login.php
PHP
<?php
session_start();
$error = [];
if(isset($_POST['logIn'])){
$username = filter_var(trim($_POST['username']));
$password = filter_var($_POST['password']);
if(empty($username)){
$error[] = "<p class='error'>Bitte geben sie ihren Benutzernamen an!</p>";
}
if(empty($password)){
$error[] = "<p class='error'>Bitte geben sie ihr Passwort an!</p>";
}
if(count($error) === 0){
$pepper = "abs67,*()#";
$connection = new PDO("mysql:host=localhost;dbname=stef97;charset=utf8", "", "");
$sql = "SELECT id, username, password, active FROM registration WHERE username = :username";
$stmt = $connection->prepare($sql);
$result = $stmt->execute(
array(
":username" => $username
)
);
$rows = $stmt->fetch(PDO::FETCH_ASSOC);
if($rows){
if($rows["active"] != 0){
$password .= $pepper;
if(password_verify($password, $rows["password"])){
$_SESSION["loogedIn"] = true;
$_SESSION["username"] = $rows["username"];
$_SESSION["userId"] = $rows["id"];
header("LOCATION: startseite.php");
} else{
$error[] = "<p class='error'>Das Passwort ist falsch!</p>";
}
} else{
$error[] = "<p class='error'>Sie müssen erst ihre Registration bestätigen!</p>";
}
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Login</title>
</head>
<body>
<h1>Login</h1>
<form method="post">
<label>Username:</label>
<input type="text" name="username">
<label>Password:</label>
<input type="password" name="password">
<button name="logIn">Einloggen!</button>
<?php
if(isset($error) && count($error) > 0){
echo implode("", $error);
}
?>
</form>
</body>
</html>
Alles anzeigen
startseite.php
PHP
<?php
session_start();
if(!isset($_SESSION["loogedIn"])){
exit("Sie müssen sich erst <a href='#'>hier</a> anmelden!");
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Home</title>
</head>
<body>
<a href="user.php?id=<?php if(isset($_SESSION['userId'])) echo $_SESSION["userId"]; ?>">Zum Profil</a>
<?php
if(isset($_SESSION["username"])){
echo "Willkommen auf der Startseite " . htmlspecialchars($_SESSION["username"]);
}
?>
</body>
</html>
Alles anzeigen
user.php
PHP
<?php
session_start();
$error = [];
if(!isset($_SESSION["loogedIn"]) || !isset($_GET["id"] )){
exit("Sie müssen sich erst <a href='#'>hier</a> anmelden!");
}
$userId = $_GET["id"];
try{
$dbConnection = new PDO("mysql:host=localhost;dbname=stef97;charset=utf8", "", "");
$selectSql = "SELECT username, email FROM registration WHERE id = :id";
$selectStmt = $dbConnection->prepare($selectSql);
$selectResult = $selectStmt->execute(
array(
":id" => $userId
)
);
$rows = $selectStmt->fetchAll(PDO::FETCH_ASSOC);
if(isset($rows)){
foreach ($rows as $key => $value) {
$username = $value["username"];
$email = $value["email"];
}
}
$selectSql2 = "SELECT firstName, lastName, privateStatus FROM user WHERE id = :id";
$selectStmt2 = $dbConnection->prepare($selectSql2);
$selectResult2 = $selectStmt2->execute(
array(
":id" => $userId
)
);
$aboutYou = $selectStmt2->fetchAll(PDO::FETCH_ASSOC);
}catch(EXCEPTION $w){
echo "Fehler aufgetreten: " . $w->getMessage();
exit();
}
if(isset($_POST['data_save_about'])){
$first_name = filter_var(trim($_POST['first_name']), FILTER_SANITIZE_STRING);
$last_name = filter_var(trim($_POST['last_name']), FILTER_SANITIZE_STRING);
$about_your_private = filter_var(trim($_POST['about_your_private']), FILTER_SANITIZE_STRING);
$email = $email;
if(empty(trim($first_name)) || empty(trim($last_name)) || empty(trim($about_your_private))){
$error[] = "<p>Bitte füllen sie alle Felder aus!</p>";
}
if(count($error) === 0){
try{
if(!empty($aboutYou)){
$updateSql = "UPDATE user SET firstName = :firstName, lastName = :lastName, privateStatus = :privateStatus WHERE email = :email ";
$updateStmt = $dbConnection->prepare($updateSql);
$updateResult = $updateStmt->execute(
array(
":firstName" => $first_name,
":lastName" => $last_name,
":privateStatus" => $about_your_private,
":email" => $email
)
);
} else{
$insertSql = "INSERT INTO user(id,firstName, lastName, privateStatus, email) VALUES (:id, :firstName, :lastName, :privateStatus, :email)";
$insertStmt = $dbConnection->prepare($insertSql);
$insertResult = $insertStmt->execute(
array(
":id" => $userId,
":firstName" => $first_name,
":lastName" => $last_name,
":privateStatus" => $about_your_private,
":email" => $email
)
);
}
$ausgabe = "<p>Profil erfolgreich aktualisiert!</p>";
}catch(EXCEPTION $e){
echo "Fehler aufgetreten: " . $e->getMessage();
exit();
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Profil von <?php if(isset($username)) echo htmlspecialchars($username); ?></title>
<style>
input, textarea{
display: block;
}
</style>
</head>
<body>
<header>
<h1>Willkommen in deinem Profil <?php if(isset($username)) echo htmlspecialchars($username); ?></h1>
</header>
<main>
<section>
<ul>
<li>Username: <?php if(isset($username)) echo htmlspecialchars($username); ?></li>
<li>Kontakt: <?php if(isset($email)) echo htmlspecialchars($email); ?> </li>
</ul>
</section>
<section>
<ul>
<?php
if(!empty($aboutYou)){
foreach ($aboutYou as $key => $value) {
echo "<li>Vorname:" . htmlspecialchars($value['firstName']) . "</li>";
echo "<li>Nachname:" . htmlspecialchars($value['lastName']) . "</li>";
echo "<li>Status:" . htmlspecialchars($value['privateStatus']) . "</li>";
}
}
?>
</ul>
</section>
<section>
<article>
<h1>Über dich</h1>
<form method="post">
<label>Dein Vorname:</label>
<input type="text" name="first_name">
<label>Dein Nachname</label>
<input type="text" name="last_name">
<label>Über dich:</label>
<textarea name="about_your_private"></textarea>
<input type="submit" name="data_save_about" value="Abspeichern">
<?php
if(isset($error) && count($error) > 0){
echo implode("", $error);
} else if(isset($ausgabe)){
echo $ausgabe;
}
?>
</form>
</article>
</section>
</main>
</body>
</html>
Alles anzeigen