533388
Hectopat
- Katılım
- 27 Mart 2022
- Mesajlar
- 4.408
- Makaleler
- 2
- Çözümler
- 54
Bu kodları nasıl daha güvenli hale getirip daha iyi yazarım?
PHP:
<?php
$host="localhost";
$db_name="blog";
$username="root";
$password="";
try {
$conn = new PDO("mysql:host=$host;dbname=$db_name", $username, $password);
// set the PDO error mode to exception.
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// echo "Connection successfully";
} catch(PDOException $e) {
echo "Connection failed: " . $e->getMessage();
}
PHP:
<?php
include "../conf/database.php";
$username = $_POST["username"];
$email = $_POST["email"];
$password = $_POST["password"];
if(isset($_POST["signupBtn"])) {
if(empty($email) || empty($password) || empty($username)) {
echo "Email,username or password is required";
}
else {
$query = "INSERT INTO users(user_name,user_mail,user_password) VALUES(:user_name,:user_mail,:user_password)";
$stmt = $conn->prepare($query);
$stmt->bindParam(':user_name', $username);
$stmt->bindParam(':user_mail', $email);
$stmt->bindParam(':user_password', $password);
$result = $stmt->execute();
if($result) {
echo "User creation successful";
}
else {
echo "Error";
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Sign Up Page</title>
</head>
<body>
<form method="post">
<input type="text" name="username" placeholder="Username">
<input type="email" name="email" placeholder="Email">
<input type="password" name="password" placeholder="*****">
<button name="signupBtn" type="submit">Sign Up</button>
</form>
</body>
</html>
PHP:
<?php
include "../conf/database.php";
$email = $_POST["email"];
$password = $_POST["password"];
if(isset($_POST["loginBtn"])) {
if(empty($email) || empty($password)) {
echo "Email or password is required";
}
else {
$query = "SELECT * FROM users WHERE user_mail = :user_mail AND user_password = :user_password";
$stmt = $conn->prepare($query);
$stmt->bindParam(':user_mail', $email, PDO::PARAM_STR); // Specify parameter type.
$stmt->bindParam(':user_password', password_hash($password, PASSWORD_DEFAULT), PDO::PARAM_STR); // Hash password before binding.
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if($result) {
// echo "Waiting server..";
session_start();
$_SESSION["user_name"] = $result["user_name"];
$_SESSION["user_mail"] = $result["user_mail"];
$_SESSION["user_password"] = $result["user_password"];
$_SESSION["user_created_date"] = $result["user_created_date"];
header("Location:../account/user.php");
}
else {
echo "Email or password is incorrect";
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>login Page</title>
</head>
<body>
<form method="post">
<input type="email" name="email" placeholder="Email">
<input type="password" name="password" placeholder="*****">
<button name="loginBtn" type="submit">Login</button>
</form>
</body>
</html>
PHP:
<?php
session_start();
echo "Mail address:".$_SESSION["user_mail"];
echo "<br>";
echo "Your username:".$_SESSION["user_name"];
echo "<br>";
echo "Your password:".$_SESSION["user_password"];
echo "<br>";
echo "Your account creation date:".$_SESSION["user_created_date"];