-
Notifications
You must be signed in to change notification settings - Fork 0
/
login.conn.php
96 lines (69 loc) · 2.69 KB
/
login.conn.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
<?php
#start the session
session_start();
# Check if the user is already logged in or Not, If yes, it will be redirected to `index.php`
if (isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] == TRUE) {
echo "<script>" . "window.location.href='./'" . "</script>";
exit;
}
# Require Database Connection
require_once "./config.php";
$user_login_err = $user_password_err = $login_err = "";
$user_login = $user_password = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty(trim($_POST["user_login"]))) {
$user_login_err = "please enter your username or email address.";
} else {
$user_login = trim($_POST["user_login"]);
}
if (empty(trim($_POST["user_password"]))) {
$user_password_err = "please enter your password.";
} else {
$user_password = trim($_POST["user_password"]);
}
if (empty($user_login_err) && empty($user_password_err)) {
$sql = "SELECT id, username, password FROM users WHERE username = ? OR email = ?";
if ($stmt = mysqli_prepare($conn, $sql)) {
mysqli_stmt_bind_param($stmt, "ss", $param_user_login, $param_user_login);
$param_user_login = $user_login;
if (mysqli_stmt_execute($stmt)) {
mysqli_stmt_store_result($stmt);
if (mysqli_stmt_num_rows($stmt) == 1) {
mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);
if (mysqli_stmt_fetch($stmt)) {
if (password_verify($user_password, $hashed_password)) {
$_SESSION["id"] = $id;
$_SESSION["username"] = $username;
$_SESSION["loggedin"] = TRUE;
echo "<script>" . "window.location.href='./'" . "</script>";
exit;
} else {
# If password is incorrect, show an error alert
$login_err = "<div class='callout warning' data-closable='slide-out-right'>
Invalid username or password.
<button class='close-button' aria-label='Dismiss alert' type='button' data-close>
<span aria-hidden='true'>×</span>
</button>
</div>";
}
}
} else {
# If password is incorrect, show an error alert
$login_err = "<div class='callout warning' data-closable='slide-out-right'>
Invalid username or password.
<button class='close-button' aria-label='Dismiss alert' type='button' data-close>
<span aria-hidden='true'>×</span>
</button>
</div>";
}
} else {
echo "<script>" . "alert('Something Went Wrong. Please Try Again Later.');" . "</script>";
echo "<script>" . "window.location.href='./login.php'" . "</script>";
exit;
}
mysqli_stmt_close($stmt);
}
}
mysqli_close($conn);
}
?>