-
Notifications
You must be signed in to change notification settings - Fork 1
/
loginScript.php
62 lines (50 loc) · 2.16 KB
/
loginScript.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<?php
if(isset($_POST['login-submit'])){
require 'dbhScript.php';
$emailuid = $_POST['emailuid'];
$password = $_POST['pwd'];
if (empty($emailuid) || empty($password)) {
header("Location: index.php?error=emptyloginfields");
exit();
}
else{
$sql = "SELECT * FROM users WHERE usernameUsers=? OR emailUsers=?"; //possible syntax error
$statement = mysqli_stmt_init($connection);
if (!mysqli_stmt_prepare($statement, $sql)) { //checking that this info can be extracted for database/any errors in it
header("Location: index.php?error=databaseerror");
exit();
}
else{
mysqli_stmt_bind_param($statement, "ss", $emailuid, $emailuid); //email in both places to check for username OR email (2 strings)
mysqli_stmt_execute($statement);
$result = mysqli_stmt_get_result($statement);
if ($row = mysqli_fetch_assoc($result)) { //reformatting data from database so it can be worked with in php
$passwordCheck = password_verify($password, $row['passwordUsers']); //checking that hashed password in db matches inputted password
if($passwordCheck == false) {
header("Location: index.php?error=wrongpassword");
exit();
}
else if ($passwordCheck == true) { //we use else if in case error in our code makes passwordCheck not boolean for some reason
session_start(); //start a user session
$_SESSION['UserID'] = $row['idUsers'];
$_SESSION['Username'] = $row['usernameUsers'];
header("Location: index.php?login=success");
exit();
}
else {
header("Location: index.php?error=CRAZYSTUFF");
exit();
}
}
else {
header("Location: index.php?error=nouser");
exit();
}
}
}
}
else {
header("Location: index.php"); //if we want to add new html file for mains stuff, change entry location here
exit();
}
?>