Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Locate the PHP code for validating the user\'s login information. Use the variab

ID: 2247114 • Letter: L

Question

Locate the PHP code for validating the user's login information. Use the variables defined there to restrict the content page to only those who have successfully logged into the system.

Describe how the session is managed from page to page in the application. How long is the session active by default? What conditions will end the session?

Identify the form validation rules that need to be put in place for the login form and the registration form. What format should the data have? What is the maximum length of each item? Identify the necessary functions in JavaScript and PHP to create these validation rules and list them in your report.

<?php

// Variable to store errors as script processes

$err = '';

// Database Access Information

$hostname="db.petsales.com";

$username="petsales";

$password="password";

$dbname="petsales";

$con = mysql_connect($hostname,$username, $password) or die ("<html><script language='JavaScript'>alert('Unable to connect to database! Please try again later.'),history.go(-1)</script></html>");

mysql_select_db($dbname);

// Navigation Management Variables

$def = true;

$mynav = '';

$mycontent = '';

$mylogin = false;

// Administrative Variables

$adm_pg = '';

$adm_un = 'admin'; // Username for administrator

$adm_pw = 'password'; // Password for administrator

// Check session information from form - email, session, fname lookup -

// Returns user type ('U' is default for active user, '0' means unregistered)

$mytype = '0';

$exp = false;

// This tests to see if the user is logged into the system successfully

// If so, $mylogin is set to TRUE

// If not, an error is generated into $err

if ((time() < intval($_POST['session']))) {

if ((($_POST['fname'] != '')&&($_POST['email'] != ''))&&($_POST['session'] != '')) {

$result = mysql_query("SELECT email,pw,fname,id FROM sessions WHERE email = '" . $_POST['email'] . "'"); // Email address is used directly.

$row = mysql_fetch_array($result);

if (!$result) {

$err = $err . "Your session is no longer valid. Please login again.<br>";

} else if ($row[0] == $_POST['email']) {

$email = $row[0];

$pw = $row[1];

$fname = $row[2];

$sess = time() + (60*60);

$exp = true;

// if successful, reset session expiration

$result = mysql_query("UPDATE sessions SET id = '" . $sess . "' WHERE email = '" . $email . "' AND pw = '" . $pw . "'");

$mylogin = true;

} else {

$err .= "Data did not return correctly. Please try your request again.<br>";

}

}

}

// This script processes the main request of the system

// Options are: register, login, logout

switch ($_POST['tokenid']) {

case "logout": // Logout from system

//kill session parameter in form

$_POST['session'] = '-1';

$_POST['email'] = '';

$_POST['fname'] = '';

$email = '';

$fname = '';

$sess = -1;

$email = '';

$mytype = '0';

$mylogin = false;

$exp = false;

break;

case "login": // Login to system

// verify login

// perform tests on values used

if (($_POST['us'] == $adm_un)&&($_POST['pw'] == $adm_pw)) { // Display Admin Results

//admin verification

$email = 'Admin';

$pw = $_POST['pw'];

$fname = $adm_un;

$mytype = 'A';

$sess = time() + (10*60);

$def = false;

$adm_pg = '';

$adm_result = mysql_query("SELECT email,fname,lname,pw FROM sessions");

if (!$adm_result) {

$err = $err . "The results from the database could not be returned.<br>&nbsp;<br>";

$def = true;

} else {

$adm_i = 0;

$adm_j = 0;

$adm_pg = $adm_pg . '<table cellpadding=2 cellspacing=0 border=0><tr><td><i>Email</i></td><td><i>Name</i></td><td><i>Password</i></td></tr>';

while ( $adm_row = mysql_fetch_array($adm_result) ) {

$adm_pg = $adm_pg . '<tr><td>' . $adm_row[0] . '</td><td>' . $adm_row[1] . ' ' . $adm_row[2] . '</td><td>' . $adm_row[3] . '</td></tr>';

}

$adm_pg = $adm_pg . '</table>';

}

} else { // Test for regular login

$result = mysql_query("SELECT email,pw,fname,id FROM sessions WHERE email = '" . ($_POST['us']) . "' AND pw = '" . $_POST['pw'] . "'");

if (!$result) {

// false return; do not change default

$err = $err . "Login information did not match existing records.<br>";

} else {

$row = mysql_fetch_array($result);

if (($row[0] == $_POST['us'])&&($row[1] == $_POST['pw'])) { // Password is used directly with no modification

$email = $row[0];

$fname = $row[2];

$sess = $row[3];

$exp = true;

$err = $err . "Login successful! Welcome, " . $fname . "!";

//update session time

$sess = time() + (60*60);

$result = mysql_query("UPDATE sessions SET id = '" . $sess . "' WHERE email = '" . $_POST['email'] . "' AND pw = '" . $_POST['pw'] . "'");

$mylogin = true;

} else {

$err = $err . "Login information did not match existing records.<br>";

}

}

}

break;

case "register": // Register new user

$err_ct = 0;

// validate form data

//test for empties

//make sure passwords match

//test length of variables

//test for existing email registration

// perform registration

if ($err_ct == 0) {

$result = mysql_query("INSERT INTO sessions (email, pw, fname, lname, id) VALUES ('" . $_POST['email'] . "', '" . $_POST['pw'] ."','" . $_POST['fname'] . "','" . $_POST['lname'] . "','" . (time()+(60*60)) . "'");

}

if (!$result) {

$err = $err . "No data has been stored.";

} else {

$result = mysql_query("SELECT email,pw,fname,id FROM sessions WHERE email = '" . $_POST['email'] . "' AND pw = '" . $_POST['pw'] . "'");

$row = mysql_fetch_array($result);

if (!$result) {

// false return; do not change default

$err = $err . "Data storage unsuccessful. Please try again.<br>";

} else {

if (($row[0] == $_POST['email'])&&($row[1] == hash('md5',$_POST['pw']))) {

$email = $row[0];

$fname = $row[2];

$sess = $row[3];

$exp = true;

$err = $err . "Registration successful! Welcome, " . $fname . "!<br>";

$mylogin = true;

} else {

$err = $err . "Data storage unsuccessful. Please try again.<br>";

}

}

}

break;

// The following cases are for navigation only - Do not edit!

case "reg": // Register new user

$def = false;

echo 'document.getElementById("thispage").innerHTML = displayfile("' . $_POST['pagereq'] . '");' . PHP_EOL;

break;

case "navigate":

// select navigation parameters

if ($mylogin) {

echo 'document.getElementById("thispage").innerHTML = displayfile("' . $_POST['pagereq'] . '");' . PHP_EOL;

} else {

echo 'document.getElementById("thispage").innerHTML = "You do not have the correct permissions to view this content.";' . PHP_EOL;

}

$def = false;

break;

case "request":

// request restricted item

// return or deny

if ($mylogin) {

echo 'document.getElementById("thispage").innerHTML = displayfile("./' . $_POST['pagereq'] . '");' . PHP_EOL;

} else {

echo 'document.getElementById("thispage").innerHTML = "You do not have the correct permissions to view this content.";' . PHP_EOL;

}

$def = false;

break;

case "js":

if ($mylogin) {

echo $_POST['pagereq'] . PHP_EOL;

} else {

echo 'document.getElementById("thispage").innerHTML = "You do not have the correct permissions to view this content.";' . PHP_EOL;

}

$def = false;

break;

default:

$def = true;

break;

}

//session type sets navigation options - Do not edit!

$mynav = "'";

if ($mylogin) { // Test for login before displaying option

$mynav .= "<a href="#" class="la">View Pet Inventory</a>";

}

$mynav .= "';";

if ($exp) {

if (($fname == '')&&($_POST['fname'] != '')) {

$fname = $_POST['fname'];

}

echo 'this.document.getElementById("mylogin").innerHTML = "Welcome, ' . $fname . '! (<a href="#" class="la">Logout</a>)<br><a href="#" class="la">Change Password</a>";'. PHP_EOL;;

}

if ($def) {

if ($err == '') {

echo 'document.getElementById("thispage").innerHTML = displayfile("include/desc.html");'. PHP_EOL;

} else {

echo 'document.getElementById("thispage").innerHTML = "<br><b><i>Message: ' . $err . '</i></b><br>&nbsp;<br>" + displayfile("include/desc.html");'. PHP_EOL;

}

} else if ($mycontent != '') {

echo "document.getElementById("thispage").innerHTML = '" . $mycontent . "';" . PHP_EOL;

}

if ($adm_pg <> '') {

echo "document.getElementById("thispage").innerHTML = '" . $adm_pg . "';" . PHP_EOL;

}

echo 'document.getElementById("thisnav").innerHTML = ' . $mynav . PHP_EOL;

?>

Explanation / Answer

<div id="login-register-password">

<?php global $user_ID, $user_identity; if (!$user_ID) { ?>

<ul class="tabs_login">

<li class="active_login"><a href="#tab1_login">Login</a></li>

<li><a href="#tab2_login">Register</a></li>

<li><a href="#tab3_login">Forgot?</a></li>

</ul>

<div class="tab_container_login">

<div id="tab1_login" class="tab_content_login">

<?php $register = $_GET['register']; $reset = $_GET['reset']; if ($register == true) { ?>

<h3>Success!</h3>

<p>Check your email for the password and then return to log in.</p>

<?php } elseif ($reset == true) { ?>

<h3>Success!</h3>

<p>Check your email to reset your password.</p>

<?php } else { ?>

<h3>Have an account?</h3>

<p>Log in or sign up! It&rsquo;s fast &amp; <em>free!</em></p>

<?php } ?>

<form method="post" action="<?php bloginfo('url') ?>/wp-login.php" class="wp-user-form">

<div class="username">

<label for="user_login"><?php _e('Username'); ?>: </label>

<input type="text" name="log" value="<?php echo esc_attr(stripslashes($user_login)); ?>" size="20" id="user_login" tabindex="11" />

</div>

<div class="password">

<label for="user_pass"><?php _e('Password'); ?>: </label>

<input type="password" name="pwd" value="" size="20" id="user_pass" tabindex="12" />

</div>

<div class="login_fields">

<div class="rememberme">

<label for="rememberme">

<input type="checkbox" name="rememberme" value="forever" checked="checked" id="rememberme" tabindex="13" /> Remember me

</label>

</div>

<?php do_action('login_form'); ?>

<input type="submit" name="user-submit" value="<?php _e('Login'); ?>" tabindex="14" class="user-submit" />

<input type="hidden" name="redirect_to" value="<?php echo esc_attr($_SERVER['REQUEST_URI']); ?>" />

<input type="hidden" name="user-cookie" value="1" />

</div>

</form>

</div>

<div id="tab2_login" class="tab_content_login">

<h3>Register for this site!</h3>

<p>Sign up now for the good stuff.</p>

<form method="post" action="<?php echo site_url('wp-login.php?action=register', 'login_post') ?>" class="wp-user-form">

<div class="username">

<label for="user_login"><?php _e('Username'); ?>: </label>

<input type="text" name="user_login" value="<?php echo esc_attr(stripslashes($user_login)); ?>" size="20" id="user_login" tabindex="101" />

</div>

<div class="password">

<label for="user_email"><?php _e('Your Email'); ?>: </label>

<input type="text" name="user_email" value="<?php echo esc_attr(stripslashes($user_email)); ?>" size="25" id="user_email" tabindex="102" />

</div>

<div class="login_fields">

<?php do_action('register_form'); ?>

<input type="submit" name="user-submit" value="<?php _e('Sign up!'); ?>" class="user-submit" tabindex="103" />

<?php $register = $_GET['register']; if($register == true) { echo '<p>Check your email for the password!</p>'; } ?>

<input type="hidden" name="redirect_to" value="<?php echo esc_attr($_SERVER['REQUEST_URI']); ?>?register=true" />

<input type="hidden" name="user-cookie" value="1" />

</div>

</form>

</div>

<div id="tab3_login" class="tab_content_login">

<h3>Lose something?</h3>

<p>Enter your username or email to reset your password.</p>

<form method="post" action="<?php echo site_url('wp-login.php?action=lostpassword', 'login_post') ?>" class="wp-user-form">

<div class="username">

<label for="user_login" class="hide"><?php _e('Username or Email'); ?>: </label>

<input type="text" name="user_login" value="" size="20" id="user_login" tabindex="1001" />

</div>

<div class="login_fields">

<?php do_action('login_form', 'resetpass'); ?>

<input type="submit" name="user-submit" value="<?php _e('Reset my password'); ?>" class="user-submit" tabindex="1002" />

<?php $reset = $_GET['reset']; if($reset == true) { echo '<p>A message will be sent to your email address.</p>'; } ?>

<input type="hidden" name="redirect_to" value="<?php echo esc_attr($_SERVER['REQUEST_URI']); ?>?reset=true" />

<input type="hidden" name="user-cookie" value="1" />

</div>

</form>

</div>

</div>

<?php } else { // is logged in ?>

<div class="sidebox">

<h3>Welcome, <?php echo $user_identity; ?></h3>

<div class="usericon">

<?php global $userdata; echo get_avatar($userdata->ID, 60); ?>

</div>

<div class="userinfo">

<p>You&rsquo;re logged in as <strong><?php echo $user_identity; ?></strong></p>

<p>

<a href="&lt;?php echo wp_logout_url('index.php'); ?&gt;">Log out</a> |

<?php if (current_user_can('manage_options')) {

echo '<a href="' . admin_url() . '">' . __('Admin') . '</a>'; } else {

echo '<a href="' . admin_url() . 'profile.php">' . __('Profile') . '</a>'; } ?>

</p>

</div>

</div>

<?php } ?>

</div>

<?php
include_once 'includes/register.inc.php';
include_once 'includes/functions.php';
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Secure Login: Registration Form</title>
<script type="text/JavaScript" src="js/sha512.js"></script>
<script type="text/JavaScript" src="js/forms.js"></script>
<link rel="stylesheet" href="styles/main.css" />
</head>
<body>
<!-- Registration form to be output if the POST variables are not
set or if the registration script caused an error. -->
<h1>Register with us</h1>
<?php
if (!empty($error_msg)) {
echo $error_msg;
}
?>
<ul>
<li>Usernames may contain only digits, upper and lowercase letters and underscores</li>
<li>Emails must have a valid email format</li>
<li>Passwords must be at least 6 characters long</li>
<li>Passwords must contain
<ul>
<li>At least one uppercase letter (A..Z)</li>
<li>At least one lowercase letter (a..z)</li>
<li>At least one number (0..9)</li>
</ul>
</li>
<li>Your password and confirmation must match exactly</li>
</ul>
<form action="<?php echo esc_url($_SERVER['REQUEST_URI']); ?>"
method="post"
name="registration_form">
Username: <input type='text'
name='username'
id='username' /><br>
Email: <input type="text" name="email" id="email" /><br>
Password: <input type="password"
name="password"
id="password"/><br>
Confirm password: <input type="password"
name="confirmpwd"
id="confirmpwd" /><br>
<input type="button"
value="Register"
/>
</form>
<p>Return to the <a href="index.php">login page</a>.</p>
</body>
</html>
<?php
include_once 'db_connect.php';
include_once 'psl-config.php';

$error_msg = "";

if (isset($_POST['username'], $_POST['email'], $_POST['p'])) {
  
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
  
$error_msg .= '<p class="error">The email address you entered is not valid</p>';
}

$password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
if (strlen($password) != 128) {

$error_msg .= '<p class="error">Invalid password configuration.</p>';
}


$prep_stmt = "SELECT id FROM members WHERE email = ? LIMIT 1";
$stmt = $mysqli->prepare($prep_stmt);

  
if ($stmt) {
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();

if ($stmt->num_rows == 1) {
  
$error_msg .= '<p class="error">A user with this email address already exists.</p>';
$stmt->close();
}
} else {
$error_msg .= '<p class="error">Database error Line 39</p>';
$stmt->close();
}


$prep_stmt = "SELECT id FROM members WHERE username = ? LIMIT 1";
$stmt = $mysqli->prepare($prep_stmt);

if ($stmt) {
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();

if ($stmt->num_rows == 1) {

$error_msg .= '<p class="error">A user with this username already exists</p>';
$stmt->close();
}
} else {
$error_msg .= '<p class="error">Database error line 55</p>';
$stmt->close();
}


  
if (empty($error_msg)) {

  
$password = password_hash($password, PASSWORD_BCRYPT);


if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password) VALUES (?, ?, ?)")) {
$insert_stmt->bind_param('sss', $username, $email, $password);
  
if (! $insert_stmt->execute()) {
header('Location: ../error.php?err=Registration failure: INSERT');
}
}
header('Location: ./register_success.php');
}
}
?>

Related Questions

Local Broad Cost Leader - Low priced products for the local region: our brands o
Question #378400
Local Department Store Across Town Neighboring City Travel Time Each way (Minute
Question #1146177
Local Landscaping uses a job-order costing system to track the costs of its land
Question #2491281
Local Pizzeria. A local pizzeria wants to know how much the average cost of an o
Question #3433346
Local changes in the magnitude of gravity measured are the result of the except
Question #105739
Local communities, states, and even countries often compete to get large firms t
Question #411534
Local governments will come up with creative ways to boost their economy, bringi
Question #2816479
Local hormones: . Do not . Serve a major function in .Cells produce them, releas
Question #3510577
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Locate the Epicenter of an Earthquake Activity 16.3 8.06 Figure A16.3. 808 8 10
Next
Locate the Treasury bond in Figure 6.3 maturing in February 2027. Is this a prem

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.