thies/loginpagefoo
Template
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

made a mvp

Browse Source
This commit is contained in:
thies
2021-01-17 16:21:59 +01:00
parent 572f3317e3
commit 469ddf0c3e
20 changed files with 45 additions and 576 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
CONTRIBUTORS.MD Normal file
View File

@@ -0,0 +1,22 @@
# loginpagefoo
## Authors
- Lara Schradick
- Miriam Schroth
## License
Written under AGPLv3.
For more infos see [/LICENSE](/LICENSE)
## External Sources
### Stylesheets:
- Bootstrap
### Javascript:
- Bootstrap
### Database Design:
- Thies Müller
### PHP Code:
- contributions from Thies Müller

17
FEATURES.MD
View File

@@ -1,17 +0,0 @@
# FEATURES
## Password Login
## PHP Session
## Logout
## Forget Password
## Password Complexibility Check
## Admin Functions
## Activate E-Mail
## More to come

4
activatedarea.php
View File

@@ -24,9 +24,9 @@ if(isset($_GET['notimplemented'])) { //if "?notimplemented=1" is received, print
//some html links to other pages
?>
<br /><br />
<a href="changeprofilepicture.php"><button class="btn btn-primary">Change Profile Picture</button>
<a href="?notimplemented=1"><button class="btn btn-primary">Some Feature</button>
<br /><br />
<a href="?notimplemented=1"><button class="btn btn-primary disabled">Change Description</button></a>
<a href="?notimplemented=1"><button class="btn btn-primary disabled">Some other Feature</button></a>
<br /> <br /><br />
<a href="start.php"><button class="btn btn-info">Back</button></a>
</div>

7
activation.php
View File

@@ -64,10 +64,15 @@ If this mail comes unsolicited, please just ignore the mail.
cheers
loginpagefoo script';
mail($mailrcpt, $mailsubject, $text, $from); //sending the mail with the build-in mail function.
echo 'Activation Link: <a href="'.$url_activationcode.'">'.$url_activationcode.'</a>';
/*
this would be the prod implementation
instead we just print the link and never ever use this in prod!
mail($mailrcpt, $mailsubject, $text, $from); //sending the mail with the build-in mail function.
echo 'Link send. Going back to <a href="profile.php">profile</a> page. <meta http-equiv="refresh" content="0; URL=profile.php">';
//afterwards going back to profile, and dont render the form again.
*/
$showForm = false;
}
}

9
adminarea.php
View File

@@ -12,13 +12,6 @@ session_start();
if($_SESSION['isadmin'] == 0) { //but first a check if you've got admin rights. if not, destroy the session and go back to start.
die ('No rights for you! <meta http-equiv="refresh" content="0; URL=logout.php">');
} //this is purely a cosmetic effect. no harm could be done from here. it's merely a html page with a little check if you've got the right rights.
echo '<div class="alert alert-danger" role="alert">heres the admin world</div>';
echo '<div class="alert alert-danger" role="alert">heres the admin world. poc of rights management</div>';
echo '<a href="adminarea_useradmin.php"><button class="btn btn-primary">User Admin</button></a>';
echo '<br /> <br />';
echo '<a href="adminarea_sessions.php"><button class="btn btn-primary">Session Admin</button></a>';
echo '<br /> <br />';
echo '<a href="adminarea_admins.php"><button class="btn btn-danger">Admin Admin</button></a>';
echo '<br /> <br />';
echo '<a href="start.php"><button class="btn btn-info">Back</button></a>';
?>

69
adminarea_admins.php
View File

@@ -1,69 +0,0 @@
<html>
<head>
<title>Admin Area</title>
<link rel="stylesheet" href="ressources/css/bootstrap.min.css" crossorigin="anonymous">
</head>
<body>
<script src="ressources/js/bootstrap.min.js"></script>
<?php
session_start();
if($_SESSION['isadmin'] == 0) {
die ('No rights for you! <meta http-equiv="refresh" content="0; URL=logout.php">');
}
echo '<div class="alert alert-danger" role="alert">heres the admin world</div>';
echo '<a href="adminarea_admins_give.php"><button class="btn btn-success">GIVE</button></a>';
echo '<a href="adminarea_admins_take.php"><button class="btn btn-danger">TAKE</button></a>';
echo "<br />";
echo $output;
echo "<br />";
echo "//implement a user search here."; //yeah! Do what the comment says!
echo '<br />';
$showForm = false;
if(isset($_GET['user']) ) {
if(!isset($_POST['username']) || empty($_POST['username'])) {
$error = "<b>Enter the username</b>";
} else {
$statement = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$result = $statement->execute(array('username' => $_POST['username']));
$user = $statement->fetch();
if($user === false) {
$error = "<b>no user found</b>";
} else {
echo $user['isadmin'];
$showForm = false;
}
}
}
if($showForm):
?>
<h1>Search for Admin Rights!</h1>
Please enter the username below.<br><br>
<?php
if(isset($error) && !empty($error)) {
echo $error;
}
?>
<script src="ressources/js/bootstrap.min.js"></script>
<form action="?user=1" method="post">
<div class="form-group">
<label for="username">Username</label>
<input type="text" name="username" id="username" class="form-control" value="<?php echo isset($_POST['username']) ? htmlentities($_POST['username']) : ''; ?>"><br>
</div>
<button type="submit" class="btn btn-primary">Search User Rights</button>
</form>
<?php
endif;
?>
<?php
echo '<br /> <br />';
echo '<a href="adminarea.php"><button class="btn btn-info">Back</button></a>';
?>

72
adminarea_admins_give.php
View File

@@ -1,72 +0,0 @@
<html>
<head>
<title>Admin Area</title>
<link rel="stylesheet" href="ressources/css/bootstrap.min.css" crossorigin="anonymous">
</head>
<body>
<script src="ressources/js/bootstrap.min.js"></script>
<?php
session_start();
include 'backgroundupdate.php';
if($_SESSION['isadmin'] == 0) {
die ('No rights for you! <meta http-equiv="refresh" content="0; URL=logout.php">');
}
echo '<div class="alert alert-danger" role="alert">heres the admin world</div>';
$showForm = true;
if(isset($_GET['user']) ) {
if(!isset($_POST['username']) || empty($_POST['username'])) {
$error = "<b>Enter the username</b>";
} else {
$statement = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$result = $statement->execute(array('username' => $_POST['username']));
$user = $statement->fetch();
if($user === false) {
$error = "<b>no user found</b>";
} else {
//check if theres a code already
$statement = $pdo->prepare("UPDATE users SET isadmin = '1' WHERE id = :userid");
$result = $statement->execute(array('userid' => $user['id']));
echo '<div class="alert alert-success" role="alert">Successfully granted ';
echo $user['username'];
echo ' ADMIN rights.</div>';
$showForm = false;
}
}
}
if($showForm):
?>
<h1>Give Admin Rights!</h1>
Please enter the username below.<br><br>
<?php
if(isset($error) && !empty($error)) {
echo $error;
}
?>
<script src="ressources/js/bootstrap.min.js"></script>
<form action="?user=1" method="post">
<div class="form-group">
<label for="username">Username</label>
<input type="text" name="username" id="username" class="form-control" value="<?php echo isset($_POST['username']) ? htmlentities($_POST['username']) : ''; ?>"><br>
</div>
<button type="submit" class="btn btn-primary">Grant User Rights</button>
</form>
<?php
endif;
?>
<?php
echo '<br /> <br />';
echo '<a href="adminarea.php"><button class="btn btn-info">Back</button></a>';
?>

71
adminarea_admins_take.php
View File

@@ -1,71 +0,0 @@
<html>
<head>
<title>Admin Area</title>
<link rel="stylesheet" href="ressources/css/bootstrap.min.css" crossorigin="anonymous">
</head>
<body>
<script src="ressources/js/bootstrap.min.js"></script>
<?php
session_start();
include 'backgroundupdate.php';
if($_SESSION['isadmin'] == 0) {
die ('No rights for you! <meta http-equiv="refresh" content="0; URL=logout.php">');
}
echo '<div class="alert alert-danger" role="alert">heres the admin world</div>';
$showForm = true;
if(isset($_GET['user']) ) {
if(!isset($_POST['username']) || empty($_POST['username'])) {
$error = "<b>Enter the username</b>";
} else {
$statement = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$result = $statement->execute(array('username' => $_POST['username']));
$user = $statement->fetch();
if($user === false) {
$error = "<b>no user found</b>";
} else {
//check if theres a code already
$statement = $pdo->prepare("UPDATE users SET isadmin = '0' WHERE id = :userid");
$result = $statement->execute(array('userid' => $user['id']));
echo '<div class="alert alert-success" role="alert">Successfully took the ADMIN rights from ';
echo $user['username'];
echo '</div>';
$showForm = false;
}
}
}
if($showForm):
?>
<h1>Give Admin Rights!</h1>
Please enter the username below.<br><br>
<?php
if(isset($error) && !empty($error)) {
echo $error;
}
?>
<script src="ressources/js/bootstrap.min.js"></script>
<form action="?user=1" method="post">
<div class="form-group">
<label for="username">Username</label>
<input type="text" name="username" id="username" class="form-control" value="<?php echo isset($_POST['username']) ? htmlentities($_POST['username']) : ''; ?>"><br>
</div>
<button type="submit" class="btn btn-primary">Take User Rights</button>
</form>
<?php
endif;
?>
<?php
echo '<br /> <br />';
echo '<a href="adminarea.php"><button class="btn btn-info">Back</button></a>';
?>

58
adminarea_useradmin.php
View File

@@ -1,58 +0,0 @@
<html>
<head>
<title>Admin Area</title>
<link rel="stylesheet" href="ressources/css/bootstrap.min.css" crossorigin="anonymous">
</head>
<body>
<script src="ressources/js/bootstrap.min.js"></script>
<?php
session_start();
include 'backgroundupdate.php';
if($_SESSION['isadmin'] == 0) {
die ('No rights for you! <meta http-equiv="refresh" content="0; URL=logout.php">');
}
echo '<div class="alert alert-danger" role="alert">heres the admin world</div>';
//create connection
$connection = mysqli_connect($mysqlhost, $dbuser, $dbpass, $dbname);
//test if connection failed
if(mysqli_connect_errno()){
die("connection failed: "
. mysqli_connect_error()
. " (" . mysqli_connect_errno()
. ")");
}
//get results from database
$result = mysqli_query($connection,"SELECT * FROM users");
$all_property = array(); //declare an array for saving property
//showing property
echo '<table class="table table-striped">
<tr class="data-heading">'; //initialize table tag
while ($property = mysqli_fetch_field($result)) {
echo '<td>' . $property->name . '</td>'; //get field name for header
array_push($all_property, $property->name); //save those to array
}
echo '</tr>'; //end tr tag
//showing all data
while ($row = mysqli_fetch_array($result)) {
echo "<tr>";
foreach ($all_property as $item) {
echo '<td>' . $row[$item] . '</td>'; //get items using property value
}
echo '</tr>';
}
echo "</table>";
echo '<br /> <br />';
echo '<a href="adminarea.php"><button class="btn btn-info">Back</button></a>';
?>

1
backgroundupdate.php
View File

@@ -15,5 +15,4 @@ $_SESSION['lastName'] = $user['lastName'];
$_SESSION['activated'] = $user['activated'];
$_SESSION['updated_at'] = $user['updated_at'];
$_SESSION['isadmin'] = $user['isadmin'];
$_SESSION['profilepicture'] = $user['profilepicture'];
?>

109
changepass.php
View File

@@ -1,109 +0,0 @@
<?php
echo "not implemented yet!";
/*
session_start();
include 'db.inc.php';
if(isset($_GET['changed'])) {
$username = $_POST['username'];
$oldpassword = $_POST['oldpassword'];
$password = $_POST('password');
$password_confirm = $_POST('password_confirm');
$statement = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$result = $statement->execute(array('username' => $username));
$user = $statement->fetch();
if ($user !== false && password_verify($oldpassword, $user['password'])) {
if(isset($_GET['send'])) {
$password = $_POST['password'];
$password_confirm = $_POST['password_confirm'];
//regexes for passvalidation:
$REuppercase = preg_match('@[A-Z]@', $password);
$RElowercase = preg_match('@[a-z]@', $password);
$REnumber = preg_match('@[0-9]@', $password);
$REspecialChars = preg_match('@[^\w]@', $password);
if($password != $password_confirm) {
echo "password or confirmed password wrong";
}
if(!$REuppercase || !$RElowercase || !$REnumber || !$REspecialChars || strlen($password) < 8) {
echo '<color="red">Password needs to be more complex.</color><br />';
echo '<i>Please implement at least 8 chars, upper & downer caser, one number & one special char.</i><br />';
$error = true;
} else {
$passwordhash = password_hash($password, PASSWORD_DEFAULT);
$statement = $pdo->prepare("UPDATE users SET password = :passwordhash, passwordcode = NULL, passwordcode_time = NULL WHERE id = :userid");
$result = $statement->execute(array('passwordhash' => $passwordhash, 'userid'=> $userid ));
if($result) {
die('Changed password. Going to <a href="start.php">start</a> now.<meta http-equiv="refresh" content="1; URL=start.php">');
}
}
}
die('<div class="alert alert-success" role="alert"> successfull. go to: <a href="start.php">start page</a></div> <meta http-equiv="refresh" content="0; URL=start.php">');
} else {
$errorMessage = '<div class="alert alert-danger" role="alert">somethings wrong (maybe wrong password or wrong user)</div><br>';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" href="ressources/css/bootstrap.min.css" crossorigin="anonymous">
<title>Change Password</title>
</head>
<body>
<?php
if(isset($errorMessage)) {
echo $errorMessage;
}
?>
<script src="ressources/js/bootstrap.min.js"></script>
<div class="jumbotron jumbotron-fluid">
<div class="container">
<form action="?changed=1" method="post">
<div class="form-group">
<label for="username">Username</label>
<input type="text" class="form-control" size="40" id="username" placeholder="Username" name="username"><br><br>
</div>
<div class="form-group">
<label for="oldpassword">Current Password</label>
<input type="password" class="form-control" size="40" id="oldpassword" placeholder="Your old password" name="oldpassword"><br>
</div>
<div class="form-group">
<label for="password">New Password</label>
<input type="password" class="form-control" size="40" id="password" placeholder="Your new password" name="password"><br>
</div>
<div class="form-group">
<label for="password_confirm">Confirm New^ Password</label>
<input type="password" class="form-control" size="40" id="password_confirm" placeholder="Your new password" name="password_confirm"><br>
</div>
<button type="submit" class="btn btn-primary">Change Password</button>
</form>
<br />
<br />
<a href="forgotpass.php"><button class="btn btn-warning">I forgot my password</button></a>
<br /> <br />
</div>
</div>
</div>
</main><!-- /.container -->
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
<script>window.jQuery || document.write('<script src="../../../../assets/js/vendor/jquery-slim.min.js"><\/script>')</script>
<script src="../../../../assets/js/vendor/popper.min.js"></script>
<script src="../../../../dist/js/bootstrap.min.js"></script>
</body>
</html>
*/

68
changeprofilepicture.php
View File

@@ -1,68 +0,0 @@
<html>
<head>
<title>Activated Area</title>
<link rel="stylesheet" href="ressources/css/bootstrap.min.css" crossorigin="anonymous">
</head>
<body>
<script src="ressources/js/bootstrap.min.js"></script>
<?php
session_start();
include 'db.inc.php';
if($_SESSION['activated'] == 0) {
die ("Not activated yet");
}
echo "heres the fun world";
?>
<?php
//TODO: regex to parse file extensions here:
//function to insert url into table here:
if(isset($_GET['new'])) {
$imageurl = $_POST['imageurl'];
$userid = $_SESSION['userid'];
if($imageurl == "https://web.td00.de/woddle.gif") {
echo "<br> returning to default picture";
$statement = $pdo->prepare("UPDATE users SET profilepicture = :imageurl WHERE id = :userid");
$result = $statement->execute(array('imageurl' => $imageurl, 'userid'=> $userid ));
if($result) {
die('<br>Changed Profile Picture. Going to <a href="update.php?page=profile.php">profile</a> now.<meta http-equiv="refresh" content="1; URL=update.php?page=profile.php">');
}
}
else {
$statement = $pdo->prepare("UPDATE users SET profilepicture = :imageurl WHERE id = :userid");
$result = $statement->execute(array('imageurl' => $imageurl, 'userid'=> $userid ));
if($result) {
die('<br>Changed Profile Picture. Going to <a href="update.php?page=profile.php">profile</a> now.<meta http-equiv="refresh" content="1; URL=update.php?page=profile.php">');
}
}
}
?>
<br /> <br />
<div class="jumbotron jumbotron-fluid">
<div class="container">
<i>Right now you need to upload the picture somewhere and input the URL here.</i><br />
<b>Please be aware that only the following filetypes will work!</b>
<li>jpg</li>
<li>gif</li>
<li>png</li>
<br /><br /><br />
<script src="ressources/js/bootstrap.min.js"></script>
<form action="?new=1&amp;userid=<?php echo htmlentities($userid); ?>&amp;code=<?php echo htmlentities($code); ?>" method="post">
<div class="form-group">
<label for="imageurl">URL to new image</label>
<input type="url" pattern="https://.*" id="imageurl" class="form-control" name="imageurl"><br><br>
</div>
<button type="submit" class="btn btn-primary">Submit new Image</button>
</form>
<br /> <br /><br />
<a href="activatedarea.php"><button class="btn btn-info">Back</button></a>
</div>
</div>

4
forgotpass.php
View File

@@ -62,9 +62,11 @@ If this mail comes unsolicited, please just ignore the mail.
cheers
loginpagefoo script';
mail($mailrcpt, $mailsubject, $text, $from);
/*mail($mailrcpt, $mailsubject, $text, $from);
echo 'Link send. Going back to <a href="login.php">login</a> page. <meta http-equiv="refresh" content="0; URL=login.php">';
*/
echo 'Password Reset Link: <a href="'.$url_passwordcode.'">'.$url_passwordcode.'</a>';
$showForm = false;
}
}

66
forlaterpurposemaybe.html
View File

@@ -1,66 +0,0 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<title>Profile Page</title>
<!-- Bootstrap core CSS -->
<link href="ressources/css/bootstrap.min.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="ressources/css/page.css" rel="stylesheet">
</head>
<body>
<nav class="navbar navbar-expand-md navbar-dark bg-dark fixed-top">
<a class="navbar-brand" href="#">loginpagefoo</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarsExampleDefault" aria-controls="navbarsExampleDefault" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarsExampleDefault">
<ul class="navbar-nav mr-auto">
<li class="nav-item">
<a class="nav-link" href="login.php">Login </a>
</li>
<li class="nav-item">
<a class="nav-link" href="register.php">Register<span class="sr-only">(current)</span></a>
</li>
<li class="nav-item dropdown">
<a class="nav-link active dropdown-toggle" href="start.php" id="dropdown01" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Functions</a>
<div class="dropdown-menu" aria-labelledby="dropdown01">
<a class="dropdown-item" href="profile.php">Profile</a>
<a class="dropdown-item" href="#">Another action</a>
<a class="dropdown-item" href="#">Something else here</a>
</div>
</li>
</ul>
<form class="form-inline my-2 my-lg-0">
<a href="logout.php"><button class="btn btn-outline-warning my-2 my-sm-0" type="submit">Logout</button></a>
</form>
</div>
</nav>
<main role="main" class="container">
<div class="starter-template">
<!-- CONTENT HERE -->
</div>
</main><!-- /.container -->
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
<script>window.jQuery || document.write('<script src="../../../../assets/js/vendor/jquery-slim.min.js"><\/script>')</script>
<script src="../../../../assets/js/vendor/popper.min.js"></script>
<script src="../../../../dist/js/bootstrap.min.js"></script>
</body>
</html>

1
fullinstalldocker.sql
View File

@@ -17,6 +17,5 @@ CREATE TABLE `users` (
`activated` VARCHAR(1) NOT NULL ,
`passwordcode` VARCHAR(255) NULL ,
`passwordcode_time` TIMESTAMP NULL ,
`profilepicture` VARCHAR(255) NULL DEFAULT 'https://web.td00.de/woddle.gif' ,
PRIMARY KEY (`id`), UNIQUE (`email`), UNIQUE (`username`)
) ENGINE = InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

7
login.php
View File

@@ -1,11 +1,5 @@
<?php
/*
author: Thies Müller
contact: contactme@td00.de
source: https://github.com/td00/loginpagefoo
license: AGPL 3.0
*/
session_start(); //here the session starts again
include 'db.inc.php'; //we need a db connection here too!
@@ -26,7 +20,6 @@ if(isset($_GET['login'])) { //same as register. looks for "?login=1" in the url
$_SESSION['activated'] = $user['activated'];
$_SESSION['updated_at'] = $user['updated_at'];
$_SESSION['isadmin'] = $user['isadmin'];
$_SESSION['profilepicture'] = $user['profilepicture'];
die('<div class="alert alert-success" role="alert"> successfull. go to: <a href="start.php">start page</a></div> <meta http-equiv="refresh" content="0; URL=start.php">'); //successful login, thats all.
} else {
$errorMessage = '<div class="alert alert-danger" role="alert">somethings wrong (maybe wrong password or wrong user)</div><br>'; //if password not match or username doesn't exist print this line

7
profile.php
View File

@@ -2,7 +2,7 @@
<?php
session_start(); //start a session
if(!isset($_SESSION['userid'])) { //if there isnt a session print a please login page and go to login page
die('<div class="alert alert-primary" role="alert">Please <a href="login.php">login</a></div><meta http-equiv="refresh" content="2; URL=login.php">');
die('<div class="alert alert-primary" role="alert">Please <a href="login.php">login</a></div><meta http-equiv="refresh" content="1; URL=login.php">');
}
//for easier use we shove some of the session array into variables.
$userid = $_SESSION['userid'];
@@ -12,7 +12,6 @@ $usergn = $_SESSION['givenName'];
$userln = $_SESSION['lastName'];
$activated = $_SESSION['activated'];
$isadmin = $_SESSION['isadmin'];
$profilepicture = $_SESSION['profilepicture'];
//lets build a page:
?>
@@ -26,10 +25,6 @@ $profilepicture = $_SESSION['profilepicture'];
<div class="float-right">
<br />
<br />
<?php
echo '<img src="'.$profilepicture.'" height=90 width=90 />';
?>
</div>

7
register.php
View File

@@ -1,12 +1,7 @@
<?php
/*
author: Thies Müller
contact: contactme@td00.de
source: https://github.com/td00/loginpagefoo
license: AGPL 3.0
*/
session_start(); //everytime we want to use $_SESSION or features regarding a valid session we need to start this
include 'db.inc.php'; //this is used to establish database connections thruout the app

21
start.php
View File

@@ -25,10 +25,10 @@ $activated = $_SESSION['activated'];
<body>
<div class="d-flex flex-column flex-md-row align-items-center p-3 px-md-4 mb-3 bg-white border-bottom box-shadow">
<h5 class="my-0 mr-md-auto font-weight-normal">Crappy Login POC</h5>
<h5 class="my-0 mr-md-auto font-weight-normal">Login POC</h5>
<nav class="my-2 my-md-0 mr-md-3">
<a class="p-2 text-dark" href="https://github.com/td00/loginpagefoo">Git</a>
<?php
if($userid > 0){ //if the user is logged in (has a userid above 0) then print this:
echo 'Hi <a href="profile.php">'.$_SESSION['username'].'</a>';
@@ -175,22 +175,19 @@ if ($isadmin == 1) { //if admin rights are granted, print a admin area button
<div class="col-6 col-md">
<h5>Features</h5>
<ul class="list-unstyled text-small">
<li><a class="text-muted" href="https://github.com/td00/loginpagefoo/blob/main/FEATURES.MD#password-login">Password Login</a></li>
<li><a class="text-muted" href="https://github.com/td00/loginpagefoo/blob/main/FEATURES.MD#password-login">PHP Session</a></li>
<li><a class="text-muted" href="https://github.com/td00/loginpagefoo/blob/main/FEATURES.MD#password-login">Logout</a></li>
<li><a class="text-muted" href="https://github.com/td00/loginpagefoo/blob/main/FEATURES.MD#password-login">Forget password</a></li>
<li><a class="text-muted" href="https://github.com/td00/loginpagefoo/blob/main/FEATURES.MD#password-login">Password complexibility check</a></li>
<li><a class="text-muted" href="https://github.com/td00/loginpagefoo/blob/main/FEATURES.MD#password-login">More to come</a></li>
<li><a class="text-muted" href="">Password Login</a></li>
<li><a class="text-muted" href="">User activation</a></li>
<li><a class="text-muted" href="">Logout</a></li>
<li><a class="text-muted" href="">Forget password</a></li>
<li><a class="text-muted" href="">Password complexibility check</a></li>
<li><a class="text-muted" href="">More to come</a></li>
</ul>
</div>
<div class="col-6 col-md">
<h5>About</h5>
<ul class="list-unstyled text-small">
<li><a class="text-muted" href="https://thiesmueller.de">Me</a></li>
<li><a class="text-muted" href="https://github.com/td00/loginpagefoo">Git</a></li>
<li><a class="text-muted" href="https://thiesmueller.de/dsgvo/datenschmutz.html">Privacy</a></li>
<li><a class="text-muted" href="https://thiesmueller.de/impress/">Imprint</a></li>
<li>This is just a small POC</li>
</ul>
</div>
</div>

1
usertable.sql
View File

@@ -13,6 +13,5 @@ CREATE TABLE `users` (
`isadmin` VARCHAR(1) NULL ,
`passwordcode` VARCHAR(255) NULL ,
`passwordcode_time` TIMESTAMP NULL ,
`profilepicture` VARCHAR(255) NULL DEFAULT 'https://web.td00.de/woddle.gif' ,
PRIMARY KEY (`id`), UNIQUE (`email`), UNIQUE (`username`)
) ENGINE = InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;