Signup with OTP done

b4fc4e67 · Sibidharan · 043eae18 · b4fc4e67 · b4fc4e67 · b4fc4e67
Commit b4fc4e67 authored 4 years ago by Sibidharan
--- a/.DS_Store
+++ b/.DS_Store
--- a/auth.php
+++ b/auth.php
 <?php
+include 'library/auth.php';

-if($_GET['email'] == "admin@gmail.com" and $_GET['password'] == "password"){
-	$flag = 1;
+if(isset($_POST['type'])){
+	if($_POST['type'] == 'login'){
+		$username = $_POST['username'];
+		$password = $_POST['password'];
+		if(do_login($username, $password)){
+			echo "Login success";
+		} else {
+			echo "Login failed";
+		}
+	} else if($_POST['type'] == 'signup'){
+		$full_name = $_POST['full_name'];
+		$mobile = $_POST['mobile'];
+		$username = $_POST['username'];
+		$password = $_POST['password'];
+		$result = do_signup($username, $password, $full_name, $mobile);
+		if($result == 1){
+			header("Location: verify.php?username=".urlencode($username));
+		} else {
+			header("Location: signup.php?error=1&error_m=".urlencode($result)."&fn=".urlencode($full_name)."&mob=".urlencode($mobile));
+		}
+	} else if($_POST['type'] == 'otp'){
+		$username = $_POST['username'];
+		$otp = $_POST['otp'];
+		$r = do_verify_signup($username, $otp);
+		if($r == 0){ //no user account found
+			header("Location: index.php");
+		} else if ($r == -1){ //invalid OTP
+			header("Location: verify.php?username=".urlencode($username)."&error=1");
+		} else if($r){
+			header("Location: index.php?success=1");
+		}
+	}
 } else {
-	$flag = 0;
-}
-
-if($flag == 1){
-	header("Location: home.php");
-} else {
-	header("Location: index.php?error=1");
+	header("Location: index.php");
 }
\ No newline at end of file
--- a/index.php
+++ b/index.php
@@ -56,7 +56,7 @@ if(isset($_POST['auth'])){
  <body class="text-center">

 <main class="form-signin">
-  <form action="sg.php" method="POST">
+  <form action="auth.php" method="POST">
    <img class="mb-4" src="../assets/brand/bootstrap-logo.svg" alt="" width="72" height="57">
    <h1 class="h3 mb-3 fw-normal">Please sign in</h1>
    <?php
@@ -67,18 +67,28 @@ if(isset($_POST['auth'])){
      </div>
      <?php
    }
+
+    if(isset($_GET['success']) and $_GET['success'] == 1){
+      ?>
+      <div class="alert alert-success" role="alert">
+        Signup success, please sign in to continue.
+      </div>
+      <?php
+    }
    ?>
-    <label for="inputEmail" class="visually-hidden">Email address</label>
-    <input type="email" name="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus>
+    <label for="inputUsername" class="visually-hidden">Username</label>
+    <input type="text" name="username" id="inputUsername" class="form-control" placeholder="Username" required autofocus>
    <label for="inputPassword" class="visually-hidden">Password</label>
    <input name="password" type="password" id="inputPassword" class="form-control" placeholder="Password" required>
-    <input type="hidden" id="auth" name="auth" value="1">
+    <input type="hidden" id="auth" name="type" value="login">
    <div class="checkbox mb-3">
      <label>
        <input type="checkbox" value="remember-me"> Remember me
      </label>
    </div>
    <input class="w-100 btn btn-lg btn-success" type="submit" value="Sign In">
+
+    <a class="mt-1 w-100 btn btn-lg btn-primary" href="signup.php">Sign up</a>
    <p class="mt-5 mb-3 text-muted">&copy; 2017-2020</p>
  </form>
 </main>

--- a/library/auth.php
+++ b/library/auth.php
@@ -6,6 +6,8 @@ $db_password = 'virtualhostx';
 $db_servername = 'localhost';
 $db_name = 'lahtp_3_web';

+$SALT = 'askhfbauygb23iory7298dhkewhbfq8e7gfy';
+
 function get_db_connection() {
 	global $db_conn;
 	global $db_servername;
@@ -26,8 +28,58 @@ function get_db_connection() {
 }

 function do_login($username, $password){
+	$password = get_hashed_password($password);
 	$query = "SELECT * FROM lahtp_3_web.auth WHERE username='$username' AND password='$password';";
 	$connection = get_db_connection();
 	$result = mysqli_query($connection, $query);
 	return mysqli_num_rows($result);
+}
+
+function do_signup($username, $password, $full_name, $mobile){
+	$otp = rand(1000, 9999);
+	$password = get_hashed_password($password);
+	$query = "INSERT INTO `lahtp_3_web`.`auth` (`username`, `password`, `full_name`, `mobile_number`, `is_admin`, `otp`) VALUES ('$username', '$password', '$full_name', '$mobile', '0', '$otp');";
+	$db_conn = get_db_connection();
+	if(mysqli_query($db_conn, $query)) {
+		return 1;
+	} else {
+		return mysqli_error($db_conn);
+	}
+}
+
+function get_hashed_password($password){
+	global $SALT;
+	return strrev(md5($password.$SALT));
+}
+
+function do_verify_signup($username, $otp){
+	$query = "SELECT * FROM lahtp_3_web.auth WHERE username='$username';";
+	$db_conn = get_db_connection();
+	$result = mysqli_query($db_conn, $query);
+	if(mysqli_num_rows($result) == 1){
+		$row = mysqli_fetch_assoc($result);
+		//print_r($row);
+		// echo var_dump($otp);
+		// echo var_dump($row['otp']);
+		// die();
+		if($otp == $row['otp']){
+			return activate($row['id']) ? 1 : -1;
+		} else {
+			return -1; //invalid otp
+		}
+
+		//TODO: OTP EXPIRED CONDITION - Try to compare the database time with current time, and if it exceeds 5 mins, do not validate OTP, generate a new OTP and try to vaidate it.
+	} else {
+		return 0; //user account not found
+	}
+}
+
+function activate($id){
+	$query = "UPDATE `lahtp_3_web`.`auth` SET `is_verified` = '1' WHERE (`id` = '$id');";
+	$db_conn = get_db_connection();
+	return mysqli_query($db_conn, $query);
+}
+
+function resent_otp(){
+ //Write code to regenerate OTP and update the row.
 }
\ No newline at end of file
--- a/signup.php
+++ b/signup.php
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <meta name="description" content="">
+    <meta name="author" content="Mark Otto, Jacob Thornton, and Bootstrap contributors">
+    <meta name="generator" content="Hugo 0.79.0">
+    <title>Signin Template · Bootstrap v5.0</title>
+
+    <link rel="canonical" href="https://getbootstrap.com/docs/5.0/examples/sign-in/">
+
+
+
+    <!-- Bootstrap core CSS -->
+<link href="../assets/dist/css/bootstrap.min.css" rel="stylesheet">
+
+    <style>
+      .bd-placeholder-img {
+        font-size: 1.125rem;
+        text-anchor: middle;
+        -webkit-user-select: none;
+        -moz-user-select: none;
+        user-select: none;
+      }
+
+      @media (min-width: 768px) {
+        .bd-placeholder-img-lg {
+          font-size: 3.5rem;
+        }
+      }
+
+    </style>
+
+
+    <!-- Custom styles for this template -->
+    <link href="signin.css" rel="stylesheet">
+  </head>
+  <body class="text-center">
+
+<main class="form-signin">
+  <form action="auth.php" method="POST">
+    <img class="mb-4" src="../assets/brand/bootstrap-logo.svg" alt="" width="72" height="57">
+    <h1 class="h3 mb-3 fw-normal">Welcome, Signup :)</h1>
+    <?php
+    if(isset($_GET['error']) and $_GET['error'] == 1){
+      ?>
+      <div class="alert alert-danger" role="alert">
+       <?php
+          $error_m = "Username already exists. Cannot signup.";
+          if(isset($_GET['error_m'])){
+            $error_m = $_GET['error_m'];
+          }
+          echo $error_m;
+       ?>
+      </div>
+      <?php
+    }
+    ?>
+    <label for="fullName" class="visually-hidden">Full Name</label>
+    <input type="text" name="full_name" id="fullName" class="form-control" placeholder="Full Name" required autofocus value="<?echo isset($_GET['fn']) ? $_GET['fn'] : "";?>">
+    <label for="inputPhone" class="visually-hidden">Mobile Number</label>
+    <input type="phone" name="mobile" id="inputPhone" class="form-control" placeholder="Mobile Number" required autofocus value="<?echo isset($_GET['mob']) ? $_GET['mob'] : "";?>">
+    <br>
+    <label for="inputUsername" class="visually-hidden">Username</label>
+    <input type="username" name="username" id="inputUsername" class="form-control" placeholder="Username" required autofocus>
+    <label for="inputPassword" class="visually-hidden">Password</label>
+    <input name="password" type="password" id="inputPassword" class="form-control" placeholder="Password" required>
+    <input type="hidden" id="auth" name="type" value="signup">
+    <input class="w-100 btn btn-lg btn-success" type="submit" value="Sign Up">
+    <a class="mt-1 w-100 btn btn-lg btn-primary" href="index.php">Sign in</a>
+    <p class="mt-5 mb-3 text-muted">&copy; 2017-2020</p>
+  </form>
+</main>
+
+
+
+  </body>
+</html>
--- a/test.php
+++ b/test.php
@@ -2,7 +2,7 @@

 include 'library/auth.php';

-if(do_login('sibi', 'passwddord')){
+if(do_login('sibi', 'password')){
 	echo "Success";
 } else {
 	echo "Failed";

--- a/verify.php
+++ b/verify.php
+<?php
+
+if(!isset($_GET['username'])){
+  header("Location: index.php");
+}
+
+?>
+
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <meta name="description" content="">
+    <meta name="author" content="Mark Otto, Jacob Thornton, and Bootstrap contributors">
+    <meta name="generator" content="Hugo 0.79.0">
+    <title>Signin Template · Bootstrap v5.0</title>
+
+    <link rel="canonical" href="https://getbootstrap.com/docs/5.0/examples/sign-in/">
+
+
+
+    <!-- Bootstrap core CSS -->
+<link href="../assets/dist/css/bootstrap.min.css" rel="stylesheet">
+
+    <style>
+      .bd-placeholder-img {
+        font-size: 1.125rem;
+        text-anchor: middle;
+        -webkit-user-select: none;
+        -moz-user-select: none;
+        user-select: none;
+      }
+
+      @media (min-width: 768px) {
+        .bd-placeholder-img-lg {
+          font-size: 3.5rem;
+        }
+      }
+
+    </style>
+
+
+    <!-- Custom styles for this template -->
+    <link href="signin.css" rel="stylesheet">
+  </head>
+  <body class="text-center">
+
+<main class="form-signin">
+  <form action="auth.php" method="POST">
+    <img class="mb-4" src="../assets/brand/bootstrap-logo.svg" alt="" width="72" height="57">
+    <h1 class="h3 mb-3 fw-normal">Enter your OTP</h1>
+    <?php
+    if(isset($_GET['error']) and $_GET['error'] == 1){
+      ?>
+      <div class="alert alert-danger" role="alert">
+       <?php
+          $error_m = "Invaid OTP";
+          if(isset($_GET['error_m'])){
+            $error_m = $_GET['error_m'];
+          }
+          echo $error_m;
+       ?>
+      </div>
+      <?php
+    }
+    ?>
+    <label for="otp" class="visually-hidden">Enter OTP</label>
+    <input type="text" name="otp" id="otp" class="form-control" placeholder="Enter OTP" required autofocus>
+    <input type="hidden" id="auth" name="type" value="otp">
+    <input type="hidden" id="username" name="username" value="<?=$_GET['username']?>">
+    <br>
+    <input class="w-100 btn btn-lg btn-success" type="submit" value="Verify">
+
+    <p class="mt-5 mb-3 text-muted">&copy; 2017-2020</p>
+  </form>
+</main>
+
+
+
+  </body>
+</html>