Basic auth implemented

This commit is contained in:
Samuel Ortion 2021-03-29 19:35:47 +02:00
parent 371d12af32
commit 2d8d09b0f3
13 changed files with 301 additions and 5 deletions

View File

@ -0,0 +1,36 @@
<?php
session_start();
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$root = realpath($_SERVER["DOCUMENT_ROOT"]);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login | Chiro - Canto</title>
<link rel="stylesheet" type="text/css" href="/styles/style.css">
</head>
<body>
<?php include("$root/menu.php");?>
<?php include("$root/header.php");?>
<section>
<h2>Login</h2>
<?=(isset($_SESSION['error_msg']) and ! $_SESSION['error_msg'] == "" ) ? '<div class="error">'.$_SESSION['error_msg'].'</div>' : ""?>
<form action="login.php" method="post">
<label for="username">Username*</label>
<input id="username" type="text" name="username" placeholder="Enter your username.." required>
<label for="password">Password*</label>
<input type="password" name="password" id="password" placeholder="Enter your password.." required>
<input type="submit" name="submit" value="submit"><input type="reset" name="reset" value="reset">
</form>
</section>
<?php include("$root/footer.php");?>
</body>
<script src="/scripts/script.js"></script>
</html>

View File

@ -0,0 +1,80 @@
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
session_start();
function check_credentials($username, $userpw) {
$root = realpath($_SERVER["DOCUMENT_ROOT"]);
require($root."/database/credentials.php");
// Connect the database
try{
$db = new PDO("mysql:host=$host;dbname=$database;charset=utf8",
$user,
$password,
array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
));
}catch (Exception $e){
die("Error : ".$e->getMessage());
}
$req = $db->prepare('SELECT password FROM `authors` WHERE `username`=:username');
$req->execute(array(
"username"=>$username,
));
if ($data = $req->fetch()){
$password_hash = $data['password'];
if (password_verify($userpw, $password_hash)) {
echo "Error 1";
return True;
} else {
echo "Error";
return False;
}
} else {
echo "Error 0";
return False;
}
}
$_SESSION['error_msg'] = "";
if (isset($_POST['submit']))
{
if (isset($_POST['username']))
{
$username = $_POST['username'];
} else
{
$_SESSION['error_msg'] .= "You did not enter a proper username.\n";
}
if (isset($_POST['password'])) {
$password = $_POST['password'];
} else {
$_SESSION['error_msg'] .= "You did not enter a proper password.\n";
}
} else
{
$_SESSION['error_msg'] .= "You did not submit the register form.\n";
}
if ($_SESSION['error_msg'] == "")
{
if (check_credentials($username, $password))
{
$_SESSION['logged'] = True;
$_SESSION['username'] = $username;
header('Location: '."/");
} else {
$_SESSION['error_msg'] = "Incorrect password, please try again.\n";
header('Location: '."../../auth/login");
}
} else
{
// header('Location: '."../../auth/login");
}
?>

View File

@ -0,0 +1,44 @@
<?php
session_start();
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$root = realpath($_SERVER["DOCUMENT_ROOT"]);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Register | Chiro - Canto</title>
<link rel="stylesheet" type="text/css" href="/styles/style.css">
</head>
<body>
<?php include("$root/menu.php");?>
<?php include("$root/header.php");?>
<section>
<h2>Register</h2>
<?=(isset($_SESSION['error_msg']) and ! $_SESSION['error_msg'] == "") ? '<div class="error">'.$_SESSION['error_msg'].'</div>' : ""?>
<form action="register.php" method="post">
<label for="firstname">First Name*</label>
<input id="firstname" type="text" name="firstname" placeholder="John" required>
<label for="lastname">Last Name*</label>
<input id="lastname" type="text" name="lastname" placeholder="Doe" required>
<label for="username">Username*</label>
<input id="username" type="text" name="username" placeholder="jojo" required>
<label for="password">Password*</label>
<input type="password" name="password" id="password" placeholder="************" required>
<label for="email">Your email*</label>
<input type="email" name="email" id="email" placeholder="john.doe@example.com" required>
<label for="website">Your website (optional)</label>
<input type="url" name="website" id="website" placeholder="https://example.com">
<input type="submit" name="submit" value="submit"><input type="reset" name="reset" value="reset">
</form>
</section>
<?php include("$root/footer.php");?>
</body>
<script src="/scripts/script.js"></script>
</html>

View File

@ -0,0 +1,85 @@
<?php
session_start();
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
function database_entry($fname, $lname, $username, $password_hash, $email, $website) {
$root = realpath($_SERVER["DOCUMENT_ROOT"]);
require($root."/database/credentials.php");
// Connect the database
try{
$db = new PDO("mysql:host=$host;dbname=$database;charset=utf8",
$user,
$password,
array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
));
}catch (Exception $e){
die("Error : ".$e->getMessage());
}
$req = $db->prepare('INSERT INTO `authors` (`id`, `firstname`, `lastname`, `username`, `email`, `website`, `password`, `entry_timestamp`) VALUES (NULL, :fname, :lname, :username, :email, :website, :password, current_timestamp());');
$req->execute(array(
'fname' => $fname,
'lname' => $lname,
'username' => $username,
'email' => $email,
'website' => $website,
'password' => $password_hash
));
}
$_SESSION['error_msg'] = "";
if (isset($_POST['submit']))
{
if (isset($_POST['firstname']))
{
$fname = $_POST['firstname'];
} else
{
$_SESSION['error_msg'] .= "You did not enter a proper first name.\n";
}
if (isset($_POST['lastname']))
{
$lname = $_POST['lastname'];
} else
{
$_SESSION['error_msg'] .= "You did not enter a proper last name.\n";
}
if (isset($_POST['username']))
{
$username = $_POST['username'];
} else
{
$_SESSION['error_msg'] .= "You did not enter a proper username.\n";
}
if (isset($_POST['email']))
{
$email = $_POST['email'];
} else
{
$_SESSION['error_msg'] .= "You did not enter a proper email address.\n";
}
$website = isset($_POST['website']) ? $_POST['website'] : "";
if (isset($_POST['password'])) {
$password_hash = password_hash($_POST['password'], PASSWORD_DEFAULT);
} else {
$_SESSION['error_msg'] .= "You did not enter a proper password.\n";
}
} else
{
$_SESSION['error_msg'] .= "You did not submit the register form.\n";
}
if ($_SESSION['error_msg'] == "")
{
database_entry($fname, $lname, $username, $password_hash, $email, $website, $password);
header('Location: '."../../auth/login");
} else
{
header('Location: '."../../auth/register");
}
?>

Binary file not shown.

View File

@ -0,0 +1,2 @@
Preview SQL
CREATE TABLE `chirocanto`.`authors` ( `id` INT NOT NULL AUTO_INCREMENT , `firstname` VARCHAR(125) NOT NULL , `lastname` VARCHAR(125) NOT NULL , `email` VARCHAR(125) NOT NULL , `website` VARCHAR(125) NOT NULL , `entry_timestamp` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP , PRIMARY KEY (`id`)) ENGINE = InnoDB;

View File

@ -0,0 +1,16 @@
CREATE TABLE IF NOT EXISTS `chirocanto`.`records`
( `id` INT NOT NULL AUTO_INCREMENT ,
`entry_timestamp` INT NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT 'Timestamp when entered in database' ,
`author_id` INT NOT NULL COMMENT 'author_id associated with author table' ,
`file_name` VARCHAR(125) NOT NULL COMMENT 'Name of uploaded file.' ,
`license` VARCHAR(25) NOT NULL COMMENT 'License of uploaded file.' ,
`species` VARCHAR(50) NOT NULL COMMENT 'Species of uploaded sound.' ,
`subspecies` VARCHAR(50) NOT NULL COMMENT 'Subspecies of uploaded sound.' ,
`sound_type` VARCHAR(25) NOT NULL COMMENT 'Sound type of the file.' ,
`coordinates` POINT NOT NULL COMMENT 'Coordinates of the record.' ,
`country` VARCHAR NOT NULL COMMENT 'Country of the record.' ,
`date` DATE NOT NULL COMMENT 'Date of the record.' ,
`time` TIME NOT NULL COMMENT 'Time of the record.' ,
`remarks` TEXT NOT NULL COMMENT 'Remarks given for this record.' ,
PRIMARY KEY (`id`))
ENGINE = InnoDB;

View File

@ -0,0 +1,23 @@
database entries:
# records
id
timestamp entry
author_id
recordist_name
file_name
license
species
subspecies
sound type
coordinates
country
date
time
remarks
# authors
id
firstname
lastname
email
website

View File

@ -79,7 +79,7 @@ input {
}
/* Style inputs with type="text", select elements and textareas */
input[type=text], input[type=email], input[type=url], select, textarea {
input[type=text], input[type=email], input[type=url], input[type=password], select, textarea {
width: 100%; /* Full width */
padding: 12px; /* Some padding */
border: 1px solid #ccc; /* Gray border */
@ -240,3 +240,10 @@ div.coordinates input[type="text"] {
.sci-name {
font-style: italic;
}
.error {
border: solid red;
border-radius: 5px;
padding: 0.5em;
background-color: rgba(255, 0, 0, 0.4)
}

View File

@ -1,8 +1,10 @@
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
session_start();
if (! isset($_SESSION['error_msg'])) {
$_SESSION['error_msg'] = "";
}

View File

@ -18,8 +18,9 @@ try{
die("Error : ".$e->getMessage());
}
/* Create Table if not exists */
$req = $db->prepare('CREATE TABLE IF NOT EXISTS golden_book ( `id` INT NOT NULL AUTO_INCREMENT , `firstname` VARCHAR(25) NOT NULL , `lastname` VARCHAR(25) NOT NULL , `email` VARCHAR(125) NOT NULL, `date` DATE NOT NULL DEFAULT CURRENT_TIMESTAMP , `message` TEXT NOT NULL , `website` VARCHAR(125) NOT NULL , PRIMARY KEY (`id`)) ENGINE = InnoDB;');
$req->execute();
// /* Create Table if not exists */
// $sql = file_get_contents($root."/database/create_record.sql");
// $db->exec($sql);
?>

View File

@ -65,7 +65,7 @@
<script src="scripts/checkmap.js">
</script>
<form action="submitobservation" method="post">
<form action="submitobservation.php" method="post">
<input type="checkbox" id="allok" name="allok">
<label for="allok">All informations are ok.</label><br>
<input type="submit" name="submit" value="submit">