Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
sopham
/
todolist
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Snippets
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
976462b2
authored
May 14, 2019
by
sopham
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
sanitize inpu
parent
a38ee877
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
13 additions
and
49 deletions
authentication.php
insert.php
login_page.php
authentication.php
deleted
100644 → 0
View file @
a38ee877
<?php
session_start
();
//include the database connection data
require_once
"dbconnection.php"
;
//make the query
if
(
$stmt
=
$link
->
prepare
(
'SELECT ID,password FROM users WHERE username= ?'
))
{
//bind user input to query
$stmt
->
bind_param
(
's'
,
$_POST
[
'username'
]);
//execute query
$stmt
->
execute
();
//transfer a result set from last query
$stmt
->
store_result
();
if
(
$stmt
->
num_rows
>
0
)
{
//bind variables to a prepared statement for result storage
$stmt
->
bind_result
(
$id
,
$password
);
//fetch results from the prepared statement to bound variables
$stmt
->
fetch
();
//if password is correct, establish session
if
(
$_POST
[
'password'
]
===
$password
)
{
session_regenerate_id
();
$_SESSION
[
'loggedin'
]
=
TRUE
;
$_SESSION
[
'name'
]
=
$_POST
[
'username'
];
$_SESSION
[
'id'
]
=
$id
;
header
(
'Location:index.php'
);
}
else
{
echo
"Incorrect password"
;
}
}
else
echo
'Incorrect username'
;
//close the statement
$stmt
->
close
();
}
//close the connection
$link
->
close
();
?>
insert.php
View file @
976462b2
...
@@ -4,6 +4,10 @@ session_start();
...
@@ -4,6 +4,10 @@ session_start();
//include database connection data
//include database connection data
include_once
"dbconnection.php"
;
include_once
"dbconnection.php"
;
//sanitize user input
include_once
"sanitize.php"
;
$task
=
sanitizeInputVar
(
$link
,
$_POST
[
'task'
]);
//make the query
//make the query
$query
=
"INSERT INTO toDoList (task, userID) VALUES (?,?) "
;
$query
=
"INSERT INTO toDoList (task, userID) VALUES (?,?) "
;
...
@@ -11,7 +15,7 @@ $query = "INSERT INTO toDoList (task, userID) VALUES (?,?) ";
...
@@ -11,7 +15,7 @@ $query = "INSERT INTO toDoList (task, userID) VALUES (?,?) ";
$query
=
$link
->
prepare
(
$query
);
$query
=
$link
->
prepare
(
$query
);
//bind variables to the prepared query
//bind variables to the prepared query
$query
->
bind_param
(
'si'
,
$
_POST
[
'task'
]
,
$_SESSION
[
'id'
]);
$query
->
bind_param
(
'si'
,
$
task
,
$_SESSION
[
'id'
]);
//execute the query
//execute the query
$query
->
execute
();
$query
->
execute
();
...
...
login_page.php
View file @
976462b2
...
@@ -7,13 +7,18 @@ require_once "dbconnection.php";
...
@@ -7,13 +7,18 @@ require_once "dbconnection.php";
//define error variable
//define error variable
$err
=
""
;
$err
=
""
;
//sanitize user input
include_once
"sanitize.php"
;
$username
=
sanitizeInputVar
(
$link
,
$_POST
[
'username'
]);
$pass
=
sanitizeInputVar
(
$link
,
$_POST
[
'password'
]);
if
(
$_SERVER
[
"REQUEST_METHOD"
]
==
"POST"
)
{
if
(
$_SERVER
[
"REQUEST_METHOD"
]
==
"POST"
)
{
//make the query
//make the query
if
(
$stmt
=
$link
->
prepare
(
'SELECT ID,password FROM users WHERE username= ?'
))
{
if
(
$stmt
=
$link
->
prepare
(
'SELECT ID,password FROM users WHERE username= ?'
))
{
//bind user input to query
//bind user input to query
$stmt
->
bind_param
(
's'
,
trim
(
$
_POST
[
'username'
]
));
$stmt
->
bind_param
(
's'
,
trim
(
$
username
));
//execute query
//execute query
if
(
$stmt
->
execute
()){
if
(
$stmt
->
execute
()){
...
@@ -31,10 +36,10 @@ if ($stmt = $link->prepare('SELECT ID,password FROM users WHERE username= ?')) {
...
@@ -31,10 +36,10 @@ if ($stmt = $link->prepare('SELECT ID,password FROM users WHERE username= ?')) {
$stmt
->
fetch
();
$stmt
->
fetch
();
//if password is correct, establish session
//if password is correct, establish session
if
(
trim
(
$
_POST
[
'password'
]
)
===
$password
)
{
if
(
trim
(
$
pass
)
===
$password
)
{
session_regenerate_id
();
session_regenerate_id
();
$_SESSION
[
'loggedin'
]
=
TRUE
;
$_SESSION
[
'loggedin'
]
=
TRUE
;
$_SESSION
[
'name'
]
=
$
_POST
[
'username'
]
;
$_SESSION
[
'name'
]
=
$
username
;
$_SESSION
[
'id'
]
=
$id
;
$_SESSION
[
'id'
]
=
$id
;
header
(
'Location:index.php'
);
header
(
'Location:index.php'
);
}
else
{
}
else
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment