Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- require_once('sqlfunction.php');
- $message = $userID = $result = "";
- if(isset($_SESSION['userID'])) {
- $message = "User is already logged in";
- } else if(strlen($_POST['username']) > 20 || strlen($_POST['username']) < 4) {
- $message = "Incorrect length for username";
- } else if($_POST['password'] > 20 || strlen($_POST['password']) < 4) {
- $message = "Incorrect length for password";
- } else if(ctype_alnum($_POST['username']) != true) {
- $message = "Username must be alpha-numeric";
- } else if(ctype_alnum($_POST['password']) != true) {
- $message = "Password must be alpha-numeric";
- } else {
- $username = filter_var($_POST['username'],FILTER_SANITIZE_STRING);
- $password = filter_var($_POST['password'],FILTER_SANITIZE_STRING);
- $password = password_hash($password, PASSWORD_DEFAULT);
- try {
- $link = f_sqlConnect();
- $sql = "select userID from userDfn where username='".$username."' and password='".$password."';";
- if($result = mysqli_query($link,$sql)) {
- while($row = mysqli_fetch_assoc($result)) {
- $userID = $row['userID'];
- $_SESSION['userID'] = $userID;
- $_SESSION['timeout'] = time();
- header("Location: ToDoApp.php");
- $message = "You're now logged in";
- }
- }
- if($userID == false) {
- $message = "Login failed";
- }
- } catch (Exception $e) { $message = "Unable to process request"; }
- }
- ?>
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="utf-8">
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
- <meta name="viewport" content="width=device-width, initial-scale=1">
- <title>Login Submit</title>
- </head>
- <body>
- <p><?php echo $message; ?></p>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement