User login

[Berk]

hello everyone.i need a login script. I know there are much on google but they dont fit to my code.
So my html form :

  <div class="container">

    <form class="form-signin form-group"action="" method="post">
      <h2 class="form-signin-heading">Lütfen Giriş Yapın</h2>
      <label for="inputEmail" class="sr-only">Email address</label>
      <input type="text" id="ad" class="form-control" placeholder="Kullanıcı Adı"  autofocus name='ad'> <br>
      <label for="inputPassword" class="sr-only" name="sifre">Şifre</label>
      <input type="password" id="sifre" class="form-control" placeholder="Şifre">

      <button class="btn btn-lg btn-primary btn-block" type="submit">Giriş</button>
    </form>

  </div><?php } ?> <!-- /container -->
</html>

it should be done with mysql. it should update columns lastlogin and online. online is 1 and lastlogin is current time. my mysql details are
localhost
root
no password
anneyemegi is dbname.

 

[Weasel]

Cleaned the thread. This is the requests section. Even the sections subtitle mentions spoonfeeding.

As for OP, logging in is only one part. There's much more that needs to be done. Handling sessions, safety and permissions. What are you trying to make/achieve? You need to give more information, or open a Help & Support thread where people can help you achieve your goal with tips and hints if you're actually wanting to learn something.

 

[GarettM]

Quick question do we need to create the user/account table or do you have on i need to use?

Well here is the database table.

CREATE TABLE `accounts` (
    `id` INT(12) NOT NULL AUTO_INCREMENT,
    `username` VARCHAR(64) NOT NULL,
    `email` VARCHAR(64) NOT NULL,
    `hash` VARCHAR(64) NOT NULL,
    `session_id` INT(12) NOT NULL DEFAULT '0',
    `last_online` DATETIME,
    `online` BOOL NOT NULL DEFAULT true,
    PRIMARY KEY(`id`)
) COLLATE='utf8_general_ci';

And here is the PHP

<div class="container">
    <?php
        /**
        * Use This code to generate user hash's
        * $password = (string)filter_input(INPUT_POST, 'password', FILTER_SANITIZE_SPECIAL_CHARS);
        * $hash = password_hash($password, PASSWORD_BCRYPT);
        * $statement = $database->prepare('INSERT INTO accounts (username, password, email, session, online) VALUES (:username, :password, :email, :session, :online)');
        * $statement->bindValues(':password', $hash);
        * $statement->execute();
        */
 
        /**
        * Initialize the session
        */
        if(!session_id())
            session_start();

        /**
        * Database Connection  - SQL i used to test (password is password): INSERT INTO `accounts` (`username`, `email`, `hash`, `last_online`) values ('GarettM', '[email protected]', '$2y$10$oPZ6oIvwomEjaVnq9p6vOuK6yu1k/sEERUw33lf9wZsZ.0zQic4qG', NOW());
        */
        try {
            $database = new PDO('mysql:dbname=anneyemegi;host=localhost', 'root', '', array(
                PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8",
                PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
                PDO::ATTR_EMULATE_PREPARES => FALSE
            ));
        } catch(PDOException $ex) {
            # Handle Exception with $ex
            echo ($ex->getMessage());
        }
     
        /**
        * Check if login was submitted
        */
        if(isset($_POST, $_POST['username'], $_POST['password']))
        {
            $username = (string)filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS);
            $password = (string)filter_input(INPUT_POST, 'password', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
         
            $query = 'SELECT * FROM accounts WHERE ( username = :username OR email = :email )';
            $statement = $database->prepare($query);
            $statement->bindValue(':username', $username);
            $statement->bindValue(':email', $username);
            $statement->execute();
         
            $account = $statement->fetch(PDO::FETCH_ASSOC);
         
            if(password_verify($password, $account['hash']))
            {
                $_SESSION['account'] = array();
                foreach($account as $key => $value)
                {
                    $_SESSION['account'][$key] = $value;
                }
             
                $query = 'UPDATE accounts SET session_id = :session_id, last_online = NOW(), online = true';
                $update_statement = $database->prepare($query);
                $update_statement->bindValue(':session_id', (string)session_id());
                $update_statement->execute();
             
                # SUCCESS - If you wanna redirect on successfull login uncomment line below.
                #header('Location: /account');
                echo 'Logged in';
            }
            else {
                $error = 'Invalid Credentials';
            }
        }
    ?>
 
    <?php
        global $error;
        if(isset($error[1]))
        {
            echo $error;
        }
    ?>
    <form class="form-signin form-group"action="" method="post">
      <h2 class="form-signin-heading">Lütfen Giriş Yapın</h2>
      <label for="inputEmail" class="sr-only">Email address</label>
      <input type="text" id="ad" class="form-control" placeholder="Kullanıcı Adı"  autofocus name="username"> <br>
      <label for="inputPassword" class="sr-only" name="sifre">Şifre</label>
      <input type="password" id="sifre" class="form-control" placeholder="Şifre" name="password">

      <button class="btn btn-lg btn-primary btn-block" type="submit">Giriş</button>
    </form>

  </div><?php } ?> <!-- /container -->
</html>

 
DONE BITCHES

 

[Berk]

Quick question do we need to create the user/account table or do you have on i need to use?

Well here is the database table.

CREATE TABLE `accounts` (
    `id` INT(12) NOT NULL AUTO_INCREMENT,
    `username` VARCHAR(64) NOT NULL,
    `email` VARCHAR(64) NOT NULL,
    `hash` VARCHAR(64) NOT NULL,
    `session_id` INT(12) NOT NULL DEFAULT '0',
    `last_online` DATETIME,
    `online` BOOL NOT NULL DEFAULT true,
    PRIMARY KEY(`id`)
) COLLATE='utf8_general_ci';

And here is the PHP

<div class="container">
    <?php
        /**
        * Use This code to generate user hash's
        * $password = (string)filter_input(INPUT_POST, 'password', FILTER_SANITIZE_SPECIAL_CHARS);
        * $hash = password_hash($password, PASSWORD_BCRYPT);
        * $statement = $database->prepare('INSERT INTO accounts (username, password, email, session, online) VALUES (:username, :password, :email, :session, :online)');
        * $statement->bindValues(':password', $hash);
        * $statement->execute();
        */
 
        /**
        * Initialize the session
        */
        if(!session_id())
            session_start();

        /**
        * Database Connection  - SQL i used to test (password is password): INSERT INTO `accounts` (`username`, `email`, `hash`, `last_online`) values ('GarettM', '[email protected]', '$2y$10$oPZ6oIvwomEjaVnq9p6vOuK6yu1k/sEERUw33lf9wZsZ.0zQic4qG', NOW());
        */
        try {
            $database = new PDO('mysql:dbname=anneyemegi;host=localhost', 'root', '', array(
                PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8",
                PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
                PDO::ATTR_EMULATE_PREPARES => FALSE
            ));
        } catch(PDOException $ex) {
            # Handle Exception with $ex
            echo ($ex->getMessage());
        }
    
        /**
        * Check if login was submitted
        */
        if(isset($_POST, $_POST['username'], $_POST['password']))
        {
            $username = (string)filter_input(INPUT_POST, 'username', FILTER_SANITIZE_SPECIAL_CHARS);
            $password = (string)filter_input(INPUT_POST, 'password', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
        
            $query = 'SELECT * FROM accounts WHERE ( username = :username OR email = :email )';
            $statement = $database->prepare($query);
            $statement->bindValue(':username', $username);
            $statement->bindValue(':email', $username);
            $statement->execute();
        
            $account = $statement->fetch(PDO::FETCH_ASSOC);
        
            if(password_verify($password, $account['hash']))
            {
                $_SESSION['account'] = array();
                foreach($account as $key => $value)
                {
                    $_SESSION['account'][$key] = $value;
                }
            
                $query = 'UPDATE accounts SET session_id = :session_id, last_online = NOW(), online = true';
                $update_statement = $database->prepare($query);
                $update_statement->bindValue(':session_id', (string)session_id());
                $update_statement->execute();
            
                # SUCCESS - If you wanna redirect on successfull login uncomment line below.
                #header('Location: /account');
                echo 'Logged in';
            }
            else {
                $error = 'Invalid Credentials';
            }
        }
    ?>
 
    <?php
        global $error;
        if(isset($error[1]))
        {
            echo $error;
        }
    ?>
    <form class="form-signin form-group"action="" method="post">
      <h2 class="form-signin-heading">Lütfen Giriş Yapın</h2>
      <label for="inputEmail" class="sr-only">Email address</label>
      <input type="text" id="ad" class="form-control" placeholder="Kullanıcı Adı"  autofocus name="username"> <br>
      <label for="inputPassword" class="sr-only" name="sifre">Şifre</label>
      <input type="password" id="sifre" class="form-control" placeholder="Şifre" name="password">

      <button class="btn btn-lg btn-primary btn-block" type="submit">Giriş</button>
    </form>

  </div><?php } ?> <!-- /container -->
</html>

 
DONE BITCHES

thanks mate. i will edit this for my database . appreciated!