From 19a3704acbf9801c0b1491a84828496ef46bc840 Mon Sep 17 00:00:00 2001
From: Cflip <36554078+cflip@users.noreply.github.com>
Date: Sat, 23 Jan 2021 11:24:05 -0700
Subject: Form cleanup and better password hashing

---
 signin.php | 68 ++++++++++++++++++++++++++++++++++++++------------------------
 1 file changed, 42 insertions(+), 26 deletions(-)

(limited to 'signin.php')

diff --git a/signin.php b/signin.php
index 287eeda..4355afe 100644
--- a/signin.php
+++ b/signin.php
@@ -1,29 +1,39 @@
-<?php
-
-include_once 'includes/db_inc.php';
-include_once 'header.php';
+<?php include_once 'header.php';?>
 
-echo '<section><h2>Sign in</h2>';
-
-if ($_SERVER['REQUEST_METHOD'] != 'POST') {
-	echo '
-	<form action="" method="post">
+<section>
+	<h2>Sign in</h2>
+	<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
 		<label for="user_name">Username: </label><br>
 		<input type="text" name="user_name"><br>
 		<label for="user_pass">Password: </label><br>
 		<input type="password" name="user_pass"><br>
 		<input type="submit" name="submit">
 	</form>
-	';
-} else {
-	$errors = array();
 
-	if (!isset($_POST['user_name'])) {
+<?php
+
+include_once 'includes/db_inc.php';
+
+function validate($data)  {
+	$data = trim($data);
+	$data = stripslashes($data);
+	$data = htmlspecialchars($data);
+	return $data;
+}
+
+if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+	$errors = array();
+	
+	if (empty($_POST['user_name'])) {
 		$errors[] = 'Please provide a username.';
+	} else {
+		$user_name = validate($_POST['user_name']);
 	}
 
-	if (!isset($_POST['user_pass'])) {
+	if (empty($_POST['user_pass'])) {
 		$errors[] = 'Please provide a password.';
+	} else {
+		$user_pass = $_POST['user_pass'];
 	}
 
 	if (!empty($errors)) {
@@ -33,28 +43,34 @@ if ($_SERVER['REQUEST_METHOD'] != 'POST') {
 		}
 		echo '</ul>';
 	} else {
-		$sql = "SELECT user_id, user_name FROM users WHERE user_name = '" . mysqli_real_escape_string($dbc, $_POST['user_name']) . "' AND user_pass = '" . sha1($_POST['user_pass']) ."'";
+		$pass_hash = password_hash($user_pass, PASSWORD_DEFAULT);
+
+		$sql = "SELECT user_id, user_name, user_pass FROM users WHERE user_name = '" . $user_name . "';";
 		$result = mysqli_query($dbc, $sql);
 
 		if (!$result) {
-			echo 'An error occurred while signing in.';
-			echo mysqli_error($dbc);
+			echo 'An error occurred while signing in: ' . mysqli_error($dbc);
 		} else {
 			if (mysqli_num_rows($result) == 0) {
-				echo 'There is no user with that username/password combination! Please try again';
+				echo 'There is no user with that name. Did you mean to <a href="register.php">create a new account?</a>';
 			} else {
-				$_SESSION['signed_in'] = true;
-
 				while ($row = mysqli_fetch_assoc($result)) {
-					$_SESSION['user_id'] = $row['user_id'];
-					$_SESSION['user_name'] = $row['user_name'];
-				}
+					if (!password_verify($user_pass, $row['user_pass'])) {
+						echo 'Password does not match!';
+					} else {
+						$_SESSION['signed_in'] = true;
+						$_SESSION['user_id'] = $row['user_id'];
+						$_SESSION['user_name'] = $row['user_name'];
 
-				echo 'You are now signed in as ' . $_SESSION['user_name'];
+						header("Location: index.php");
+					}
+				}
 			}
 		}
 	}
 }
+?>
+
+</section>
 
-echo '</section>';
-include_once 'footer.php';
\ No newline at end of file
+<?php include_once 'footer.php';?>
\ No newline at end of file
-- 
cgit v1.2.3