<?phpsession_start ();if (isset($_POST['LoginSubmit'])) { include 'db.p

1. <?php
2.  
3. session_start ();
4. if (isset($_POST['LoginSubmit'])) {
5. include 'db.php';
6.  
7. $UserName = $_POST["UserName"];
8. $RPass = $_POST["RPass"];
9.  
10. //check if empty
11. if (empty($UserName) || empty($RPass)) {
12. header("Location: ../Website/Login.php?login=e");
13. exit();
14.  
15. } else {
16. $sql = "SELECT * FROM Login WHERE Email = '$UserName' AND Password = '$RPass'";
17. $result = mysqli_query($connection, $sql);
18. $resultCheck = mysqli_num_rows($result);
19. if($resultCheck < 1) {
20. header("Location: ../Website/Login.php?login=em");
21. exit();
22. } else {
23. if ($row = mysqli_fetch_assoc($result)){
24. //de hashing
25. // $hashedPwdCheck = password_verify($RPass, $row['Password']);
26. if ($RPass == false) {
27. header("Location: ../Website/Login.php?login=error");
28. exit();
29. } elseif ($RPass == true) {
30. //logging the user in
31. $_SESSION['u_id'] = $row ['User_id'];
32. $_SESSION['u_first'] = $row ['FirstName'];
33. $_SESSION['u_second'] = $row ['SecondName'];
34. $_SESSION['u_email'] = $row ['Email'];
35.  
36. $_SESSION['u_age'] = $row ['Age'];
37. header("Location: ../Website/Login.php?login=sucess");
38. exit();
39.  
40. }
41.  
42. }
43. }
44.  
45. }
46.  
47.  
48. header("Location: ../Website/Login.php?login=emp");
49. exit();
50.  
51. }