From 544ac2744e5e7f4fffc419b8e798160c3155b322 Mon Sep 17 00:00:00 2001
From: UBC Student <shams00@pender.students.cs.ubc.ca>
Date: Wed, 19 Jun 2024 02:59:08 -0700
Subject: [PATCH] login and signup is working properly, with 2-factor
 authentication

---
 project/login_pages/login.php                 | 98 +++++++++----------
 .../login_pages/{navbar.php => navbar.html}   |  0
 project/login_pages/signup.php                | 72 +++++++++-----
 project/login_pages/signup_form.php           |  2 +-
 project/login_pages/test_db.php               | 59 +++++++++++
 project/login_pages/welcome.php               |  2 +-
 6 files changed, 156 insertions(+), 77 deletions(-)
 rename project/login_pages/{navbar.php => navbar.html} (100%)
 create mode 100755 project/login_pages/test_db.php

diff --git a/project/login_pages/login.php b/project/login_pages/login.php
index 8a3a983..6ef2b2e 100755
--- a/project/login_pages/login.php
+++ b/project/login_pages/login.php
@@ -13,43 +13,57 @@ function isValidEmail($email) {
 function emailExists($email){
     global $db_conn;
     if (connectToDB()) {
-        echo "connect to DB success"; // Added missing semicolon
-        $result = executePlainSQL("SELECT * FROM CUSTOMER WHERE EMAIL = '{$email}'");
-        if ($result) {
-            $row = oci_fetch_array($result, OCI_ASSOC);
-            disconnectFromDB();
-            return $row != false;
+        echo "Connected to DB successfully.<br>"; // Debug message
+        $escaped_email = htmlspecialchars($email, ENT_QUOTES, 'UTF-8');
+        $query = "SELECT * FROM CUSTOMER WHERE EMAIL = :email";
+        $statement = oci_parse($db_conn, $query);
+        oci_bind_by_name($statement, ':email', $escaped_email);
+
+        if (oci_execute($statement)) {
+            if ($row = oci_fetch_array($statement, OCI_ASSOC)) {
+                echo "Email exists in the database.<br>"; // Debug message
+                oci_free_statement($statement);
+                disconnectFromDB();
+                return true;
+            } else {
+                echo "Email does not exist in the database.<br>"; // Debug message
+                oci_free_statement($statement);
+                disconnectFromDB();
+                return false;
+            }
         } else {
-            echo "Database query failed.";
+            echo "Database query execution failed.<br>"; // Debug message
+            oci_free_statement($statement);
             disconnectFromDB();
             return false;
         }
     } else {
-        echo "Database connection failed.";
+        echo "Database connection failed.<br>"; // Debug message
         return false;
     }
 }
 
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
     $email = $_POST['email/phone'];
+    
+    echo "Form submitted.<br>"; // Debug message
+    echo "Email entered: $email<br>"; // Debug message
 
     if (isValidEmail($email)) {
+        echo "Email is valid.<br>"; // Debug message
+
         if (emailExists($email)) {
-            echo "Success";
-            // header("Location: ../user_pages/user_homepage.php");
-            disconnectFromDB();
+            echo "Redirecting to user homepage.<br>"; // Debug message
+            header("Location: ../user_pages/user_homepage.php");
             exit();
         } else {
-            echo "Email does not exist.";
+            echo "Email does not exist.<br>"; // Debug message
         }
     } else {
-        echo "Invalid email address.";
+        echo "Invalid email address.<br>"; // Debug message
     }
 }
-?> 
-
-
-
+?>
 <!DOCTYPE html>
 <html lang="en">
 <head>
@@ -57,12 +71,10 @@ function emailExists($email){
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>MealMate</title>
     <link rel="stylesheet" href="../css/reset.css">
-
     <meta name="appleid-signin-client-id" content="[CLIENT_ID]">
     <meta name="appleid-signin-scope" content="[SCOPES]">
     <meta name="appleid-signin-redirect-uri" content="[REDIRECT_URI]">
     <meta name="appleid-signin-state" content="[STATE]">
-
     <style>
         body, html {
             margin: 0;
@@ -88,47 +100,42 @@ function emailExists($email){
         }
 
         .top-bar .logo {
-            height: 50px; /* Adjust the height as needed */
+            height: 50px; 
             width: auto;
         }
-
+        
         .container {
             display: flex;
             flex-direction: column;
             align-items: center;
-            margin-top: 80px; /* Adjust to position below the top bar */
+            margin-top: 80px;
             padding: 20px;
             background-color: white;
             border-radius: 8px;
             box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
         }
-
         .or-divider {
-            width: 300px; /* Same width as buttons */
+            width: 300px;
             display: flex;
             align-items: center;
             text-align: center;
             margin: 20px 0;
         }
-
         .or-divider hr {
             flex: 1;
             border: none;
             border-top: 1px solid #ccc;
             margin: 0;
         }
-
         .or-divider span {
             padding: 0 10px;
             color: #999;
         }
-
         .container p {
             margin: 0 0 20px;
             text-align: left;
-            width: 300px; /* Align text with input and button */
+            width: 300px;
         }
-
         .container input[type="text"] {
             width: 300px;
             height: 40px;
@@ -136,50 +143,46 @@ function emailExists($email){
             margin-bottom: 10px;
             border: none;
             background-color: #d3d3d3;
-            border-radius: 8px; /* Smoother border */
+            border-radius: 8px;
             box-sizing: border-box;
         }
-
         .container input[type="submit"] {
-            width: 300px; /* Same width as the text box */
+            width: 300px;
             height: 40px;
             padding: 10px;
             background-color: black;
             color: white;
             border: none;
-            border-radius: 8px; /* Smoother border */
+            border-radius: 8px;
             cursor: pointer;
             font-size: 14px;
             box-sizing: border-box;
             margin-bottom: 10px;
         }
-
         .gsi-material-button {
-            width: 300px; /* Same width as the text box and submit button */
+            width: 300px;
             height: 40px;
             padding: 0 10px;
             background-color: #d3d3d3;
             border: none;
             color: black;
-            border-radius: 8px; /* Smoother border */
+            border-radius: 8px;
             cursor: pointer;
             font-size: 14px;
             display: flex;
             align-items: center;
             justify-content: center;
             box-sizing: border-box;
-            gap: 10px; /* Space between icon and text */
+            gap: 10px;
         }
-
         .gsi-material-button .gsi-material-button-icon {
             display: flex;
             align-items: center;
             justify-content: center;
         }
-        
         .apple-signin-button {
-            width: 300px; /* Same width as other buttons */
-            height: 40px; /* Same height as other buttons */
+            width: 300px;
+            height: 40px;
             display: flex;
             align-items: center;
             justify-content: center;
@@ -190,7 +193,6 @@ function emailExists($email){
             box-sizing: border-box;
             margin-top: 10px;
         }
-
     </style>
 </head>
 <body>
@@ -201,19 +203,13 @@ function emailExists($email){
 
 <div class="container">
     <p>What's your phone number or email?</p>
-
-
     <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="POST" style="width: 100%; display: flex; flex-direction: column; align-items: center;">
         <input type="text" name="email/phone" placeholder="Enter email">
         <input type="submit" value="Continue">
     </form>
-    
-
     <div class="or-divider">
         <hr><span>or</span><hr>
     </div>
-    
-
     <button class="gsi-material-button">
         <div class="gsi-material-button-icon">
             <svg version="1.1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 48 48" xmlns:xlink="http://www.w3.org/1999/xlink" style="display: block; height: 24px; width: 24px;">
@@ -226,13 +222,9 @@ function emailExists($email){
         </div>
         <span class="gsi-material-button-contents">Continue with Google</span>
     </button>
-    
     <div id="appleid-signin" class="apple-signin-button" data-color="#d3d3d3" data-border="false" data-type="sign-in"></div>
-    </div>
-    <script type="text/javascript" src="https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js"></script>
-
 </div>
-
+<script type="text/javascript" src="https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js"></script>
 </body>
 </html>
 
diff --git a/project/login_pages/navbar.php b/project/login_pages/navbar.html
similarity index 100%
rename from project/login_pages/navbar.php
rename to project/login_pages/navbar.html
diff --git a/project/login_pages/signup.php b/project/login_pages/signup.php
index 199aa87..80f15c3 100755
--- a/project/login_pages/signup.php
+++ b/project/login_pages/signup.php
@@ -1,6 +1,12 @@
 <?php
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
+
 session_start();
-include "../utils.php";
+include "../../utils.php";
+
+
 function isValidEmail($email) {
     return filter_var($email, FILTER_VALIDATE_EMAIL);
 }
@@ -9,15 +15,6 @@ function generateVerificationCode() {
     return rand(100000, 999999);
 }
 
-function emailExists($email){
-    if (connectToDB()) {
-        $result = executePlainSQL("SELECT * FROM CLIENT WHERE EMAIL = '{$email}'");
-        oci_commit($db_conn);
-        disconnectFromDB();
-        return $result != null;
-    }
-}
-
 function sendVerificationEmail($email, $code) {
     $subject = "Your Verification Code";
     $message = "Your verification code is: " . $code;
@@ -30,33 +27,58 @@ function sendVerificationEmail($email, $code) {
     }
 }
 
+function emailExists($email){
+    global $db_conn;
+    if (connectToDB()) {
+        echo "connect to DB success"; 
+        $result = executePlainSQL("SELECT * FROM CUSTOMER WHERE EMAIL = '{$email}'");
+        if ($result) {
+            $row = oci_fetch_array($result, OCI_ASSOC);
+            disconnectFromDB();
+            return $row != false;
+        } else {
+            echo "Database query failed.";
+            disconnectFromDB();
+            return false;
+        }
+    } else {
+        echo "Database connection failed.";
+        return false;
+    }
+}
+
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
     $email = $_POST['email/phone'];
 
     if (isValidEmail($email)) {
-        
-        if(emailExists($email)){  //this is currently not working because the database doesn't exist
-            echo "Email already exists, Please login with your credentials";
-            header("Location: login.php");
-            exit();
-        }
 
-        $verificationCode = generateVerificationCode();
-        if (sendVerificationEmail($email, $verificationCode)) {
+        if (!emailExists($email)) {
+
+            echo "Email does not exist.";
+            
+            $verificationCode = generateVerificationCode();
+
+            if (sendVerificationEmail($email, $verificationCode)) {
             $_SESSION['verification_code'] = $verificationCode;
             $_SESSION['email'] = $email;
             header("Location: authentication.php");
             exit();
-        } else {
+            } else {
             echo "Failed to send verification email.";
+            }
+
+        } else {
+            echo "Email is in our system already. Please login";
+            header("Location: login.php");
         }
     } else {
         echo "Invalid email address.";
     }
 }
 
+?> 
+
 
-?>
 
 <!DOCTYPE html>
 <html lang="en">
@@ -96,7 +118,7 @@ function sendVerificationEmail($email, $code) {
         }
 
         .top-bar .logo {
-            height: 50px; /* Adjust the height as needed */
+            height: 50px; 
             width: auto;
         }
 
@@ -207,8 +229,9 @@ function sendVerificationEmail($email, $code) {
     <img src="../diagrams/logo.png" alt="Logo" class="logo">
 </div>
 
+
 <div class="container">
-    <p>What's your email?</p>
+    <p>What's your phone number or email?</p>
 
 
     <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="POST" style="width: 100%; display: flex; flex-direction: column; align-items: center;">
@@ -247,3 +270,8 @@ function sendVerificationEmail($email, $code) {
 
 
 
+
+
+
+
+
diff --git a/project/login_pages/signup_form.php b/project/login_pages/signup_form.php
index 50bdeb0..3830779 100755
--- a/project/login_pages/signup_form.php
+++ b/project/login_pages/signup_form.php
@@ -1,7 +1,7 @@
 <?php
 session_start();
 include "../utils.php";
-
+include "navbar.html";
 ?>
 
 <html>
diff --git a/project/login_pages/test_db.php b/project/login_pages/test_db.php
new file mode 100755
index 0000000..9cbadf6
--- /dev/null
+++ b/project/login_pages/test_db.php
@@ -0,0 +1,59 @@
+<?php
+include "../utils.php"; // Ensure this file contains the connectToDB() and disconnectFromDB() functions
+
+function testDatabaseConnection() {
+    global $db_conn;
+    if (connectToDB()) {
+        echo "Connected to DB successfully.<br>"; // Debug message
+        $query = "SELECT * FROM CUSTOMER WHERE EMAIL = :email";
+        $email = 'test@example.com'; // Replace with a test email that exists in your database
+        $escaped_email = htmlspecialchars($email, ENT_QUOTES, 'UTF-8');
+        $statement = oci_parse($db_conn, $query);
+        oci_bind_by_name($statement, ':email', $escaped_email);
+
+        if (oci_execute($statement)) {
+            if ($row = oci_fetch_array($statement, OCI_ASSOC)) {
+                echo "Email found: " . $row['EMAIL'] . "<br>"; // Debug message
+                oci_free_statement($statement);
+                disconnectFromDB();
+                return true;
+            } else {
+                echo "Email not found.<br>"; // Debug message
+                oci_free_statement($statement);
+                disconnectFromDB();
+                return false;
+            }
+        } else {
+            echo "Database query execution failed.<br>"; // Debug message
+            oci_free_statement($statement);
+            disconnectFromDB();
+            return false;
+        }
+    } else {
+        echo "Database connection failed.<br>"; // Debug message
+        return false;
+    }
+}
+
+testDatabaseConnection();
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>MealMate</title>
+</head>
+<body>
+ <p> This is a test page</p>
+</body>
+</html>
+
+
+
+
+
+
+
+
diff --git a/project/login_pages/welcome.php b/project/login_pages/welcome.php
index 2ed0586..586bd37 100755
--- a/project/login_pages/welcome.php
+++ b/project/login_pages/welcome.php
@@ -1,4 +1,4 @@
-<?php include 'navbar.php'; ?>
+<?php include 'navbar.html'; ?>
 
 <!-- This is the begining of the website welcome page, login, signup options for users, registering vendors, registering delivery personnel happens here-->
 <!DOCTYPE html>