failed-galleries/php-gallery
1
0
Fork 0
mirror of https://github.com/Fluffy-Bean/image-gallery.git synced 2024-12-28 02:16:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updating password reset with AJAX

Browse source
This commit is contained in:
Michał 2022-08-13 11:04:24 +00:00
parent a5212b1d11
commit 79889d64e8
6 changed files with 192 additions and 120 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
account/login.php
View file

@ -47,7 +47,7 @@
<h2>Login</h2>
<p>Passwords are important to keep safe. Don't tell anyone your password, not even Fluffy!</p>
<br>
<form id="loginSubmit" method="POST" enctype="multipart/form-data">
<form id="loginForm" method="POST" enctype="multipart/form-data">
<input id="loginUsername" class="btn btn-neutral" type="text" name="username" placeholder="Username">
<input id="loginPassword" class="btn btn-neutral" type="password" name="password" placeholder="Password">
<br>
@ -57,7 +57,7 @@
</div>
<script>
$("#loginSubmit").submit(function(event) {
$("#loginForm").submit(function(event) {
event.preventDefault();
var username = $("#loginUsername").val();
var password = $("#loginPassword").val();

78
account/password-reset.php
View file

@ -33,73 +33,39 @@
include "../ui/required.php";
include "../ui/nav.php";
// Initialize the session
session_start();
// Check if the user is logged in, otherwise redirect to login page
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){
header("location: https://superdupersecteteuploadtest.fluffybean.gay/account/login.php");
exit;
}
if (isset($_POST['reset'])) {
// Validate new password
if (empty(trim($_POST["new_password"]))) {
$error = "Enter new password!";
} elseif(strlen(trim($_POST["new_password"])) < 6) {
$error = "Password not long enough, must be 6 or more characters!";
} else {
$new_password = trim($_POST["new_password"]);
// Check if the user is logged in, otherwise redirect to login page
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){
header("location: https://superdupersecteteuploadtest.fluffybean.gay/account/login.php");
exit;
}
// Validate confirm password
if (empty(trim($_POST["confirm_password"]))) {
$error = "Pls confirm the password";
} else {
$confirm_password = trim($_POST["confirm_password"]);
if(empty($error) && ($new_password != $confirm_password)) {
$error = "Password did not match!!!!";
}
}
// Check for errors
if (empty($error)) {
// Prepare for wack
$sql = "UPDATE users SET password = ? WHERE id = ?";
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_password, $param_id);
// Setting up Password parameters
$param_password = password_hash($new_password, PASSWORD_DEFAULT);
$param_id = $_SESSION["id"];
// Attempt to execute (sus)
if (mysqli_stmt_execute($stmt)) {
// Password updated!!!! Now goodbye
session_destroy();
header("Location: https://superdupersecteteuploadtest.fluffybean.gay/account/login.php");
} else {
$error = "Oopsie woopsie, somthing brokie :c";
}
}
}
}
?>
<div class="password-reset-root">
<h2>Reset Password</h2>
<p>After reset, you will be kicked out to login again</p>
<br>
<form method="POST" action="password-reset.php" enctype="multipart/form-data">
<input class="btn btn-neutral" type="password" name="new_password" placeholder="New Password">
<input class="btn btn-neutral" type="password" name="confirm_password" placeholder="Confirm Password">
<form id="passwordForm" method="POST" enctype="multipart/form-data">
<input id="newPassword" class="btn btn-neutral" type="password" name="new_password" placeholder="New Password">
<input id="confirmSassword" class="btn btn-neutral" type="password" name="confirm_password" placeholder="Confirm Password">
<br>
<button class="btn btn-bad" type="submit" name="reset"><img class="svg" src="../assets/icons/sign-in.svg">Reset</button>
<button id="passwordSubmit" class="btn btn-bad" type="submit" name="reset"><img class="svg" src="../assets/icons/sign-in.svg">Reset</button>
</form>
</div>
<script>
$("#passwordForm").submit(function(event) {
event.preventDefault();
var new_passowrd = $("#newPassword").val();
var confirm_password = $("#confirmSassword").val();
var submit = $("#passwordSubmit").val();
$("#sniffle").load("../app/account/password_reset.php", {
new_passowrd: new_passowrd,
confirm_password: confirm_password,
submit: submit
});
});
</script>
<?php include "../ui/footer.php"; ?>
</body>
</html>

111
app/account/login.php
View file

@ -13,6 +13,16 @@
include "../server/conn.php";
if (isset($_POST['submit'])) {
/*
|-------------------------------------------------------------
| Set error status to 0
|-------------------------------------------------------------
| if there are more than 0 error, then they cannot submit a
| request
|-------------------------------------------------------------
*/
$error = 0;
// Checking if Username is empty
if (empty(trim($_POST["username"]))) {
?>
@ -20,6 +30,7 @@ if (isset($_POST['submit'])) {
sniffleAdd('Who dis?', 'You must enter a username to login!', 'var(--red)', '../assets/icons/cross.svg');
</script>
<?php
$error = $error + 1;
} else {
$username = trim($_POST["username"]);
}
@ -31,70 +42,72 @@ if (isset($_POST['submit'])) {
sniffleAdd('Whats the magic word?', 'Pls enter the super duper secrete word(s) to login!', 'var(--red)', '../assets/icons/cross.svg');
</script>
<?php
$error = $error + 1;
} else {
$password = trim($_POST["password"]);
}
if ($error <= 0) {
// Prepare so SQL doesnt get spooked
$sql = "SELECT id, username, password FROM users WHERE username = ?";
// Prepare so SQL doesnt get spooked
$sql = "SELECT id, username, password FROM users WHERE username = ?";
if ($stmt = mysqli_prepare($conn, $sql)) {
// Bind dis shit
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $username;
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if (mysqli_stmt_num_rows($stmt) == 1) {
// Bind result variables
mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);
if (mysqli_stmt_fetch($stmt)) {
if (password_verify($password, $hashed_password)) {
// Password is correct, so start a new session
session_start();
if ($stmt = mysqli_prepare($conn, $sql)) {
// Bind dis shit
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["id"] = $id;
$_SESSION["username"] = $username;
// Set parameters
$param_username = $username;
// let the user know
?>
<script>
sniffleAdd('O hi <?php echo $_SESSION["username"]; ?>', 'You are now logged in! You will be redirected in a few seconds', 'var(--green)', '../assets/icons/hand-waving.svg');
setTimeout(function(){window.location.href = "../index.php?login=success";}, 4000);
</script>
<?php
} else {
?>
<script>
sniffleAdd('Sus', 'Username or Password WRONG, please try again :3', 'var(--red)', '../assets/icons/cross.svg');
</script>
<?php
// Attempt to execute the prepared statement
if (mysqli_stmt_execute($stmt)) {
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if (mysqli_stmt_num_rows($stmt) == 1) {
// Bind result variables
mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);
if (mysqli_stmt_fetch($stmt)) {
if (password_verify($password, $hashed_password)) {
// Password is correct, so start a new session
session_start();
// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["id"] = $id;
$_SESSION["username"] = $username;
// let the user know
?>
<script>
sniffleAdd('O hi <?php echo $_SESSION["username"]; ?>', 'You are now logged in! You will be redirected in a few seconds', 'var(--green)', '../assets/icons/hand-waving.svg');
setTimeout(function(){window.location.href = "../index.php?login=success";}, 4000);
</script>
<?php
} else {
?>
<script>
sniffleAdd('Sus', 'Username or Password WRONG, please try again :3', 'var(--red)', '../assets/icons/cross.svg');
</script>
<?php
}
}
} else {
?>
<script>
sniffleAdd('Sus', 'Username or Password WRONG, please try again :3', 'var(--red)', '../assets/icons/cross.svg');
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('Sus', 'Username or Password WRONG, please try again :3', 'var(--red)', '../assets/icons/cross.svg');
sniffleAdd('woops...', 'Sowwy, something went wrong on our end :c', 'var(--red)', '../assets/icons/cross.svg');
</script>
<?php
}
} else {
?>
<script>
sniffleAdd('woops...', 'Sowwy, something went wrong on our end :c', 'var(--red)', '../assets/icons/cross.svg');
</script>
<?php
// Close statement
mysqli_stmt_close($stmt);
}
// Close statement
mysqli_stmt_close($stmt);
}
}

106
app/account/password_reset.php Normal file
View file

@ -0,0 +1,106 @@
<?php
/*
|-------------------------------------------------------------
| Password Reset
|-------------------------------------------------------------
| I want to make it possible to reset the password without
| access to the account directly with an email reset link or
| something. I also want to confirm the password change with
| the old password in the future, as people forget passwords
| and people can get onto accounts. For now this is a shitty
| little system thats inplace for those who need it. Hopefully
| I can make something better in the future...
|-------------------------------------------------------------
*/
// Initialize the session
session_start();
// Include server connection
include "../server/conn.php";
if (isset($_POST['submit'])) {
/*
|-------------------------------------------------------------
| Set error status to 0
|-------------------------------------------------------------
| if there are more than 0 error, then they cannot submit a
| request
|-------------------------------------------------------------
*/
$error = 0;
// Validate new password
if (empty(trim($_POST["new_password"]))) {
?>
<script>
sniffleAdd('Meep', 'Enter a new password!', 'var(--red)', '../assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error = $error + 1;
} elseif(strlen(trim($_POST["new_password"])) < 6) {
?>
<script>
sniffleAdd('Not long enough...', 'Password, must be 6 or more characters in length uwu', 'var(--red)', '../assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error = $error + 1;
} else {
$new_password = trim($_POST["new_password"]);
}
// Validate confirm password
if (empty(trim($_POST["confirm_password"]))) {
?>
<script>
sniffleAdd('Meep', 'You must confirm the password!!!!', 'var(--red)', '../assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error = $error + 1;
} else {
$confirm_password = trim($_POST["confirm_password"]);
if(empty($error) && ($new_password != $confirm_password)) {
?>
<script>
sniffleAdd('AAAA', 'Passwords do not match!!!', 'var(--red)', '../assets/icons/cross.svg');
flyoutClose();
</script>
<?php
$error = $error + 1;
}
}
// Check for errors
if ($error <= 0) {
// Prepare for wack
$sql = "UPDATE users SET password = ? WHERE id = ?";
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "si", $param_password, $param_id);
// Setting up Password parameters
$param_password = password_hash($new_password, PASSWORD_DEFAULT);
$param_id = $_SESSION["id"];
// Attempt to execute (sus)
if (mysqli_stmt_execute($stmt)) {
// Password updated!!!! Now goodbye
session_destroy();
?>
<script>
sniffleAdd('Password updated', 'Now goodbye.... you will be redirected in a moment', 'var(--green)', '../assets/icons/check.svg');
setTimeout(function(){window.location.href = "../account/login.php";}, 4000);
</script>
<?php
} else {
?>
<script>
sniffleAdd('Bruh', 'Something happened on our end, sowwy', 'var(--red)', '../assets/icons/cross.svg');
flyoutClose();
</script>
<?php
}
}
}
}

5
css/main.css
View file

@ -476,11 +476,6 @@ nav .btn {
.account-root input {
font-family: "Secular One", sans-serif;
}
.account-root p:first-of-type {
padding: 0.5rem;
background-color: #151515;
text-align: center;
}
/*
|-------------------------------------------------------------

8
css/scss/_body.scss
View file

@ -204,14 +204,6 @@
.account-root {
@include defaultDecoration($green);
@include defaultFont();
p:first-of-type {
padding: 0.5rem;
background-color: $black;
text-align: center;
}
}
/*