From afcd048260123e1a150ec76b5d65de64eff8a2b8 Mon Sep 17 00:00:00 2001
From: Joey Lai <joeylai96@hotmail.com>
Date: Wed, 18 Jan 2017 12:35:41 +0100
Subject: [PATCH] Almost finished login/register page

---
 website/public/login.php        | 39 +++--------------
 website/public/register.php     | 77 +++++++++------------------------
 website/public/styles/index.css |  3 +-
 website/queries/login.php       | 18 ++++++++
 website/queries/register.php    | 57 ++++++++++++++++++++++++
 website/queries/settings.php    |  6 +--
 website/views/register-view.php | 24 +++-------
 7 files changed, 113 insertions(+), 111 deletions(-)
 create mode 100644 website/queries/login.php
 create mode 100644 website/queries/register.php

diff --git a/website/public/login.php b/website/public/login.php
index e20c204..40907a7 100644
--- a/website/public/login.php
+++ b/website/public/login.php
@@ -1,7 +1,9 @@
 <!DOCTYPE html>
 <html>
 <?php
-include("../views/login_head.php");
+    include("../views/login_head.php");
+    include_once("../queries/connect.php");
+    include_once("../queries/login.php");
 ?>
 <body>
 <?php
@@ -11,7 +13,6 @@ include("../views/login_head.php");
     $uname = $psw ="";
     $loginErr ="";
 
-
     // Trying to login
     if ($_SERVER["REQUEST_METHOD"] == "POST") {
         // Empty username or password field
@@ -22,47 +23,19 @@ include("../views/login_head.php");
         else {
             $uname=$_POST["uname"];
             $psw=$_POST["psw"];
-
-            // Protection against MySQL injections
-            $uname = stripslashes($uname);
-            $psw = stripslashes($psw);
-            $uname = mysql_real_escape_string($uname);
-            $psw = mysql_real_escape_string($psw);
-
-            // Database information
-            $servername = "agile136.science.uva.nl";
-            $username = "mhbp";
-            $password = "qdtboXhCHJyL2szC";
-
-            // Creates connection
-            $conn = new mysqli($servername, $username, $password);
-
-            // Selects database
-            $db = mysql_select_db("company", $connection);
-
-            // Query for listing all accounts that meets the requirement of the login information
-            $query = mysql_query("select * from login where password='$psw' AND username='$uname'", $connection);
-
-            // Checks if there's an account
-            $count = mysql_num_rows($query);
+            $hash=hashPassword()["password"];
 
             // If there's an account, go to the profile page
-            if($count == 1) {
-               $_SESSION[$uname] = $uname;
-               $_SESSION[$userID] = $userID;
+            if(password_verify($psw, $hash)) {
 
                header("location: myhyvesbookplus.nl/profile.php");
-            }else {
+            } else {
                $loginErr = "Inloggegevens zijn niet correct";
             }
 
-            // Closing Connection
-            mysql_close($connection);
         }
     }
 
-
-
 /* This view adds login view */
 include("../views/login-view.php");
 ?>
diff --git a/website/public/register.php b/website/public/register.php
index 1d65102..8b8f4e6 100644
--- a/website/public/register.php
+++ b/website/public/register.php
@@ -3,6 +3,7 @@
 <?php
     include("../views/login_head.php");
     include_once("../queries/connect.php");
+    include_once("../queries/register.php");
 
 ?>
 <body>
@@ -10,8 +11,8 @@
     session_start();
 
     // define variables and set to empty values
-    $name = $surname = $bday = $username = $password = $confirmpassword = $streetname = $housenumber = $email = "";
-    $genericErr = $nameErr = $surnameErr = $bdayErr = $usernameErr = $passwordErr = $confirmpasswordErr = $streetnameErr = $housenumberErr = $emailErr = "";
+    $name = $surname = $bday = $username = $password = $confirmpassword = $location = $housenumber = $email = "";
+    $genericErr = $nameErr = $surnameErr = $bdayErr = $usernameErr = $passwordErr = $confirmpasswordErr = $locationErr = $housenumberErr = $emailErr = "";
     $correct = true;
 
     // Saves information of filling in the form
@@ -35,8 +36,8 @@
         $password = $_POST["password"];
     }
 
-    if (isset($_POST["streetname"])) {
-        $streetname = $_POST["streetname"];
+    if (isset($_POST["location"])) {
+        $location = $_POST["location"];
     }
 
     if (isset($_POST["housenumber"])) {
@@ -87,6 +88,10 @@
                 $usernameErr = "Gebruikersnaam moet minstens 6 karakters bevatten";
                 $correct = false;
 
+            } else if (getExistingUser() == 1 ){
+                $usernameErr = "Gebruikersnaam bestaat al";
+                $correct = false;
+
             }
         }
 
@@ -108,30 +113,24 @@
 
         }
 
-        if ($_POST["password"]!= $_POST["confirmpassword"]) {
+        if ($_POST["password"] != $_POST["confirmpassword"]) {
             $confirmpasswordErr = "Wachtwoorden matchen niet";
             $correct = false;
 
         }
 
-        if (empty($_POST["streetname"])) {
-            $streetnameErr = "Straatnaam is verplicht!";
+        if (empty($_POST["location"])) {
+            $locationErr = "Straatnaam is verplicht!";
             $correct = false;
 
         } else {
-            if (!preg_match("/^[a-zA-Z ]*$/",$streetname)) {
-                $streetnameErr = "Alleen letters en spaties zijn toegestaan!";
+            if (!preg_match("/^[a-zA-Z ]*$/",$location)) {
+                $locationErr = "Alleen letters en spaties zijn toegestaan!";
                 $correct = false;
 
             }
         }
 
-        if (empty($_POST["housenumber"])) {
-            $housenumberErr = "Huisnummer is verplicht!";
-            $correct = false;
-
-        }
-
         if (empty($_POST["email"])) {
             $emailErr = "Email is verplicht!";
             $correct = false;
@@ -140,6 +139,11 @@
             if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                 $emailErr = "Geldige email invullen!";
                 $correct = false;
+
+            } else if (getExistingEmail() == 1){
+                $emailErr = "Email bestaat al";
+                $correct = false;
+
             }
         }
 
@@ -148,48 +152,9 @@
             $genericErr = "Bepaalde velden zijn verkeerd of niet ingevuld!";
 
         } else {
-            $servername = "agile136.science.uva.nl";
-            $username = "mhbp";
-            $password = "qdtboXhCHJyL2szC";
+            registerAccount();
+            // header("location: login.php");
 
-            // Creates connection
-            $conn = new mysqli($servername, $username, $password);
-
-            // Checks connection
-            if ($conn->connect_error) {
-                die("Connection failed: " . $conn->connect_error);
-            }
-
-            // Query for inserting all the data in the database
-            $sql = "INSERT INTO
-            VALUES ($name, $surname, $bday, $username, $password,
-                    $confirmpassword, $streetname, $housenumber, $email)";
-
-            // Checks if able to insert into database
-            if (mysqli_query($conn, $sql)) {
-                echo "New record created successfully";
-            } else {
-                echo "Error: " . $sql . "<br>" . mysqli_error($conn);
-            }
-
-
-
-            <?php
-                /* Execute a prepared statement by binding PHP variables */
-                $calories = 150;
-                $colour = 'red';
-                $sth = $dbh->prepare('SELECT name, colour, calories
-                    FROM fruit
-                    WHERE calories < :calories AND colour = :colour');
-                $sth->bindParam(':calories', $calories, PDO::PARAM_INT);
-                $sth->bindParam(':colour', $colour, PDO::PARAM_STR, 12);
-                $sth->execute();
-            ?>
-
-
-
-            // Closing connection
-            mysql_close($connection);
         }
     }
 
diff --git a/website/public/styles/index.css b/website/public/styles/index.css
index 5978f9d..a368066 100644
--- a/website/public/styles/index.css
+++ b/website/public/styles/index.css
@@ -59,8 +59,9 @@ div[data-title]:hover:after{
 body {
     height: 900px;
 
-    background-image: url(https://images2.pixlis.com/background-image-plaid-checkered-seamless-tileable-235ftm.png);
+    background-image: url(https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTEnqKdVtLbxjKuNsCSCxFRhTOpp3Gm0gsU8bMgA_MeUYyzrUFy);
     background-size: contain;
+    background-repeat: repeat-x;
     background-attachment: fixed;
 
     /*background-color: #B78996;*/
diff --git a/website/queries/login.php b/website/queries/login.php
new file mode 100644
index 0000000..23cdbcd
--- /dev/null
+++ b/website/queries/login.php
@@ -0,0 +1,18 @@
+<?php
+
+function hashPassword() {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT
+      `password`
+    FROM
+      `user`
+    WHERE
+      `username` = :username
+    ");
+
+    $stmt->bindParam(":username", $_POST["uname"]);
+    $stmt->execute();
+    return $stmt->fetch(PDO::FETCH_ASSOC);
+}
+
+?>
diff --git a/website/queries/register.php b/website/queries/register.php
new file mode 100644
index 0000000..4d7d593
--- /dev/null
+++ b/website/queries/register.php
@@ -0,0 +1,57 @@
+<?php
+
+function getExistingUser() {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT * FROM `user` WHERE `username` = :username
+    ");
+
+    $stmt->bindParam(":username", $_POST["username"]);
+    $stmt->execute();
+    return $stmt->rowCount();
+
+}
+
+function getExistingEmail() {
+    $stmt = $GLOBALS["db"]->prepare("
+    SELECT * FROM `user` WHERE `email` = :email
+    ");
+
+    $stmt->bindParam(":email", $_POST["email"]);
+    $stmt->execute();
+    return $stmt->rowCount();
+}
+
+function registerAccount() {
+    $stmt = $GLOBALS["db"]->prepare("
+    INSERT INTO
+      `user`(fname,
+             lname,
+             birthdate,
+             username,
+             password,
+             location,
+             email)
+    VALUES(
+      :fname,
+      :lname,
+      :bday,
+      :username,
+      :password,
+      :location,
+      :email
+    )");
+
+    $hash=password_hash($_POST["password"], PASSWORD_DEFAULT);
+
+    $stmt->bindParam(":fname", $_POST["name"]);
+    $stmt->bindParam(":lname", $_POST["surname"]);
+    $stmt->bindParam(":bday", $_POST["bday"]);
+    $stmt->bindParam(":username", $_POST["username"]);
+    $stmt->bindParam(":password", $hash);
+    $stmt->bindParam(":location", $_POST["location"]);
+    $stmt->bindParam(":email", $_POST["email"]);
+
+    print("execute".$stmt->execute());
+    print("count".$stmt->rowCount());
+}
+?>
diff --git a/website/queries/settings.php b/website/queries/settings.php
index 66ddda8..bd9e542 100644
--- a/website/queries/settings.php
+++ b/website/queries/settings.php
@@ -10,9 +10,9 @@ function getSettings() {
       `birthdate`,
       `bio`,
       `profilepicture`
-    FROM 
+    FROM
       `user`
-    WHERE 
+    WHERE
       `userID` = :userID
       ");
 
@@ -43,4 +43,4 @@ function updateSettings() {
     $stmt->bindParam(":userID", $_SESSION["userID"]);
 
     $stmt->execute();
-}
\ No newline at end of file
+}
diff --git a/website/views/register-view.php b/website/views/register-view.php
index a184f71..3ccc978 100644
--- a/website/views/register-view.php
+++ b/website/views/register-view.php
@@ -94,28 +94,16 @@
         <span class="error">* <?php echo $confirmpasswordErr;?></span>
     </div>
 
-    <!-- Register streetname -->
+    <!-- Register location -->
     <div class="login_containerregister">
-        <label><b>Straatnaam</b></label>
+        <label><b>Woonplaats</b></label>
         <input type="text"
-               placeholder="Voer uw straatnaam in"
-               name="streetname"
-               value="<?php echo $streetname ?>"
+               placeholder="Voer uw woonplaats in"
+               name="location"
+               value="<?php echo $location ?>"
                pattern="[A-Za-z]{1,}"
                title="Mag alleen letters bevatten">
-        <span class="error">* <?php echo $streetnameErr;?></span>
-    </div>
-
-    <!-- Register housenumber -->
-    <div class="login_containerregister">
-        <label><b>Huisnummer</b></label>
-        <input type="text"
-               placeholder="Voer uw straatnummer in"
-               name="housenumber"
-               value="<?php echo $housenumber ?>"
-               pattern="[1-9][0-9]{0,}"
-               title="Mag alleen nummers bevatten">
-        <span class="error">* <?php echo $housenumberErr;?></span>
+        <span class="error">* <?php echo $locationErr;?></span>
     </div>
 
     <!-- Register email -->