Fixed errors in login_db

lisawilliams · lisawilliams · commit 13b54bf91cc7 · 2011-10-25T16:56:47.000-04:00
PHP block was missing a final ?&gt;  and "trim" function shouldn't have a
$ before it
diff --git a/authenticate/authenticate_2way_mysqli.inc.php b/authenticate/authenticate_2way_mysqli.inc.php
@@ -0,0 +1,27 @@
+<?php
+require_once('../ch16/connection.inc.php');
+$conn = dbConnect('read');
+// create key
+$key = 'takeThisWith@PinchOfSalt';
+$sql = 'SELECT username FROM users_2way
+		WHERE username = ? AND pwd = AES_ENCRYPT(?, ?)';
+// initialize and prepare statement
+$stmt = $conn->stmt_init();
+$stmt->prepare($sql);
+// bind the input parameters
+$stmt->bind_param('sss', $username, $password, $key);
+$stmt->execute();
+// store the result
+$stmt->store_result();
+// if a match is found, num_rows is 1, which is treated as true
+if ($stmt->num_rows) {
+  $_SESSION['authenticated'] = 'Jethro Tull';
+  // get the time the session started
+  $_SESSION['start'] = time();
+  session_regenerate_id();
+  header("Location: $redirect");
+  exit;
+} else {
+  // if no match, prepare error message
+  $error = 'Invalid username or password';
+}
diff --git a/authenticate/login_db.php b/authenticate/login_db.php
@@ -1,10 +1,20 @@
+<?php 
+$error = '';
+if (isset($_POST['login'])) {
+	session_start();
+	$username = trim($_POST['username']);
+	$password = trim($_POST['pwd']);
+	// location to redirect on success 
+	$redirect = 'http://localhost/phpsols/authenticate/menu_db.php';
+	require_once('../includes/authenticate_mysqli.inc.php');
+	}
+	?>
 <!DOCTYPE HTML>
 <html>
 <head>
 <meta charset="utf-8">
 <title>Login</title>
 </head>
-
 <body>
 <?php
 if ($error) {
diff --git a/includes/register_2way_mysqli.inc.php b/includes/register_2way_mysqli.inc.php
@@ -0,0 +1,43 @@
+<?php
+require_once('../classes/Ps2/CheckPassword.php');
+$usernameMinChars = 6;
+$errors = array();
+if (strlen($username) < $usernameMinChars) {
+  $errors[] = "Username must be at least $usernameMinChars characters.";
+}
+if (preg_match('/\s/', $username)) {
+  $errors[] = 'Username should not contain spaces.';
+}
+$checkPwd = new Ps2_CheckPassword($password, 10);
+$checkPwd->requireMixedCase();
+$checkPwd->requireNumbers(2);
+$checkPwd->requireSymbols();
+$passwordOK = $checkPwd->check();
+if (!$passwordOK) {
+  $errors = array_merge($errors, $checkPwd->getErrors());
+}
+if ($password != $retyped) {
+  $errors[] = "Your passwords don't match.";
+}
+if (!$errors) {
+  // include the connection file
+  require_once('connection.inc.php');
+  $conn = dbConnect('write');
+  // create a key
+  $key = 'takeThisWith@PinchOfSalt';
+  // prepare SQL statement
+  $sql = 'INSERT INTO users_2way (username, pwd)
+          VALUES (?, AES_ENCRYPT(?, ?))';
+  $stmt = $conn->stmt_init();
+  $stmt = $conn->prepare($sql);
+  // bind parameters and insert the details into the database
+  $stmt->bind_param('sss', $username, $password, $key);
+  $stmt->execute();
+  if ($stmt->affected_rows == 1) {
+	$success = "$username has been registered. You may now log in.";
+  } elseif ($stmt->errno == 1062) {
+	$errors[] = "$username is already in use. Please choose another username.";
+  } else {
+	$errors[] = 'Sorry, there was a problem with the database.';
+  }
+}
