From b698dd1786ce8858744f5cb5293bd97f90c9d207 Mon Sep 17 00:00:00 2001
From: Aqua-sama <aqua@iserlohn-fortress.net>
Date: Mon, 12 Apr 2021 12:17:02 +0300
Subject: User: register and update

---
 style.css           | 11 +++++++++
 templates/panel.php | 20 +++++++++-------
 user/index.php      | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 user/login.php      |  2 --
 user/register.php   | 29 +++++++++++++++++++++++
 user/update.php     | 37 +++++++++++++++++++++++++++++
 6 files changed, 156 insertions(+), 10 deletions(-)
 create mode 100644 user/index.php
 create mode 100644 user/register.php
 create mode 100644 user/update.php

diff --git a/style.css b/style.css
index 1790b4d..52d3ce2 100644
--- a/style.css
+++ b/style.css
@@ -3,6 +3,17 @@
   background: red;
 }
 
+#register_box {
+  padding: 16px;
+}
+
+#register_box input[type="text"] {
+  width: 100%;
+}
+#register_box input[type="password"] {
+  width: 100%;
+}
+
 table, th, td {
   border: 1px solid black;
   border-collapse: collapse;
diff --git a/templates/panel.php b/templates/panel.php
index c7fc578..5c090c8 100644
--- a/templates/panel.php
+++ b/templates/panel.php
@@ -3,19 +3,23 @@
 session_start();
 
 if (isset($_SESSION['user_id']) && $_SESSION['user_id'] != "") {
-    echo "Welcome, $_SESSION[user_name] <a href='{$config['urls']['base']}/user/logout.php'>logout</a>";
-    echo "<p>Create | View new issues | View active issues</p>";
+    echo "<p>Welcome, $_SESSION[user_name] | ";
+    echo "<a href='{$config['urls']['base']}/user/index.php'>account</a> | ";
+    echo "<a href='{$config['urls']['base']}/user/logout.php'>logout</a></p>";
 } else {
-echo "<form action='{$config['urls']['base']}/user/login.php' method='post'>";
-echo "  <input name='username' type='text' >";
-echo "  <input name='password' type='password' >";
-echo "  <input type='submit' value='login' >";
-echo "</form>";
+?>
+<p><a href='<?php echo "{$config['urls']['base']}/user/index.php"; ?>'>sign up</a> or log in</p>
+<p><form action='<?php echo "{$config['urls']['base']}/user/login.php"; ?>' method='post'>
+    <input name='username' placeholder='username' type='text' required >
+    <input name='password' placeholder='password' type='password' required >
+    <input type='submit' value='login' >
+</form>
+<?php
 }
 ?>
 </div>
 
-<form action="index.php" method="get">
+<form action='<?php echo "{$config['urls']['base']}/index.php"; ?>' method='get'>
     <input name="term" type="text" >
     <input type="submit" value="search" >
 </form>
diff --git a/user/index.php b/user/index.php
new file mode 100644
index 0000000..90b3a84
--- /dev/null
+++ b/user/index.php
@@ -0,0 +1,67 @@
+<?php
+require '../config.php';
+require_once(TEMPLATES_PATH . "/header.php");
+require_once(TEMPLATES_PATH . "/panel.php");
+require_once(LIBRARY_PATH . "/functions.php");
+
+if (isset($_SESSION['user_id']) && $_SESSION['user_id'] != "") {
+    $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+    $r = $conn->query("SELECT username, email FROM users WHERE id = '$_SESSION[user_id]'")->fetch();
+?>
+
+<div id='user_info_box'>
+<p>User information</p>
+<form action='<?php echo "{$config['urls']['base']}/user/update.php"; ?>' method='post'>
+
+<p>
+    <label for='username'><b>Username</b></label>
+    <input name='username' type='text' value='<?php echo $r['username']; ?>' required >
+</p>
+
+<p>
+    <label for='email'><b>Email</b></label>
+    <input name='email' type='text' value='<?php echo $r['email']; ?>' required >
+</p>
+
+<p>
+    <label for='password'><b>Password</b></label>
+    <input name='password' type='password' placeholder='Enter new password' >
+</p>
+
+    <input type='submit' value='update' >
+</form>
+</div>
+
+<?php
+} else {
+    # not logged in
+?>
+<div id='register_box'>
+<p>Register a new account</p>
+<form action='<?php echo "{$config['urls']['base']}/user/register.php"; ?>' method='post'>
+
+<p>
+    <label for='username'><b>Username</b></label>
+    <input name='username' type='text' placeholder='Enter username' required >
+</p>
+
+<p>
+    <label for='email'><b>Email</b></label>
+    <input name='email' type='text' placeholder='Enter email' required >
+</p>
+
+<p>
+    <label for='password'><b>Password</b></label>
+    <input name='password' type='password' placeholder='Enter password' required >
+</p>
+
+    <input type='submit' value='register' >
+</form>
+</div>
+
+<?php
+}
+
+require_once(TEMPLATES_PATH . "/footer.php");
+?>
+
diff --git a/user/login.php b/user/login.php
index 7c892e8..a927d02 100644
--- a/user/login.php
+++ b/user/login.php
@@ -4,8 +4,6 @@ require_once(TEMPLATES_PATH . "/header.php");
 session_start();
 
 $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
-
-// Performing SQL query
 $query = "SELECT id, username, password FROM users WHERE username = '$_POST[username]'";
 $result = $conn->query($query)->fetch();
 
diff --git a/user/register.php b/user/register.php
new file mode 100644
index 0000000..fb9ed09
--- /dev/null
+++ b/user/register.php
@@ -0,0 +1,29 @@
+<?php
+require '../config.php';
+require_once(TEMPLATES_PATH . "/header.php");
+require_once(TEMPLATES_PATH . "/panel.php");
+require_once(LIBRARY_PATH . "/functions.php");
+
+print_r($_POST);
+
+$password = password_hash($_POST['password'], PASSWORD_ARGON2I);
+
+$conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+$query = $conn->prepare("INSERT INTO users (username, password, email) VALUES (:username, :password, :email)");
+$query->bindParam(':username', $_POST['username']);
+$query->bindParam(':password', $password);
+$query->bindParam(':email', $_POST['email']);
+
+if($query->execute()) {
+    echo '<h2>Registration successful</h2>';
+    $result = $conn->query("SELECT id, username, password FROM users WHERE username = '$_POST[username]'")->fetch();
+    $_SESSION['user_name'] = $result['username'];
+    $_SESSION['user_id'] = $result['id'];
+} else {
+    echo '<h2>Registration failed</h2>';
+}
+
+header("Refresh: 2; URL={$config['urls']['base']}");
+
+require_once(TEMPLATES_PATH . "/footer.php");
+?>
diff --git a/user/update.php b/user/update.php
new file mode 100644
index 0000000..1fe291a
--- /dev/null
+++ b/user/update.php
@@ -0,0 +1,37 @@
+<?php
+require '../config.php';
+require_once(TEMPLATES_PATH . "/header.php");
+require_once(TEMPLATES_PATH . "/panel.php");
+require_once(LIBRARY_PATH . "/functions.php");
+
+print_r($_POST);
+
+if (isset($_SESSION['user_id']) && $_SESSION['user_id'] != "") {
+    $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+    $query = $conn->prepare("UPDATE users SET username=:username, email=:email WHERE id={$_SESSION['user_id']}");
+    $query->bindParam(':username', $_POST['username']);
+    $query->bindParam(':email', $_POST['email']);
+
+    if($query->execute()) {
+        echo "<h2>Account updated</h2>";
+    } else {
+        echo "<h2>Account update failed</h2>";
+    }
+
+    if($_POST['password'] != "") {
+        $password = password_hash($_POST['password'], PASSWORD_ARGON2I);
+        $query = $conn->prepare("UPDATE users SET password=:password WHERE id={$_SESSION['user_id']}");
+        $query->bindParam(':password', $password);
+
+        if($query->execute()) {
+            echo "<p>Password updated</p>";
+        } else {
+            echo "<p>Password update failed</p>";
+        }
+    }
+
+}
+
+header("Refresh: 2; URL=$_SERVER[HTTP_REFERER]");
+require_once(TEMPLATES_PATH . "/footer.php");
+?>
-- 
cgit v1.2.1