William/WMU-CS4430-Project
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Login fields now only allow alphanumeric characters

Browse Source
This commit is contained in:
WilliamMiceli
2019-12-04 17:19:32 -05:00
parent 68e4bf54ad
commit 5967ee13e0
1 changed files with 18 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
var/www/login.php
View File

@@ -3,22 +3,24 @@
try{
if($_POST['login_username'] != '' && $_POST['login_password'] != ''){
unset($_SESSION['loggedInUser']);
$db_statement = $db_connection->prepare("SELECT COUNT(*) FROM login WHERE username = '".$_POST["login_username"]."' and pword = '".$_POST["login_password"]."'");
$db_statement->execute();
$db_statement->setFetchMode(PDO::FETCH_ASSOC);
$db_returned = $db_statement->fetchAll();
$matchingUsers = $db_returned[0]['COUNT(*)'];
if($matchingUsers > 0){
// User has been authenticated; set user as logged in
$_SESSION['loggedInUser'] = $_POST['login_username'];
unset($_SESSION['loginError']);
// Move onto landing page
header('Location: /messages.php');
}else{
// No matching users found, send user an error message
$_SESSION['loginError'] = 'Invalid Username or Password';
}
if(ctype_alnum($_POST['login_username']) && ctype_alnum($_POST['login_password'])){
unset($_SESSION['loggedInUser']);
$db_statement = $db_connection->prepare("SELECT COUNT(*) FROM login WHERE username = '".$_POST["login_username"]."' and pword = '".$_POST["login_password"]."'");
$db_statement->execute();
$db_statement->setFetchMode(PDO::FETCH_ASSOC);
$db_returned = $db_statement->fetchAll();
$matchingUsers = $db_returned[0]['COUNT(*)'];
if($matchingUsers > 0){
// User has been authenticated; set user as logged in
$_SESSION['loggedInUser'] = $_POST['login_username'];
unset($_SESSION['loginError']);
// Move onto landing page
header('Location: /messages.php');
}else{
// No matching users found, send user an error message
$_SESSION['loginError'] = 'Invalid Username or Password';
}
}else{$_SESSION["loginError"] = "Invalid characters found, please try again";}
}else{
// If user submitted login form wihout actually filling it out completely, send user an error message
if(!empty($_POST)){