diff options
Diffstat (limited to 'user')
| -rw-r--r-- | user/index.php | 67 | ||||
| -rw-r--r-- | user/login.php | 2 | ||||
| -rw-r--r-- | user/register.php | 29 | ||||
| -rw-r--r-- | user/update.php | 37 |
4 files changed, 133 insertions, 2 deletions
diff --git a/user/index.php b/user/index.php new file mode 100644 index 0000000..90b3a84 --- /dev/null +++ b/user/index.php @@ -0,0 +1,67 @@ +<?php +require '../config.php'; +require_once(TEMPLATES_PATH . "/header.php"); +require_once(TEMPLATES_PATH . "/panel.php"); +require_once(LIBRARY_PATH . "/functions.php"); + +if (isset($_SESSION['user_id']) && $_SESSION['user_id'] != "") { + $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']); + $r = $conn->query("SELECT username, email FROM users WHERE id = '$_SESSION[user_id]'")->fetch(); +?> + +<div id='user_info_box'> +<p>User information</p> +<form action='<?php echo "{$config['urls']['base']}/user/update.php"; ?>' method='post'> + +<p> + <label for='username'><b>Username</b></label> + <input name='username' type='text' value='<?php echo $r['username']; ?>' required > +</p> + +<p> + <label for='email'><b>Email</b></label> + <input name='email' type='text' value='<?php echo $r['email']; ?>' required > +</p> + +<p> + <label for='password'><b>Password</b></label> + <input name='password' type='password' placeholder='Enter new password' > +</p> + + <input type='submit' value='update' > +</form> +</div> + +<?php +} else { + # not logged in +?> +<div id='register_box'> +<p>Register a new account</p> +<form action='<?php echo "{$config['urls']['base']}/user/register.php"; ?>' method='post'> + +<p> + <label for='username'><b>Username</b></label> + <input name='username' type='text' placeholder='Enter username' required > +</p> + +<p> + <label for='email'><b>Email</b></label> + <input name='email' type='text' placeholder='Enter email' required > +</p> + +<p> + <label for='password'><b>Password</b></label> + <input name='password' type='password' placeholder='Enter password' required > +</p> + + <input type='submit' value='register' > +</form> +</div> + +<?php +} + +require_once(TEMPLATES_PATH . "/footer.php"); +?> + diff --git a/user/login.php b/user/login.php index 7c892e8..a927d02 100644 --- a/user/login.php +++ b/user/login.php @@ -4,8 +4,6 @@ require_once(TEMPLATES_PATH . "/header.php"); session_start(); $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']); - -// Performing SQL query $query = "SELECT id, username, password FROM users WHERE username = '$_POST[username]'"; $result = $conn->query($query)->fetch(); diff --git a/user/register.php b/user/register.php new file mode 100644 index 0000000..fb9ed09 --- /dev/null +++ b/user/register.php @@ -0,0 +1,29 @@ +<?php +require '../config.php'; +require_once(TEMPLATES_PATH . "/header.php"); +require_once(TEMPLATES_PATH . "/panel.php"); +require_once(LIBRARY_PATH . "/functions.php"); + +print_r($_POST); + +$password = password_hash($_POST['password'], PASSWORD_ARGON2I); + +$conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']); +$query = $conn->prepare("INSERT INTO users (username, password, email) VALUES (:username, :password, :email)"); +$query->bindParam(':username', $_POST['username']); +$query->bindParam(':password', $password); +$query->bindParam(':email', $_POST['email']); + +if($query->execute()) { + echo '<h2>Registration successful</h2>'; + $result = $conn->query("SELECT id, username, password FROM users WHERE username = '$_POST[username]'")->fetch(); + $_SESSION['user_name'] = $result['username']; + $_SESSION['user_id'] = $result['id']; +} else { + echo '<h2>Registration failed</h2>'; +} + +header("Refresh: 2; URL={$config['urls']['base']}"); + +require_once(TEMPLATES_PATH . "/footer.php"); +?> diff --git a/user/update.php b/user/update.php new file mode 100644 index 0000000..1fe291a --- /dev/null +++ b/user/update.php @@ -0,0 +1,37 @@ +<?php +require '../config.php'; +require_once(TEMPLATES_PATH . "/header.php"); +require_once(TEMPLATES_PATH . "/panel.php"); +require_once(LIBRARY_PATH . "/functions.php"); + +print_r($_POST); + +if (isset($_SESSION['user_id']) && $_SESSION['user_id'] != "") { + $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']); + $query = $conn->prepare("UPDATE users SET username=:username, email=:email WHERE id={$_SESSION['user_id']}"); + $query->bindParam(':username', $_POST['username']); + $query->bindParam(':email', $_POST['email']); + + if($query->execute()) { + echo "<h2>Account updated</h2>"; + } else { + echo "<h2>Account update failed</h2>"; + } + + if($_POST['password'] != "") { + $password = password_hash($_POST['password'], PASSWORD_ARGON2I); + $query = $conn->prepare("UPDATE users SET password=:password WHERE id={$_SESSION['user_id']}"); + $query->bindParam(':password', $password); + + if($query->execute()) { + echo "<p>Password updated</p>"; + } else { + echo "<p>Password update failed</p>"; + } + } + +} + +header("Refresh: 2; URL=$_SERVER[HTTP_REFERER]"); +require_once(TEMPLATES_PATH . "/footer.php"); +?> |