Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- ini_set("session.save_path", "/home/unn_w16037327/sessionData");
- session_start();
- $username = filter_has_var(INPUT_POST, 'username') ? trim($_REQUEST['username']) : null;
- $password = filter_has_var(INPUT_POST, 'username') ? trim($_REQUEST['password']) : null;
- try {
- unset($_SESSION['username']);
- require_once("functions.php");
- /* creating a handle called $dbConn with function from functions.php which returns a connection to our database using PDO */
- $dbConn = getConnection();
- $sqlUser = "SELECT username, passwordHash FROM users WHERE username = :username";
- $stmt = $dbConn->prepare($sqlUser);
- $stmt->bindValue(':username', $username, PDO::PARAM_STR);
- $stmt->execute();
- $user = $stmt->fetchObject();
- if ($user) {
- //check that the password passed in the request stream matches with the passwordHash (after being hashed)
- if (password_verify($password, $user->passwordHash)) {
- //we're ok
- // set some session vars
- $_SESSION['username'] = $username;
- $_SESSION['password'] = $password;
- }
- else {
- //not valid password
- echo "<p>Invalid username or password</p>";
- }
- }
- else {
- //no user
- }
- } catch (Exception $e) {
- echo "<p>Query failed: ".$e->getMessage()."</p>\n";
- }
- // do some validation
- if (!empty($username) AND !empty($password)) {
- $_SESSION['username'] = $username;
- $_SESSION['password'] = $password
- header('location: restricted.php');
- exit;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
