Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $email = $mysqli->escape_string($_POST['email']);
- $result = $mysqli->query("SELECT * FROM accounts WHERE email='$email'");
- if ( $result->num_rows == 0 ){ // User doesn't exist
- $_SESSION['message'] = "User with that email doesn't exist!";
- header("location: error.php");
- }
- else { //User exists
- $user = $result->fetch_assoc();
- --> //$Act = $mysqli->query("SELECT $email FROM accounts WHERE active='1'");
- --> if ( !$_SESSION['active'] = 1 )
- {
- $_SESSION['message'] = "Your account has been activated and is being reviewed";
- header("location: error.php");
- }
- else
- if ( password_verify($_POST['password'], $user['password']) ) {
- $_SESSION['email'] = $user['email'];
- $_SESSION['first_name'] = $user['first_name'];
- $_SESSION['last_name'] = $user['last_name'];
- $_SESSION['active'] = $user['active'];
- // This is how we'll know the user is logged in
- $_SESSION['logged_in'] = true;
- header("location: https://somepage.php");
- }
- else {
- $_SESSION['message'] = "You have entered wrong password, try again!";
- header("location: error.php");
- }
- }
- }
- $email = $_POST['email'];
- $stmt = $mysqli->prepare("SELECT * FROM accounts WHERE email = ?");
- $stmt->bind_param("s", $email)
- $stmt->execute();
- $result = $stmt->get_result();
- $num_of_rows = $result->num_rows;
- if ( !$result || $num_of_rows == 0 ) {
- $_SESSION['message'] = "User with that email doesn't exist!";
- header("location: error.php");
- die();
- }
- $user = $result->fetch_assoc();
- if ( $user['active'] != 1 ) {
- $_SESSION['message'] = "Your account has been activated and is being reviewed";
- header("location: error.php");
- die();
- }
- //password verification etc
- if(empty($_SESSION) && !empty($_POST['email']))
- $email = $mysqli->escape_string($_POST['email']);
- else
- $email = $_SESSION['email'];
- $result = $mysqli->query("SELECT * FROM accounts WHERE email='$email'");
- if ( !$result || $result->num_rows == 0 ){ // User doesn't exist
- $_SESSION['message'] = "User with that email doesn't exist!";
- header("location: error.php");
- }
- //User exists
- $user = $result->fetch_assoc();
- if($user['active'] != 1){//not active
- $_SESSION['email'] = $user['email'];
- $_SESSION['active'] = $user['active'];
- $_SESSION['message'] = "Your account has been activated and is being reviewed";
- header("location: error.php");
- }
- if ( password_verify($_POST['password'], $user['password']) ) {//valid password
- $_SESSION['email'] = $user['email'];
- $_SESSION['first_name'] = $user['first_name'];
- $_SESSION['last_name'] = $user['last_name'];
- $_SESSION['active'] = $user['active'];
- // This is how we'll know the user is logged in
- $_SESSION['logged_in'] = true;
- header("location: https://somepage.php");
- }
- $_SESSION['message'] = "You have entered wrong password, try again!";
- header("location: error.php");
- //receive data
- $email = isset($_POST['email'])?$_POST['email']:null;
- $password = isset($_POST['password'])?$_POST['password']:null;
- //connect to database
- $connection = new PDO("mysql:host=".$host.";dbname=".$dbName, $username, $password); //replace your credentials
- $query = "SELECT * FROM accounts WHERE email = :email";
- $statement = $connection->prepare($query);
- $statement->bindParam(':email',$email); //bind $email variable to ':email'
- $statemnet->execute(); //execute the query
- if($statement->rowCount() > 0){
- $row = $statement->fetch();
- if($row['active'])){
- //user is active
- if(password_verify($password,$row['password'])){
- //password is correct
- $location = "success.php";
- //do some staff
- }else{
- //password is incorrect
- $location = "error.php";
- }
- }else{
- //user is not active
- $location = "error.php";
- }
- }else{
- //user does no exists
- $location = "error.php";
- }
- header("Location: ".$location);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement