mirror of
https://github.com/Bandit42/auth-site.git
synced 2026-01-16 23:04:23 -05:00
add login, logout, and change password pages
change password allows a user to set their own password, superadmin can change anyones password
This commit is contained in:
Elour
57
html/changepassword.php
Normal file
57
html/changepassword.php
Normal file
@@ -0,0 +1,57 @@
|
||||
<?php
|
||||
session_start();
|
||||
if(! isset($_SESSION['user'])) {
|
||||
$_SESSION['urlredirect'] = basename($_SERVER['PHP_SELF']);
|
||||
header("Location: form_login.php");
|
||||
}
|
||||
?>
|
||||
<html>
|
||||
<head>
|
||||
<meta name = "viewport" content = "width = device-width, initial-scale = 1, minimum-scale=1, maximum-scale=1, user-scalable=no">
|
||||
<title>Change Password</title>
|
||||
</head>
|
||||
<body>
|
||||
<form action='post_changepassword.php' method='post' border='0'>
|
||||
<table>
|
||||
<tr>
|
||||
<td>Username</td>
|
||||
<td><select name="username">
|
||||
<?php
|
||||
include 'includes/db_connect.php';
|
||||
$usernamesql = "SELECT * FROM user_account ORDER BY user_id";
|
||||
$usernameresult = $mysqli->query($usernamesql);
|
||||
$usernamejson = array();
|
||||
if($usernameresult->num_rows) {
|
||||
$ln = 0;
|
||||
while($usernamerow=$usernameresult->fetch_assoc()) {
|
||||
$usernamejson[] = $usernamerow;
|
||||
if(strcasecmp($_SESSION['username'], $usernamejson[$ln]['username']) == 0) {
|
||||
echo ' <option value="'.$usernamejson[$ln]['username'].'"';
|
||||
echo ' selected="selected"';
|
||||
echo '>'.$usernamejson[$ln]['firstname']. " " .$usernamejson[$ln]['lastname'].'</option>'.PHP_EOL;
|
||||
}
|
||||
else if($_SESSION['accesslevel'] == "superadmin") {
|
||||
echo ' <option value="'.$usernamejson[$ln]['username'].'"';
|
||||
echo '>'.$usernamejson[$ln]['firstname']. " " .$usernamejson[$ln]['lastname'].'</option>'.PHP_EOL;
|
||||
}
|
||||
$ln++;
|
||||
}
|
||||
} ?>
|
||||
</select></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>New Password</td>
|
||||
<td><input id='realpassword' type='realpassword' name='password' /></td>
|
||||
</tr>
|
||||
<tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr><tr></tr>
|
||||
<tr>
|
||||
<td></td>
|
||||
<td>
|
||||
<input type='hidden' name='action' value='update' />
|
||||
<input type='submit' value='Save' id="save" />
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
17
html/form_login.php
Normal file
17
html/form_login.php
Normal file
@@ -0,0 +1,17 @@
|
||||
<?php
|
||||
session_start();
|
||||
?><html>
|
||||
<head>
|
||||
<title>SWG:Source | Login</title>
|
||||
<meta name = "viewport" content = "width = device-width">
|
||||
<meta name = "viewport" content = "initial-scale = 1.0">
|
||||
</head>
|
||||
<body>
|
||||
<center><img src="images/swgsource.png" alt="" width=200/></center>
|
||||
<form method="post" action="post_login.php">
|
||||
<center><p>Username: <input name="username" type="text"></p>
|
||||
<p>Password: <input name="password" type="password"></p>
|
||||
<input name="submit" type="submit" value="Submit"></center>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
BIN
html/images/swgsource.png
Normal file
BIN
html/images/swgsource.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 23 KiB |
9
html/logout.php
Normal file
9
html/logout.php
Normal file
@@ -0,0 +1,9 @@
|
||||
<?php
|
||||
session_start();
|
||||
session_destroy();
|
||||
header("Location: index.php");
|
||||
?>
|
||||
<html><head>
|
||||
<meta name = "viewport" content = "width = device-width">
|
||||
<meta name = "viewport" content = "initial-scale = 1.0">
|
||||
</head></html>
|
||||
58
html/post_changepassword.php
Normal file
58
html/post_changepassword.php
Normal file
@@ -0,0 +1,58 @@
|
||||
<?php
|
||||
session_start();
|
||||
if(! isset($_SESSION['user'])) {
|
||||
header("Location: form_login.php"); //if we aren't logged in, redirect to login!
|
||||
}
|
||||
?>
|
||||
<html><head>
|
||||
<meta name = "viewport" content = "width = device-width">
|
||||
<meta name = "viewport" content = "initial-scale = 1.0">
|
||||
<?php
|
||||
$action = isset($_POST['action']) ? $mysqli->real_escape_string($_POST['action']) : "";
|
||||
$username = $mysqli->real_escape_string($_POST['username']);
|
||||
if(strcasecmp($_SESSION['username'], $usernamejson[$ln]['username']) != 0)
|
||||
{
|
||||
//error - trying to update password for someone that isn't ourself
|
||||
if($_SESSION['accesslevel'] != "superadmin") {
|
||||
//we can continue, we are superadmin
|
||||
}
|
||||
else
|
||||
{
|
||||
echo "Error - You can only change your own password.";
|
||||
die();
|
||||
}
|
||||
}
|
||||
|
||||
if($action=='update') {
|
||||
include 'includes/db_connect.php';
|
||||
#do password hash here
|
||||
function HashPassword($password)
|
||||
{
|
||||
$random = '';
|
||||
$salt = sha1(rand());
|
||||
$salt = substr($salt, 0, 10);
|
||||
$encrypted = base64_encode(sha1($password . $salt, true) . $salt);
|
||||
$hash = array("salt" => $salt, "encrypted" => $encrypted);
|
||||
return $hash;
|
||||
}
|
||||
$passwordHash = HashPassword($_POST['realpassword']);
|
||||
$passwordSalt = $passwordHash['salt'];
|
||||
$passwordEncrypted = $passwordHash['encrypted'];
|
||||
$query = "update user_account
|
||||
set
|
||||
password_hash = '".$mysqli->real_escape_string($passwordEncrypted)."',
|
||||
password_salt = '".$mysqli->real_escape_string($passwordSalt)."'
|
||||
WHERE username = '".$mysqli->real_escape_string($username)."'";
|
||||
|
||||
if( $mysqli->query($query) ) {
|
||||
echo '<script>';
|
||||
echo 'window.location.assign("index.php");';
|
||||
echo '</script>';
|
||||
}
|
||||
else {
|
||||
printf($mysqli->error);
|
||||
}
|
||||
$mysqli->close();
|
||||
}
|
||||
?>
|
||||
</head></html>
|
||||
47
html/post_login.php
Normal file
47
html/post_login.php
Normal file
@@ -0,0 +1,47 @@
|
||||
<?php
|
||||
session_start();
|
||||
include 'includes/db_connect.php';
|
||||
$username = $mysqli->real_escape_string($_POST['username']);
|
||||
$password = $mysqli->real_escape_string($_POST['password']);
|
||||
$user = getUserByEmailAndPassword($username, $password);
|
||||
if($user == true) {
|
||||
if(isset($_SESSION['urlredirect'])) {
|
||||
$_SESSION['user'] = $mysqli->real_escape_string($_POST['username']);
|
||||
$redirectName = $_SESSION['urlredirect'];
|
||||
echo '<script>';
|
||||
echo 'window.location.href="'.$redirectName.'"';
|
||||
echo '</script>';
|
||||
}
|
||||
else {
|
||||
header("Location: index.php");
|
||||
$_SESSION['user'] = $mysqli->real_escape_string($_POST['username']);
|
||||
}
|
||||
}
|
||||
else {
|
||||
echo $mysqli->real_escape_string($_POST['username']), " does not exist or the password was incorrect";
|
||||
echo '<p><a href="form_login.php">Log In</a>';
|
||||
}
|
||||
|
||||
function getUserByEmailAndPassword($username, $password) {
|
||||
global $mysqli;
|
||||
$result = $mysqli->query("SELECT * FROM user_account WHERE username = '$username'") or die(mysql_error());
|
||||
$no_of_rows = $result->num_rows;
|
||||
if ($no_of_rows > 0) {
|
||||
$result = $result->fetch_array();
|
||||
$salt = $result['password_salt'];
|
||||
$stored_hash = $result['password_hash'];
|
||||
$hashtest = checkhashSSHA($salt, $password);
|
||||
if ($hashtest == $stored_hash) {
|
||||
$_SESSION['accesslevel'] = $result['accesslevel'];
|
||||
$_SESSION['username'] = $mysqli->real_escape_string($_POST['username']);
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
function checkhashSSHA($salt, $password) {
|
||||
$hash = base64_encode(sha1($password . $salt, true) . $salt);
|
||||
return $hash;
|
||||
}
|
||||
?>
|
||||
Reference in New Issue
Block a user