From 0ce0c5dccb8351f79d1caf0f5d3aa20afc260a42 Mon Sep 17 00:00:00 2001 From: Louis Vallat Date: Sat, 9 Nov 2019 22:33:47 +0100 Subject: [PATCH] added login and utils functions, to start the project --- assets/php/utils.php | 184 +++++++++++++++++++++++++++++++++++++++++++ login.php | 92 ++++++++++++++++++++++ 2 files changed, 276 insertions(+) create mode 100644 assets/php/utils.php create mode 100644 login.php diff --git a/assets/php/utils.php b/assets/php/utils.php new file mode 100644 index 0000000..3f7462c --- /dev/null +++ b/assets/php/utils.php @@ -0,0 +1,184 @@ +query('SET CHARSET UTF8'); + +function is_https() +{ + return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'); +} + +function generate_random_string() +{ + return substr(str_shuffle(MD5(microtime())), 0, 32); +} + +function connect_user($user_id, $long_expiration = true) +{ + global $PDO, $SESSION_COOKIE_NAME, $MAX_COOKIE_LIFE; + + // Set an expiration delay for the cookie + $delay = 0; + if ($long_expiration === true) { + $delay = $MAX_COOKIE_LIFE; + } + + // The session id is a 32-chars random string + $session_id = generate_random_string(); + + $sql = "INSERT INTO sessions(user_id, connection_eol, session_id) + VALUES (:user_id, :connection_eol, :session_id);"; + $query = $PDO->prepare($sql); + + $query->bindValue(":user_id", $user_id); + if ($long_expiration === true) { + $query->bindValue( + ":connection_eol", + date('Y-m-d H:i:s', strtotime( + "$MAX_COOKIE_LIFE seconds", + strtotime(date("Y-m-d H:i:s")) + )) + ); + } else { + $query->bindValue(":connection_eol", null, PDO::PARAM_INT); + } + $query->bindValue(":session_id", $session_id); + + if ($query->execute()) { + return setcookie( + $SESSION_COOKIE_NAME, + $session_id, + $delay, + $secure = true + ); + } + return false; +} + +function clean_old_sessions() +{ + global $PDO; + + $sql = "DELETE FROM sessions WHERE connection_eol > CURRENT_TIMESTAMP();"; + $query = $PDO->prepare($sql); + return $query->execute(); +} + +function is_connected() +{ + global $PDO, $SESSION_COOKIE_NAME; + + if (isset($_COOKIE[$SESSION_COOKIE_NAME])) { + if (!clean_old_sessions()) { + return false; + } + + $sql = "SELECT * FROM sessions INNER JOIN accounts ON sessions.user_id = accounts.id WHERE session_id = :session_id;"; + $query = $PDO->prepare($sql); + + $query->bindValue(":session_id", $_COOKIE[$SESSION_COOKIE_NAME]); + if ($query->execute()) { + if ($query->rowCount() === 1) { + return true; + } else { + return false; + } + } else { + return false; + } + } + return false; +} + +function disconnect() +{ + global $PDO, $SESSION_COOKIE_NAME; + + if (isset($_COOKIE[$SESSION_COOKIE_NAME])) { + $sql = "DELETE FROM sessions WHERE session_id = :session_id;"; + $query = $PDO->prepare($sql); + $query->bindValue(":session_id", $_COOKIE[$SESSION_COOKIE_NAME]); + $query->execute(); + setcookie($SESSION_COOKIE_NAME, "", time() - 3600); + } +} + +function get_username_count($email) +{ + global $PDO; + + $sql = "SELECT email FROM accounts WHERE email = :email;"; + $query = $PDO->prepare($sql); + $query->bindValue(":email", $email); + + if ($query->execute()) { + return $query->rowCount(); + } + return false; +} + +function correct_email_password($email, $password) +{ + global $PDO; + + $sql = "SELECT email, password FROM accounts WHERE email = :email;"; + $query = $PDO->prepare($sql); + $query->bindValue(":email", $email); + + if ($query->execute()) { + foreach ($query as $row) { + return password_verify($password, $row["password"]); + } + } + return false; +} + +function get_user_id_from_email($email) +{ + global $PDO; + + $sql = "SELECT id FROM accounts WHERE email = :email;"; + $query = $PDO->prepare($sql); + $query->bindValue(":email", $email); + + if ($query->execute()) { + foreach ($query as $row) { + return $row["id"]; + } + } + return false; +} + +function get_user_info_from_session_id($session_id, $info) +{ + global $PDO, $SESSION_COOKIE_NAME; + + if (isset($_COOKIE[$SESSION_COOKIE_NAME])) { + $sql = "SELECT * FROM accounts + INNER JOIN sessions + ON sessions.user_id = accounts.id + WHERE session_id = :session_id;"; + $query = $PDO->prepare($sql); + $query->bindValue(":session_id", $session_id); + if ($query->execute()) + foreach ($query as $row) { + switch ($info) { + case "email": + case "first_name": + case "last_name": + case "public_id": + return $row[$info]; + default; + break; + } + } + } + return false; +} diff --git a/login.php b/login.php new file mode 100644 index 0000000..3d30523 --- /dev/null +++ b/login.php @@ -0,0 +1,92 @@ + + + + + + + + Login + + + + +
+

Login

+

Please fill in your credentials to login.

+
" method="post"> +
+ + + +
+
+ + + +
+
+ +
+

Don't have an account? Sign up now.

+
+
+ + + \ No newline at end of file