PHP 7: Download the example files from this section. Add code to the program to
ID: 3916712 • Letter: P
Question
PHP 7:
Download the example files from this section. Add code to the program to limit attemts to log in with a bad password to three. Record any invalid attempt to log in (after three tries) in the user log.
Downloaded the example file 1st :Example 7-1. The lab.php file with user ID/password verification:
<?php
session_start();
if ((!isset($_SESSION['username'])) || (!isset($_SESSION['password']))) {
echo "You must login to access the ABC Canine Shelter Reservation System";
echo "<p>";
echo "<a href="e72login.php">Login</a> | <a href="e73register.php">Create an account</a>";
echo "</p>";
}
else
{
echo "<p>Welcome back, " . $_SESSION['username'] . "</p>";
?>
<!DOCTYPE html>
<html lan="en">
<head>
<title>Dog Object</title>
<script src="e5get_breeds.js"></script>
<script src="e5validator.js"></script>
<style type="text/css">
#JS { display:none; }
</style>
<script>
function checkJS() {
document.getElementById('JS').style.display = "inline";
}
</script>
</head>
<body>
<h1>Dog Object Creater</h1>
<div id="JS">
<form method="post" action="e65dog_interface.php">
<h2>Please complete ALL fields. Please note the required format of information.</h2>
Enter Your Dog's Name (max 20 characters, alphabetic) <input type="text" pattern="[a-zA-Z]*" title="Up to 20 Alphabetic Characters" maxlength="20" name="dog_name" id="dog_name" required/><br /><br />
Select Your Dog's Color:<br />
<input type="radio" name="dog_color" id="dog_color" value="Brown">Brown<br />
<input type="radio" name="dog_color" id="dog_color" value="Black">Black<br />
<input type="radio" name="dog_color" id="dog_color" value="Yellow">Yellow<br />
<input type="radio" name="dog_color" id="dog_color" value="White">White<br />
<input type="radio" name="dog_color" id="dog_color" value="Mixed" checked >Mixed<br /><br />
Enter Your Dog's Weight (numeric only) <input type="number" min="1" max="120" name="dog_weight" id="dog_weight" required /><br /><br />
<script>
AjaxRequest('e65dog_interface.php');
</script>
<input type="hidden" name="dog_app" id="dog_app" value="dog" />
Select Your Dog's Breed <div id="AjaxResponse"></div><br />
<input type="submit" value="Click to create your dog" />
</form>
</div>
<noscript>
<div id="noJS">
<form method="post" action="e65dog_interface.php">
<h2>Please complete ALL fields. Please note the required format of information.</h2>
Enter Your Dog's Name (max 20 characters, alphabetic) <input type="text" pattern="[a-zA-Z ]*" title="Up to 20 Alphabetic Characters" maxlength="20" name="dog_name" id="dog_name" required/><br /><br />
Select Your Dog's Color:<br />
<input type="radio" name="dog_color" id="dog_color" value="Brown">Brown<br />
<input type="radio" name="dog_color" id="dog_color" value="Black">Black<br />
<input type="radio" name="dog_color" id="dog_color" value="Yellow">Yellow<br />
<input type="radio" name="dog_color" id="dog_color" value="White">White<br />
<input type="radio" name="dog_color" id="dog_color" value="Mixed" checked >Mixed<br /><br />
Enter Your Dog's Weight (numeric only) <input type="number" min="1" max="120" name="dog_weight" id="dog_weight" required /><br /><br />
Enter Your Dog's Breed (max 35 characters, alphabetic) <input type="text" pattern="[a-zA-Z ]*" title="Up to 15 Alphabetic Characters" maxlength="35" name="dog_breed" id="dog_breed" required /><br />
<input type="hidden" name="dog_app" id="dog_app" value="dog" />
<input type="submit" value="Click to create your dog" />
</form>
</div>
</noscript>
</body>
</html>
<?php
}
?>
Downloaded the example file 2nd: Example 7-2. The login.php file with XML userID/password verification.
<?php
session_start();
// same code as constructor from chapter six with some minor changes
$user_log_file = "user.log";
try {
if ((isset($_POST['username'])) || (isset($_POST['password'])))
{
libxml_use_internal_errors(true);
$xmlDoc = new DOMDocument();
if ( file_exists("e7dog_applications.xml") )
{
$xmlDoc->load( 'e7dog_applications.xml' );
$searchNode = $xmlDoc->getElementsByTagName( "type" );
foreach( $searchNode as $searchNode )
{
$valueID = $searchNode->getAttribute('ID');
if($valueID == "UIDPASS")
{
$xmlLocation = $searchNode->getElementsByTagName( "location" );
$dog_data_xml = $xmlLocation->item(0)->nodeValue;
break;
}
}
}
else
{
throw new Exception("Dog applications xml file missing or corrupt");
}
$xmlfile = file_get_contents($dog_data_xml);
$xmlstring = simplexml_load_string($xmlfile);
if ($xmlstring === false) {
$errorString = "Failed loading XML: ";
foreach(libxml_get_errors() as $error) {
$errorString .= $error->message . " " ; }
throw new Exception($errorString); }
$json = json_encode($xmlstring);
$valid_useridpasswords = json_decode($json,TRUE);
// …… code to verify userid and password ….
$userid = $_POST['username'];
$password = $_POST['password'];
foreach($valid_useridpasswords as $users)
{
foreach($users as $user)
{
$hash = $user['password'];
if((in_array($userid, $user)) && (password_verify($password,$hash)))
{
$_SESSION['username'] = $userid;
$_SESSION['password'] = $password;
$login_string = date('mdYhis') . " | Login | " . $userid . " ";
error_log($login_string,3,$user_log_file);
header("Location: e71lab.php");
}
}
}
}
}
catch(Exception $e)
{
echo $e->getMessage();
}
// code below executes if the user has not logged in or if it is an invalid login.
?>
<form method="post" action="">
Userid must contain eight or more characters.<br/>
Password must contain at least one number, one uppercase and lowercase letter, and at least 8 total characters.<br />
Username: <input type="text" pattern=".{8,}" title="Userid must contain eight or more characters." name="username" id="username" required/><br />
Password: <input type="password" pattern="(?=.*d)(?=.*[a-z])(?=.*[A-Z]).{8,}" title="Password must contain at least one number, one uppercase and lowercase letter, and at least 8 total characters."
name="password" id="password" required /><br />
<input type="submit" value="Login">
</form>
Explanation / Answer
1 lab.php file with user ID/password verification:
<?php
session_start();
if ((!isset($_SESSION['username'])) || (!isset($_SESSION['password']))) {
?>
<form method="post" action="">
Username: <input type="text" pattern=".{8,}" title="Userid must contain eight or more characters." name="username" id="username" required/><br />
Password: <input type="password" pattern="(?=.*d)(?=.*[a-z])(?=.*[A-Z]).{8,}" title="Password must contain at least one number, one uppercase and lowercase letter, and at least 8 total characters."
name="password" id="password" required /><br />
<input type="submit" value="Login">
$valid_useridpasswords = array ("sjohnson" => "N3working");
$valid_userids = array_keys($valid_useridpasswords);
$userid = $_SESSION['username'];
$password = $_SESSION['password'];
$valid=((in_array($userid,$valid_userids))&&(password_verify($password,$valid_useridpasswords[$userid]));
</form>
<?php
} else {
// validate process not shown
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
// Redirect the user to the home page
header("Location: http://www.asite.com/lab.php ");
}
?>
echo "<p>";
echo "<a href="e72login.php">Login</a> | <a href="e73register.php">Create an account</a>";
echo "</p>";
}
else
{
echo "<p>Welcome back, " . $_SESSION['username'] . "</p>";
?>
<!DOCTYPE html>
<html lan="en">
<head>
<title>Dog Object</title>
<script src="e5get_breeds.js"></script>
<script src="e5validator.js"></script>
<style type="text/css">
#JS { display:none; }
</style>
<script>
function checkJS() {
document.getElementById('JS').style.display = "inline";
}
</script>
</head>
<body>
<h1>Dog Object Creater</h1>
<div id="JS">
<form method="post" action="e65dog_interface.php">
<h2>Please complete ALL fields. Please note the required format of information.</h2>
Enter Your Dog's Name (max 20 characters, alphabetic) <input type="text" pattern="[a-zA-Z]*" title="Up to 20 Alphabetic Characters" maxlength="20" name="dog_name" id="dog_name" required/><br /><br />
Select Your Dog's Color:<br />
<input type="radio" name="dog_color" id="dog_color" value="Brown">Brown<br />
<input type="radio" name="dog_color" id="dog_color" value="Black">Black<br />
<input type="radio" name="dog_color" id="dog_color" value="Yellow">Yellow<br />
<input type="radio" name="dog_color" id="dog_color" value="White">White<br />
<input type="radio" name="dog_color" id="dog_color" value="Mixed" checked >Mixed<br /><br />
Enter Your Dog's Weight (numeric only) <input type="number" min="1" max="120" name="dog_weight" id="dog_weight" required /><br /><br />
<script>
AjaxRequest('e65dog_interface.php');
</script>
<input type="hidden" name="dog_app" id="dog_app" value="dog" />
Select Your Dog's Breed <div id="AjaxResponse"></div><br />
<input type="submit" value="Click to create your dog" />
</form>
</div>
<noscript>
<div id="noJS">
<form method="post" action="e65dog_interface.php">
<h2>Please complete ALL fields. Please note the required format of information.</h2>
Enter Your Dog's Name (max 20 characters, alphabetic) <input type="text" pattern="[a-zA-Z ]*" title="Up to 20 Alphabetic Characters" maxlength="20" name="dog_name" id="dog_name" required/><br /><br />
Select Your Dog's Color:<br />
<input type="radio" name="dog_color" id="dog_color" value="Brown">Brown<br />
<input type="radio" name="dog_color" id="dog_color" value="Black">Black<br />
<input type="radio" name="dog_color" id="dog_color" value="Yellow">Yellow<br />
<input type="radio" name="dog_color" id="dog_color" value="White">White<br />
<input type="radio" name="dog_color" id="dog_color" value="Mixed" checked >Mixed<br /><br />
Enter Your Dog's Weight (numeric only) <input type="number" min="1" max="120" name="dog_weight" id="dog_weight" required /><br /><br />
Enter Your Dog's Breed (max 35 characters, alphabetic) <input type="text" pattern="[a-zA-Z ]*" title="Up to 15 Alphabetic Characters" maxlength="35" name="dog_breed" id="dog_breed" required /><br />
<input type="hidden" name="dog_app" id="dog_app" value="dog" />
<input type="submit" value="Click to create your dog" />
</form>
</div>
</noscript>
</body>
</html>
<?php
}
?>
xml file
$valid_useridpasswords = json_decode($json,TRUE);
$userid = $_POST['username'];
$password = $_POST['password'];
foreach($valid_useridpasswords as $users)
{
foreach($users as $user)
{
$hash = $user['password'];
if((in_array($userid, $user)) && (password_verify($password,$hash)))
{
$_SESSION['username'] = $userid;
$_SESSION['password'] = $hash;
header("Location: lab.php");
}
}
2 The login.php file with XML userID/password verification.
<?php
session_start();
// same code as constructor from chapter six with some minor changes
$user_log_file = "user.log";
try {
if ((isset($_POST['username'])) || (isset($_POST['password'])))
{
libxml_use_internal_errors(true);
$xmlDoc = new DOMDocument();
if ( file_exists("e7dog_applications.xml") )
{
$xmlDoc->load( 'e7dog_applications.xml' );
$searchNode = $xmlDoc->getElementsByTagName( "type" );
foreach( $searchNode as $searchNode )
{
$valueID = $searchNode->getAttribute('ID');
if($valueID == "UIDPASS")
{
$xmlLocation = $searchNode->getElementsByTagName( "location" );
$dog_data_xml = $xmlLocation->item(0)->nodeValue;
break;
}
}
}
else
{
throw new Exception("Dog applications xml file missing or corrupt");
}
$xmlfile = file_get_contents($dog_data_xml);
$xmlstring = simplexml_load_string($xmlfile);
if ($xmlstring === false) {
$errorString = "Failed loading XML: ";
foreach(libxml_get_errors() as $error) {
$errorString .= $error->message . " " ; }
$mysqli =mysqli_connect($server, $db_username, $db_password, $database);
if (mysqli_connect_errno())
{
throw new Exception("MySQL connection error: " . mysqli_connect_error());
}
$sql="SELECT * FROM Users"; // Change the table used
$result=mysqli_query($con,$sql);
If($result===null)
{
throw new Exception("No records retrieved from Database");
}
$valid_useridpasswords = mysqli_fetch_assoc($result); // change the array used
mysqli_free_result($result);
mysqli_close($con);
}
$json = json_encode($xmlstring);
{"user":
[
{"userid":"Fredfred","password":"$2y$10$VosI32FejL.bOMaCjGbBp.Jre6Ipa.tLYQrVqj9kiVpef5zZ25qQK"},
] }
$valid_useridpasswords = json_decode($json,TRUE);
// …… code to verify userid and password ….
$userid = $_POST['username'];
$password = $_POST['password'];
foreach($valid_useridpasswords as $users)
{
foreach($users as $user)
{
$hash = $user['password'];
if((in_array($userid, $user)) && (password_verify($password,$hash)))
{
$_SESSION['username'] = $userid;
$_SESSION['password'] = $password;
$login_string = date('mdYhis') . " | Login | " . $userid . " ";
error_log($login_string,3,$user_log_file);
header("Location: e71lab.php");
}
}
}
}
}
catch(Exception $e)
{
echo $e->getMessage();
}
// code below executes if the user has not logged in or if it is an invalid login.
?>
<form method="post" action="">
Userid must contain eight or more characters.<br/>
Password must contain at least one number, one uppercase and lowercase letter, and at least 8 total characters.<br />
Username: <input type="text" pattern=".{8,}" title="Userid must contain eight or more characters." name="username" id="username" required/><br />
Password: <input type="password" pattern="(?=.*d)(?=.*[a-z])(?=.*[A-Z]).{8,}" title="Password must contain at least one number, one uppercase and lowercase letter, and at least 8 total characters."
name="password" id="password" required /><br />
<input type="submit" value="Login">
</form>
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.