-
Notifications
You must be signed in to change notification settings - Fork 0
/
session.php
132 lines (123 loc) · 5.76 KB
/
session.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
<?php
session_start();
$db = new PDO('sqlite:messaging.db');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->exec("CREATE TABLE IF NOT EXISTS users (
id INTEGER PRIMARY KEY AUTOINCREMENT,
email TEXT UNIQUE,
username TEXT,
password TEXT
)");
$db->exec("CREATE TABLE IF NOT EXISTS messages (
id INTEGER PRIMARY KEY AUTOINCREMENT,
email TEXT,
message TEXT,
date DATETIME DEFAULT CURRENT_TIMESTAMP
)");
$error_message = '';
if (isset($_POST['login'])) {
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$password = $_POST['password'];
if (empty($email) || empty($password)) {
$error_message = 'Please enter email and password';
} else {
$query = "SELECT * FROM users WHERE email = :email";
$stmt = $db->prepare($query);
$stmt->execute([':email' => $email]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['email'] = $user['email'];
$_SESSION['username'] = $user['username'];
header('Location: /');
exit;
} else {
$error_message = 'Invalid email or password';
}
}
} elseif (isset($_POST['register'])) {
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$password = $_POST['password'];
if (empty($email) || empty($password) || empty($username)) {
$error_message = 'Please enter username, email, and password';
} else {
$query = "SELECT * FROM users WHERE email = :email";
$stmt = $db->prepare($query);
$stmt->execute([':email' => $email]);
$user = $stmt->fetch();
if ($user) {
$error_message = 'Email already taken';
} else {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$query = "INSERT INTO users (email, password, username) VALUES (:email, :password, :username)";
$stmt = $db->prepare($query);
$stmt->execute([':email' => $email, ':password' => $hashed_password, ':username' => $username]);
$_SESSION['user_id'] = $db->lastInsertId();
$_SESSION['email'] = $email;
$_SESSION['username'] = $username;
header('Location: /');
exit;
}
}
}
?>
<!DOCTYPE html>
<html lang="en" data-bs-theme="dark">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login/Register</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.2/font/bootstrap-icons.min.css">
<script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.8/dist/umd/popper.min.js" integrity="sha384-I7E8VVD/ismYTF4hNIPjVp/Zjvgyol6VFvRkX/vR+Vc4jQkC+hVqc2pM8ODewa9r" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.min.js" integrity="sha384-BBtl+eGJRgqQAUMxJ7pMwbEyER4l1g+O15P+16Ep7Q9Q+zqX6gSbd85u4mG4QzX+" crossorigin="anonymous"></script>
</head>
<body>
<div class="container">
<div class="d-flex justify-content-center align-items-center vh-100">
<div class="p-0" style="max-width: 300px;">
<?php if (!isset($_GET['page']) || $_GET['page'] == 'login'): ?>
<h1 class="fw-bold mb-0 fs-2 text-center mb-5">Login</h1>
<form method="post">
<div class="form-floating mb-3">
<input type="email" name="email" class="form-control rounded-3" id="floatingInputEmail" placeholder="name@example.com" required>
<label for="floatingInputEmail">Email</label>
</div>
<div class="form-floating mb-3">
<input type="password" name="password" class="form-control rounded-3" id="floatingPassword" placeholder="password" required>
<label for="floatingPassword">Password</label>
</div>
<div class="btn-group w-100 gap-3 mb-3">
<button class="btn btn-primary fw-bold rounded w-50" type="submit" name="login">Login</button>
</div>
<a class="text-decoration-none" href="?page=register">Don't have an account?</a>
</form>
<?php elseif ($_GET['page'] == 'register'): ?>
<h1 class="fw-bold mb-0 fs-2 text-center mb-5">Register</h1>
<form method="post">
<div class="form-floating mb-3">
<input type="text" name="username" class="form-control rounded-3" id="floatingInputusername" placeholder="username name" required>
<label for="floatingInputusername">username</label>
</div>
<div class="form-floating mb-3">
<input type="email" name="email" class="form-control rounded-3" id="floatingInputEmail" placeholder="name@example.com" required>
<label for="floatingInputEmail">Email</label>
</div>
<div class="form-floating mb-3">
<input type="password" name="password" class="form-control rounded-3" id="floatingPassword" placeholder="password" required>
<label for="floatingPassword">Password</label>
</div>
<div class="btn-group w-100 gap-3 mb-3">
<button class="btn btn-primary fw-bold rounded w-50" type="submit" name="register">Register</button>
</div>
<a class="text-decoration-none" href="?page=login">Already have an account?</a>
</form>
<?php else: ?>
<p>Invalid page request.</p>
<?php endif; ?>
</div>
</div>
</div>
</body>
</html>