Skip to content
Snippets Groups Projects
Commit b4fc4e67 authored by Sibidharan's avatar Sibidharan :speech_balloon:
Browse files

Signup with OTP done

parent 043eae18
No related branches found
No related tags found
No related merge requests found
No preview for this file type
<?php
include 'library/auth.php';
if($_GET['email'] == "admin@gmail.com" and $_GET['password'] == "password"){
$flag = 1;
if(isset($_POST['type'])){
if($_POST['type'] == 'login'){
$username = $_POST['username'];
$password = $_POST['password'];
if(do_login($username, $password)){
echo "Login success";
} else {
echo "Login failed";
}
} else if($_POST['type'] == 'signup'){
$full_name = $_POST['full_name'];
$mobile = $_POST['mobile'];
$username = $_POST['username'];
$password = $_POST['password'];
$result = do_signup($username, $password, $full_name, $mobile);
if($result == 1){
header("Location: verify.php?username=".urlencode($username));
} else {
header("Location: signup.php?error=1&error_m=".urlencode($result)."&fn=".urlencode($full_name)."&mob=".urlencode($mobile));
}
} else if($_POST['type'] == 'otp'){
$username = $_POST['username'];
$otp = $_POST['otp'];
$r = do_verify_signup($username, $otp);
if($r == 0){ //no user account found
header("Location: index.php");
} else if ($r == -1){ //invalid OTP
header("Location: verify.php?username=".urlencode($username)."&error=1");
} else if($r){
header("Location: index.php?success=1");
}
}
} else {
$flag = 0;
}
if($flag == 1){
header("Location: home.php");
} else {
header("Location: index.php?error=1");
header("Location: index.php");
}
\ No newline at end of file
......@@ -56,7 +56,7 @@ if(isset($_POST['auth'])){
<body class="text-center">
<main class="form-signin">
<form action="sg.php" method="POST">
<form action="auth.php" method="POST">
<img class="mb-4" src="../assets/brand/bootstrap-logo.svg" alt="" width="72" height="57">
<h1 class="h3 mb-3 fw-normal">Please sign in</h1>
<?php
......@@ -67,18 +67,28 @@ if(isset($_POST['auth'])){
</div>
<?php
}
if(isset($_GET['success']) and $_GET['success'] == 1){
?>
<div class="alert alert-success" role="alert">
Signup success, please sign in to continue.
</div>
<?php
}
?>
<label for="inputEmail" class="visually-hidden">Email address</label>
<input type="email" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus>
<label for="inputUsername" class="visually-hidden">Username</label>
<input type="text" name="username" id="inputUsername" class="form-control" placeholder="Username" required autofocus>
<label for="inputPassword" class="visually-hidden">Password</label>
<input name="password" type="password" id="inputPassword" class="form-control" placeholder="Password" required>
<input type="hidden" id="auth" name="auth" value="1">
<input type="hidden" id="auth" name="type" value="login">
<div class="checkbox mb-3">
<label>
<input type="checkbox" value="remember-me"> Remember me
</label>
</div>
<input class="w-100 btn btn-lg btn-success" type="submit" value="Sign In">
<a class="mt-1 w-100 btn btn-lg btn-primary" href="signup.php">Sign up</a>
<p class="mt-5 mb-3 text-muted">&copy; 2017-2020</p>
</form>
</main>
......
......@@ -6,6 +6,8 @@ $db_password = 'virtualhostx';
$db_servername = 'localhost';
$db_name = 'lahtp_3_web';
$SALT = 'askhfbauygb23iory7298dhkewhbfq8e7gfy';
function get_db_connection() {
global $db_conn;
global $db_servername;
......@@ -26,8 +28,58 @@ function get_db_connection() {
}
function do_login($username, $password){
$password = get_hashed_password($password);
$query = "SELECT * FROM lahtp_3_web.auth WHERE username='$username' AND password='$password';";
$connection = get_db_connection();
$result = mysqli_query($connection, $query);
return mysqli_num_rows($result);
}
function do_signup($username, $password, $full_name, $mobile){
$otp = rand(1000, 9999);
$password = get_hashed_password($password);
$query = "INSERT INTO `lahtp_3_web`.`auth` (`username`, `password`, `full_name`, `mobile_number`, `is_admin`, `otp`) VALUES ('$username', '$password', '$full_name', '$mobile', '0', '$otp');";
$db_conn = get_db_connection();
if(mysqli_query($db_conn, $query)) {
return 1;
} else {
return mysqli_error($db_conn);
}
}
function get_hashed_password($password){
global $SALT;
return strrev(md5($password.$SALT));
}
function do_verify_signup($username, $otp){
$query = "SELECT * FROM lahtp_3_web.auth WHERE username='$username';";
$db_conn = get_db_connection();
$result = mysqli_query($db_conn, $query);
if(mysqli_num_rows($result) == 1){
$row = mysqli_fetch_assoc($result);
//print_r($row);
// echo var_dump($otp);
// echo var_dump($row['otp']);
// die();
if($otp == $row['otp']){
return activate($row['id']) ? 1 : -1;
} else {
return -1; //invalid otp
}
//TODO: OTP EXPIRED CONDITION - Try to compare the database time with current time, and if it exceeds 5 mins, do not validate OTP, generate a new OTP and try to vaidate it.
} else {
return 0; //user account not found
}
}
function activate($id){
$query = "UPDATE `lahtp_3_web`.`auth` SET `is_verified` = '1' WHERE (`id` = '$id');";
$db_conn = get_db_connection();
return mysqli_query($db_conn, $query);
}
function resent_otp(){
//Write code to regenerate OTP and update the row.
}
\ No newline at end of file
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="author" content="Mark Otto, Jacob Thornton, and Bootstrap contributors">
<meta name="generator" content="Hugo 0.79.0">
<title>Signin Template · Bootstrap v5.0</title>
<link rel="canonical" href="https://getbootstrap.com/docs/5.0/examples/sign-in/">
<!-- Bootstrap core CSS -->
<link href="../assets/dist/css/bootstrap.min.css" rel="stylesheet">
<style>
.bd-placeholder-img {
font-size: 1.125rem;
text-anchor: middle;
-webkit-user-select: none;
-moz-user-select: none;
user-select: none;
}
@media (min-width: 768px) {
.bd-placeholder-img-lg {
font-size: 3.5rem;
}
}
</style>
<!-- Custom styles for this template -->
<link href="signin.css" rel="stylesheet">
</head>
<body class="text-center">
<main class="form-signin">
<form action="auth.php" method="POST">
<img class="mb-4" src="../assets/brand/bootstrap-logo.svg" alt="" width="72" height="57">
<h1 class="h3 mb-3 fw-normal">Welcome, Signup :)</h1>
<?php
if(isset($_GET['error']) and $_GET['error'] == 1){
?>
<div class="alert alert-danger" role="alert">
<?php
$error_m = "Username already exists. Cannot signup.";
if(isset($_GET['error_m'])){
$error_m = $_GET['error_m'];
}
echo $error_m;
?>
</div>
<?php
}
?>
<label for="fullName" class="visually-hidden">Full Name</label>
<input type="text" name="full_name" id="fullName" class="form-control" placeholder="Full Name" required autofocus value="<?echo isset($_GET['fn']) ? $_GET['fn'] : "";?>">
<label for="inputPhone" class="visually-hidden">Mobile Number</label>
<input type="phone" name="mobile" id="inputPhone" class="form-control" placeholder="Mobile Number" required autofocus value="<?echo isset($_GET['mob']) ? $_GET['mob'] : "";?>">
<br>
<label for="inputUsername" class="visually-hidden">Username</label>
<input type="username" name="username" id="inputUsername" class="form-control" placeholder="Username" required autofocus>
<label for="inputPassword" class="visually-hidden">Password</label>
<input name="password" type="password" id="inputPassword" class="form-control" placeholder="Password" required>
<input type="hidden" id="auth" name="type" value="signup">
<input class="w-100 btn btn-lg btn-success" type="submit" value="Sign Up">
<a class="mt-1 w-100 btn btn-lg btn-primary" href="index.php">Sign in</a>
<p class="mt-5 mb-3 text-muted">&copy; 2017-2020</p>
</form>
</main>
</body>
</html>
......@@ -2,7 +2,7 @@
include 'library/auth.php';
if(do_login('sibi', 'passwddord')){
if(do_login('sibi', 'password')){
echo "Success";
} else {
echo "Failed";
......
<?php
if(!isset($_GET['username'])){
header("Location: index.php");
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="author" content="Mark Otto, Jacob Thornton, and Bootstrap contributors">
<meta name="generator" content="Hugo 0.79.0">
<title>Signin Template · Bootstrap v5.0</title>
<link rel="canonical" href="https://getbootstrap.com/docs/5.0/examples/sign-in/">
<!-- Bootstrap core CSS -->
<link href="../assets/dist/css/bootstrap.min.css" rel="stylesheet">
<style>
.bd-placeholder-img {
font-size: 1.125rem;
text-anchor: middle;
-webkit-user-select: none;
-moz-user-select: none;
user-select: none;
}
@media (min-width: 768px) {
.bd-placeholder-img-lg {
font-size: 3.5rem;
}
}
</style>
<!-- Custom styles for this template -->
<link href="signin.css" rel="stylesheet">
</head>
<body class="text-center">
<main class="form-signin">
<form action="auth.php" method="POST">
<img class="mb-4" src="../assets/brand/bootstrap-logo.svg" alt="" width="72" height="57">
<h1 class="h3 mb-3 fw-normal">Enter your OTP</h1>
<?php
if(isset($_GET['error']) and $_GET['error'] == 1){
?>
<div class="alert alert-danger" role="alert">
<?php
$error_m = "Invaid OTP";
if(isset($_GET['error_m'])){
$error_m = $_GET['error_m'];
}
echo $error_m;
?>
</div>
<?php
}
?>
<label for="otp" class="visually-hidden">Enter OTP</label>
<input type="text" name="otp" id="otp" class="form-control" placeholder="Enter OTP" required autofocus>
<input type="hidden" id="auth" name="type" value="otp">
<input type="hidden" id="username" name="username" value="<?=$_GET['username']?>">
<br>
<input class="w-100 btn btn-lg btn-success" type="submit" value="Verify">
<p class="mt-5 mb-3 text-muted">&copy; 2017-2020</p>
</form>
</main>
</body>
</html>
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment