trojans-trophy-room/login.php

<?php 
session_start();
?>

<!DOCTYPE html>

<html>

<head>
  <meta charset="UTF-8" />
  <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no" />
  <link rel="stylesheet" href="/styles/db_management.css" />
  <link rel="stylesheet" href="/styles/login.css" />
  <script src="/scripts/tools.js"></script>
  <script>verifyPageInFrame()</script>
  <title>no title</title>
</head>

<body class="sqlOutput">
  <?php
  // USER-DEFINED VARIABLES
  include("admin/db_config.php"); // Include database stuff

  try {  // Try opening the SQL database connection
    $conn = new PDO("mysql:host=$servername; dbname=$dbName", $dbUsername, $dbPassword);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    // Get username and password out of the POST data
    $username = $_POST["username"];
    $password = $_POST["password"];

    // Get SQL data
    $sqlGetData = $conn->prepare("SELECT userID,password,isAdmin FROM " . $userTableName . " WHERE username=\"" . $username . "\"");

    $sqlGetData->execute();
    

  } catch (PDOException $e) { // failed connection
    echo "Connection failed: " . $e->getMessage();
  }

$result = $sqlGetData->fetch(PDO::FETCH_ASSOC);

  // Grab the hash from the fetched SQL data
$passwordHash = $result["password"];
$userID = $result["userID"];
$isAdmin = $result["isAdmin"];


// Verify that the entered password matches the hashed one
if (password_verify($password, $passwordHash)) {
    echo "<p>Welcome $username, please wait while we redirect you...</p>";
    $_SESSION["userID"] = $userID;
    $_SESSION["username"] = $username;
    $_SESSION["isAdmin"] = $isAdmin;

    // Function from StackOverflow used to get the base URL, to which we append
    // the redirect (where the user came from)
    function url(){
        return sprintf(
          "%s://%s/%s",
          isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ? 'https' : 'http',
          $_SERVER['SERVER_NAME'],
          $_GET["redirect"]
        );
      }

      $address = url();
      echo "<p>Redirecting to <a href=\"$address\">$address</a>...</p>";
    
      echo "<script>window.top.location.href = \"" . $address . "\";</script>";
      
} else {
    echo "<p>Invalid credentials</p>";
}


// Close the SQL connection
  $conn = null;

  ?>

</body>

</html>
Login finally works So does logout 2025-03-01 16:02:45 -05:00			`<?php`
			`session_start();`
			`?>`

			`<!DOCTYPE html>`

			`<html>`

			`<head>`
			`<meta charset="UTF-8" />`
			`<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no" />`
- Changed relative HTML file paths to absolute - Renamed 'trojan.js' to 'tools.js' for future compatibility - Added placeholder team names to the game-adding screen 2025-03-03 21:46:44 -05:00			`<link rel="stylesheet" href="/styles/db_management.css" />`
			`<link rel="stylesheet" href="/styles/login.css" />`
Enforced all pages that load in frames, to only load in frames, preventing pages from being loaded indivudually that aren't supposed to be 2025-03-08 16:38:13 -05:00			`<script src="/scripts/tools.js"></script>`
			`<script>verifyPageInFrame()</script>`
Login finally works So does logout 2025-03-01 16:02:45 -05:00			`<title>no title</title>`
			`</head>`

			`<body class="sqlOutput">`
			`<?php`
			`// USER-DEFINED VARIABLES`
			`include("admin/db_config.php"); // Include database stuff`

			`try { // Try opening the SQL database connection`
- Added a "My Account" page - Somewhat basic but works. Probably a lot of bugs still - Re-worked databases to add Discord and YouTube links as separate entries 2025-03-05 21:08:39 -05:00			`$conn = new PDO("mysql:host=$servername; dbname=$dbName", $dbUsername, $dbPassword);`
Login finally works So does logout 2025-03-01 16:02:45 -05:00			`// set the PDO error mode to exception`
			`$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);`

			`// Get username and password out of the POST data`
			`$username = $_POST["username"];`
			`$password = $_POST["password"];`

ANOTHER BIG "I need to commit more" UPDATE! - Users can now create their own accounts! Still needs to re-direct (home? user panel?) - Reformatted the folder structure again, trying to achieve more consistent file locations 2025-03-03 21:14:00 -05:00			`// Get SQL data`
THE BIG "I need to commit more" UPDATE! - Can now create users - Can now create tournaments - Has (temporary) link to giveaway - Removed dev_db_config that was added by mistake (the db pw has been changed!) - Tons of other little changes 2025-03-02 21:14:28 -05:00			`$sqlGetData = $conn->prepare("SELECT userID,password,isAdmin FROM " . $userTableName . " WHERE username=\"" . $username . "\"");`
Login finally works So does logout 2025-03-01 16:02:45 -05:00
THE BIG "I need to commit more" UPDATE! - Can now create users - Can now create tournaments - Has (temporary) link to giveaway - Removed dev_db_config that was added by mistake (the db pw has been changed!) - Tons of other little changes 2025-03-02 21:14:28 -05:00			`$sqlGetData->execute();`
Login finally works So does logout 2025-03-01 16:02:45 -05:00

			`} catch (PDOException $e) { // failed connection`
			`echo "Connection failed: " . $e->getMessage();`
			`}`

THE BIG "I need to commit more" UPDATE! - Can now create users - Can now create tournaments - Has (temporary) link to giveaway - Removed dev_db_config that was added by mistake (the db pw has been changed!) - Tons of other little changes 2025-03-02 21:14:28 -05:00			`$result = $sqlGetData->fetch(PDO::FETCH_ASSOC);`

Login finally works So does logout 2025-03-01 16:02:45 -05:00			`// Grab the hash from the fetched SQL data`
THE BIG "I need to commit more" UPDATE! - Can now create users - Can now create tournaments - Has (temporary) link to giveaway - Removed dev_db_config that was added by mistake (the db pw has been changed!) - Tons of other little changes 2025-03-02 21:14:28 -05:00			`$passwordHash = $result["password"];`
			`$userID = $result["userID"];`
			`$isAdmin = $result["isAdmin"];`
Login finally works So does logout 2025-03-01 16:02:45 -05:00

			`// Verify that the entered password matches the hashed one`
			`if (password_verify($password, $passwordHash)) {`
			`echo "<p>Welcome $username, please wait while we redirect you...</p>";`
			`$_SESSION["userID"] = $userID;`
			`$_SESSION["username"] = $username;`
			`$_SESSION["isAdmin"] = $isAdmin;`
THE BIG "I need to commit more" UPDATE! - Can now create users - Can now create tournaments - Has (temporary) link to giveaway - Removed dev_db_config that was added by mistake (the db pw has been changed!) - Tons of other little changes 2025-03-02 21:14:28 -05:00
Login finally works So does logout 2025-03-01 16:02:45 -05:00			`// Function from StackOverflow used to get the base URL, to which we append`
			`// the redirect (where the user came from)`
			`function url(){`
			`return sprintf(`
			`"%s://%s/%s",`
			`isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ? 'https' : 'http',`
			`$_SERVER['SERVER_NAME'],`
			`$_GET["redirect"]`
			`);`
			`}`

			`$address = url();`
THE BIG "I need to commit more" UPDATE! - Can now create users - Can now create tournaments - Has (temporary) link to giveaway - Removed dev_db_config that was added by mistake (the db pw has been changed!) - Tons of other little changes 2025-03-02 21:14:28 -05:00			`echo "<p>Redirecting to <a href=\"$address\">$address</a>...</p>";`
Login finally works So does logout 2025-03-01 16:02:45 -05:00
			`echo "<script>window.top.location.href = \"" . $address . "\";</script>";`

			`} else {`
			`echo "<p>Invalid credentials</p>";`
			`}`


			`// Close the SQL connection`
			`$conn = null;`

			`?>`

			`</body>`

			`</html>`