</head>
|
||||
<body>
|
||||
<?php include("$root/menu.php");?>
|
||||
<?php include("$root/header.php");?>
|
||||
<section>
|
||||
<h2>Register</h2>
|
||||
<?=(isset($_SESSION['error_msg']) and ! $_SESSION['error_msg'] == "") ? '<div class="error">'.$_SESSION['error_msg'].'</div>' : ""?>
|
||||
<form action="register.php" method="post">
|
||||
<label for="firstname">First Name*</label>
|
||||
<input id="firstname" type="text" name="firstname" placeholder="John" required>
|
||||
<label for="lastname">Last Name*</label>
|
||||
<input id="lastname" type="text" name="lastname" placeholder="Doe" required>
|
||||
<label for="username">Username*</label>
|
||||
<input id="username" type="text" name="username" placeholder="jojo" required>
|
||||
<label for="password">Password*</label>
|
||||
<input type="password" name="password" id="password" placeholder="************" required>
|
||||
<label for="email">Your email*</label>
|
||||
<input type="email" name="email" id="email" placeholder="john.doe@example.com" required>
|
||||
<label for="website">Your website (optional)</label>
|
||||
<input type="url" name="website" id="website" placeholder="https://example.com">
|
||||
<input type="submit" name="submit" value="submit"><input type="reset" name="reset" value="reset">
|
||||
</form>
|
||||
</section>
|
||||
<?php include("$root/footer.php");?>
|
||||
</body>
|
||||
<script src="/scripts/script.js"></script>
|
||||
</html>
|
85
public/auth/register/register.php
Normal file
85
public/auth/register/register.php
Normal file
@ -0,0 +1,85 @@
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
ini_set('display_errors', 1);
|
||||
ini_set('display_startup_errors', 1);
|
||||
error_reporting(E_ALL);
|
||||
|
||||
|
||||
|
||||
function database_entry($fname, $lname, $username, $password_hash, $email, $website) {
|
||||
$root = realpath($_SERVER["DOCUMENT_ROOT"]);
|
||||
require($root."/database/credentials.php");
|
||||
// Connect the database
|
||||
try{
|
||||
$db = new PDO("mysql:host=$host;dbname=$database;charset=utf8",
|
||||
$user,
|
||||
$password,
|
||||
array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
|
||||
));
|
||||
}catch (Exception $e){
|
||||
die("Error : ".$e->getMessage());
|
||||
}
|
||||
$req = $db->prepare('INSERT INTO `authors` (`id`, `firstname`, `lastname`, `username`, `email`, `website`, `password`, `entry_timestamp`) VALUES (NULL, :fname, :lname, :username, :email, :website, :password, current_timestamp());');
|
||||
$req->execute(array(
|
||||
'fname' => $fname,
|
||||
'lname' => $lname,
|
||||
'username' => $username,
|
||||
'email' => $email,
|
||||
'website' => $website,
|
||||
'password' => $password_hash
|
||||
));
|
||||
}
|
||||
|
||||
$_SESSION['error_msg'] = "";
|
||||
|
||||
if (isset($_POST['submit']))
|
||||
{
|
||||
if (isset($_POST['firstname']))
|
||||
{
|
||||
$fname = $_POST['firstname'];
|
||||
} else
|
||||
{
|
||||
$_SESSION['error_msg'] .= "You did not enter a proper first name.\n";
|
||||
}
|
||||
if (isset($_POST['lastname']))
|
||||
{
|
||||
$lname = $_POST['lastname'];
|
||||
} else
|
||||
{
|
||||
$_SESSION['error_msg'] .= "You did not enter a proper last name.\n";
|
||||
}
|
||||
if (isset($_POST['username']))
|
||||
{
|
||||
$username = $_POST['username'];
|
||||
} else
|
||||
{
|
||||
$_SESSION['error_msg'] .= "You did not enter a proper username.\n";
|
||||
}
|
||||
if (isset($_POST['email']))
|
||||
{
|
||||
$email = $_POST['email'];
|
||||
} else
|
||||
{
|
||||
$_SESSION['error_msg'] .= "You did not enter a proper email address.\n";
|
||||
}
|
||||
$website = isset($_POST['website']) ? $_POST['website'] : "";
|
||||
if (isset($_POST['password'])) {
|
||||
$password_hash = password_hash($_POST['password'], PASSWORD_DEFAULT);
|
||||
} else {
|
||||
$_SESSION['error_msg'] .= "You did not enter a proper password.\n";
|
||||
}
|
||||
} else
|
||||
{
|
||||
$_SESSION['error_msg'] .= "You did not submit the register form.\n";
|
||||
}
|
||||
|
||||
if ($_SESSION['error_msg'] == "")
|
||||
{
|
||||
database_entry($fname, $lname, $username, $password_hash, $email, $website, $password);
|
||||
header('Location: '."../../auth/login");
|
||||
} else
|
||||
{
|
||||
header('Location: '."../../auth/register");
|
||||
}
|
||||
?>
|
Binary file not shown.
2
public/database/create_authors.sql
Normal file
2
public/database/create_authors.sql
Normal file
@ -0,0 +1,2 @@
|
||||
Preview SQL
|
||||
CREATE TABLE `chirocanto`.`authors` ( `id` INT NOT NULL AUTO_INCREMENT , `firstname` VARCHAR(125) NOT NULL , `lastname` VARCHAR(125) NOT NULL , `email` VARCHAR(125) NOT NULL , `website` VARCHAR(125) NOT NULL , `entry_timestamp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , PRIMARY KEY (`id`)) ENGINE = InnoDB;
|
16
public/database/create_record.sql
Normal file
16
public/database/create_record.sql
Normal file
@ -0,0 +1,16 @@
|
||||
CREATE TABLE IF NOT EXISTS `chirocanto`.`records`
|
||||
( `id` INT NOT NULL AUTO_INCREMENT ,
|
||||
`entry_timestamp` INT NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT 'Timestamp when entered in database' ,
|
||||
`author_id` INT NOT NULL COMMENT 'author_id associated with author table' ,
|
||||
`file_name` VARCHAR(125) NOT NULL COMMENT 'Name of uploaded file.' ,
|
||||
`license` VARCHAR(25) NOT NULL COMMENT 'License of uploaded file.' ,
|
||||
`species` VARCHAR(50) NOT NULL COMMENT 'Species of uploaded sound.' ,
|
||||
`subspecies` VARCHAR(50) NOT NULL COMMENT 'Subspecies of uploaded sound.' ,
|
||||
`sound_type` VARCHAR(25) NOT NULL COMMENT 'Sound type of the file.' ,
|
||||
`coordinates` POINT NOT NULL COMMENT 'Coordinates of the record.' ,
|
||||
`country` VARCHAR NOT NULL COMMENT 'Country of the record.' ,
|
||||
`date` DATE NOT NULL COMMENT 'Date of the record.' ,
|
||||
`time` TIME NOT NULL COMMENT 'Time of the record.' ,
|
||||
`remarks` TEXT NOT NULL COMMENT 'Remarks given for this record.' ,
|
||||
PRIMARY KEY (`id`))
|
||||
ENGINE = InnoDB;
|
23
public/database/database entries.txt
Normal file
23
public/database/database entries.txt
Normal file
@ -0,0 +1,23 @@
|
||||
database entries:
|
||||
# records
|
||||
id
|
||||
timestamp entry
|
||||
author_id
|
||||
recordist_name
|
||||
file_name
|
||||
license
|
||||
species
|
||||
subspecies
|
||||
sound type
|
||||
coordinates
|
||||
country
|
||||
date
|
||||
time
|
||||
remarks
|
||||
|
||||
# authors
|
||||
id
|
||||
firstname
|
||||
lastname
|
||||
email
|
||||
website
|
@ -79,7 +79,7 @@ input {
|
||||
}
|
||||
|
||||
/* Style inputs with type="text", select elements and textareas */
|
||||
input[type=text], input[type=email], input[type=url], select, textarea {
|
||||
input[type=text], input[type=email], input[type=url], input[type=password], select, textarea {
|
||||
width: 100%; /* Full width */
|
||||
padding: 12px; /* Some padding */
|
||||
border: 1px solid #ccc; /* Gray border */
|
||||
@ -240,3 +240,10 @@ div.coordinates input[type="text"] {
|
||||
.sci-name {
|
||||
font-style: italic;
|
||||
}
|
||||
|
||||
.error {
|
||||
border: solid red;
|
||||
border-radius: 5px;
|
||||
padding: 0.5em;
|
||||
background-color: rgba(255, 0, 0, 0.4)
|
||||
}
|
@ -1,8 +1,10 @@
|
||||
|
||||
<?php
|
||||
ini_set('display_errors', 1);
|
||||
ini_set('display_startup_errors', 1);
|
||||
error_reporting(E_ALL);
|
||||
session_start();
|
||||
|
||||
if (! isset($_SESSION['error_msg'])) {
|
||||
$_SESSION['error_msg'] = "";
|
||||
}
|
||||
|
@ -18,8 +18,9 @@ try{
|
||||
die("Error : ".$e->getMessage());
|
||||
}
|
||||
|
||||
/* Create Table if not exists */
|
||||
$req = $db->prepare('CREATE TABLE IF NOT EXISTS golden_book ( `id` INT NOT NULL AUTO_INCREMENT , `firstname` VARCHAR(25) NOT NULL , `lastname` VARCHAR(25) NOT NULL , `email` VARCHAR(125) NOT NULL, `date` DATE NOT NULL DEFAULT CURRENT_TIMESTAMP , `message` TEXT NOT NULL , `website` VARCHAR(125) NOT NULL , PRIMARY KEY (`id`)) ENGINE = InnoDB;');
|
||||
$req->execute();
|
||||
// /* Create Table if not exists */
|
||||
// $sql = file_get_contents($root."/database/create_record.sql");
|
||||
// $db->exec($sql);
|
||||
|
||||
|
||||
?>
|
||||
|
@ -65,7 +65,7 @@
|
||||
<script src="scripts/checkmap.js">
|
||||
</script>
|
||||
|
||||
<form action="submitobservation" method="post">
|
||||
<form action="submitobservation.php" method="post">
|
||||
<input type="checkbox" id="allok" name="allok">
|
||||
<label for="allok">All informations are ok.</label><br>
|
||||
<input type="submit" name="submit" value="submit">
|
||||
|
Loading…
Reference in New Issue
Block a user