Show sourcecode
The following files exists in this folder. Click to view.
public_html/exercises/quizproject/
admin/
createtable.php
dbconnection.php
icons/
index.php
login.php
logout.php
quiz/
quiz_styles.css
register.php
login.php
124 lines UTF-8 Windows (CRLF)
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124
<?php
session_start();
// Spara login fel
$login_error = null;
// Börja med att ta bort gamla login errors
if (isset($_SESSION['login_error'])) {
$login_error = $_SESSION['login_error'];
unset($_SESSION['login_error']);
}
// Logga in med användarnamn och lösen
function login($username, $password)
{
include('dbconnection.php');
// Se till så att dbconn funkar
if (!$dbconn) {
die("Connection failed: Can't connect to database.");
}
// Hitta alla där användare och lösen matchar
$sql = "SELECT * FROM users WHERE username = :username";
$stmt = $dbconn->prepare($sql);
$stmt->bindParam(':username', $username);
$stmt->execute();
$res = $stmt->fetch(PDO::FETCH_ASSOC);
// kolla password hash så det är rätt
if (!$res || !password_verify($password, $res['password'])) {
// Fel uppgifter, return false
return false;
} else {
// // Kanske kan vara bättre att endast spara ID
// Generera ny session id för att förhindra hijack
session_regenerate_id(true);
// Sätt logged in
$_SESSION['logged_in'] = 1;
// Om användare är admin, sätt i session
$_SESSION['is_admin'] = ($res['is_admin'] == 1) ? 1 : 0;
// Spara användares fulla namn (inte användarnamn)
$_SESSION['name'] = ($res['fullname']);
// Spara användar ID
$_SESSION['user_id'] = ($res['user_id']);
// Skicka till dashboard sida
header("Location: index.php");
exit();
}
}
if (
isset($_POST['username']) && isset($_POST['password']) &&
!empty($_POST['username']) && !empty($_POST['password'])
) {
// Användarnamn och lösen från input element
$username = $_POST['username'];
$password = $_POST['password'];
try {
// Försök logga in
if (!login($username, $password)) {
$_SESSION['login_error'] = "<p>Incorrect Details.</p>";
header("Location: login.php");
exit();
}
} catch (PDOException $e) {
// Sätt login error
$_SESSION['login_error'] = "<p>An error occurred. Please try again later.</p>";
header("Location: login.php");
exit();
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Quizzer | Login</title>
<link rel="stylesheet" href="quiz_styles.css">
<link rel="shortcut icon" href="./icons/login-icon.svg" type="image/x-icon">
</head>
<body>
<div class="page page-narrow">
<div class="page-header">
<div>
<h1 class="page-title">Welcome to Quizzer.</h1>
<p class="page-subtitle">Please enter your credentials or sign up.</p>
</div>
</div>
<?php
// Visa login felmeddelande
if ($login_error) {
echo "<div class='alert alert-error'>" . $login_error . "</div>";
}
?>
<div class="card">
<form method="post" action="">
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="username" maxlength="64" required autocomplete="username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" maxlength="32" required autocomplete="current-password"></td>
</tr>
<tr>
<td></td>
<td><button type="submit" class="btn">Login</button> <button type="button"onclick="location.href = './register.php';" class="btn signup">Sign Up</button></td>
</tr>
</table>
</form>
</div>
</div>
</body>
</html>