initial commit

login.php

@@ -0,0 +1,46 @@
+<?php 
+session_start();
+$pdo = new PDO('mysql:host=localhost;dbname=usertable', 'root', '');
+ 
+if(isset($_GET['login'])) {
+    $email = $_POST['email'];
+    $passwort = $_POST['passwort'];
+    
+    $statement = $pdo->prepare("SELECT * FROM users WHERE email = :email");
+    $result = $statement->execute(array('email' => $email));
+    $user = $statement->fetch();
+        
+    //Überprüfung des Passworts
+    if ($user !== false && password_verify($passwort, $user['passwort'])) {
+        $_SESSION['userid'] = $user['id'];
+        die('successfull. go to: <a href="secure.php">secure page</a>');
+    } else {
+        $errorMessage = "somethings wrong (maybe wrong password or wrong email)<br>";
+    }
+    
+}
+?>
+<!DOCTYPE html> 
+<html> 
+<head>
+  <title>Login</title>    
+</head> 
+<body>
+ 
+<?php 
+if(isset($errorMessage)) {
+    echo $errorMessage;
+}
+?>
+ 
+<form action="?login=1" method="post">
+E-Mail:<br>
+<input type="email" size="40" maxlength="250" name="email"><br><br>
+ 
+Dein Passwort:<br>
+<input type="password" size="40" name="passwort"><br>
+ 
+<input type="submit" value="GO">
+</form> 
+</body>
+</html>

register.php

@@ -0,0 +1,82 @@
+<?php 
+session_start();
+$pdo = new PDO('mysql:host=localhost;dbname=usertable', 'root', '');
+?>
+<!DOCTYPE html> 
+<html> 
+<head>
+  <title>Register</title>    
+</head> 
+<body>
+ 
+<?php
+$showFormular = true;
+ 
+if(isset($_GET['register'])) {
+    $error = false;
+    $email = $_POST['email'];
+    $passwort = $_POST['passwort'];
+    $passwort_confirm = $_POST['passwort_confirm'];
+  
+    if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+        echo 'Please use valid email<br>';
+        $error = true;
+    }     
+    if(strlen($passwort) == 0) {
+        echo 'Please enter password<br>';
+        $error = true;
+    }
+    if($passwort != $passwort_confirm) {
+        echo 'passwords doesnt match<br>';
+        $error = true;
+    }
+    
+
+    if(!$error) { 
+        $statement = $pdo->prepare("SELECT * FROM users WHERE email = :email");
+        $result = $statement->execute(array('email' => $email));
+        $user = $statement->fetch();
+        
+        if($user !== false) {
+            echo 'already a user here<br>';
+            $error = true;
+        }    
+    }
+
+    if(!$error) {    
+        $passwort_hash = password_hash($passwort, PASSWORD_DEFAULT);
+        
+        $statement = $pdo->prepare("INSERT INTO users (email, passwort) VALUES (:email, :passwort)");
+        $result = $statement->execute(array('email' => $email, 'passwort' => $passwort_hash));
+        
+        if($result) {        
+            echo 'successfull registered. <a href="login.php">Login</a>';
+            $showFormular = false;
+        } else {
+            echo 'Error. Please try again!<br>';
+        }
+    } 
+}
+ 
+if($showFormular) {
+?>
+ 
+<form action="?register=1" method="post">
+E-Mail:<br>
+<input type="email" size="40" maxlength="250" name="email"><br><br>
+ 
+Password:<br>
+<input type="password" size="40"  name="passwort"><br>
+ 
+Password (aganin):<br>
+<input type="password" size="40" name="passwort_confirm"><br><br>
+ 
+<input type="submit" value="GO">
+</form>
+ 
+<?php
+} 
+?>
+ 
+</body>
+</html>

secure.php

@@ -0,0 +1,12 @@
+<?php
+session_start();
+if(!isset($_SESSION['userid'])) {
+    die('Please <a href="login.php">login</a>');
+}
+ 
+$userid = $_SESSION['userid'];
+ 
+echo "Hi ".$userid;
+echo "<br/>"
+echo "This is secure now!"
+?>

usertable.sql

@@ -0,0 +1,10 @@
+CREATE TABLE `users` ( 
+  `id` INT NOT NULL AUTO_INCREMENT ,
+  `email` VARCHAR(255) NOT NULL ,
+  `passwort` VARCHAR(255) NOT NULL ,
+  `vorname` VARCHAR(255) NOT NULL DEFAULT '' ,
+  `nachname` VARCHAR(255) NOT NULL DEFAULT '' ,
+  `created_at` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
+  `updated_at` TIMESTAMP on update CURRENT_TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
+  PRIMARY KEY (`id`), UNIQUE (`email`)
+) ENGINE = InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;