From 15ff931b72b24a8f7f1d06d0549d985162a1d6b6 Mon Sep 17 00:00:00 2001 From: Sudipto Mallick Date: Tue, 30 Jan 2024 17:07:29 +0000 Subject: Improve the code of PHP assignment #2 --- mysql-php/code/a2.php | 69 ++++++++++++++++++++++++++++++++++----------------- mysql-php/text/a1.typ | 2 +- 2 files changed, 47 insertions(+), 24 deletions(-) (limited to 'mysql-php') diff --git a/mysql-php/code/a2.php b/mysql-php/code/a2.php index 23dd54d..10a7a33 100644 --- a/mysql-php/code/a2.php +++ b/mysql-php/code/a2.php @@ -20,9 +20,14 @@ function connect_to_database() { display_failure('Could not create `STUDENT` table: ' . mysqli_error($dbh)); if (!mysqli_query($dbh, 'CREATE TABLE IF NOT EXISTS `LOGIN` ( `USERNAME` VARCHAR(255), - `PASSWORD` VARCHAR(255) + `PASSWORD` VARCHAR(255), + UNIQUE (`USERNAME`) )')) display_failure('Could not create `LOGIN` table: ' . mysqli_error($dbh)); + if (!mysqli_query($dbh, 'IF NOT EXISTS (SELECT * FROM `LOGIN` WHERE `USERNAME` = "admin") THEN + INSERT INTO `LOGIN` (`USERNAME`, `PASSWORD`) VALUES ("admin", "$2y$10$3cq2joFu6kEYccaTxDkRXexrsd3GAnq4rGTip9erOucM9H9E8q5ly"); + END IF')) + display_failure('Could not create `LOGIN` table: ' . mysqli_error($dbh)); return $dbh; } @@ -35,19 +40,41 @@ function check_credentials($dbh, $username, $password) { $result = mysqli_stmt_get_result($stmt); if (mysqli_num_rows($result) === 0) return false; $record = mysqli_fetch_array($result); - return password_verify($username, $record['PASSWORD']); + return password_verify($password, $record['PASSWORD']); } function update_credentials($dbh) { - if (!check_credentials($dbh, $_POST['previous_username'], $_POST['previous_password'])) return false; - $changes = ''; - $new_username = false; - if (isset($_POST['new_username']) && !empty($_POST['new_username'])) { - $changes .= 'SET `USERNAME` = ?'; - $new_username = true; + if (!check_credentials($dbh, $_POST['previous_username'], $_POST['previous_password'])) + display_failure('Can not update credentials, both previous usernames and passwords need to be provided and they need to be valid.'); + $new_username = null; + $new_password = null; + $successful = []; + if (isset($_POST['new_username']) && !empty($_POST['new_username'])) + $new_username = $_POST['new_username']; + if (isset($_POST['new_password']) && !empty($_POST['new_password'])) + $new_password = $_POST['new_password']; + if ($new_password !== null) { + if (!isset($_POST['new_password2']) || empty($_POST['new_password2'])) + display_failure('Need to provide new password twice'); + if ($new_password !== $_POST['new_password2']) + display_failure('New password provided twice need to match'); + $stmt = mysqli_prepare($dbh, 'UPDATE `LOGIN` SET `PASSWORD` = ? WHERE `USERNAME` = ?'); + mysqli_stmt_bind_param($stmt, 'ss', password_hash($new_password, PASSWORD_DEFAULT), $_POST['previous_username']); + $successful['password'] = mysqli_stmt_execute($stmt); + } + if ($new_username !== NULL) { + $stmt = mysqli_prepare($dbh, 'UPDATE `LOGIN` SET `USERNAME` = ? WHERE `USERNAME` = ?'); + mysqli_stmt_bind_param($stmt, 'ss', $_POST['new_username'], $_POST['previous_username']); + $successful['username'] = mysqli_stmt_execute($stmt); } - - $query = 'UPDATE `LOGIN`'; + html_prologue('Credential update'); + echo '

'; + if ($new_username !== null) + echo isset($successful['username']) ? 'Username update successful.' : 'Username update failed'; echo '
'; + if ($new_password !== null) + echo isset($successful['username']) ? 'Password update successful.' : 'Password update failed'; echo '
'; + if ($new_username === null && $new_password === null) + echo 'There was nothing to update.'; } function html_prologue($title) { @@ -114,8 +141,8 @@ function display_login_form() { ?>

Provide credentials

- - +

+

?change">

Change credentials

Fields for new value can be left empty to keep the value unchanged.

- - - - - +

+

+

+

+