summary refs log tree commit diff stats
path: root/mysql-php/code/a2.php
diff options
context:
space:
mode:
Diffstat (limited to 'mysql-php/code/a2.php')
-rw-r--r--mysql-php/code/a2.php69
1 files changed, 46 insertions, 23 deletions
diff --git a/mysql-php/code/a2.php b/mysql-php/code/a2.php
index 23dd54d..10a7a33 100644
--- a/mysql-php/code/a2.php
+++ b/mysql-php/code/a2.php
@@ -20,9 +20,14 @@ function connect_to_database() {
         display_failure('Could not create `STUDENT` table: ' . mysqli_error($dbh));
     if (!mysqli_query($dbh, 'CREATE TABLE IF NOT EXISTS `LOGIN` (
             `USERNAME` VARCHAR(255),
-            `PASSWORD` VARCHAR(255)
+            `PASSWORD` VARCHAR(255),
+            UNIQUE (`USERNAME`)
         )'))
             display_failure('Could not create `LOGIN` table: ' . mysqli_error($dbh));
+    if (!mysqli_query($dbh, 'IF NOT EXISTS (SELECT * FROM `LOGIN` WHERE `USERNAME` = "admin") THEN
+            INSERT INTO `LOGIN` (`USERNAME`, `PASSWORD`) VALUES ("admin", "$2y$10$3cq2joFu6kEYccaTxDkRXexrsd3GAnq4rGTip9erOucM9H9E8q5ly");
+        END IF'))
+            display_failure('Could not create `LOGIN` table: ' . mysqli_error($dbh));
     return $dbh;
 }
 
@@ -35,19 +40,41 @@ function check_credentials($dbh, $username, $password) {
     $result = mysqli_stmt_get_result($stmt);
     if (mysqli_num_rows($result) === 0) return false;
     $record = mysqli_fetch_array($result);
-    return password_verify($username, $record['PASSWORD']);
+    return password_verify($password, $record['PASSWORD']);
 }
 
 function update_credentials($dbh) {
-    if (!check_credentials($dbh, $_POST['previous_username'], $_POST['previous_password'])) return false;
-    $changes = '';
-    $new_username = false;
-    if (isset($_POST['new_username']) && !empty($_POST['new_username'])) {
-        $changes .= 'SET `USERNAME` = ?';
-        $new_username = true;
+    if (!check_credentials($dbh, $_POST['previous_username'], $_POST['previous_password']))
+        display_failure('Can not update credentials, both previous usernames and passwords need to be provided and they need to be valid.');
+    $new_username = null;
+    $new_password = null;
+    $successful = [];
+    if (isset($_POST['new_username']) && !empty($_POST['new_username']))
+        $new_username = $_POST['new_username'];
+    if (isset($_POST['new_password']) && !empty($_POST['new_password']))
+        $new_password = $_POST['new_password'];
+    if ($new_password !== null) {
+        if (!isset($_POST['new_password2']) || empty($_POST['new_password2']))
+            display_failure('Need to provide new password twice');
+        if ($new_password !== $_POST['new_password2'])
+            display_failure('New password provided twice need to match');
+        $stmt = mysqli_prepare($dbh, 'UPDATE `LOGIN` SET `PASSWORD` = ? WHERE `USERNAME` = ?');
+        mysqli_stmt_bind_param($stmt, 'ss', password_hash($new_password, PASSWORD_DEFAULT), $_POST['previous_username']);
+        $successful['password'] = mysqli_stmt_execute($stmt);
+    }
+    if ($new_username !== NULL) {
+        $stmt = mysqli_prepare($dbh, 'UPDATE `LOGIN` SET `USERNAME` = ? WHERE `USERNAME` = ?');
+        mysqli_stmt_bind_param($stmt, 'ss', $_POST['new_username'], $_POST['previous_username']);
+        $successful['username'] = mysqli_stmt_execute($stmt);
     }
-    
-    $query = 'UPDATE `LOGIN`';
+    html_prologue('Credential update');
+    echo '<p>';
+    if ($new_username !== null)
+        echo isset($successful['username']) ? 'Username update successful.' : 'Username update failed'; echo '<br>';
+    if ($new_password !== null)
+        echo isset($successful['username']) ? 'Password update successful.' : 'Password update failed'; echo '<br>';
+    if ($new_username === null && $new_password === null)
+        echo 'There was nothing to update.';
 }
 
 function html_prologue($title) {
@@ -114,8 +141,8 @@ function display_login_form() {
     ?>
 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
     <h1>Provide credentials</h1>
-    <label>Username: <input type="text" name="username"></label>
-    <label>Password: <input type="password" name="password"></label>
+    <p><label>Username: <input type="text" name="username"></label></p>
+    <p><label>Password: <input type="password" name="password"></label></p>
     <input type="submit" value="Log in">
 </form>
 <?php
@@ -127,11 +154,11 @@ function display_credential_change_form() {
 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>?change">
     <h1>Change credentials</h1>
     <p>Fields for new value can be left empty to keep the value unchanged.</p>
-    <label>Previous Username: <input type="text" name="previous_username"></label>
-    <label>New Username: <input type="text" name="new_username"></label>
-    <label>Previous Password: <input type="password" name="previous_password"></label>
-    <label>New Password: <input type="password" name="new_password"></label>
-    <label>New Password again: <input type="password" name="new_password2"></label>
+    <p><label>Previous Username: <input type="text" name="previous_username"></label></p>
+    <p><label>New Username: <input type="text" name="new_username"></label></p>
+    <p><label>Previous Password: <input type="password" name="previous_password"></label></p>
+    <p><label>New Password: <input type="password" name="new_password"></label></p>
+    <p><label>New Password again: <input type="password" name="new_password2"></label></p>
     <input type="submit" value="Change">
 </form>
 <?php
@@ -140,12 +167,8 @@ function display_credential_change_form() {
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $dbh = connect_to_database();
     if ($_SERVER['QUERY_STRING'] === 'change') {
-        if (update_credentials($dbh)) {
-            display_success();
-        } else {
-            display_failure('Unable to update credentials');
-        }
-    } else if (check_credentials($dbh, )) {
+        update_credentials($dbh);
+    } else if (check_credentials($dbh, $_POST['username'], $_POST['password'])) {
         show_table($dbh);
     } else {
         display_failure('Invalid credentials, try again');