<?php session_start(); session_register('is_logged_in'); session_re

1. <?php
2.  
3. session_start();
4.  
5. session_register('is_logged_in');
6. session_register('logged_in_as');
7.  
8. $username = $_POST['username'];
9. $password = $_POST['password'];
10.  
11. $Salt = uniqid();
12. $Algo = '6';
13. $Rounds = '7500';
14. $cryptSalt = '$' . $Algo . '$rounds=' . $Rounds . '$' . $Salt;
15.  
16. $finalPassword = crypt($password, $cryptSalt);
17.  
18. function authenticate() {
19.  
20. try {
21. $db = new PDO('mysql:host=localhost;dbname=db;charset=UTF-8', 'root', 'password', array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
22. } catch(PDOException $ex) {
23. echo "An error occured: " . $ex;
24. }
25.  
26. $prepquery = $db->prepare('SELECT * FROM users WHERE :password = password AND username = :username');
27. $prepquery->bindParam(':username', $username);
28. $prepquery->bindParam(':password', $finalPassword);
29. $prepquery->execute();
30. $res = $prepquery->fetch(PDO::FETCH_ASSOC);
31.  
32. return !empty($res) ? true : false;
33. }
34.  
35. if(authenticate()) {
36. echo "You are now logged in as " . $username . ".";
37. $_SESSION['is_logged_in'] = 1;
38. $_SESSION['logged_in_as'] = $username;
39. } else if($_SESSION['is_logged_in'] === 1) {
40. echo "You are already logged in!";
41. } else {
42. echo "The username or password was incorrect. <br /> " . $finalPassword;
43. }