Webbserver - Love Blomberg

Show sourcecode

The following files exists in this folder. Click to view.

public_html/exercises/databas/ovn_db2/

admin/
admin.php
home.php
login.php
logout.php

login.php

91 lines ASCII Windows (CRLF)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
<?php
session_start();
$login_error null;

if (isset($_SESSION['login_error'])) {
  $login_error $_SESSION['login_error'];
  unset($_SESSION['login_error']);
}

function login($username$password)
{
  include('../dbconnection.php');
  if (!$dbconn) {
    die("Connection failed: Can't connect to database.");
  }
  $sql "SELECT * FROM users WHERE username = :username AND password = :password";
  $stmt $dbconn->prepare($sql);
  $stmt->bindParam(':username'$username);
  $stmt->bindParam(':password'$password);
  $stmt->execute();

  $res $stmt->fetch(PDO::FETCH_ASSOC);
  if (!$res) {
    return false;
  } else {
    $_SESSION['is_admin'] = ($res['is_admin'] == 1) ? 0;
    $_SESSION['logged_in'] = 1;
    header("Location: home.php");
    exit();
  }
}

if (
  isset($_POST['username']) && isset($_POST['password']) &&
  !empty($_POST['username']) && !empty($_POST['password'])
) {
  $username $_POST['username'];
  $password $_POST['password'];

  try {
    if (!login($username$password)) {
      $_SESSION['login_error'] = "<p>INCORRECT DETAILS</p>";
      header("Location: login.php");
      exit();
    }
  } catch (PDOException $e) {
    $_SESSION['login_error'] = "<p>An error occurred. Please try again later.</p>";
    header("Location: login.php");
    exit();
  }
}
?>

<!DOCTYPE html>
<html lang="en">

<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Login</title>
</head>

<body>
  <h1>Welcome! Please enter your credentials.</h1>
  <form method="post" action="">
    <table>
      <tr>
        <td>Username:</td>
        <td><input type="text" name="username" size=20 maxlength=10>
        </td>
      </tr>
      <tr>
        <td>Password:</td>
        <td><input type="password" name="password" size=20 maxlength=100></td>
      </tr>
      <tr>
        <td><button type="submit">Login</button></td>
      </tr>
    </table>
  </form>

  <?php
  // Display the error message here if it exists
  if ($login_error) {
    echo $login_error;
  }
  ?>

</body>

</html>