Commit 098dc6c8 authored by Tanmim Hanifa's avatar Tanmim Hanifa

Password hash, duplicate email/username

- Password hashing is working
- duplicate email/username checking is working
- User profile doesn't show user details, took it out to implement by taking from userID instead of passing details around on every page
parent 3c125984
<?php
require("password.php");
$con = mysqli_connect("localhost", "thani001", "password", "thani001_travelapals");
$username = $_POST["username"];
$password = $_POST["password"];
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ? AND password = ?");
mysqli_stmt_bind_param($statement, "ss", $username, $password);
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ?");
mysqli_stmt_bind_param($statement, "s", $username);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $userID, $email, $name, $dob, $password, $username);
mysqli_stmt_bind_result($statement, $colUserID, $colEmail, $colName, $colDob, $colPassword, $colUsername);
$response = array();
$response["success"] = false;
while(mysqli_stmt_fetch($statement)){
$response["success"] = true;
$response["email"] = $email;
$response["name"] = $name;
$response["dob"] = $dob;
$response["username"] = $username;
$response["password"] = $password;
if (password_verify($password, $colPassword)) {
$response["success"] = true;
}
}
echo json_encode($response);
;?>
\ No newline at end of file
echo json_encode($response);
?>
\ No newline at end of file
<?php
$con = mysqli_connect("localhost", "thani001", "password", "thani001_travelapals");
require("password.php");
$connect = mysqli_connect("localhost", "thani001", "password", "thani001_travelapals");
$email = $_POST["email"];
$name = $_POST["name"];
$dob = $_POST["dob"];
$password = $_POST["password"];
$email = $_POST["email"];
$username = $_POST["username"];
$password = $_POST["password"];
function registerUser() {
global $connect, $name, $dob, $email, $username, $password;
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
$statement = mysqli_prepare($connect, "INSERT INTO user (name, dob, email, username, password) VALUES (?, ?, ?, ?, ?)");
mysqli_stmt_bind_param($statement, "sisss", $name, $dob, $email, $username, $passwordHash);
mysqli_stmt_execute($statement);
mysqli_stmt_close($statement);
}
function usernameAvailable() {
global $connect, $username;
$statement = mysqli_prepare($connect, "SELECT * FROM user WHERE username = ?");
mysqli_stmt_bind_param($statement, "s", $username);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
$count = mysqli_stmt_num_rows($statement);
mysqli_stmt_close($statement);
if ($count < 1){
return true;
}else {
return false;
}
}
function emailAvailable() {
global $connect, $email;
$statement = mysqli_prepare($connect, "SELECT * FROM user WHERE email = ?");
mysqli_stmt_bind_param($statement, "s", $email);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
$count = mysqli_stmt_num_rows($statement);
mysqli_stmt_close($statement);
if ($count < 1){
return true;
}else {
return false;
}
}
$statement = mysqli_prepare($con, "INSERT INTO user (email, name, dob, password, username) VALUES (?, ?, ?, ?, ?)");
mysqli_stmt_bind_param($statement, "sssss", $email, $name, $dob, $password, $username);
mysqli_stmt_execute($statement);
$response = array();
$response["success"] = true;
$response["success"] = false;
if (usernameAvailable() && emailAvailable()){
registerUser();
$response["success"] = true;
}
echo json_encode($response);
?>
<?php
$con = mysqli_connect("localhost", "jsusz001", "password", "jsusz001_TravelPals");
$username = $_POST["username"];
$password = $_POST["password"];
$statement = mysqli_prepare($con, "SELECT * FROM user WHERE username = ? AND password = ?");
mysqli_stmt_bind_param($statement, "ss", $username, $password);
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $id, $name, $dob, $password, $picture, $email, $location, $username);
$response = array();
$response["success"] = false;
while(mysqli_stmt_fetch($statement)){
$response["success"] = true;
$response["name"] = $name;
$response["dob"] = $dob;
$response["password"] = $password;
$response["picture"] = $picture;
$response["email"] = $email;
$response["location"] = $location;
$response["username"] = $username;
}
echo json_encode($response);
;?>
\ No newline at end of file
......@@ -9,17 +9,20 @@
mysqli_stmt_execute($statement);
mysqli_stmt_store_result($statement);
mysqli_stmt_bind_result($statement, $userID, $name, $age, $password, $username);
mysqli_stmt_bind_result($statement, $userID, $email, $name, $dob, $password, $username);
$response = array();
$response["success"] = false;
while(mysqli_stmt_fetch($statement)){
$response["success"] = true;
//$response["userID"] = $userID
$response["email"] = $email;
$response["name"] = $name;
$response["age"] = $age;
$response["dob"] = $dob;
$response["username"] = $username;
$response["password"] = $password;
}
echo json_encode($response);
......
<?php
$con = mysqli_connect("localhost", "jsusz001", "password", "jsusz001_TravelPals");
$name = $_POST["name"];
$dob = $_POST["dob"];
$password = $_POST["password"];
$picture = $_POST["picture"];
$email = $_POST["email"];
$location = $_POST["location"];
$username = $_POST["username"];
$statement = mysqli_prepare($con, "INSERT INTO user (name, dob, password, picture, email, location, username) VALUES (?, ?, ?, ?)");
mysqli_stmt_bind_param($statement, "siss", $name, $dob, $password, $picture, $email, $location, $username);
mysqli_stmt_execute($statement);
$response = array();
$response["success"] = true;
echo json_encode($response);
?>
......@@ -2,14 +2,16 @@
<?php
$con = mysqli_connect("localhost", "thani001", "password", "thani001_travelapals");
$email = $_POST["email"];
$name = $_POST["name"];
$age = $_POST["age"];
$dob = $_POST["dob"];
$password = $_POST["password"];
$username = $_POST["username"];
$statement = mysqli_prepare($con, "INSERT INTO user (name, age, password, username) VALUES (?, ?, ?, ?)");
mysqli_stmt_bind_param($statement, "siss", $name, $age, $password, $username);
$statement = mysqli_prepare($con, "INSERT INTO user (email, name, dob, password, username) VALUES (?, ?, ?, ?, ?)");
mysqli_stmt_bind_param($statement, "sssss", $email, $name, $dob, $password, $username);
mysqli_stmt_execute($statement);
$response = array();
......
This diff is collapsed.
<?php
echo 'PHP VERSION: ' . phpversion();
?>
\ No newline at end of file
......@@ -15,6 +15,8 @@ public class LoginRequest extends StringRequest{
private static final String LOGIN_REQUEST_URL = "http://doc.gold.ac.uk/~thani001/travelpals/LoginTDB.php";
// private static final String LOGIN_REQUEST_URL = "http://doc.gold.ac.uk/~thani001/travelpals/backphp/LoginTDB.php";
private Map<String, String> params;
public LoginRequest(String username, String password, Response.Listener<String> listener){
......
......@@ -53,7 +53,7 @@ public class RegisterActivity extends AppCompatActivity {
RegisterActivity.this.startActivity(intent);
} else {
AlertDialog.Builder builder = new AlertDialog.Builder(RegisterActivity.this);
builder.setMessage("Registration failed")
builder.setMessage("Registration failed. Username or email may already be in use.")
.setNegativeButton("Try again", null)
.create()
.show();
......
......@@ -12,6 +12,8 @@ import java.util.Map;
public class RegisterRequest extends StringRequest {
private static final String REGISTER_REQUEST_URL = "http://doc.gold.ac.uk/~thani001/travelpals/RegisterTDB.php";
// private static final String REGISTER_REQUEST_URL = "http://doc.gold.ac.uk/~thani001/travelpals/backphp/RegisterTDB.php";
private Map<String, String> params;
public RegisterRequest(String name, String username, String dob, String email, String password, Response.Listener<String> listener){
......
......@@ -51,16 +51,16 @@ public class loginActivity extends AppCompatActivity {
boolean success = jsonResponse.getBoolean("success");
if(success){
String name = jsonResponse.getString("name");
String dob = jsonResponse.getString("dob");
String username = jsonResponse.getString("username");
String email = jsonResponse.getString("email");
Intent intent = new Intent(loginActivity.this, MainMenuActivity.class);
intent.putExtra("name", name);
intent.putExtra("dob", dob);
intent.putExtra("username", username);
intent.putExtra("email", email);
// String name = jsonResponse.getString("name");
// String dob = jsonResponse.getString("dob");
// String username = jsonResponse.getString("username");
// String email = jsonResponse.getString("email");
//
Intent intent = new Intent(loginActivity.this, MainMenuActivity.class);
// intent.putExtra("name", name);
// intent.putExtra("dob", dob);
// intent.putExtra("username", username);
// intent.putExtra("email", email);
loginActivity.this.startActivity(intent);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment