first pass at login/logout handling
This commit is contained in:
parent
712f42e790
commit
8c48309fc2
66
src/webserver/auth/login.php
Normal file
66
src/webserver/auth/login.php
Normal file
@ -0,0 +1,66 @@
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
$db_path = realpath(dirname(__FILE__) . '/../config/db.php');
|
||||
require_once($db_path);
|
||||
require_once(realpath(dirname(__FILE__) . '/../header.php'));
|
||||
?>
|
||||
|
||||
<h1>All Whomst Wander</h1>
|
||||
|
||||
<h2>Login</h2>
|
||||
|
||||
<?php
|
||||
$errors = [];
|
||||
if (!isset($_SESSION['nickname']) && !isset($_POST['nickname'])) {
|
||||
// display login form
|
||||
loginForm();
|
||||
} else {
|
||||
if (!isset($_POST['nickname']) || trim($_POST['nickname']) === '') {
|
||||
array_push($errors, "Your username is required to login.");
|
||||
} else {
|
||||
$login_stmt = $conn->prepare("SELECT * FROM Players p JOIN PlayerAuth pa ON p.id = pa.player_id WHERE p.nickname = :nickname AND p.is_active");
|
||||
if ($login_stmt) {
|
||||
$login_stmt->bindValue(':nickname', $_POST['nickname']);
|
||||
$login_result = $login_stmt->execute();
|
||||
if ($login_result) {
|
||||
$player_record = $login_result->fetchArray();
|
||||
if ($player_record) {
|
||||
if (!password_verify($_POST['password'], $player_record['hashed_pw'])) {
|
||||
array_push($errors, "No user found with that username and password.");
|
||||
} else {
|
||||
$_SESSION['nickname'] = $player_record['nickname'];
|
||||
$_SESSION['player_id'] = $player_record['id'];
|
||||
}
|
||||
} else {
|
||||
array_push($errors, "No user found with that username.");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (sizeof($errors) > 0) {
|
||||
foreach ($errors as $e) {
|
||||
echo "<p>" . $e . "</p>\n";
|
||||
}
|
||||
echo "<p><a href='register.php'>Register a new account</a>, <a href='forgot_pw.php'>reset your password</a>, or try again.</p>";
|
||||
loginForm();
|
||||
} else {
|
||||
echo "<p>You are now logged in as <strong>" . $_SESSION['nickname'] . "</strong></p>\n";
|
||||
echo "<p><a href='/../play/index.php'>Play now</a></p>\n";
|
||||
echo "<p><a href='logout.php'>Log out</a></p>\n";
|
||||
}
|
||||
}
|
||||
|
||||
require_once(realpath(dirname(__FILE__) . '/../footer.php'));
|
||||
|
||||
function loginForm() {
|
||||
?>
|
||||
<form method="POST" action="login.php" />
|
||||
<p><label for="nickname">Your username: </label><input type="text" name="nickname" id="nickname" /></p>
|
||||
<p><label for="password">Your password: </label><input type="password" name="password" id="password" /></p>
|
||||
<p><input type="submit" value="Log In!" /></p>
|
||||
</form>
|
||||
<?php
|
||||
}
|
||||
?>
|
34
src/webserver/auth/logout.php
Normal file
34
src/webserver/auth/logout.php
Normal file
@ -0,0 +1,34 @@
|
||||
|
||||
<?php
|
||||
// Initialize the session.
|
||||
// If you are using session_name("something"), don't forget it now!
|
||||
session_start();
|
||||
|
||||
// Unset all of the session variables.
|
||||
$_SESSION = array();
|
||||
|
||||
// If it's desired to kill the session, also delete the session cookie.
|
||||
// Note: This will destroy the session, and not just the session data!
|
||||
if (ini_get("session.use_cookies")) {
|
||||
$params = session_get_cookie_params();
|
||||
setcookie(session_name(), '', time() - 42000,
|
||||
$params["path"], $params["domain"],
|
||||
$params["secure"], $params["httponly"]
|
||||
);
|
||||
}
|
||||
|
||||
// Finally, destroy the session.
|
||||
session_destroy();
|
||||
|
||||
require_once(realpath(dirname(__FILE__) . '/../header.php'));
|
||||
?>
|
||||
|
||||
<h1>All Whomst Wander</h1>
|
||||
|
||||
<h2>Log Out</h2>
|
||||
|
||||
<p>Thanks for playing! You are now logged out. <a href='login.php'>Log In</a></p>
|
||||
|
||||
<?php
|
||||
require_once(realpath(dirname(__FILE__) . '/../footer.php'));
|
||||
?>
|
19
src/webserver/index.php
Normal file
19
src/webserver/index.php
Normal file
@ -0,0 +1,19 @@
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
require_once(realpath(dirname(__FILE__) . '/header.php'));
|
||||
?>
|
||||
|
||||
<h1>All Whomst Wander</h1>
|
||||
|
||||
<?php
|
||||
if ($_SESSION && $_SESSION['nickname'] && $_SESSION['nickname'] !== "") {
|
||||
echo "<p>You are logged in as <strong>" . $_SESSION['nickname'] . "</strong>. <a href='auth/logout.php'>Log out</a></p>";
|
||||
} else {
|
||||
echo "<p>You are not logged in. <a href='auth/login.php'>Log in</a></p>";
|
||||
}
|
||||
|
||||
require_once(realpath(dirname(__FILE) . '/footer.php'));
|
||||
?>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user