<?php session_start(); if(isset($_POST["submit"])) { inc

1. <?php
2. session_start();
3. if(isset($_POST["submit"]))
4. {
5. include_once "dbconnect.php";
6. $username = mysqli_real_escape_string($conn, $_POST["username"]);
7. $password = mysqli_real_escape_string($conn, $_POST["password"]);
8. if(empty($username) || empty($password))
9. {
10. header("Location: ..\index.php");
11. exit();
12. }
13. else
14. {
15. $stmt = mysqli_stmt_init($conn);
16. $sql = "SELECT * FROM users WHERE username = ?";
17. if(!mysqli_stmt_prepare($stmt, $sql))
18. {
19. header("Location: ..\index.php");
20. exit();
21. }
22. else
23. {
24. mysqli_stmt_bind_param($stmt, "s", $username);
25. mysqli_stmt_execute($stmt);
26. $result = mysqli_stmt_get_result($stmt);
27. if($row = mysqli_fetch_assoc($result))
28. {
29. //$pwd = password_hash($password, PASSWORD_DEFAULT);
30. $passhash = true;
31. //$passhash = password_verify($pwd, $row['user_pw']);
32. if($passhash == false)
33. {
34. header("Location: ..\index.php");
35. exit();
36. }
37. else if($passhash == true)
38. {
39. $_SESSION["username"] = $row['username'];
40. $_SESSION["firstname"] = $row['firstname'];
41. $_SESSION["lastname"] = $row['lastname'];
42. header("Location: ..\index.php");
43. exit();
44. }
45. }
46. }
47. mysqli_stmt_close($stmt);
48. }
49.  
50.  
51. }
52. else
53. {
54. echo "asd5";
55. //header("Location: ..\index.php");
56. exit();
57. }
58. ?>