<html><body><h2></h2><form action="" method="post"> <input type="text" na

1. <html>
2. <body>
3.  
4. <h2></h2>
5.  
6. <form action="" method="post">
7. <input type="text" name="username">
8. <input type="text" name="password">
9. <input type="submit" value="Login">
10. </form>
11.  
12. </body>
13. </html>
14.  
15. <?php
16.  
17. class Text {
18. function __construct()
19. {
20. }
21.  
22. private function sanitize($text) {
23. $sanitizedText = htmlspecialchars($text, ENT_QUOTES);
24. return $sanitizedText;
25. }
26. }
27.  
28. ?>
29.  
30. <?php
31. class Connection {
32.  
33. public function dbc() {
34. $host = 'localhost';
35. $db = 'database1';
36. $user = 'root';
37. $pass = 'password123';
38. $charset = 'utf8';
39.  
40. $dsn = "mysql:host=$host;dbname=$db;charset=$charset";
41. $opt = [
42. PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
43. PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
44. PDO::ATTR_EMULATE_PREPARES => false,
45. ];
46. return new PDO($dsn, $user, $pass, $opt);
47. }
48. }
49. ?>
50.  
51. <?php
52. include_once('Text.class.php');
53.  
54. class LoginController {
55. private $model;
56.  
57. public function __construct() {
58. $this->model = new LoginModel();
59. }
60.  
61. public function login($usernameOrEmail, $password) {
62. $usernameOrEmail = sanitize($usernameOrEmail);
63. $password = sanitize($password);
64.  
65. if(!empty($usernameOrEmail) && !empty($password)) {
66. if(isset($_POST['usernameOrEmail']) && isset($_POST['password'])) {
67. $usernameOrEmail = $_POST['usernameOrEmail'];
68. $password = $_POST['password'];
69. $this->model->loginUser($usernameOrEmail, $password);
70. } else {
71. return "Please enter a username or password.";
72. die();
73. }
74. } else {
75. return "Please enter a username or password.";
76. die();
77. }
78. }
79. }
80. ?>
81.  
82. <?php
83. include_once('connection.php');
84.  
85. class LoginModel() {
86. private $dbc;
87.  
88. private function loginUser($usernameOrEmail, $password) {
89. $stmt = $this->dbc->prepare("SELECT username, password FROM users WHERE username = :usernameOrEmail OR email = :usernameOrEmail AND password = :password");
90. $stmt->bindParam(':usernameOrEmail', $usernameOrEmail, PDO::PARAM_STR);
91. $stmt->bindParam(':password', $password, PDO::PARAM_STR);
92. $stmt->execute();
93. $row = $stmt->fetch(PDO::FETCH_ASSOC);
94.  
95. if($row) {
96. return "Login successful!"
97. } else {
98. return "Wrong username or password.";
99. die();
100. }
101. }
102. ?>