William/WMU-CS4430-Project
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Login fields now only allow alphanumeric characters

Browse Source
This commit is contained in:
WilliamMiceli
2019-12-04 17:19:32 -05:00
parent 68e4bf54ad
commit 5967ee13e0
1 changed files with 18 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
var/www/login.php
View File

@@ -3,22 +3,24 @@
try{ try{
if($_POST['login_username'] != '' && $_POST['login_password'] != ''){ if($_POST['login_username'] != '' && $_POST['login_password'] != ''){
unset($_SESSION['loggedInUser']); if(ctype_alnum($_POST['login_username']) && ctype_alnum($_POST['login_password'])){
$db_statement = $db_connection->prepare("SELECT COUNT(*) FROM login WHERE username = '".$_POST["login_username"]."' and pword = '".$_POST["login_password"]."'"); unset($_SESSION['loggedInUser']);
$db_statement->execute(); $db_statement = $db_connection->prepare("SELECT COUNT(*) FROM login WHERE username = '".$_POST["login_username"]."' and pword = '".$_POST["login_password"]."'");
$db_statement->setFetchMode(PDO::FETCH_ASSOC); $db_statement->execute();
$db_returned = $db_statement->fetchAll(); $db_statement->setFetchMode(PDO::FETCH_ASSOC);
$matchingUsers = $db_returned[0]['COUNT(*)']; $db_returned = $db_statement->fetchAll();
if($matchingUsers > 0){ $matchingUsers = $db_returned[0]['COUNT(*)'];
// User has been authenticated; set user as logged in if($matchingUsers > 0){
$_SESSION['loggedInUser'] = $_POST['login_username']; // User has been authenticated; set user as logged in
unset($_SESSION['loginError']); $_SESSION['loggedInUser'] = $_POST['login_username'];
// Move onto landing page unset($_SESSION['loginError']);
header('Location: /messages.php'); // Move onto landing page
}else{ header('Location: /messages.php');
// No matching users found, send user an error message }else{
$_SESSION['loginError'] = 'Invalid Username or Password'; // No matching users found, send user an error message
} $_SESSION['loginError'] = 'Invalid Username or Password';
}
}else{$_SESSION["loginError"] = "Invalid characters found, please try again";}
}else{ }else{
// If user submitted login form wihout actually filling it out completely, send user an error message // If user submitted login form wihout actually filling it out completely, send user an error message
if(!empty($_POST)){ if(!empty($_POST)){