changed the 'database.php' file to a more functional model
This commit is contained in:
parent
e5dabfa2d0
commit
dc3d367d19
|
@ -5,7 +5,7 @@ require_once($path . "/core/config.php");
|
|||
|
||||
function get_database_conn() {
|
||||
$conn= mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
|
||||
if (!$DB_CONN) {
|
||||
if (!$conn) {
|
||||
die('Could not connect to the database host!' . mysql_error());
|
||||
}
|
||||
return $conn;
|
||||
|
|
|
@ -44,7 +44,7 @@ function display_header($title = "~chan") {
|
|||
<span style="float: right">
|
||||
<b>profile:</b> (
|
||||
<?php
|
||||
if (($_SESSION['logged_in'] ?? 0) == 1) {
|
||||
if (($_SESSION['logged_in'] ?? false)) {
|
||||
// I just decided to echo everything out here since the <?php ?\> syntax was ugly
|
||||
echo "<a href=\"/profile.php\">profile</a>";
|
||||
echo " / ";
|
||||
|
|
17
login.php
17
login.php
|
@ -19,7 +19,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|||
if ($username == '' || $password == '') failed_login();
|
||||
|
||||
$conn = get_database_conn();
|
||||
$login_sql = "SELECT id, username, password, FROM user WHERE username = ? LIMIT 1";
|
||||
$login_sql = "SELECT id, username, password, admin FROM user WHERE username = ? LIMIT 1";
|
||||
$stmt = mysqli_prepare($conn, $login_sql);
|
||||
mysqli_stmt_bind_param($stmt, 's', $username);
|
||||
if (!mysqli_stmt_execute($stmt)) {
|
||||
|
@ -29,10 +29,19 @@ if($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|||
if (!mysqli_stmt_num_rows($stmt) != 1) {
|
||||
failed_login();
|
||||
}
|
||||
mysqli_stmt_bind_result($stmt, $id, $username, $password_hash);
|
||||
mysqli_stmt_bind_result($stmt, $id, $username, $password_hash, $admin);
|
||||
mysqli_stmt_fetch($stmt);
|
||||
if (!password_verify($password, $password_hash)) {
|
||||
failed_login();
|
||||
}
|
||||
|
||||
$_SESSION['logged_id'] = true;
|
||||
$_SESSION['id'] = $id;
|
||||
$_SESSION['username'] = $username;
|
||||
$_SESSION['admin'] = $admin;
|
||||
|
||||
|
||||
//TODO: add some sort of message
|
||||
header('/index.php');
|
||||
}
|
||||
|
||||
display_header("~chan - login");
|
||||
|
@ -43,7 +52,7 @@ display_header("~chan - login");
|
|||
padding-top: 100px;
|
||||
">
|
||||
<h1>login</h1>
|
||||
<form action="login.php" class="input-form">
|
||||
<form action="login.php" method="post" class="input-form">
|
||||
<table>
|
||||
<tr>
|
||||
<td><b>username:</b></td>
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
$path = $_SERVER['DOCUMENT_ROOT'];
|
||||
require_once($path . '/core/header.php');
|
||||
require_once($path . '/core/footer.php');
|
||||
require_once($path . '/core/security.php');
|
||||
require_once($path . '/core/database.php');
|
||||
|
||||
//TODO: email / invite registration
|
||||
|
@ -41,9 +40,10 @@ if($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|||
failed_register("usernames must be at least 3 characters long");
|
||||
}
|
||||
|
||||
$conn = get_database_conn();
|
||||
// Check if the user already exists
|
||||
$check_user_sql = "SELECT * FROM user WHERE username = ? LIMIT 1";
|
||||
$stmt = mysqli_prepare($DB_CONN, $check_user_sql);
|
||||
$stmt = mysqli_prepare($conn, $check_user_sql);
|
||||
mysqli_stmt_bind_param($stmt, 's', $username);
|
||||
if (mysqli_stmt_execute($stmt)) {
|
||||
mysqli_stmt_store_result($stmt);
|
||||
|
@ -61,7 +61,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|||
$hash = password_hash($password, PASSWORD_BCRYPT);
|
||||
$insert_user_sql = "INSERT INTO user (username, password, admin, registered, last_login)
|
||||
VALUES (?, ?, 0, now(), NULL);";
|
||||
$stmt = mysqli_prepare($DB_CONN, $insert_user_sql);
|
||||
$stmt = mysqli_prepare($conn, $insert_user_sql);
|
||||
mysqli_stmt_bind_param($stmt, 'ss', $username, $hash);
|
||||
mysqli_stmt_execute($stmt);
|
||||
|
||||
|
|
Loading…
Reference in New Issue