The following needs to be on a basic web page using the PHP request-response model to create a log-in form that permits the user to request access to an administration console for a Web-based product catalog of your choosing. Server-side scripting will authenticate the user based on valid users found in a text file verified by the server.
Once a user logs on to the administration console, he or she will need a form that will allow an authenticated user to add, edit, and delete products, product categories, and suppliers from the Web-based product catalog.
config.php:
<?php define('DB_SERVER', 'localhost'); define('DB_USERNAME', 'root'); define('DB_PASSWORD', root'); define('DB_NAME', 'root'); $link = mysqli_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME); if($link === false){ die("ERROR: Could not connect. " . mysqli_connect_error()); } ?>
login.php:
<?php session_start(); // Check if the user is already logged in, if yes then redirect him to welcome page if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){ header("location: welcome.php"); exit; } // Include config file require_once "config.php"; $username = $password = ""; $username_err = $password_err = ""; if($_SERVER["REQUEST_METHOD"] == "POST"){ if(empty(trim($_POST["username"]))){ $username_err = "Please enter username."; } else{ $username = trim($_POST["username"]); } if(empty(trim($_POST["password"]))){ $password_err = "Please enter your password."; } else{ $password = trim($_POST["password"]); } if(empty($username_err) && empty($password_err)){ // Prepare a sql statement $sql = "SELECT id, username, password FROM users WHERE username = ?"; if($stmt = mysqli_prepare($link, $sql)){ mysqli_stmt_bind_param($stmt, "s", $param_username); $param_username = $username; if(mysqli_stmt_execute($stmt)){ mysqli_stmt_store_result($stmt); // Check if username exists, if yes then verify password if(mysqli_stmt_num_rows($stmt) == 1){ mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password); if(mysqli_stmt_fetch($stmt)){ if(password_verify($password, $hashed_password)){ session_start(); $_SESSION["loggedin"] = true; $_SESSION["id"] = $id; $_SESSION["username"] = $username; header("location: welcome.php"); } else{ $password_err = "The password you entered was not valid."; } } } else{ $username_err = "Wrong user name"; } } else{ echo "Oops!try again later"; } } // Close statement mysqli_stmt_close($stmt); } // Close connection mysqli_close($link); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Login</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css"> <style type="text/css"> body{ font: 14px sans-serif; } .wrapper{ width: 350px; padding: 20px; } </style> </head> <body> <div class="wrapper"> <h2>Login</h2> <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post"> <div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>"> <label>Username</label> <input type="text" name="username" class="form-control" value="<?php echo $username; ?>"> <span class="help-block"><?php echo $username_err; ?></span> </div> <div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>"> <label>Password</label> <input type="password" name="password" class="form-control"> <span class="help-block"><?php echo $password_err; ?></span> </div> <div class="form-group"> <input type="submit" class="btn btn-primary" value="Login"> </div> </form> </div> </body> </html>
<?php // Initialize the session session_start(); // Check if the user is logged in, if not then redirect him to login page if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){ header("location: login.php"); exit; } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Welcome</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css"> <style type="text/css"> body{ font: 14px sans-serif; text-align: center; } </style> </head> <body> <div class="page-header"> <h1>Hi, <b><?php echo htmlspecialchars($_SESSION["username"]); ?></b>. Welcome to our site.</h1> </div> <p> <a href="reset-password.php" class="btn btn-warning">Reset Your Password</a> <a href="logout.php" class="btn btn-danger">Sign Out of Your Account</a> </p> </body> </html>
welcome.php:
<?php session_start(); if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){ header("location: login.php"); exit; } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Welcome</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css"> <style type="text/css"> body{ font: 14px sans-serif; text-align: center; } </style> </head> <body> <div class="page-header"> <h1>Hi, <b><?php echo htmlspecialchars($_SESSION["username"]); ?></b>. Welcome to our site.</h1> </div> <a href="add.php">Add the product</a> <a href="edit.php">Edit the product</a> <p> <a href="logout.php" class="btn btn-danger">Sign Out of Your Account</a> </p> </body> </html>
add.php:
<?php // Include config file require_once "config.php"; // Define variables and initialize with empty values $name = $type = ""; $name_err = $type_err = ""; // Processing form data when form is submitted if($_SERVER["REQUEST_METHOD"] == "POST"){ // Validate name if(empty(trim($_POST["name"]))){ $name_err = "Please enter a name."; } else{ // Prepare a select statement $sql = "SELECT id FROM users WHERE name = ?"; if($stmt = mysqli_prepare($link, $sql)){ // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "s", $param_name); // Set parameters $param_name = trim($_POST["name"]); // Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)){ /* store result */ mysqli_stmt_store_result($stmt); if(mysqli_stmt_num_rows($stmt) == 1){ $name_err = "This name is already taken."; } else{ $name = trim($_POST["name"]); } } else{ echo "Oops! Something went wrong. Please try again later."; } } // Close statement mysqli_stmt_close($stmt); } // Validate type if(empty(trim($_POST["type"]))){ $type_err = "Please enter a type."; } else{ $type = trim($_POST["type"]); } } // Check input errors before inserting in database if(empty($name_err) && empty($type_err) ){ // Prepare an insert statement $sql = "INSERT INTO users (name, type) VALUES (?, ?)"; if($stmt = mysqli_prepare($link, $sql)){ // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "ss", $param_name, $param_type); // Set parameters $param_name = $name; $param_type = $type; // Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)){ // Redirect to welcome page header("location: welcome.php"); } else{ echo "Something went wrong. Please try again later."; } } // Close statement mysqli_stmt_close($stmt); } // Close connection mysqli_close($link); } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Sign Up</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css"> <style type="text/css"> body{ font: 14px sans-serif; } .wrapper{ width: 350px; padding: 20px; } </style> </head> <body> <div class="wrapper"> <h2>Sign Up</h2> <p>Please fill this form to create an account.</p> <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post"> <div class="form-group <?php echo (!empty($name_err)) ? 'has-error' : ''; ?>"> <label>Username</label> <input type="text" name="name" class="form-control" value="<?php echo $name; ?>"> <span class="help-block"><?php echo $name_err; ?></span> </div> <div class="form-group <?php echo (!empty($type_err)) ? 'has-error' : ''; ?>"> <label>Password</label> <input type="type" name="type" class="form-control" value="<?php echo $type; ?>"> <span class="help-block"><?php echo $type_err; ?></span> </div> <div class="form-group"> <input type="submit" class="btn btn-primary" value="Submit"> </div> </form> </div> </body> </html>
logout.php:
<?php // Initialize the session session_start(); // Unset all of the session variables $_SESSION = array(); // Destroy the session. session_destroy(); // Redirect to login page header("location: login.php"); exit; ?>
The following needs to be on a basic web page using the PHP request-response model to...