April 22, 2015
-->
<html>
<!--PHP Constants and Variables **************************************************************-->
<?php
//Include general php functions
include 'lab4_general_php_func.php';
session_start();
$_SESSION['userNameTaken'] = false;
$_SESSION['sqlFail'] = false;
//Get user inputs
$userName = $_POST['username'];
$password = $_POST['password'];
//UserName
if (!validateUserNameFormat($userName)) {
invalidArguments();
}
//Password
if (!validatePasswordFormat($password)) {
invalidArguments();
}
//The input formats are good. Does the userName already exist?
//Connect to the database
if (!($sql = connectToDatabase())) {
sqlFail();
}
//Does the user exist?
$query = "SELECT * FROM user WHERE username='******'";
//Run query
if (!($queryResult = mysqli_query($sql, $query))) {
/*This file is called to handle the inputs of user name and password from the main log-in
page. We will do a series of checks on the data in order to avoid overflows and SQL injection.
We will then determine if the values are valid. This will be done by first grabbing information
from the database, doing the proper hashing, and comparison. If successful, we update any
necessary info on the database and move onto the next page, else, we return to the login page.*/
//Include general use php file
include 'lab4_general_php_func.php';
//Start Session and set variables
session_start();
$_SESSION['invalidArguments'] = false;
$_SESSION['loggedIn'] = false;
//Get the passed in userName and password
$userName = $_POST['username'];
$pswd = $_POST['password'];
//Format validity checks
if (!validatePasswordFormat($pswd) || !validateUserNameFormat($userName)) {
loginFail();
}
//Connect to the database
if (($sql = connectToDatabase()) == false) {
loginFail();
}
//Does the user exist?
$query = "SELECT * FROM user WHERE username='******'";
//Run query
if (!($queryResult = mysqli_query($sql, $query))) {
loginFail();
}
if (mysqli_num_rows($queryResult) != 1) {
loginFail();
}