diff options
Diffstat (limited to 'mysql-php/code')
| -rw-r--r-- | mysql-php/code/a2.php | 69 |
1 files changed, 46 insertions, 23 deletions
diff --git a/mysql-php/code/a2.php b/mysql-php/code/a2.php index 23dd54d..10a7a33 100644 --- a/mysql-php/code/a2.php +++ b/mysql-php/code/a2.php @@ -20,9 +20,14 @@ function connect_to_database() { display_failure('Could not create `STUDENT` table: ' . mysqli_error($dbh)); if (!mysqli_query($dbh, 'CREATE TABLE IF NOT EXISTS `LOGIN` ( `USERNAME` VARCHAR(255), - `PASSWORD` VARCHAR(255) + `PASSWORD` VARCHAR(255), + UNIQUE (`USERNAME`) )')) display_failure('Could not create `LOGIN` table: ' . mysqli_error($dbh)); + if (!mysqli_query($dbh, 'IF NOT EXISTS (SELECT * FROM `LOGIN` WHERE `USERNAME` = "admin") THEN + INSERT INTO `LOGIN` (`USERNAME`, `PASSWORD`) VALUES ("admin", "$2y$10$3cq2joFu6kEYccaTxDkRXexrsd3GAnq4rGTip9erOucM9H9E8q5ly"); + END IF')) + display_failure('Could not create `LOGIN` table: ' . mysqli_error($dbh)); return $dbh; } @@ -35,19 +40,41 @@ function check_credentials($dbh, $username, $password) { $result = mysqli_stmt_get_result($stmt); if (mysqli_num_rows($result) === 0) return false; $record = mysqli_fetch_array($result); - return password_verify($username, $record['PASSWORD']); + return password_verify($password, $record['PASSWORD']); } function update_credentials($dbh) { - if (!check_credentials($dbh, $_POST['previous_username'], $_POST['previous_password'])) return false; - $changes = ''; - $new_username = false; - if (isset($_POST['new_username']) && !empty($_POST['new_username'])) { - $changes .= 'SET `USERNAME` = ?'; - $new_username = true; + if (!check_credentials($dbh, $_POST['previous_username'], $_POST['previous_password'])) + display_failure('Can not update credentials, both previous usernames and passwords need to be provided and they need to be valid.'); + $new_username = null; + $new_password = null; + $successful = []; + if (isset($_POST['new_username']) && !empty($_POST['new_username'])) + $new_username = $_POST['new_username']; + if (isset($_POST['new_password']) && !empty($_POST['new_password'])) + $new_password = $_POST['new_password']; + if ($new_password !== null) { + if (!isset($_POST['new_password2']) || empty($_POST['new_password2'])) + display_failure('Need to provide new password twice'); + if ($new_password !== $_POST['new_password2']) + display_failure('New password provided twice need to match'); + $stmt = mysqli_prepare($dbh, 'UPDATE `LOGIN` SET `PASSWORD` = ? WHERE `USERNAME` = ?'); + mysqli_stmt_bind_param($stmt, 'ss', password_hash($new_password, PASSWORD_DEFAULT), $_POST['previous_username']); + $successful['password'] = mysqli_stmt_execute($stmt); + } + if ($new_username !== NULL) { + $stmt = mysqli_prepare($dbh, 'UPDATE `LOGIN` SET `USERNAME` = ? WHERE `USERNAME` = ?'); + mysqli_stmt_bind_param($stmt, 'ss', $_POST['new_username'], $_POST['previous_username']); + $successful['username'] = mysqli_stmt_execute($stmt); } - - $query = 'UPDATE `LOGIN`'; + html_prologue('Credential update'); + echo '<p>'; + if ($new_username !== null) + echo isset($successful['username']) ? 'Username update successful.' : 'Username update failed'; echo '<br>'; + if ($new_password !== null) + echo isset($successful['username']) ? 'Password update successful.' : 'Password update failed'; echo '<br>'; + if ($new_username === null && $new_password === null) + echo 'There was nothing to update.'; } function html_prologue($title) { @@ -114,8 +141,8 @@ function display_login_form() { ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <h1>Provide credentials</h1> - <label>Username: <input type="text" name="username"></label> - <label>Password: <input type="password" name="password"></label> + <p><label>Username: <input type="text" name="username"></label></p> + <p><label>Password: <input type="password" name="password"></label></p> <input type="submit" value="Log in"> </form> <?php @@ -127,11 +154,11 @@ function display_credential_change_form() { <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>?change"> <h1>Change credentials</h1> <p>Fields for new value can be left empty to keep the value unchanged.</p> - <label>Previous Username: <input type="text" name="previous_username"></label> - <label>New Username: <input type="text" name="new_username"></label> - <label>Previous Password: <input type="password" name="previous_password"></label> - <label>New Password: <input type="password" name="new_password"></label> - <label>New Password again: <input type="password" name="new_password2"></label> + <p><label>Previous Username: <input type="text" name="previous_username"></label></p> + <p><label>New Username: <input type="text" name="new_username"></label></p> + <p><label>Previous Password: <input type="password" name="previous_password"></label></p> + <p><label>New Password: <input type="password" name="new_password"></label></p> + <p><label>New Password again: <input type="password" name="new_password2"></label></p> <input type="submit" value="Change"> </form> <?php @@ -140,12 +167,8 @@ function display_credential_change_form() { if ($_SERVER['REQUEST_METHOD'] === 'POST') { $dbh = connect_to_database(); if ($_SERVER['QUERY_STRING'] === 'change') { - if (update_credentials($dbh)) { - display_success(); - } else { - display_failure('Unable to update credentials'); - } - } else if (check_credentials($dbh, )) { + update_credentials($dbh); + } else if (check_credentials($dbh, $_POST['username'], $_POST['password'])) { show_table($dbh); } else { display_failure('Invalid credentials, try again'); |