Skip to content

Commit

Permalink
login and create account added
Browse files Browse the repository at this point in the history
login/create works. need to rework session and user classes probably
  • Loading branch information
drakeapps committed Dec 26, 2012
1 parent 5f38cc2 commit 806fc84
Show file tree
Hide file tree
Showing 16 changed files with 669 additions and 4 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@

.DS_Store
.idea/
6 changes: 6 additions & 0 deletions .htaccess
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^/login$ /login.php
RewriteRule ^create$ /create.php
</IfModule>
6 changes: 6 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@




PBKDF2 file from https://defuse.ca/php-pbkdf2.htm
Released under public domain
File renamed without changes.
17 changes: 14 additions & 3 deletions config.php
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,20 @@
// SETUP
// Database info
$dbhost = "localhost";
$dbuser = "redditsync";
$dbpass = "GYn5UZGGqGWU9PzA";
$dbname = "redditsync";
$dbuser = "root";
$dbpass = "";
$dbname = "rddtsync";



// Base URL
// if on root, make it blank
// otherwise /foldername with no trailing slash
$baseurl = "/rsync";


// API location
$apiloc = "http://localhost/rsync/api/";


$mysql = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
Expand Down
103 changes: 103 additions & 0 deletions create.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
<?php

include("config.php");
include("functions.php");


if(isset($_POST['create'])) {

$error = "";

$username = htmlspecialchars($_POST['username']);
$email = htmlspecialchars($_POST['email']);
$password = $_POST['password'];

if(count(explode("@", $email)) != 2 && !empty($email)) {
$error = "email not valid"; // meh. emails aren't required so only check if @ exists
}

if(strlen($username) < 3) {
$error = "username needs to be at least 3 characters long";
}

if(strlen($password) < 6) {
$error = "password needs to be at least 6 characters long";
}

if(strcmp($password, $_POST['passwordconfirm'])) {
$error = "passwords do not match";
}

// no errors. make acct
if($error == "") {

$hashset = create_hash($password);
$pieces = explode(":", $hashset);
$salt = $pieces[2];
$hash = $pieces[3];

$sql = "INSERT INTO `user` (
`id`,
`username`,
`passhash`,
`salt`,
`email`,
`created`,
`lastip`
) VALUES (
NULL,
'".mysql_real_escape_string($username)."',
'".mysql_real_escape_string($hash)."',
'".mysql_real_escape_string($salt)."',
'".mysql_real_escape_string($email)."',
'".time()."',
'".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."'
)";

if($mysql->query($sql)) {
//REDIRECT TO LOGIN
header("Location: login.php");
exit;
} else {
$r = $mysql->query("SELECT * FROM `user` WHERE `username` = '".mysql_real_escape_string($username)."' LIMIT 1");
if($r->num_rows > 0) {
$error = "username already exists";
} else {
$error = "database error";
}
}
}


}


htmlHeader("create account - synccit");

?>
<div id="center">

<span class="error"><?php echo $error; ?></span><br /><br />
<form action="create.php" method="post">

<input type="hidden" name="hash" value="<?php echo $hash; ?>" />
<label for="username">username</label><br />
<input type="text" id="username" name="username" value="<?php echo $username; ?>" class="text" />
<br /><br />
<label for="password">password</label><br />
<input type="password" id="password" name="password" value="" class="text" />
<br /><br />
<label for="passwordconfirm">confirm password</label><br />
<input type="password" id="passwordconfirm" name="passwordconfirm" value="" class="text" />
<br /><br />
<label for="email">email</label><br />
<input type="text" id="email" name="email" value="<?php echo $email; ?>" class="text" />
<br /><br />

<input type="submit" value="create" name="create" class="submit" />

</form>
</div>
<?php

htmlFooter();
70 changes: 70 additions & 0 deletions functions.php
Original file line number Diff line number Diff line change
@@ -1,8 +1,78 @@
<?php


include("pbkdf2.php");


// TODO: checklogged
// check if user is logged in.
function checkLoggedIn($authid, $userid, $authhash) {

return false;
}

// fetch user info
function getUserInfo($userid) {


}



// saved links
function getLinks($userid, $count, $start, $order ) {

}



// themeing
function htmlHeader($title, $loggedin=false) {
global $baseurl;
?>
<html>
<head>
<title><?php echo $title; ?></title>
<link rel="stylesheet" href="style.css" type="text/css" />
<!-- remember to remove the ones I'm not going to use -->
<link href='http://fonts.googleapis.com/css?family=Open+Sans' rel='stylesheet' type='text/css'>
<link href='http://fonts.googleapis.com/css?family=Ubuntu' rel='stylesheet' type='text/css'>
<!-- who am I kidding. I'm not going to remember -->
</head>
<body>
<div id="header">
<div id="title">
<a href="index.php">synccit</a>
</div>
<div id="navbar">
<ul id="nav">
<?php
if($loggedin) {
?>
<li><a class="navlink" href="profile.php">Profile</a></li>

<?php
} else {
?>
<li><a class="navlink" href="login.php">Login</a></li>
<li><a class="navlink" href="create.php">Create Account</a></li>
<?php
}?>
</ul>

</div>
</div>
<div id="content">
<?php
}

function htmlFooter() {
?>
</div>
<div id="footer">

<span class="attr"><a href="http://drakeapps.com/">Drake Apps, LLC</a> | <a href="http://github.com/drakeapps">Open Source</a></span>
</div>
</body>
</html><?php
}
30 changes: 30 additions & 0 deletions index.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
<?php

include("config.php");
include("functions.php");
include("session.php");

//$loggedin = checkLoggedIn($_SESSION['auth'], $_SESSION['user'], $_SESSION['hash']);
$loggedin = $session->isLoggedIn();


if($loggedin) {
$user = getUserInfo($_SESSION['user']);
$last10Links = getLinks($user, 10, 0, "desc");
$title = "synccit - ".$user->name." history";
} else {
$title = "synccit - reddit history sync";
}


htmlHeader($title, $loggedin);


if($loggedin) {
echo "stats probably. list of recently saved stuff";
} else {
echo "Take your reddit history to any device!<br /><br />Your visited links and comments are saved here, so when you browse reddit from another computer or device, your links are purple.";
}


htmlFooter();
112 changes: 112 additions & 0 deletions login.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
<?php

include("config.php");
include("functions.php");
include("session.php");

if($session->isLoggedIn()) {
header("Location: index.php");
exit;
}


if(isset($_POST['login'])) {

$error = "";

$username = htmlspecialchars($_POST['username']);

// check username validity
$password = $_POST['password'];

$userinfo = $mysql->query("SELECT * FROM `user` WHERE `username` = '".mysql_real_escape_string($username)."' LIMIT 1");

if($userinfo->num_rows > 0) {

$error = $hashset;



$row = $userinfo->fetch_assoc();

$hash = $row["passhash"];
$salt = $row["salt"];

$hashset = "sha512:10000:".$salt.":".$hash;

$result = validate_password($password, $hashset);

if($result) {
//username and password good
//$ses = new Session();

$userid = $row["id"];

$session->generateHash();

$sql = "INSERT INTO `logincodes` (
`id`,
`userid`,
`authhash`,
`lastlogin`,
`created`
) VALUES (
NULL,
'".mysql_real_escape_string($userid)."',
'".mysql_real_escape_string($session->hash)."',
'".time()."',
'".time()."'
)";

if($mysql->query($sql)) {
$id = $mysql->insert_id;

//$error = $session->hash;

$session->setUser($userid);
$session->setID($id);
$session->setPHPSession();

//redirect to homepage
header("Location: index.php");
} else {
$error = "database error. try again";
}

} else {
//password wrong
$error = "username or password wrong";
}


} else {
$error = "username or password wrong";
}


}


htmlHeader("login - synccit");

?>
<div id="center">

<span class="error"><?php echo $error; ?></span><br /><br />
<form action="login.php" method="post">

<input type="hidden" name="hash" value="<?php echo $hash; ?>" />
<label for="username">username</label><br />
<input type="text" id="username" name="username" value="<?php echo $username; ?>" class="text" />
<br /><br />
<label for="password">password</label><br />
<input type="password" id="password" name="password" value="" class="text" />
<br /><br />

<input type="submit" value="login" name="login" class="submit" />

</form>
</div>
<?php

htmlFooter();
3 changes: 2 additions & 1 deletion mysql.sql
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,8 @@ CREATE TABLE IF NOT EXISTS `user` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`username` varchar(30) NOT NULL,
`passhash` text NOT NULL,
`salt` varchar(30) NOT NULL,
`salt` text NOT NULL,
`email` text,
`lastlogin` int(10) unsigned DEFAULT NULL,
`lastactivity` int(10) unsigned DEFAULT NULL,
`lastip` varchar(15) DEFAULT NULL,
Expand Down
Loading

0 comments on commit 806fc84

Please sign in to comment.