Question

In: Computer Science

Using the zip file provided, create a secure login/registration app. Make sure that your game pages...

Using the zip file provided, create a secure login/registration app. Make sure that your game pages (at least two) are unavailable to unregistered users. Upload a zip file with your working PHP application.

Contents of zip

Index.php

-----------------

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8">
        <title></title>
    </head>
    <body>
        <?php
        // 1. display error message in the session (if any): $_SESSION['error']
        // 2. display either the user's name and the game menu or the form/link below
        // (display the menu by using a php include of menu.html)
        ?>
        <form action="authenticate.php" method="post">
            Username: <input type="text" name="user"><br>
            Password: <input type="password" name="pwd"><br>
            <input type="submit">
        </form>
        <a href="register.php">Register a new login</a>
    </body>
</html>

menu.html

---------------

   <h3>Game Menu</h3>
        <ul>
            <li><a href="guess.php">Guess</a></li>
        </ul>

newUser.php

-------------------

<?php
session_start();

// 1. validate the input
// 2. make sure user is not already in the database
// 3. make sure that pwd and repeat match
// 4. insert a new row (be sure to hash the pwd first)

// 5. redirect to home page
header("Location: index.php");
?>

register.php

-------------

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8">
        <title></title>
    </head>
    <body>
        <form action="newUser.php" method="post">
            Username: <input type="text" name="user"><br>
            Password: <input type="password" name="pwd"><br>
            Repeat: <input type="password" name="repeat"><br>
            <input type="submit">
        </form>
    </body>
</html>

games_ddl.sql

----------------

CREATE DATABASE games;

USE games;
CREATE TABLE users
(
    id int primary key auto_increment,
    username varchar(255),
    password varchar(255)
);

-- insert a row into the users table for the administrator:
-- username = foo
-- password = bar
INSERT INTO users (username, password) VALUES ('foo', '$2y$10$IWDcVmWIHlx5nI5A.18gNOUDoJZgdfWJwFMamea9JaUK9M.iTx8g.');

Authenticate.php

---------------------

<?php

// 1. validate the form input (set $_SESSION['error'] if there is a problem)
// 2. create a database connection (using the standard root user)
// 3. select the password from the users table where the username came from the form
// 4. use password_verify to see if the form password matches the hashed password from db: password_verify($pwdFromFrom, $dbPwd) returns a boolean
// 5. forward user to index.php
// 6. allow execution to continue and close db connection

?>

Solutions

Expert Solution

There are a few steps we need to take before we create our secure login system, we need to set up our web server environment and make sure we have the required extensions enabled.

  • If you haven't got a local web server setup I recommend you download and install XAMPP.
  • XAMPP is a web server package that will run on many operating systems, it includes PHP, MySQL, Apache, phpMyAdmin, and more, no need to install the software separately.

index.html

<!DOCTYPE html>
<html>
   <head>
       <meta charset="utf-8">
       <title>Login</title>
       <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.1/css/all.css">

<link href="style.css" rel="stylesheet" type="text/css">
   </head>
   <body>
       <div class="login">
           <h1>Login</h1>
           <form action="authenticate.php" method="post">
               <label for="username">
                   <i class="fas fa-user"></i>
               </label>
               <input type="text" name="username" placeholder="Username" id="username" required>
               <label for="password">
                   <i class="fas fa-lock"></i>
               </label>
               <input type="password" name="password" placeholder="Password" id="password" required>
               <input type="submit" value="Login">
           </form>
       </div>
   </body>
</html>

style.css

* {
   box-sizing: border-box;
   font-family: -apple-system, BlinkMacSystemFont, "segoe ui", roboto, oxygen, ubuntu, cantarell, "fira sans", "droid sans", "helvetica neue", Arial, sans-serif;
   font-size: 16px;
   -webkit-font-smoothing: antialiased;
   -moz-osx-font-smoothing: grayscale;
}
body {
   background-color: #435165;
}
.login {
   width: 400px;
   background-color: #ffffff;
   box-shadow: 0 0 9px 0 rgba(0, 0, 0, 0.3);
   margin: 100px auto;
}
.login h1 {
   text-align: center;
   color: #5b6574;
   font-size: 24px;
   padding: 20px 0 20px 0;
   border-bottom: 1px solid #dee0e4;
}
.login form {
   display: flex;
   flex-wrap: wrap;
   justify-content: center;
   padding-top: 20px;
}
.login form label {
   display: flex;
   justify-content: center;
   align-items: center;
   width: 50px;
   height: 50px;
   background-color: #3274d6;
   color: #ffffff;
}
.login form input[type="password"], .login form input[type="text"] {
   width: 310px;
   height: 50px;
   border: 1px solid #dee0e4;
   margin-bottom: 20px;
   padding: 0 15px;
}
.login form input[type="submit"] {
   width: 100%;
   padding: 15px;
    margin-top: 20px;
   background-color: #3274d6;
   border: 0;
   cursor: pointer;
   font-weight: bold;
   color: #ffffff;
   transition: background-color 0.2s;
}
.login form input[type="submit"]:hover {
   background-color: #2868c7;
   transition: background-color 0.2s;
}

phplogin

CREATE TABLE IF NOT EXISTS `accounts` (
   `id` int(11) NOT NULL AUTO_INCREMENT,
   `username` varchar(50) NOT NULL,
   `password` varchar(255) NOT NULL,
   `email` varchar(100) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;

INSERT INTO `accounts` (`id`, `username`, `password`, `email`) VALUES (1, 'test', '$2y$10$SfhYIDtn.iOuCW7zfoFLuuZHX6lja4lF4XA4JqNmpiH/.P3zB8JCa', '[email protected]');

authenticate.php

<?php
session_start();
// Change this to your connection info.
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = '';
$DATABASE_NAME = 'phplogin';
// Try and connect using the info above.
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
if ( mysqli_connect_errno() ) {
   // If there is an error with the connection, stop the script and display the error.
   exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}

// Now we check if the data from the login form was submitted, isset() will check if the data exists.
if ( !isset($_POST['username'], $_POST['password']) ) {
   // Could not get the data that should have been sent.
   exit('Please fill both the username and password fields!');
}

// Prepare our SQL, preparing the SQL statement will prevent SQL injection.
if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) {
   // Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
   $stmt->bind_param('s', $_POST['username']);
   $stmt->execute();
   // Store the result so we can check if the account exists in the database.
   $stmt->store_result();


   $stmt->close();
}
?>


Related Solutions

using PDO, MYSQL, and Html, how can i create a simple registration and login form for...
using PDO, MYSQL, and Html, how can i create a simple registration and login form for cPanel?
Create a Registration and login page using React,nodejs and all the data should store in MongoDB...
Create a Registration and login page using React,nodejs and all the data should store in MongoDB database.
Create a linked list of Poem objects using the Poem.java file provided. You may create Poem...
Create a linked list of Poem objects using the Poem.java file provided. You may create Poem objects by hard coding (minimum 4), reading from a file, or getting user input. Print the list using ListIterator. Here is Poem.Java: public class Poem {    private String title;    private String poet;    /**    * No arg constructor    */    public Poem()    {        title = "not set";        poet = "not set";    }    /**...
You are provided with a StackInterface to implement your stack, make sure to implement the data...
You are provided with a StackInterface to implement your stack, make sure to implement the data structure using java.util.ArrayList and naming your implementation ArrayListStack (make sure to use generics like you have been for the data structures so far). The provided StackTester assumes you name your implementation that way. Note that you have also been provided a PalindromeTester with the specific isPalindrome() method you are required to implement, following the approach above. The method should take whitespace, case-sensitivity, digits, and...
create a VHDL program for the Truth Table below. Please make sure to create your code...
create a VHDL program for the Truth Table below. Please make sure to create your code for the simplified circuit. A B C Z 0 0 0 0 0 0 1 1 0 1 0 1 0 1 1 0 1 0 0 1 1 0 1 1 1 1 0 1 1 1 1 0
Create a graph using GeoGebra of x 3 − 3x 2 + 2x. Make sure the...
Create a graph using GeoGebra of x 3 − 3x 2 + 2x. Make sure the graph contains the zeros, maxima, and minima with labels for each. Having a really hard time graphing on this application, an explanation of how to do so would be extremely helpful.
Using the data provided in the excel file, show all of your work for the following...
Using the data provided in the excel file, show all of your work for the following calculations: a.) mean temperature of unmixed reagents (oC) b.) δελταT from graph (oC) c.) q absorbed by reaction mixture (J) d.) q absorbed by calorimeter, stirrer, and thermometer (J) e.) q total absorbed (J) f.) q total released (J) g.) calculation to show limiting reagent h.) deltaH neutralization for the reaction (kJ/mole of acid) A student reacted 100.0 mL of 0.9800 M HCl with...
Create a portfolio using the four stocks and information below: ((((please please make sure the answers...
Create a portfolio using the four stocks and information below: ((((please please make sure the answers are correct please)))) Expected Return Standard Deviation Weight in Portfolio Stock A 21.00% 21.00% 15.00% Stock B 5.00% 17.00% 28.00% Stock C 7.00% 12.00% 11.00% Stock D 22.00% 22.00% 46.00% ---------------------- ---------------------- ---------------------- ---------------------- Correlation (A,B) 0.7000 ---------------------- ---------------------- Correlation (A,C) 0.4900 ---------------------- ---------------------- Correlation (A,D) 0.2500 ---------------------- ---------------------- Correlation (B,C) 0.4400 ---------------------- ---------------------- Correlation (B,D) 0.9600 ---------------------- ---------------------- Correlation (C,D) 0.2000 ---------------------- ----------------------...
Python: Trivia Questionaire Create a trivia application using the provided file which contains 15 questions in...
Python: Trivia Questionaire Create a trivia application using the provided file which contains 15 questions in it. Your application should randomly select how many questions will be presented to the user and it must be a number not greater than the number of questions in the file. Every question that is displayed should be randomly selected from the list and should be non-repetitive; in other words, you should not ask the same question twice. Your application should keep track of...
Solve the below questions using your own words PLEASE!! Make sure to write by your own...
Solve the below questions using your own words PLEASE!! Make sure to write by your own words or paraphrase 1. What is the difference between Windows and Linux server 2. Give some advantages and disadvantages Windows and Linux Operating System
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT