Galleries/PHPGallery
1
0
Fork 0
mirror of https://github.com/Fluffy-Bean/image-gallery.git synced 2025-05-28 22:33:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updating password reset with AJAX

Browse source
This commit is contained in:
Michał Gdula 2022-08-13 11:04:24 +00:00
parent a5212b1d11
commit 79889d64e8
6 changed files with 192 additions and 120 deletions
Download patch file Download diff file Expand all files Collapse all files

111
app/account/login.php
View file

@ -13,6 +13,16 @@
include "../server/conn.php";
if (isset($_POST['submit'])) {
/*
|-------------------------------------------------------------
| Set error status to 0
|-------------------------------------------------------------
| if there are more than 0 error, then they cannot submit a
| request
|-------------------------------------------------------------
*/
$error = 0;
// Checking if Username is empty
if (empty(trim($_POST["username"]))) {
?>
@ -20,6 +30,7 @@ if (isset($_POST['submit'])) {
sniffleAdd('Who dis?', 'You must enter a username to login!', 'var(--red)', '../assets/icons/cross.svg');
</script>
<?php
$error = $error + 1;
} else {
$username = trim($_POST["username"]);
}
@ -31,70 +42,72 @@ if (isset($_POST['submit'])) {
sniffleAdd('Whats the magic word?', 'Pls enter the super duper secrete word(s) to login!', 'var(--red)', '../assets/icons/cross.svg');
</script>
<?php
$error = $error + 1;
} else {
$password = trim($_POST["password"]);
}
if ($error <= 0) {
// Prepare so SQL doesnt get spooked
$sql = "SELECT id, username, password FROM users WHERE username = ?";
// Prepare so SQL doesnt get spooked
$sql = "SELECT id, username, password FROM users WHERE username = ?";
if ($stmt = mysqli_prepare($conn, $sql)) {
// Bind dis shit
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $username;
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if (mysqli_stmt_num_rows($stmt) == 1) {
// Bind result variables
mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);
if (mysqli_stmt_fetch($stmt)) {
if (password_verify($password, $hashed_password)) {
// Password is correct, so start a new session
session_start();
if ($stmt = mysqli_prepare($conn, $sql)) {
// Bind dis shit
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["id"] = $id;
$_SESSION["username"] = $username;
// Set parameters
$param_username = $username;
// let the user know
?>
<script>
sniffleAdd('O hi <?php echo $_SESSION["username"]; ?>', 'You are now logged in! You will be redirected in a few seconds', 'var(--green)', '../assets/icons/hand-waving.svg');
setTimeout(function(){window.location.href = "../index.php?login=success";}, 4000);
</script>
<?php
} else {
?>
<script>
sniffleAdd('Sus', 'Username or Password WRONG, please try again :3', 'var(--red)', '../assets/icons/cross.svg');
</script>
<?php
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if (mysqli_stmt_num_rows($stmt) == 1) {
// Bind result variables
mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);
if (mysqli_stmt_fetch($stmt)) {
if (password_verify($password, $hashed_password)) {
// Password is correct, so start a new session
session_start();
// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["id"] = $id;
$_SESSION["username"] = $username;
// let the user know
?>
<script>
sniffleAdd('O hi <?php echo $_SESSION["username"]; ?>', 'You are now logged in! You will be redirected in a few seconds', 'var(--green)', '../assets/icons/hand-waving.svg');
setTimeout(function(){window.location.href = "../index.php?login=success";}, 4000);
</script>
<?php
} else {
?>
<script>
sniffleAdd('Sus', 'Username or Password WRONG, please try again :3', 'var(--red)', '../assets/icons/cross.svg');
</script>
<?php
}
}
} else {
?>
<script>
sniffleAdd('Sus', 'Username or Password WRONG, please try again :3', 'var(--red)', '../assets/icons/cross.svg');
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Sus', 'Username or Password WRONG, please try again :3', 'var(--red)', '../assets/icons/cross.svg');
sniffleAdd('woops...', 'Sowwy, something went wrong on our end :c', 'var(--red)', '../assets/icons/cross.svg');
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('woops...', 'Sowwy, something went wrong on our end :c', 'var(--red)', '../assets/icons/cross.svg');
</script>
<?php
// Close statement
mysqli_stmt_close($stmt);
}
// Close statement
mysqli_stmt_close($stmt);
}
}

106
app/account/password_reset.php Normal file
View file

@ -0,0 +1,106 @@
<?php
/*
|-------------------------------------------------------------
| Password Reset
|-------------------------------------------------------------
| I want to make it possible to reset the password without
| access to the account directly with an email reset link or
| something. I also want to confirm the password change with
| the old password in the future, as people forget passwords
| and people can get onto accounts. For now this is a shitty
| little system thats inplace for those who need it. Hopefully
| I can make something better in the future...
|-------------------------------------------------------------
*/
// Initialize the session
session_start();
// Include server connection
include "../server/conn.php";
if (isset($_POST['submit'])) {
/*
|-------------------------------------------------------------
| Set error status to 0
|-------------------------------------------------------------
| if there are more than 0 error, then they cannot submit a
| request
|-------------------------------------------------------------
*/
$error = 0;
// Validate new password
if (empty(trim($_POST["new_password"]))) {
?>
<script>
sniffleAdd('Meep', 'Enter a new password!', 'var(--red)', '../assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error = $error + 1;
} elseif(strlen(trim($_POST["new_password"])) < 6) {
?>
<script>
sniffleAdd('Not long enough...', 'Password, must be 6 or more characters in length uwu', 'var(--red)', '../assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error = $error + 1;
} else {
$new_password = trim($_POST["new_password"]);
}
// Validate confirm password
if (empty(trim($_POST["confirm_password"]))) {
?>
<script>
sniffleAdd('Meep', 'You must confirm the password!!!!', 'var(--red)', '../assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error = $error + 1;
} else {
$confirm_password = trim($_POST["confirm_password"]);
if(empty($error) && ($new_password != $confirm_password)) {
?>
<script>
sniffleAdd('AAAA', 'Passwords do not match!!!', 'var(--red)', '../assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error = $error + 1;
}
}
// Check for errors
if ($error <= 0) {
// Prepare for wack
$sql = "UPDATE users SET password = ? WHERE id = ?";
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_password, $param_id);
// Setting up Password parameters
$param_password = password_hash($new_password, PASSWORD_DEFAULT);
$param_id = $_SESSION["id"];
// Attempt to execute (sus)
if (mysqli_stmt_execute($stmt)) {
// Password updated!!!! Now goodbye
session_destroy();
?>
<script>
sniffleAdd('Password updated', 'Now goodbye.... you will be redirected in a moment', 'var(--green)', '../assets/icons/check.svg');
setTimeout(function(){window.location.href = "../account/login.php";}, 4000);
</script>
<?php
} else {
?>
<script>
sniffleAdd('Bruh', 'Something happened on our end, sowwy', 'var(--red)', '../assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
}
}
}