From b698dd1786ce8858744f5cb5293bd97f90c9d207 Mon Sep 17 00:00:00 2001
From: Aqua-sama <aqua@iserlohn-fortress.net>
Date: Mon, 12 Apr 2021 12:17:02 +0300
Subject: User: register and update

---
 user/index.php    | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 user/login.php    |  2 --
 user/register.php | 29 ++++++++++++++++++++++++
 user/update.php   | 37 ++++++++++++++++++++++++++++++
 4 files changed, 133 insertions(+), 2 deletions(-)
 create mode 100644 user/index.php
 create mode 100644 user/register.php
 create mode 100644 user/update.php

(limited to 'user')

diff --git a/user/index.php b/user/index.php
new file mode 100644
index 0000000..90b3a84
--- /dev/null
+++ b/user/index.php
@@ -0,0 +1,67 @@
+<?php
+require '../config.php';
+require_once(TEMPLATES_PATH . "/header.php");
+require_once(TEMPLATES_PATH . "/panel.php");
+require_once(LIBRARY_PATH . "/functions.php");
+
+if (isset($_SESSION['user_id']) && $_SESSION['user_id'] != "") {
+    $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+    $r = $conn->query("SELECT username, email FROM users WHERE id = '$_SESSION[user_id]'")->fetch();
+?>
+
+<div id='user_info_box'>
+<p>User information</p>
+<form action='<?php echo "{$config['urls']['base']}/user/update.php"; ?>' method='post'>
+
+<p>
+    <label for='username'><b>Username</b></label>
+    <input name='username' type='text' value='<?php echo $r['username']; ?>' required >
+</p>
+
+<p>
+    <label for='email'><b>Email</b></label>
+    <input name='email' type='text' value='<?php echo $r['email']; ?>' required >
+</p>
+
+<p>
+    <label for='password'><b>Password</b></label>
+    <input name='password' type='password' placeholder='Enter new password' >
+</p>
+
+    <input type='submit' value='update' >
+</form>
+</div>
+
+<?php
+} else {
+    # not logged in
+?>
+<div id='register_box'>
+<p>Register a new account</p>
+<form action='<?php echo "{$config['urls']['base']}/user/register.php"; ?>' method='post'>
+
+<p>
+    <label for='username'><b>Username</b></label>
+    <input name='username' type='text' placeholder='Enter username' required >
+</p>
+
+<p>
+    <label for='email'><b>Email</b></label>
+    <input name='email' type='text' placeholder='Enter email' required >
+</p>
+
+<p>
+    <label for='password'><b>Password</b></label>
+    <input name='password' type='password' placeholder='Enter password' required >
+</p>
+
+    <input type='submit' value='register' >
+</form>
+</div>
+
+<?php
+}
+
+require_once(TEMPLATES_PATH . "/footer.php");
+?>
+
diff --git a/user/login.php b/user/login.php
index 7c892e8..a927d02 100644
--- a/user/login.php
+++ b/user/login.php
@@ -4,8 +4,6 @@ require_once(TEMPLATES_PATH . "/header.php");
 session_start();
 
 $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
-
-// Performing SQL query
 $query = "SELECT id, username, password FROM users WHERE username = '$_POST[username]'";
 $result = $conn->query($query)->fetch();
 
diff --git a/user/register.php b/user/register.php
new file mode 100644
index 0000000..fb9ed09
--- /dev/null
+++ b/user/register.php
@@ -0,0 +1,29 @@
+<?php
+require '../config.php';
+require_once(TEMPLATES_PATH . "/header.php");
+require_once(TEMPLATES_PATH . "/panel.php");
+require_once(LIBRARY_PATH . "/functions.php");
+
+print_r($_POST);
+
+$password = password_hash($_POST['password'], PASSWORD_ARGON2I);
+
+$conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+$query = $conn->prepare("INSERT INTO users (username, password, email) VALUES (:username, :password, :email)");
+$query->bindParam(':username', $_POST['username']);
+$query->bindParam(':password', $password);
+$query->bindParam(':email', $_POST['email']);
+
+if($query->execute()) {
+    echo '<h2>Registration successful</h2>';
+    $result = $conn->query("SELECT id, username, password FROM users WHERE username = '$_POST[username]'")->fetch();
+    $_SESSION['user_name'] = $result['username'];
+    $_SESSION['user_id'] = $result['id'];
+} else {
+    echo '<h2>Registration failed</h2>';
+}
+
+header("Refresh: 2; URL={$config['urls']['base']}");
+
+require_once(TEMPLATES_PATH . "/footer.php");
+?>
diff --git a/user/update.php b/user/update.php
new file mode 100644
index 0000000..1fe291a
--- /dev/null
+++ b/user/update.php
@@ -0,0 +1,37 @@
+<?php
+require '../config.php';
+require_once(TEMPLATES_PATH . "/header.php");
+require_once(TEMPLATES_PATH . "/panel.php");
+require_once(LIBRARY_PATH . "/functions.php");
+
+print_r($_POST);
+
+if (isset($_SESSION['user_id']) && $_SESSION['user_id'] != "") {
+    $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
+    $query = $conn->prepare("UPDATE users SET username=:username, email=:email WHERE id={$_SESSION['user_id']}");
+    $query->bindParam(':username', $_POST['username']);
+    $query->bindParam(':email', $_POST['email']);
+
+    if($query->execute()) {
+        echo "<h2>Account updated</h2>";
+    } else {
+        echo "<h2>Account update failed</h2>";
+    }
+
+    if($_POST['password'] != "") {
+        $password = password_hash($_POST['password'], PASSWORD_ARGON2I);
+        $query = $conn->prepare("UPDATE users SET password=:password WHERE id={$_SESSION['user_id']}");
+        $query->bindParam(':password', $password);
+
+        if($query->execute()) {
+            echo "<p>Password updated</p>";
+        } else {
+            echo "<p>Password update failed</p>";
+        }
+    }
+
+}
+
+header("Refresh: 2; URL=$_SERVER[HTTP_REFERER]");
+require_once(TEMPLATES_PATH . "/footer.php");
+?>
-- 
cgit v1.2.1