Created
January 7, 2017 16:40
-
-
Save steffengrahl/cd0d8934e410e11b4512f3ea1bc3d035 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
session_start(); | |
echo "<pre>"; | |
printf("willkommen auf der geheimen Seite.\n\ndeine user-id ist %s", $_SESSION['userid']); | |
echo "</pre>"; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
session_start(); | |
try { | |
$pdo = new PDO('mysql:host=localhost;dbname=php-einfach', 'php-einfach', 'passwort_verborgen'); | |
} catch (Exception $e) { | |
die("keine Verbindung zur Datenbank. sind die Zugangsdaten die richtigen?"); | |
} | |
if (isset($_POST['submit'])) { | |
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL); | |
$passwort = trim($_POST['passwort']); | |
$statement = $pdo->prepare("SELECT * FROM users WHERE email = :email"); | |
$statement->execute(array(':email' => $email)); | |
$user = $statement->fetch(PDO::FETCH_ASSOC); | |
if ($user === false) { | |
$errorMessage = "Datenbankabfrage lieferte kein Ergebnis zurueck\n\$user === false"; | |
} else { | |
if (password_verify($passwort, $user['passwort'])) { | |
$_SESSION['userid'] = $user['id']; | |
header('Location: geheim.php'); | |
} else { | |
$errorMessage = "Passwort aus Formular und Passwort aus Datenbank stimmen nicht"; | |
$errorMessage .= " ueberein.\npassword_verify(\$passwort, \$user['passwort'])"; | |
$errorMessage .= "\npasswort in Datenbank solte so aussehen:\n"; | |
$errorMessage .= password_hash($passwort, PASSWORD_DEFAULT); | |
} | |
} | |
if (isset($_POST['debug']) && $_POST['debug'] === 'true') { | |
echo "<pre>\n<strong>Daten aus dem Formular</strong>\n"; | |
var_dump($_POST); | |
echo "\n<strong>Formulardaten nach Bereinigung</strong>\n"; | |
printf("\$email = %s", $email); | |
printf("\n\$passwort = %s", $passwort); | |
echo "\n\n<strong>Daten aus Datenbank (\$user)</strong>\n"; | |
var_dump($user); | |
echo "</pre>"; | |
} | |
} | |
?> | |
<!DOCTYPE html> | |
<html lang="de"> | |
<head> | |
<title>Demo Login Formular fuer Marc</title> | |
<meta charset="utf-8"> | |
<style type="text/style"> | |
a { | |
color: inherit; | |
text-decoration: none; | |
} | |
</style> | |
</head> | |
<body> | |
<header> | |
<h1><a href="">Demo Login Formular für Marc</a></h1> | |
</header> | |
<main> | |
<?php if (isset($errorMessage)) : ?> | |
<p><?php echo nl2br(htmlspecialchars($errorMessage)); ?></p> | |
<?php endif; ?> | |
<form action="" method="post"> | |
<fieldset> | |
<legend>login</legend> | |
<p> | |
<input type="checkbox" id="debugtrigger" name="debug" value="true"> | |
<label for="debugtrigger" title="zeigt die vom Formular uebertragenen und die aus der Datenbank abgefragten Daten an">Debugmode on/off</label> | |
<p> | |
<label for="mailaddr">E-Mail Adresse</label> | |
<input type="email" id="mailaddr" name="email" placeholder="your.name@provider.com"> | |
</p> | |
<p> | |
<label for="password">Passwort</label> | |
<input type="password" id="password" name="passwort" placeholder="passwort"> | |
</p> | |
<p> | |
<input type="submit" name="submit" value="einloggen"> | |
</p> | |
</fieldset> | |
</form> | |
</main> | |
</body> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment