<?phprequire_once("config/config.php");if (isset($_POST['username']) && is

1. <?php
2. require_once("config/config.php");
3.  
4. if (isset($_POST['username']) && isset($_POST['password'])) {
5. $username = htmlspecialchars($_POST['username']);
6. $password = sha1(htmlspecialchars($_POST['password']));
7.  
8. $login_statement = $pdo->prepare("SELECT * FROM store_creators WHERE password LIKE :password AND (username LIKE :username OR email LIKE :username)");
9. $login_statement->bindParam("username", $username);
10. $login_statement->bindParam("password", $password);
11. $login_statement->execute();
12. $user = $login_statement->fetch();
13.  
14. if ($user != null) {
15. if (!isset($_SESSION)) {
16. session_start();
17. }
18.  
19. $timestamp = time();
20.  
21. $_SESSION['username'] = $user['username'];
22. $_SESSION['userid'] = $user['id'];
23. $_SESSION['email'] = $user['email'];
24.  
25. $login_statement = $pdo->prepare("UPDATE store_creators SET timestamp=:timestamp WHERE (username LIKE :username OR email LIKE :username)");
26. $login_statement->bindParam("username", $username);
27. $login_statement->bindParam("timestamp", $timestamp);
28. $login_statement->execute();
29.  
30. header("Location: index.php");
31. } else {
32. echo('<div class="alert alert-danger" role="alert" style="text-align: center;">Bitte überprüfe deinen Benutzernamen und dein Passwort!</div>');
33. }
34. }
35.  
36. if(isset($_GET["error"])) {
37. echo('<div class="alert alert-danger" role="alert" style="text-align: center;">Melde dich zuerst an!</div>');
38. }
39. ?>