Update

project2/.gitignore

@@ -0,0 +1,4 @@
+config.php
+config*
+*config*
+*.log

project2/home.php

@@ -0,0 +1,10 @@
+<?php require_once(__DIR__ . "/partials/nav.php"); ?>
+<?php
+//we use this to safely get the email to display
+$email = "";
+if (isset($_SESSION["user"]) && isset($_SESSION["user"]["email"])) {
+    $email = $_SESSION["user"]["email"];
+}
+?>
+<div class="home">    <p>Welcome, <?php echo $email; ?></p> </div>
+<?php require(__DIR__ . "/partials/flash.php");

project2/index.php

@@ -0,0 +1,4 @@
+
+<?php
+header("Location: ../index.php");
+?>

project2/lib/db.php

@@ -0,0 +1,29 @@
+<?php
+//for this we'll turn on error output so we can try to see any problems on the screen
+//this will be active for any script that includes/requires this one
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
+function getDB(){
+    global $db;
+    //this function returns an existing connection or creates a new one if needed
+    //and assigns it to the $db variable
+    if(!isset($db)) {
+        try{
+            //__DIR__ helps get the correct path regardless of where the file is being called from
+            //it gets the absolute path to this file, then we append the relative url (so up a directory and inside lib)
+            require_once(__DIR__. "/config.php");//pull in our credentials
+            //use the variables from config to populate our connection
+            $connection_string = "mysql:host=$dbhost;dbname=$dbdatabase;charset=utf8mb4";
+            //using the PDO connector create a new connect to the DB
+            //if no error occurs we're connected
+            $db = new PDO($connection_string, $dbuser, $dbpass);
+        }
+    catch(Exception $e){
+            var_export($e);
+            $db = null;
+        }
+    }
+    return $db;
+}
+?>

project2/lib/helpers.php

@@ -0,0 +1,79 @@
+<?php
+session_start();//we can start our session here so we don't need to worry about it on other pages
+require_once(__DIR__ . "/db.php");
+//this file will contain any helpful functions we create
+//I have provided two for you
+function is_logged_in() {
+    return isset($_SESSION["user"]);
+}
+
+function has_role($role) {
+    if (is_logged_in() && isset($_SESSION["user"]["roles"])) {
+        foreach ($_SESSION["user"]["roles"] as $r) {
+            if ($r["name"] == $role) {
+                return true;
+            }
+        }
+    }
+    return false;
+}
+
+/*
+function get_role(){ //added by Daniel Daszkiewicz, 10/18/2020
+    if (is_logged_in() && isset($_SESSION["user"]["roles"])){
+        return $_SESSION["user"]["roles"];  
+    }
+}
+*/
+function get_username() {
+    if (is_logged_in() && isset($_SESSION["user"]["username"])) {
+        return $_SESSION["user"]["username"];
+    }
+    return "";
+}
+
+function get_email() {
+    if (is_logged_in() && isset($_SESSION["user"]["email"])) {
+        return $_SESSION["user"]["email"];
+    }
+    return "";
+}
+
+function get_user_id() {
+    if (is_logged_in() && isset($_SESSION["user"]["id"])) {
+        return $_SESSION["user"]["id"];
+    }
+    return -1;
+}
+
+function safer_echo($var) {
+    if (!isset($var)) {
+        echo "";
+        return;
+    }
+    echo htmlspecialchars($var, ENT_QUOTES, "UTF-8");
+}
+
+//for flash feature
+function flash($msg) {
+    if (isset($_SESSION['flash'])) {
+        array_push($_SESSION['flash'], $msg);
+    }
+    else {
+        $_SESSION['flash'] = array();
+        array_push($_SESSION['flash'], $msg);
+    }
+
+}
+
+function getMessages() {
+    if (isset($_SESSION['flash'])) {
+        $flashes = $_SESSION['flash'];
+        $_SESSION['flash'] = array();
+        return $flashes;
+    }
+    return array();
+}
+
+//end flash
+?>

project2/lib/index.php

@@ -0,0 +1,4 @@
+
+<?php
+header("Location: ../index.php");
+?>

project2/login.php

@@ -0,0 +1,93 @@
+<?php require_once(__DIR__ . "/partials/nav.php"); ?>
+<div class="login">
+    <form class="login" method="POST">
+        <label for="email">Email or Username:</label>
+        <input type="text" id="email" name="email" required/>
+        <label for="p1">Password:</label>
+        <input type="password" id="p1" name="password" required/>
+        <input type="submit" name="login" value="Login"/>
+    </form>
+</div>
+<?php
+if (isset($_POST["login"])) {
+    $email = null;
+    $password = null;
+    $username = null; 
+    if (isset($_POST["email"])) {
+        $email = $_POST["email"];
+    }
+    if (isset($_POST["password"])) {
+        $password = $_POST["password"];
+    }
+    if (isset($_POST["email"])) {
+      $username = $_POST["email"];
+    }
+    $isValid = true;
+    if (!isset($email) || !isset($password) || !isset($username)) {
+        $isValid = false;
+        flash("Email/Username or password missing");
+    }
+    if (!strpos($email, "@")) {
+        $email = null; 
+        //echo "<br>Invalid email<br>";
+    }
+
+    if ($isValid) {
+        $db = getDB();
+        if (isset($db)) {
+
+            if(isset($email)){
+                $stmt = $db->prepare("SELECT id, email, username, password from Users WHERE email = :email LIMIT 1");
+            }elseif(isset($username)){
+            $stmt = $db->prepare("SELECT id, email, username, password from Users WHERE username = :username LIMIT 1");
+            }
+
+            if(isset($email)){
+              $params = array(":email" => $email);
+            }elseif(isset($username)){
+              $params = array(":username" => $username);
+            }
+            $r = $stmt->execute($params);
+            //echo "db returned: " . var_export($r, true);
+            $e = $stmt->errorInfo();
+            if ($e[0] != "00000") {
+                //echo "uh oh something went wrong: " . var_export($e, true);
+                flash("Something went wrong, please try again");
+            }
+            $result = $stmt->fetch(PDO::FETCH_ASSOC);
+            if ($result && isset($result["password"])) {
+                $password_hash_from_db = $result["password"];
+                if (password_verify($password, $password_hash_from_db)) {
+                    $stmt = $db->prepare("
+SELECT Roles.name FROM Roles JOIN UserRoles on Roles.id = UserRoles.role_id where UserRoles.user_id = :user_id and Roles.is_active = 1 and UserRoles.is_active = 1");
+                    $stmt->execute([":user_id" => $result["id"]]);
+                    $roles = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+                    unset($result["password"]);//remove password so we don't leak it beyond this page
+                    //let's create a session for our user based on the other data we pulled from the table
+                    $_SESSION["user"] = $result;//we can save the entire result array since we removed password
+                    if ($roles) {
+                        $_SESSION["user"]["roles"] = $roles;
+                    }
+                    else {
+                        $_SESSION["user"]["roles"] = [];
+                    }
+                    //on successful login let's serve-side redirect the user to the home page.
+                    flash("Log in successful");
+                    die(header("Location: home.php"));
+                }
+                else {
+                    flash("Username or Password incorrect");
+                }
+            }
+            else {
+                flash("Username or Password incorrect");
+            }
+        }
+    }
+    else {
+        flash("There was a validation issue");
+    }
+}
+?>
+<?php require(__DIR__ . "/partials/flash.php");

project2/logout.php

@@ -0,0 +1,14 @@
+
+<?php
+session_start();
+// remove all session variables
+session_unset();
+// destroy the session
+session_destroy();
+?>
+<?php require_once(__DIR__ . "/partials/nav.php");/*ultimately, this is just here for the function to be loaded now*/ ?>
+<?php
+
+flash("You have been logged out");
+die(header("Location: login.php"));
+?>

project2/partials/flash.php

@@ -0,0 +1,25 @@
+<?php
+/*put this at the bottom of the page so any templates
+ populate the flash variable and then display at the proper timing*/
+?>
+<div class="container" id="flash">
+    <?php $messages = getMessages(); ?>
+    <?php if ($messages): ?>
+        <?php foreach ($messages as $msg): ?>
+            <div class="row bg-secondary justify-content-center">
+                <p><?php echo $msg; ?></p>
+            </div>
+        <?php endforeach; ?>
+    <?php endif; ?>
+</div>
+<script>
+    //used to pretend the flash messages are below the first nav element
+    function moveMeUp(ele) {
+        let target = document.getElementsByTagName("nav")[0];
+        if (target) {
+            target.after(ele);
+        }
+    }
+
+    moveMeUp(document.getElementById("flash"));
+</script>

project2/partials/index.php

@@ -0,0 +1,4 @@
+
+<?php
+header("Location: ../index.php");
+?>

project2/partials/nav.php

@@ -0,0 +1,19 @@
+<link rel="stylesheet" href="static/css/styles.css">
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" integrity="sha384-TX8t27EcRE3e/ihU7zmQxVncDAy5uIKz4rEkgIXeMed4M0jlfIDPvg6uqKI2xXr2" crossorigin="anonymous">
+<?php
+//we'll be including this on most/all pages so it's a good place to include anything else we want on those pages
+require_once(__DIR__ . "/../lib/helpers.php");
+?>
+<nav>
+<ul class="nav">
+    <li><a href="home.php">Home</a></li>
+    <?php if (!is_logged_in()): ?>
+        <li><a href="login.php">Login</a></li>
+        <li><a href="register.php">Register</a></li>
+    <?php endif; ?>
+    <?php if (is_logged_in()): ?>
+        <li><a href="profile.php">Profile</a></li>
+        <li><a href="logout.php">Logout</a></li>
+    <?php endif; ?>
+</ul>
+</nav>