-
Notifications
You must be signed in to change notification settings - Fork 0
/
login - Copy.php
68 lines (61 loc) · 2.15 KB
/
login - Copy.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php session_start();
include('connection.php'); ?>
<!doctype html> <!-- needs to have this, otherwise the bootstrap menu is distored a bit -->
<html>
<head>
<?php include('navbar.php'); ?>
<title>User login</title>
</head>
<body style="background-color: wheat">
<?php
$success = "N";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!empty($_POST['username']) && !empty($_POST['password'])) {
//Run some SQL query here to find that user
$stmt = $dbh->prepare("SELECT * FROM `users` WHERE `username` = ? AND `password` = ?");
if ($stmt->execute([
$_POST['username'],
hash('sha256', $_POST['password'])
]) && $stmt->rowCount() > 0) {
$row = $stmt->fetchObject();
$_SESSION['user_id'] = $row->id;
$stmt->closeCursor();
$success = "Y"; // set the indicator
echo "<h1>You have successfully logged in.</h1>"; ?>
<input type="button" value="Continue" OnClick="window.location.assign('index.php');">
<?php
} else {
echo "<h1>Either username or password is incorrect!</h1>";
}
}
} else {
if (isset($_SESSION['user_id'])) {
$user_stmt = $dbh->prepare("SELECT * FROM `users` WHERE `id` = ?");
if ($user_stmt->execute([$_SESSION['user_id']]) && $user_stmt->rowCount() == 1) {
$success = "Y"; // set the indicator
$user_stmt->closeCursor();
echo "<h1>You have already logged in.</h1>"; ?>
<input type="button" value="Continue" OnClick="window.location.assign('index.php');">
<?php
} else {
echo "<h1>Your account does not exist!</h1>";
session_destroy();
}
} else {
echo "<h1>Please Login</h1>";
}
}
if ($success == "N") {
?>
<form method="post">
<label for="username">Username</label>
<input type="text" id="username" name="username"/>
<br>
<label for="password">Password </label> <!-- is a non breaking space -->
<input type="password" id="password" name="password"/>
<br>
<input type="submit" value="Login"/>
</form>
</body>
</html>
<?php } ?>