Skip to content

A
auth-php-xml
Commit 11a7f580 authored by Vadym Gidulian's avatar Vadym Gidulian
Browse files
Options

Closed #1 (Add ability to disable sign up)

parent bbb5bb1b
Hide whitespace changes
Inline Side-by-side
Showing with 36 additions and 4 deletions
auth.php
View file @ 11a7f580
...@@ -19,9 +19,35 @@ function addUser($login, $password) { ...@@ -19,9 +19,35 @@ function addUser($login, $password) {
$users = simplexml_load_file(PATH_TO_XML); $users = simplexml_load_file(PATH_TO_XML);
if (!$users->count()) {
$userWillBeAdmin = true;
}
$user = $users->addChild('user'); $user = $users->addChild('user');
if (!empty($userWillBeAdmin)) {
$user->addAttribute('rights', 'admin');
}
$user->addChild('login', $login); $user->addChild('login', $login);
$user->addChild('password', $password); $user->addChild('password', $password);
$users->asXML(PATH_TO_XML); $users->asXML(PATH_TO_XML);
} }
function usersNumber() {
return simplexml_load_file(PATH_TO_XML)->count();
}
function hasAdminRights($login) {
$users = simplexml_load_file(PATH_TO_XML);
foreach ($users as $user) {
if ($user->login == $login) {
$rights = $user->attributes()['rights'];
$rights = explode(',', $rights);
foreach ($rights as $right) {
if (trim($right) == 'admin') return true;
}
}
}
return false;
}
index.php
View file @ 11a7f580
<?php <?php
session_start(); session_start();
require 'auth.php';
if (!isset($_SESSION['logged_in']) || !$_SESSION['logged_in']) : ?> if (!isset($_SESSION['logged_in']) || !$_SESSION['logged_in']) : ?>
...@@ -7,19 +8,21 @@ if (!isset($_SESSION['logged_in']) || !$_SESSION['logged_in']) : ?> ...@@ -7,19 +8,21 @@ if (!isset($_SESSION['logged_in']) || !$_SESSION['logged_in']) : ?>
<input type="text" name="login" placeholder="User name"><br> <input type="text" name="login" placeholder="User name"><br>
<input type="password" name="password" placeholder="Password"><br> <input type="password" name="password" placeholder="Password"><br>
<a href="signup.php">Sign up</a> <a href="signup.php">Sign up</a>
<button>Log in</button> <button type="submit">Log in</button>
<?php if (isset($_SESSION['login_failed']) && $_SESSION['login_failed']) : ?> <?php if (isset($_SESSION['login_failed']) && $_SESSION['login_failed']) : ?>
<br><span style="color: red">Incorrect login or password</span> <br><span style="color: red">Incorrect login or password</span>
<?php $_SESSION['login_failed'] = false; <?php $_SESSION['login_failed'] = false;
endif; endif; ?>
?>
</form> </form>
<?php else : ?> <?php else : ?>
<?php if (hasAdminRights($_SESSION['login'])) : ?>
<a href="signup.php">Register user</a>
<?php endif; ?>
<form action="logout.php"> <form action="logout.php">
<button>Log out</button> <button type="submit">Log out</button>
</form> </form>
Secret content Secret content
......
login.php
View file @ 11a7f580
...@@ -7,6 +7,7 @@ $password = $_POST['password']; ...@@ -7,6 +7,7 @@ $password = $_POST['password'];
if (authenticateUser($login, $password)) { if (authenticateUser($login, $password)) {
$_SESSION['logged_in'] = true; $_SESSION['logged_in'] = true;
$_SESSION['login'] = $login;
} else { } else {
$_SESSION['login_failed'] = true; $_SESSION['login_failed'] = true;
} }
......
logout.php
View file @ 11a7f580
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
session_start(); session_start();
$_SESSION['logged_in'] = false; $_SESSION['logged_in'] = false;
$_SESSION['login'] = '';
header("Location: index.php"); header("Location: index.php");
die(); die();
\ No newline at end of file
signup.php
View file @ 11a7f580
<?php <?php
require 'auth.php'; require 'auth.php';
session_start();
switch ($_SERVER['REQUEST_METHOD']) { switch ($_SERVER['REQUEST_METHOD']) {
case 'GET': ?> case 'GET': ?>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment