Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- if (isset($_POST['login'])) {
- if (empty($_POST['username']) || empty($_POST['password'])) {
- $error = "Username or Password is invalid";
- }
- else
- {
- $DBHOST = '127.0.0.1';
- $DBUSER = 'root';
- $DBPASS = '';
- $DBNAME = 'tastyfood';
- // Create connection
- $conn = new mysqli($DBHOST, $DBUSER, $DBPASS, $DBNAME);
- if (mysqli_connect_errno($conn)){
- $connError = "Failed to connect to MySQL";
- }
- // Define $username
- $username = $_POST['username'];
- $validate = $conn->prepare("SELECT * FROM `users` WHERE username = ?");
- $validate->bind_param("s", $username);
- $validate->execute();
- $validate->store_result();
- if(($validate->num_rows) > 0) {
- // Account is in database, proceed to check if password matches!
- // CREATE A PREPARED STATEMENT HERE!!!!!
- $sql = "SELECT password,id FROM users WHERE username = '$username'";
- $res = $conn->query($sql);
- $usercred = mysqli_fetch_assoc($res);
- $password = $_POST['password'];
- if($password == $usercred['password']){
- $login = "Logged in!";
- setcookie (
- 'userid',
- $usercred['id'],
- 0);
- }
- else {
- $login = "Wrong password!";
- }
- }
- else{
- $login = "Username unknown";
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement