function login(){ global $db, $username, $errors; // grap form values $u

1. function login(){
2. global $db, $username, $errors;
3.  
4. // grap form values
5. $username = e($_POST['username']);
6. $password = e($_POST['password']);
7.  
8. // attempt login if no errors on form
9. if (count($errors) == 0) {
10. $query = "SELECT * FROM users WHERE username='$username' LIMIT 1";
11. $results = mysqli_query($db, $query);
12.  
13. $vypis = mysqli_fetch_array($results);
14.  
15. echo"<script>alert(\"". $vypis["password"] . "\")</script>";
16.  
17. if (password_verify($password, $vypis["password"])){
18. // user found logged
19. // check if user is admin or user
20. echo"<script>alert(\"Úspěšně přihlášen\")</script>";
21. $logged_in_user = mysqli_fetch_assoc($results);
22. if ($logged_in_user['user_type'] == 'admin') {
23.  
24. $_SESSION['user'] = $logged_in_user;
25. $_SESSION['success'] = "You are now logged in";
26. header('location: index.php');
27. }
28. else {
29. $_SESSION['user'] = $logged_in_user;
30. $_SESSION['success'] = "You are now logged in";
31. header('location: index.php');
32. }
33. }
34. else {
35. array_push($errors, "Wrong username/password combination");
36. }
37. }
38. }