lucasreta/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Small gist for a Stack Overflow question about simple PHP login flow.

Download all files into a directory
Create a database named logintest
Create a table as the one described in users.sql
Replace login credentials in mysqli() for your own (both in signup.php and login.php)
Start a local server in the directory where the files exist: php -S 0.0.0.0:8888
Go to http://localhost:8888/signup.php and create a user
Go to http://localhost:8888/login.php and log in with email and password of created user


## login.php
<?php
session_start();
if (!isset($_SESSION['userId'])) {
  if (
    isset($_POST['username']) &&
    isset($_POST['pwd'])
  ) {
    $username = $_POST['username'];
    $pwd = $_POST['pwd'];
    $mysqli = new mysqli("127.0.0.1", "root", "rootpasswordsupersafestuff", "logintest", 3306);
    if ($mysqli->connect_errno) {
        echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
    } else {
      $sql = "SELECT * FROM users WHERE username=?;";
      $stmt = mysqli_stmt_init($mysqli);
      if (!mysqli_stmt_prepare($stmt, $sql)) {
        echo "MySQL Error!";
        exit();
      } else {
        mysqli_stmt_bind_param($stmt, 's', $username);
        mysqli_stmt_execute($stmt);
        $result= mysqli_stmt_get_result($stmt);
        if ($row = mysqli_fetch_assoc($result)) {
          $pwdCheck = password_verify($pwd, $row['password']);
          if ($pwdCheck) {
            $_SESSION['userId'] = $row['uidusers'];
            $_SESSION['username'] = $row['username'];
            header('Location: login.php');
            exit();
          } else {
            echo "Error, wrong password!<br>";
            echo "Password: {$pwd}<br>";
            echo "Hashed Password: {$row['password']}<br>";
          }
        }
      }
    }
  } else {
    echo "Fill form please:<br>";
  }
?>

<form method="POST">
  <input placeholder="Username" type="text" name="username" />
  <input placeholder="Password" type="password" name="pwd" />
  <input type="submit" value="login" />
</form>

<a href="signup.php">Go signup</a>

<?php
} else {
  echo "You logged in dawg!<br>";
?>
<a href="signout.php">Sign out</a>
<?php
}

## signout.php
<?php

session_start();
session_destroy();
header('Location: login.php');
exit();

## signup.php
<?php
session_start();
if (!isset($_SESSION['userId'])) {
  if (
    isset($_POST['username']) &&
    isset($_POST['mailuid']) &&
    isset($_POST['password']) &&
    isset($_POST['managername']) &&
    isset($_POST['teamname'])
  ) {

    $username = $_POST['username'];
    $mailuid = $_POST['mailuid'];
    $password = $_POST['password'];
    $managername = $_POST['managername'];
    $teamname = $_POST['teamname'];
    $mysqli = new mysqli("127.0.0.1", "root", "rootpasswordsupersafestuff", "logintest", 3306);
    if ($mysqli->connect_errno) {
        echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
    } else {
      $sql = "INSERT INTO users (uidUsers, username, password, managername, teamname) VALUES (?,?,?,?,?)";
      $stmt = mysqli_stmt_init($mysqli);
      if (!mysqli_stmt_prepare($stmt, $sql)){
        echo "MySQL Error";
      } else {
        $hashpwd = password_hash($password, PASSWORD_DEFAULT);
        mysqli_stmt_bind_param($stmt, "sssss", $username, $mailuid, $hashpwd, $managername, $teamname);
        mysqli_stmt_execute($stmt);
        echo 'Success!<br>';
        echo "Username: $username <br>";
        echo "Mail: $mailuid <br>";
        echo "Hashpass: $hashpwd <br>";
        echo "Mngr: $managername <br>";
        echo "Team: $teamname <br>";
      }
    }
  } else {
    echo "Fill form please:<br>";
  }

?>

<form method="POST">
  <input placeholder="Username" type="text" name="username" />
  <input placeholder="Email" type="email" name="mailuid" />
  <input placeholder="Password" type="password" name="password" />
  <input placeholder="Managername" type="text" name="managername" />
  <input placeholder="Teamname" type="text" name="teamname" />
  <input type="submit" value="signup" />
</form>

<a href="login.php">Go login</a>

<?php
} else {
  header('Location: login.php');
  exit();
}

## users.sql
CREATE TABLE logintest.users (
	uidusers varchar(100) NULL,
	username varchar(100) NULL,
	password varchar(100) NULL,
	managername varchar(100) NULL,
	teamname varchar(100) NULL
)
ENGINE=InnoDB
DEFAULT CHARSET=utf8
COLLATE=utf8_general_ci;
	<?php
	session_start();
	if (!isset($_SESSION['userId'])) {
	if (
	isset($_POST['username']) &&
	isset($_POST['pwd'])
	) {
	$username = $_POST['username'];
	$pwd = $_POST['pwd'];
	$mysqli = new mysqli("127.0.0.1", "root", "rootpasswordsupersafestuff", "logintest", 3306);
	if ($mysqli->connect_errno) {
	echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
	} else {
	$sql = "SELECT * FROM users WHERE username=?;";
	$stmt = mysqli_stmt_init($mysqli);
	if (!mysqli_stmt_prepare($stmt, $sql)) {
	echo "MySQL Error!";
	exit();
	} else {
	mysqli_stmt_bind_param($stmt, 's', $username);
	mysqli_stmt_execute($stmt);
	$result= mysqli_stmt_get_result($stmt);
	if ($row = mysqli_fetch_assoc($result)) {
	$pwdCheck = password_verify($pwd, $row['password']);
	if ($pwdCheck) {
	$_SESSION['userId'] = $row['uidusers'];
	$_SESSION['username'] = $row['username'];
	header('Location: login.php');
	exit();
	} else {
	echo "Error, wrong password!<br>";
	echo "Password: {$pwd}<br>";
	echo "Hashed Password: {$row['password']}<br>";
	}
	}
	}
	}
	} else {
	echo "Fill form please:<br>";
	}
	?>

	<form method="POST">
	<input placeholder="Username" type="text" name="username" />
	<input placeholder="Password" type="password" name="pwd" />
	<input type="submit" value="login" />
	</form>

	<a href="signup.php">Go signup</a>

	<?php
	} else {
	echo "You logged in dawg!<br>";
	?>
	<a href="signout.php">Sign out</a>
	<?php
	}
	<?php

	session_start();
	session_destroy();
	header('Location: login.php');
	exit();
	CREATE TABLE logintest.users (
	uidusers varchar(100) NULL,
	username varchar(100) NULL,
	password varchar(100) NULL,
	managername varchar(100) NULL,
	teamname varchar(100) NULL
	)
	ENGINE=InnoDB
	DEFAULT CHARSET=utf8
	COLLATE=utf8_general_ci;