marcus-sa/database.php

## database.php
<?php
$db_host = 'localhost';
$db_name = 'testdb';
$db_charset = 'utf8mb4';
$db_username = 'root';
$db_password = '';

try {
  $db = new PDO('mysql:host='.$db_host.';dbname='.$db_name.';charset='.$db_charset, $db_username, $db_password);
  $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
} catch(PDOException $e) {
 die($e->getMessage());
}

## login.js
$('#btn-login').click(function() {
  var username = $('#login-username').val();
  var password = $('#login-password').val();

  new PNotify({
    title: 'Processing...',
    text: 'Logging you in...',
    type: 'info'
  });

  $.ajax({
    url : 'system/js/login.php',
    method: 'POST',
    data: {
      username: username,
      password: password
    }
  }).done(function(res) {
    new PNotify({
      title : 'Success!',
      text: 'Logged in! Redirecting in a moment...',
      type:'success'
    });

    setTimeout(function() {
      window.location.href = 'index.php';
    }, 2000);
  }).fail(function(err) {
    switch (err) {
      case 'username':
        return new PNotify({
          title: 'Invalid credentials!',
          text: "User doesn't exist!",
          type: 'error'
        });
      case 'password':
        return new PNotify({
          title: 'Invalid credentials!',
          text: 'Password is incorrect!',
          type: 'error'
        });
      default:
        return new PNotify({
          title: 'Error Occurred',
          text: 'An error occurred! Please contact the webmaster.',
          type: 'error'
        });
    }
  });

## login.php
<?php
if (isset($_POST['username']) && isset($_POST['password'])) {
  include('./database.php');

  $username = $_POST['username'];
  $password = $_POST['password'];

  $stmt = $db->prepare('SELECT `password` FROM `users` WHERE `username` = :u');
  $stmt->bindParam(':u', $username, PDO::PARAM_STR);
  $stmt->execute();

  if ($stmt->rowCount() > 0) {
    $db_password = $stmt->fetchColumn();

    if (password_verify($password, $db_password) {
      exit('success');
    } else {
      http_response_code(401);
      exit('password');
    }
  } else {
    http_response_code(401);
    exit('username');
  }
} else {
  http_response_code(403);
  exit('error here that doesnt really matter');
}

## register.js
$('#btn-signup').click(function(){
  var reg_username = $('#reg_username').val();
  var reg_pass = $('#reg_pass').val();
  var reg_r_pass = $('#reg_r_pass').val();

  new PNotify({
    title: 'Registering...',
    text: 'Sending data to database...',
    type: 'info'
  });

  $.ajax({
    url : 'system/js/register.php',
    method: 'POST',
    data: {
      username: reg_username,
      password: reg_pass,
      password_confirm: reg_r_pass
    }
  }).done(function(res) {
    return new PNotify({
      title: 'Registered!',
      text: 'You are registered successfully. For security reasons, please log in with your credentials..',
      type: 'success'
    });
  }).fail(function(err) {
    switch (err) {
      case 'password':
        return new PNotify({
          title: 'Your passwords are incorrect!',
          text: 'Your passwords do not match... Check them carefully!',
          type: 'error'
        });
      case 'username':
        return new PNotify({
          title: 'Your username is incorrect!',
          text: 'Your username is taken... Please choose another one! ',
          type: 'error'
        });
      default:
        return new PNotify({
          title: 'Error Occurred',
          text: 'An error occurred! Please contact the webmaster.',
          type: 'error'
        });
    }
  });

## register.php
<?php
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['password_confirm'])) {
  $username = $_POST['username'];
  $password = $_POST['password'];
  $password_confirm = $_POST['password_confirm'];

  if ($password === $password_confirm) {
    include('./database.php');

    $stmt = $db->prepare('SELECT `id` FROM `users` WHERE `username` = :u');
    $stmt->bindParam(':u', $username, PDO::PARAM_STR);
    $stmt->execute();

    if ($stmt->rowCount() < 1) {
      $hashed_password = password_hash($password, PASSWORD_DEFAULT);

      $stmt = $db->prepare('INSERT INTO `users` (`username`, `password`) VALUES (:u, :p)');
      $stmt->bindParam(':u', $username, PDO::PARAM_STR);
      $stmt->bindParam(':p', $hashed_password, PDO::PARAM_STR);
      $stmt->execute();

      // No reason to use http_response_code as it's automatically set to 200 for OK
      exit('success');
    } else {
      http_response_code(403);
      exit('username');
    }
  } else {
    http_response_code(403);
    exit('password');
  }
} else {
  http_response_code(405);
  exit('random shit here that doesnt really matter');
}
	<?php
	$db_host = 'localhost';
	$db_name = 'testdb';
	$db_charset = 'utf8mb4';
	$db_username = 'root';
	$db_password = '';

	try {
	$db = new PDO('mysql:host='.$db_host.';dbname='.$db_name.';charset='.$db_charset, $db_username, $db_password);
	$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
	$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
	} catch(PDOException $e) {
	die($e->getMessage());
	}
	$('#btn-login').click(function() {
	var username = $('#login-username').val();
	var password = $('#login-password').val();

	new PNotify({
	title: 'Processing...',
	text: 'Logging you in...',
	type: 'info'
	});

	$.ajax({
	url : 'system/js/login.php',
	method: 'POST',
	data: {
	username: username,
	password: password
	}
	}).done(function(res) {
	new PNotify({
	title : 'Success!',
	text: 'Logged in! Redirecting in a moment...',
	type:'success'
	});

	setTimeout(function() {
	window.location.href = 'index.php';
	}, 2000);
	}).fail(function(err) {
	switch (err) {
	case 'username':
	return new PNotify({
	title: 'Invalid credentials!',
	text: "User doesn't exist!",
	type: 'error'
	});
	case 'password':
	return new PNotify({
	title: 'Invalid credentials!',
	text: 'Password is incorrect!',
	type: 'error'
	});
	default:
	return new PNotify({
	title: 'Error Occurred',
	text: 'An error occurred! Please contact the webmaster.',
	type: 'error'
	});
	}
	});
	<?php
	if (isset($_POST['username']) && isset($_POST['password'])) {
	include('./database.php');

	$username = $_POST['username'];
	$password = $_POST['password'];

	$stmt = $db->prepare('SELECT `password` FROM `users` WHERE `username` = :u');
	$stmt->bindParam(':u', $username, PDO::PARAM_STR);
	$stmt->execute();

	if ($stmt->rowCount() > 0) {
	$db_password = $stmt->fetchColumn();

	if (password_verify($password, $db_password) {
	exit('success');
	} else {
	http_response_code(401);
	exit('password');
	}
	} else {
	http_response_code(401);
	exit('username');
	}
	} else {
	http_response_code(403);
	exit('error here that doesnt really matter');
	}
	$('#btn-signup').click(function(){
	var reg_username = $('#reg_username').val();
	var reg_pass = $('#reg_pass').val();
	var reg_r_pass = $('#reg_r_pass').val();

	new PNotify({
	title: 'Registering...',
	text: 'Sending data to database...',
	type: 'info'
	});

	$.ajax({
	url : 'system/js/register.php',
	method: 'POST',
	data: {
	username: reg_username,
	password: reg_pass,
	password_confirm: reg_r_pass
	}
	}).done(function(res) {
	return new PNotify({
	title: 'Registered!',
	text: 'You are registered successfully. For security reasons, please log in with your credentials..',
	type: 'success'
	});
	}).fail(function(err) {
	switch (err) {
	case 'password':
	return new PNotify({
	title: 'Your passwords are incorrect!',
	text: 'Your passwords do not match... Check them carefully!',
	type: 'error'
	});
	case 'username':
	return new PNotify({
	title: 'Your username is incorrect!',
	text: 'Your username is taken... Please choose another one! ',
	type: 'error'
	});
	default:
	return new PNotify({
	title: 'Error Occurred',
	text: 'An error occurred! Please contact the webmaster.',
	type: 'error'
	});
	}
	});