PageRenderTime 24ms CodeModel.GetById 11ms RepoModel.GetById 0ms app.codeStats 0ms

/index.php

https://gitlab.com/bkrpage/php-Login-System
PHP | 167 lines | 126 code | 39 blank | 2 comment | 27 complexity | 503bdbf261035513b9f38a9b75fcadc8 MD5 | raw file
    

  1. <?php 
    2. 

  2. 	session_start();
    3. 

  3. 	
    4. 

  4. 	$page_title = "Home ";
    5. 

  5. 	
    6. 

  6. 	require 'header.php';
    7. 

  7. 	
    8. 

  8. 	if (isset($_COOKIE['user'])){
    9. 

  9. 		$_SESSION['loggedin'] = true;
    10. 

  10. 		$_SESSION['userID'] = $_COOKIE['user'];
    11. 

  11. 	}
    12. 

  12. 	
    13. 

  13. 	if (isset($_SESSION['loggedin'])){
    14. 

  14. 		if ($_SESSION['loggedin'] == true){
    15. 

  15. 			header('Location: control_panel.php');
    16. 

  16. 		} else {
    17. 

  17. 			echo "Error";
    18. 

  18. 			unset($_SESSION['loggedin']);
    19. 

  19. 		}
    20. 

  20. 	} else {
    21. 

  21. ?>	
    22. 

  22. 	<div class="form-box index">
    23. 

  23. 	
    24. 

  24. 		<h1> Login </h1>
    25. 

  25. 

  26. 		<p class="notification"> Currently, due to my hostings Database restrictions, the website is not functioning on bkrpage.co.uk right now. However, 
    27. 

  27. 				there is a working version at <a href="http://student20352.201415.uk">my University sub-domain</a>.</p>
    28. 

  28. <?php
    29. 

  29. 		if ($_GET['successfulReset']){
    30. 

  30. 			
    31. 

  31. 			unset($_SESSION['user_resetting_pass']);
    32. 

  32. 			echo "<p class='success'>Password successfully reset, now you can login below</p>";
    33. 

  33. 		}
    34. 

  34. 	
    35. 

  35. 		if ($_GET['registered']){
    36. 

  36. 			echo "<p class='success'>Successfully registered. Please login below</p>";
    37. 

  37. 		}
    38. 

  38. 		
    39. 

  39. 		if ($_GET['loggedout']){
    40. 

  40. 			echo "<p class='success'>You have logged out. Goodbye!</p>";
    41. 

  41. 		}
    42. 

  42. 		
    43. 

  43. 		if ($_GET['alreadyloggedout']){
    44. 

  44. 			echo "<p class='warning'>You are already logged out</p>";
    45. 

  45. 		}
    46. 

  46. 		
    47. 

  47. 		if ($_GET['notLoggedIn']){
    48. 

  48. 			echo "<p class='warning'>You are not logged in</p>";
    49. 

  49. 		}
    50. 

  50. 		
    51. 

  51. 		
    52. 

  52. 			
    53. 

  53. 		if (!empty($_POST)){
    54. 

  54. 				
    55. 

  55. 			$email = $_POST['email'];
    56. 

  56. 			$password = $_POST['password'];
    57. 

  57. 			$hashed_pw = SHA1("$password");
    58. 

  58. 			
    59. 

  59. 			$remember_me = $_POST['remember'];
    60. 

  60. 		
    61. 

  61. 			$entry_errors = array();
    62. 

  62. 			
    63. 

  63. 			if (empty($email)){
    64. 

  64. 				$entry_errors[] = "<p class='error'>Please enter your Email</p><style>.e{border: 1px solid #CC0000;}</style>";
    65. 

  65. 			} else {
    66. 

  66. 				$uid = "i7709331"; 
    67. 

  67. 				$pwd = "phppass"; 
    68. 

  68. 				$host = "127.0.0.1";
    69. 

  69. 				$db = $uid;
    70. 

  70. 				$conn = mysqli_connect($host, $uid, $pwd, $db);
    71. 

  71. 				 
    72. 

  72. 				$q_email_check = "SELECT u_email FROM users WHERE u_email LIKE '$email'"; //Query to find duplicate emails
    73. 

  73. 				$result_email = mysqli_query($conn, $q_email_check);
    74. 

  74. 				$num_rows = mysqli_fetch_array($result_email);
    75. 

  75. 			
    76. 

  76. 				if (empty($num_rows)){
    77. 

  77. 					$entry_errors[] = "<p class='error'>User does not exist</p><style>.e{border: 1px solid #CC0000;}</style>";
    78. 

  78. 				}
    79. 

  79. 			}
    80. 

  80. 			
    81. 

  81. 			if (empty($password) && empty($entry_errors)){
    82. 

  82. 				$entry_errors[] = "<p class='error'>Please enter a Password</p><style>.pw{border: 1px solid #CC0000;}</style>";
    83. 

  83. 			} else if (empty($entry_errors)){
    84. 

  84. 				$uid = "i7709331"; 
    85. 

  85. 				$pwd = "phppass"; 
    86. 

  86. 				$host = "127.0.0.1";
    87. 

  87. 				$db = $uid;
    88. 

  88. 				$conn = mysqli_connect($host, $uid, $pwd, $db);
    89. 

  89. 				 
    90. 

  90. 				$q_password_check = "SELECT u_password FROM users WHERE u_email LIKE '$email' AND u_password LIKE '$hashed_pw'"; //Query to find duplicate emails
    91. 

  91. 				$result_password = mysqli_query($conn, $q_password_check);
    92. 

  92. 				$num_rows = mysqli_fetch_array($result_password);
    93. 

  93. 			
    94. 

  94. 				if (empty($num_rows)){
    95. 

  95. 					$entry_errors[] = "<p class='error'>Password is incorrect</p><style>.pw{border: 1px solid #CC0000;}</style>";
    96. 

  96. 				}
    97. 

  97. 			}
    98. 

  98. 		
    99. 

  99. 			if(empty($entry_errors)){
    100. 

  100. 				$uid = "i7709331"; 
    101. 

  101. 				$pwd = "phppass"; 
    102. 

  102. 				$host = "127.0.0.1";
    103. 

  103. 				$db = $uid;
    104. 

  104. 				$conn = mysqli_connect($host, $uid, $pwd, $db);
    105. 

  105. 				
    106. 

  106. 				//escapes any mysqli commands
    107. 

  107. 				$email = mysqli_real_escape_string($conn, $email);
    108. 

  108. 				
    109. 

  109. 				$qry = "SELECT * FROM users WHERE u_email LIKE '$email' AND u_password LIKE '$hashed_pw'";
    110. 

  110. 				$result = mysqli_query($conn,$qry);
    111. 

  111. 

  112. 				$rows = mysqli_num_rows($result);
    113. 

  113. 				if ($rows == 1){
    114. 

  114. 					
    115. 

  115. 					$_SESSION['loggedin'] = true;
    116. 

  116. 					$_SESSION['userID'] = $email;
    117. 

  117. 					
    118. 

  118. 					//set cookie to stay logged in if wanted
    119. 

  119. 					
    120. 

  120. 					if ($remember_me == "true"){
    121. 

  121. 						$cookie_name = "user";
    122. 

  122. 						$cookie_value = $email;
    123. 

  123. 						$cookie_time = time() + 3600 * 24 * 7; //setting cookie expiry time for a week
    124. 

  124. 						setcookie($cookie_name, $cookie_value, $cookie_time);
    125. 

  125. 					}
    126. 

  126. 					
    127. 

  127. 					header('Location: control_panel.php');
    128. 

  128. 				} 
    129. 

  129. 				
    130. 

  130. 				mysqli_close($conn);
    131. 

  131. 			} else {
    132. 

  132. 				foreach($entry_errors as $e){
    133. 

  133. 					echo "$e";
    134. 

  134. 				}
    135. 

  135. 			}
    136. 

  136. 		}
    137. 

  137. ?>
    138. 

  138. 		<form action="index.php" method="POST">
    139. 

  139. 			<label for="email">Email</label>
    140. 

  140. 			<input type="email" name="email" value="<?php if(!empty($email)) echo "$email" ; ?>" class="e">
    141. 

  141. 			
    142. 

  142. 			<label for="password">Password</label>
    143. 

  143. 			<input type="password" name="password" class="pw">
    144. 

  144. 			
    145. 

  145. 			<label id="rememberme"><input type="checkbox" name="remember" value="true">Remember me</label>
    146. 

  146. 			
    147. 

  147. 			<input type="submit" value="Login" class="submit login">
    148. 

  148. 		</form>
    149. 

  149. 		
    150. 

  150. 		<form action="register.php">
    151. 

  151. 			<input type="submit" value="No account? Register!" class="submit register">
    152. 

  152. 		</form>
    153. 

  153. 		
    154. 

  154. 		<form action="forgot_password.php">
    155. 

  155. 			<input type="submit" value="Forgot Password?" class="submit forgot">
    156. 

  156. 		</form>
    157. 

  157. 	</div>
    158. 

  158. 

  159. <?php
    160. 

  160. 	}
    161. 

  161. ?>
    162. 

  162. 	<footer>
    163. 

  163. 		<div id="github"> This site was made by Bradley Page using PHP and MySQLi. To see the working innards as well as my other projects, check out my <a href="https://github.com/bkrpage/php-Login-System">Github Repo</a>! </div>
    164. 

  164. 	</footer>
    165. 

  165. 

  166. </body>
    167. 

  167. </html>
    168.